Network spoofing on Android with dSploit

Last week I tried to take playing with my Android phone to the next level. I had read something here and there about how you can play jokes on your friends by messing with the WiFi connection on their phone and decided to take a look at this myself.

Please note that using some of the activities described in this post might not be legal in your state or country. If you decide to take a look at some of the applications linked below, I’m not responsible for whatever happens to you or your phone. I suggest to only use the following applications for educational purposes or to detect vulnerabilities in your own network.

After some snooping around on the internet I came across the following interesting post on the xda developers forum:

http://forum.xda-developers.com/showthread.php?t=1788714

In this post you can find a collection of network sniffing apps by a certain mister “Flashalot”. I descided to try out a few of those. My first experience was kind of dissapointing, “Wifi kill” was buggy and did not seem to work, while network managed to freeze my phone. Next I tried using dSploit with rather astonishing results.

The official site of dSploit can be found here => http://dsploit.net/

Using the application is rather straight forward, I haven’t had the time to check out all it’s functionalities, but the ones I did check out worked great!

When you first open up the application, you can scan the wireless network you are connected to to look for other devices in range that are also connected to the same network. (Locating a certain device can be a bit tricky, since the devices are listed by IP adres & in my case not all devices listed their type or OS).

When you’ve found the device you want prank or learn more about, you can select this wich brings you to a list of options of what you want to do with the target device.  These options range from login crackers & vulnerability finders to MITM or “Man In The Middle” attacks.

As you can problaby deduct from it’s name, during a MITM attack, you device acts like the man in the middle, during data traffic between the router and the target device. To the target device, your Android phone will pretend to be the wifi router and to the router it will pretend to be the target device. In this scam, your device intercepts all datapackages send between router and target and can control their conversation. Using dSploit you’re device will not only be able to sniff the network & listen in on coversations, but by means of a MITM attack it can also manipulated the send & received data packages.

DSploit lists a whole range of possible MITM attacks as you can see in the image below:

The attacks include session Hijacking and password sniffing or injecting your own javascript in webpages, but also some more entertaining options like “Redirect”: with this attack the target device will only be able to visit the webpage your specify and will be redirect to this page no matter what he tries. The “Replace images” attack can manipulate the websites the target sees on it’s phone by changing every picture to a picture you specify. You can apply a custom “Filter” on the target’s internet, replacing words with other words. Or you can kill a target connection, making it impossible for the target device to load a webpage.

I tried out some of the MIMT attacks described above on my own tablet, and to my surprise this actually worked pretty good! The only noticeable difference that might give you away is that the targets internet seems to be a bit slower then usually (It has to be redirected & manipulated), but this might also be the result of the slower nature of the device used for the spoofing.

One of the biggest surprise for me while doing this was how easy it is… Always be careful when on public networks!

You can have a lot of fun with this application by messing with a friends connection on your home network (replacing all images on the internet with a stylish selfie if yourself or redirecting him or her to this blog). Keep in mind that trying this on public networks, of networks of others might be illegal, as is password hacking and session stealing.

Found a cool spoof? Tricked your friends? Feel free to leave a comment.

Tried on Huawei G510 0100 with AOSB 4.4 Kitkat ROM (http://www.htcmania.com/showthread.php?t=768500)

& as usual, you can follow me on #Twitter @RW_Spaf 

Advertisements
Tagged with: , , , , , , , , , , , , , , , , ,
Posted in Android, Huawei G510

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: