maemo.org - Talk

maemo.org - Talk (https://talk.maemo.org/index.php)
-   Applications (https://talk.maemo.org/forumdisplay.php?f=41)
-   -   [Request] FaceNiff (facebook sniffing/hacking tool) (https://talk.maemo.org/showthread.php?t=73698)

Dr.Marcial 2011-06-02 17:36

[Request] FaceNiff (facebook sniffing/hacking tool)
 
As most people know, the n900 is an awesome pentesting/hacking tool, I just saw this article on engadget about an Android app called FaceNiff

I was wondering if anyone can help port it to maemo.

yes we have sslsptrip, ettercap, metasploit, easy-creds, etc.. but just like Faircrack, having everything with a touch of one button seems so much cooler.

firesheep never really worked for me, but maybe this is a lot better.

FaceNiff homepage

tushyd 2011-06-02 17:51

Re: [Request] FaceNiff (facebook sniffing/hacking tool)
 
just run it on nitdroid if you're jonesing for someone else's private information

sr00t 2011-06-02 17:54

Re: [Request] FaceNiff (facebook sniffing/hacking tool)
 
I used it today and it opens in NitDroid, but it didn't sniff any passwd.
Maybe it's my work wifi network that's causing problems, so I'll test it @ home.

Mentalist Traceur 2011-06-02 18:13

Re: [Request] FaceNiff (facebook sniffing/hacking tool)
 
I'm always divided between liking that tools are available and thinking that it's pure ******** that they make things so easy.

Of course, indirectly, they force security to improve, but still. Stuff like this, that targets one specific site, is like having a gun that can only fire when it's pointed, at, say, women 65 years old and up.

Now, there MIGHT be legitimate use cases for it, but chances are, if you're getting it knowing what it does, you're interested in shooting old women due to some mental issue more so than having a tool for shooting things that might legitimately need to be shot.

The same applies here. You might be interested in completely benign uses of the software. But unlike actual versatile tools, the overwhelming majority of users of something like this as going to be kiddies wanting to get some jollies of getting into people's facebook accounts.

Not that there can't be good reasons for doing that - sometimes there can be - but that's not what most people will use it for, and everyone knows that.

sr00t 2011-06-02 18:34

Re: [Request] FaceNiff (facebook sniffing/hacking tool)
 
Quote:

Originally Posted by Mentalist Traceur (Post 1021158)
I'm always divided between liking that tools are available and thinking that it's pure ******** that they make things so easy.

Of course, indirectly, they force security to improve, but still. Stuff like this, that targets one specific site, is like having a gun that can only fire when it's pointed, at, say, women 65 years old and up.

Now, there MIGHT be legitimate use cases for it, but chances are, if you're getting it knowing what it does, you're interested in shooting old women due to some mental issue more so than having a tool for shooting things that might legitimately need to be shot.

The same applies here. You might be interested in completely benign uses of the software. But unlike actual versatile tools, the overwhelming majority of users of something like this as going to be kiddies wanting to get some jollies of getting into people's facebook accounts.

Not that there can't be good reasons for doing that - sometimes there can be - but that's not what most people will use it for, and everyone knows that.

Oh yes. 100% skiddie stuff.
But what could you do to stop it? Tools like this are out there and force us to be aware that nowadays EVERYONE could "hack" the s**t out of you within two clicks.
So, this thing is encouraging us to use https, to stop these script kiddies who don't give a **** what a MITM attack is.

Everything has it's pro and it's cons. You are pointing out the cons, and I'm pointing out the pro's. But we have the same opinion about this type of programs.-

Mentalist Traceur 2011-06-03 03:32

Re: [Request] FaceNiff (facebook sniffing/hacking tool)
 
Quote:

Originally Posted by sr00t (Post 1021173)
Oh yes. 100% skiddie stuff.
But what could you do to stop it? Tools like this are out there and force us to be aware that nowadays EVERYONE could "hack" the s**t out of you within two clicks.
So, this thing is encouraging us to use https, to stop these script kiddies who don't give a **** what a MITM attack is.

Everything has it's pro and it's cons. You are pointing out the cons, and I'm pointing out the pro's. But we have the same opinion about this type of programs.-

Well, I implicitly meant to point out the pro by saying it can indirectly help increase security. But at the same time, there have been many many events that have shown massive insecurities in much of what we do in our online habits. Yet people, websites, and even large well-funded companies continue making most of the same mistakes, on and on and on.

