It is currently Wed Apr 16, 2014 9:52 pm



Welcome
Welcome to faceniff

You are currently viewing our boards as a guest, which gives you limited access to view most discussions and access our other features. By joining our free community, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, and access many other special features. In addition, registered members also see less advertisements. Registration is fast, simple, and absolutely free, so please, join our community today!


Post new topic Reply to topic  [ 9 posts ] 
Author Message
 Post subject: How faceniff can listen to Web traffic from WIFI?
PostPosted: Tue Jun 07, 2011 4:54 pm 
Offline
User avatar

Joined: Tue Jun 07, 2011 4:45 pm
Posts: 5
Hello!!

I can't understand how the facesniff, which is an Android application, can open
an interface e.g. WIFI and realise sniffing -
network monitoring without being run as root or having system priviledges. To do so,
an Android application should be
signed with the platform's key : http://stackoverflow.com/questions/6...s-root-android

How is this possible?? I am really wondering about that. Some time ago I tried to port
jNetPcap, so as to use it in an Android application for monitoring the WIFI. I successfully
ported it but I couldn't read the list of Android interfaces from its API and realise web
monitoring.. (see here for details: http://stackoverflow.com/questions/5...alldevs-method,
http://jnetpcap.com/node/792)

I am really wondering how faceniff faces this problem??
e.g. Shark for Android runs an instance of libpcap in the background and derives the
appropriate information from the pcap traces..

What faceniff do to get the information it wants, e.g. the web sessions?? I am
really curious about that.. Any ideas?


Top
 Profile  
 
 
 Post subject: Re: How faceniff can listen to Web traffic from WIFI?
PostPosted: Tue Jun 07, 2011 7:20 pm 
Offline
User avatar

Joined: Sun Jun 05, 2011 1:49 am
Posts: 122
Location: England
da1m0nas wrote:
Hello!!

I can't understand how the facesniff, which is an Android application, can open
an interface e.g. WIFI and realise sniffing -
network monitoring without being run as root or having system priviledges. To do so,
an Android application should be
signed with the platform's key : http://stackoverflow.com/questions/6...s-root-android

How is this possible?? I am really wondering about that. Some time ago I tried to port
jNetPcap, so as to use it in an Android application for monitoring the WIFI. I successfully
ported it but I couldn't read the list of Android interfaces from its API and realise web
monitoring.. (see here for details: http://stackoverflow.com/questions/5...alldevs-method,
http://jnetpcap.com/node/792)

I am really wondering how faceniff faces this problem??
e.g. Shark for Android runs an instance of libpcap in the background and derives the
appropriate information from the pcap traces..

What faceniff do to get the information it wants, e.g. the web sessions?? I am
really curious about that.. Any ideas?


It does run as root. Also its not all "android". It has C in it as well. I don't fully understand it all but its not all Java (the android version. I forget what it is called but it begins with a D) and it does run as root which may help your problem.

Hope that help
GingerPaul


Top
 Profile  
 
 Post subject: Re: How faceniff can listen to Web traffic from WIFI?
PostPosted: Wed Jun 08, 2011 12:04 am 
Offline
Site Admin
User avatar

Joined: Thu Jun 02, 2011 6:15 pm
Posts: 280
Gui is written in Java, but the engine is compiled C code which is executed by root. That's why it can do a lot of things to the OS (ARP Spoof, PCAP etc etc)

_________________
NEW FORUM: http://forum.ponury.net/


Top
 Profile  
 
 Post subject: Re: How faceniff can listen to Web traffic from WIFI?
PostPosted: Thu Jun 09, 2011 8:00 am 
Offline
User avatar

Joined: Tue Jun 07, 2011 4:45 pm
Posts: 5
Thank you guys! I think it follows the classical approach as the Shark for Android does!


Top
 Profile  
 
 Post subject: Re: How faceniff can listen to Web traffic from WIFI?
PostPosted: Thu Jun 09, 2011 10:35 am 
Offline
User avatar

Joined: Tue Jun 07, 2011 4:45 pm
Posts: 5
Quote:
I forget what it is called but it begins with a D) and it does run as root which may help your problem.

Hope that help
GingerPaul

Hey GingerPaul,

you mean that there is a permission attribute in Android manifest that let you run an
Android Application as root??

This will help me for sure! If you know something about it, please tell me..

Thank you!


Top
 Profile  
 
 Post subject: Re: How faceniff can listen to Web traffic from WIFI?
PostPosted: Thu Jun 09, 2011 10:48 am 
Offline
User avatar

Joined: Sun Jun 05, 2011 1:49 am
Posts: 122
Location: England
da1m0nas wrote:
Quote:
I forget what it is called but it begins with a D) and it does run as root which may help your problem.

Hope that help
GingerPaul

Hey GingerPaul,

you mean that there is a permission attribute in Android manifest that let you run an
Android Application as root??

This will help me for sure! If you know something about it, please tell me..

Thank you!


Sorry, that was me not adding enough punctuation.
"I forget what it is called but it begins with a D" - Its called Dalvik and it is a Java VM. That's the GUI. And the application runs a Binary with root permissions, is what I was trying to say.

Once again sorry for my lag of passion for the English language :)
GingerPaul


Top
 Profile  
 
 Post subject: Re: How faceniff can listen to Web traffic from WIFI?
PostPosted: Thu Jun 09, 2011 11:29 am 
Offline
User avatar

Joined: Tue Jun 07, 2011 4:45 pm
Posts: 5
Ok, I know that the Java virtual machine that Android uses (I mean the Dalvik) is
different from the default Java virtual machine, but I don't understand what you mean
by saying "that's the GUI"... The person who wrote faceniff modified also the Android's
Dalvik?? and how is it possible? I know that you can't modify the Dalvik or force it
to adapt another behavior without using an attack by exploiting some vulnerability that
Android OS has, as for example with the "rageAgainstTheCage" attack..

I think it will be very interesting the source code of faceniff.. Hope someday to see it! :)


Top
 Profile  
 
 Post subject: Re: How faceniff can listen to Web traffic from WIFI?
PostPosted: Thu Jun 09, 2011 1:01 pm 
Offline
User avatar

Joined: Sun Jun 05, 2011 1:49 am
Posts: 122
Location: England
da1m0nas wrote:
Ok, I know that the Java virtual machine that Android uses (I mean the Dalvik) is
different from the default Java virtual machine, but I don't understand what you mean
by saying "that's the GUI"... The person who wrote faceniff modified also the Android's
Dalvik?? and how is it possible? I know that you can't modify the Dalvik or force it
to adapt another behavior without using an attack by exploiting some vulnerability that
Android OS has, as for example with the "rageAgainstTheCage" attack..

I think it will be very interesting the source code of faceniff.. Hope someday to see it! :)


I'm starting to get confused. :)

The Android app (Dalvik VM) first gets root (so its now "admin"), it then executes a binary file like ponury said. Its that binary file that is doing all the work. The rest of the files is for the GUI.

So; Android app-> loads GUI -> Asks for root -> shows user the menu. -> User hits button -> Launches the binary file -> binary does all the work -> binary sends information back to android app -> the app shows the user via Toast and adds it to the list -> user clicks list item -> browser loads -> binary handles the http request and sends the set-cookie headers then forwards them to the real domain -> jobs a good one. -> browser has stolen a session.

I think that's about right.

Rename the apk to .zip and then extract it all. Go to ./assets/ and you'll see that there is a binary file as prove.

Hope that helps
GingerPaul


Top
 Profile  
 
 Post subject: Re: How faceniff can listen to Web traffic from WIFI?
PostPosted: Thu Jun 09, 2011 7:51 pm 
Offline
User avatar

Joined: Tue Jun 07, 2011 4:45 pm
Posts: 5
Thank you!

Yes, now I have understood the functionality of faceniff! ;)


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
suspicion-preferred