Last week I tried to take playing with my Android phone to the next level. I had read something here and there about how you can play jokes on your friends by messing with the WiFi connection on their phone and decided to take a look at this myself.
Please note that using some of the activities described in this post might not be legal in your state or country. If you decide to take a look at some of the applications linked below, I’m not responsible for whatever happens to you or your phone. I suggest to only use the following applications for educational purposes or to detect vulnerabilities in your own network.
After some snooping around on the internet I came across the following interesting post on the xda developers forum:
In this post you can find a collection of network sniffing apps by a certain mister “Flashalot”. I descided to try out a few of those. My first experience was kind of dissapointing, “Wifi kill” was buggy and did not seem to work, while network managed to freeze my phone. Next I tried using dSploit with rather astonishing results.
The official site of dSploit can be found here => http://dsploit.net/
Using the application is rather straight forward, I haven’t had the time to check out all it’s functionalities, but the ones I did check out worked great!
When you first open up the application, you can scan the wireless network you are connected to to look for other devices in range that are also connected to the same network. (Locating a certain device can be a bit tricky, since the devices are listed by IP adres & in my case not all devices listed their type or OS).
When you’ve found the device you want prank or learn more about, you can select this wich brings you to a list of options of what you want to do with the target device. These options range from login crackers & vulnerability finders to MITM or “Man In The Middle” attacks.
As you can problaby deduct from it’s name, during a MITM attack, you device acts like the man in the middle, during data traffic between the router and the target device. To the target device, your Android phone will pretend to be the wifi router and to the router it will pretend to be the target device. In this scam, your device intercepts all datapackages send between router and target and can control their conversation. Using dSploit you’re device will not only be able to sniff the network & listen in on coversations, but by means of a MITM attack it can also manipulated the send & received data packages.
DSploit lists a whole range of possible MITM attacks as you can see in the image below:
I tried out some of the MIMT attacks described above on my own tablet, and to my surprise this actually worked pretty good! The only noticeable difference that might give you away is that the targets internet seems to be a bit slower then usually (It has to be redirected & manipulated), but this might also be the result of the slower nature of the device used for the spoofing.
One of the biggest surprise for me while doing this was how easy it is… Always be careful when on public networks!
You can have a lot of fun with this application by messing with a friends connection on your home network (replacing all images on the internet with a stylish selfie if yourself or redirecting him or her to this blog). Keep in mind that trying this on public networks, of networks of others might be illegal, as is password hacking and session stealing.
Found a cool spoof? Tricked your friends? Feel free to leave a comment.
Tried on Huawei G510 0100 with AOSB 4.4 Kitkat ROM (http://www.htcmania.com/showthread.php?t=768500)
& as usual, you can follow me on #Twitter @RW_Spaf