FaceNiff – Hacking Tool for Android Intercept Web Sessions

FaceNiff -Android App Intercept web session profiles over WiFi Connection

FaceNiff – Hacking Tool: Faceniff is an Android app for hackers & users who are concerned about their security and want to test their networks for vulnerabilities. Faceniff allows an attacker to easily steal sensitive information such as Facebook, Twitter, Youtube Account Username & Passwords using Man-in-the-middle (MiTM) attack techniques. (FaceNiff will work on 80% of websites) some sites using HSTS (HTTP Strict Transport Security) will need a little extra work such as SSLStrip2 Integration.


Image Credits: Faceniff

Intercepting Web Sessions

  • First download install Faceniff app
  • Open Faceniff once it has installed
  • Grant Faceniff Root Access
  • navigate to the top left  button labeled “Offline” Turn Button to “Online”. Mode then tap on the label “START”.
  • If you are using HTTPS websites turn on SSLSniff
  • The FaceNiff application will then start to display the unencrypted sessions.
If the target is using HTTPS encrypted websites you can use SSL Strip to force the victims browser to fall back on HTTP. Sites such as Facebook and Blogger now use HSTS and will need to be used with SSLStrip2 HSTS (HTTP Strict Transport Security) is a protocol that was designed to protect against downgrade attacks.
Make sure you are connected to a WiFi network and you have a target on the same network.
  • Stealth mode
  • SSL strip integration
  • Export and import sessions
  • Vibration alert when FaceNiff has found new profiles
  • Filter the session ID cookies.

Download Faceniff

If you enjoyed this article please consider sharing it on social media and with your friends thanks for supporting HackingVision.