In this article, I'll show you how to easily "hack" Facebook, Twitter, YouTube, and any number of similar account types with an Android app called FaceNiff.
FaceNiff allows you to sniff and intercept web session profiles over the Wi-Fi that your mobile device is connected to. Basically, it's as simple as connecting to a Wi-Fi network, opening the app, starting the sniffer, and opening the profiles in your browser. The newest release even lets you select which accounts to sniff for and reveals MAC/wireless information.
Note: This ONLY works for rooted phones!
"Sniffing" is where a malicious device connected to a network intercepts and logs packets being transferred between an access point and victim's device. The packets can then be used to impersonate or spoof the victim's device, allowing the malicious device to access private information. FaceNiff incorporates sniffing and spoofing into one application, allowing even total novices to steal private information. More information on packet analyzers can be found here.
First, head over to the FaceNiff website and download the app. Once you've installed it, start it up and grant it permissions (if necessary). Once the vendor list has loaded, you should see the home screen:
Now, click the "Start" button, and the app should begin to sniff the network. When a profile is located, it'll show up like so:
Simply click on the profile/account and the app will open your browser up and take you to the victim's account homepage! Here's a video of FaceNiff in action (the video demonstrates an older version of FaceNiff):
- DO NOT use this app for malicious or illegal purposes! It is for educational use only.
- Rooting your Android can cause unwanted issues, if done incorrectly. Make sure you root properly!
- I am not responsible for any damage you cause.