Along with the article on MiTM attacks from iPhone, I got an idea of almost similar one about Android.
We already know what iPhone is capable of. Is Android any worse?
We have considered about 25 hacking applications. And now I\’d like to present you the results of this small research. Some applications didn\’t start at all. Others froze the phone dead. But there were a few that worked quite OK!
All software solutions were tested on the LG Optimus smartphone under Android 2.3.
And here we go: a brief overview of hacking software for Android.
1. Shark: The very same wireshark. Yes, they make it for Android, too. It goes perfectly well. Gets started on the device just like that. Creates logs in the *.pcap format. Stores them on SD card. Is easily decompiled both on a Windows-operated machine and on the smatrphone itself by means of Sharck Read. (Nice application. Especially if the phone works as a WiFi access point).
2. DroidSheep / Facesniff: Web session hijacking. A plain and simple, yet quite well-known application. Connect it to an open access point, start and wait… By the way, sometimes it can freeze the point itself.
3. WiFiKill: A useful application. Scans the whole subnetwork. Displays a list of the devices. Select those you don\’t like, check them and wait for a few seconds. The device will be disconnected.
4. Set MAC address: Changes its MAC address. Is really good if coupled with Item 3.
5. Net Swiss Tool Free / Fing: Scans wireless networks, displays the list of connected devices. Can scan each device separately and display a list of open ports. Besides, it performs ping, trace, wake-on-LAN, ARP, UDP-flood.
6. Wi-Fi Analytics: A fancy application. Displays all available points of access, SSID, MAC addresses, encryption, and signal power.
7. Hosts Editor: Allows editing /etc/hosts. A useful application, especially when the phone serves as a WiFi point.
8. kWS — Android Web Server: Web server. Works well if coupled with Item 7.
9. RouterAttack / Route Brute Force ADS 2: Real brute-force attack on Android! Each application tries to Brute Force Basic Access Authentication. The soft itself is a bit underdone. And still, it was a piece of cake for it to crack my point with 12345 as the password. To ensure its proper operation, don\’t forget to download a good dictionary.
10. Router KeyGen: Guesses WPA/WEP passkeys to your Android smartphone and routers locate somewhere in the neighborhood. Is good when coupled with Thomson, DLink, Pirelli Discus, Eircom, Verizon FiOS.
11. Android Network Toolkit — Anti: Generic Application. Can be used as a network scanner, sniffer, MITM, and Remote Exploits! The functionality can be expanded by means of plug ins. The higher is its functionality, the higher is the price.
Most applications require root rights.
The article is written for informative purposes only!
Author: Alexandr Navalikhin, Positive Research