FaceNiff - Hacking Tool for Android Intercept Web Sessions

FaceNiff -Android App Intercept web session profiles over WiFi Connection

FaceNiff – Hacking Tool: Faceniff is an Android app for hackers & users who are concerned about their security and want to test their networks for vulnerabilities. Faceniff allows an attacker to easily steal sensitive information such as Facebook, Twitter, Youtube Account Username & Passwords using Man-in-the-middle (MiTM) attack techniques. (FaceNiff will work on 80% of websites) some sites using HSTS (HTTP Strict Transport Security) will need a little extra work such as SSLStrip2 Integration.

Image Credits: Faceniff

Intercepting Web Sessions

First download install Faceniff app
Open Faceniff once it has installed
Grant Faceniff Root Access
navigate to the top left button labeled “Offline” Turn Button to “Online”. Mode then tap on the label “START”.
If you are using HTTPS websites turn on SSLSniff
The FaceNiff application will then start to display the unencrypted sessions.

If the target is using HTTPS encrypted websites you can use SSL Strip to force the victims browser to fall back on HTTP. Sites such as Facebook and Blogger now use HSTS and will need to be used with SSLStrip2 HSTS (HTTP Strict Transport Security) is a protocol that was designed to protect against downgrade attacks.

Make sure you are connected to a WiFi network and you have a target on the same network.

Features

Stealth mode
SSL strip integration
Export and import sessions
Vibration alert when FaceNiff has found new profiles
Filter the session ID cookies.

Download Faceniff

If you enjoyed this article please consider sharing it on social media and with your friends thanks for supporting HackingVision.