I mean, facebook has implemented SSL a while ago (I think shortly after FireSheep got publicity), but they still don't bother making that the default login page, last I checked.

I certainly agree with you, these kind of things are almost necessary, the way society is now, for security to be increased. However, at the same time, society shouldn't have to be this slow at getting better security everywhere, and shouldn't have to depend on malicious exploitation as motivation.

It's pretty intrinsic to the nature of both humans and large collectives thereof, of course, so that's not changing any time soon.

pusak gaoq 2011-06-03 03:48

Re: [Request] FaceNiff (facebook sniffing/hacking tool)
 
Quote:

Originally Posted by sr00t (Post 1021173)
Everything has it's pro and it's cons. You are pointing out the cons, and I'm pointing out the pro's. But we have the same opinion about this type of programs.-

i dont see any pro's on hacking someone else social account...what really do you want after hacking it???
download their private picture???
spying on their activities???
reading their private message???
or just to show other how genius you are???

This is not pro's at all....have you thinks how do people thinks after their account have been hacked??? or why dont i hacked on your account so you can feel how other feel when they account have been hacked...would you like that????

Mentalist Traceur 2011-06-03 05:14

Re: [Request] FaceNiff (facebook sniffing/hacking tool)
 
Quote:

Originally Posted by pusak gaoq (Post 1021427)
i dont see any pro's on hacking someone else social account...what really do you want after hacking it???
download their private picture???
spying on their activities???
reading their private message???
or just to show other how genius you are???

He pointed out that the pro isn't the direct ability to hack social network accounts, but that the ease of such things pushes others to be more secure. Of course, you're more than welcome to argue that that sociological pro isn't worth the cost. And, honestly, I agree that it's now. But it's a reality that such programs happen, and while they do, he's pointing out that there is a positive side-effect.

Ideally, this wouldn't be an issue in the first place, of course.

Quote:

Originally Posted by pusak gaoq
This is not pro's at all....have you thinks how do people thinks after their account have been hacked??? or why dont i hacked on your account so you can feel how other feel when they account have been hacked...would you like that????

I agree with you, however I want to point out unlikely scenarios that do still happen, where this could easily be relevant:

Suppose the account being hacked is of some school's local gang member kid / vicious "bully" (hate that word, it sounds WAY too benign), etc., and he and his buddies were discussing jumping some kid and beating him up in the near future, etc. And you happened to overhear of it, and given that this is teenagers we're talking about, they could easily be expected to have facebook accounts, and be stupid enough to discuss such activity over them. Anyway, said hacking could easily get you evidence needed to anonymously tip off authorities, or to deal with the situation on your own (which, sadly, is sometimes more effective... often a LOT more effective, depending on your luck with the authorities in question, and your skills and connections otherwise..).

Or, suppose you yourself are the victim of something at the hands of a person - let's say you're female, and have been raped by some *******, who is still threatening things like blackmail and the like (or, as is often the case with rapes, especially in high school, you'll get raped and then the ******* goes around telling everyone that you willingly slept with them, etc. For all you know it was a drug-helped rape and they took pictures during the act and are distributing them, etc). Now, the average rape victim goes through horrible trauma and only some are able to seek revenge or any sort shortly after the event, but given how difficult it is to get convictions when dealing with rapes, being able to access private messages could be helpful in terms of evidence later. I can also think of quite a few other ethical ways that hacking can come in handy when dealing with people heinous enough to rape someone, but I don't want to bore the people who actually read what I write more than I already do.

Or, you know, there countless other ways you can use facebook hacking, given how much communication happens over facebook nowadays, towards ends that are ethical in context of that hypothetical situation.

Now, I'm not necessarily saying that justifies the existence of programs like this - obviously far more abuse will happen than legitimately ethical use - it's just that the cons/pros of such a capacity existing in general came up, so I felt I should point out that pros could happen.

HellFlyer 2011-06-03 06:14

Re: [Request] FaceNiff (facebook sniffing/hacking tool)
 
It wont work if you're connect to Facebook via https

justice4all3000 2011-06-03 06:50

Re: [Request] FaceNiff (facebook sniffing/hacking tool)
 
tested and working in nitdroid!!

pusak gaoq 2011-06-03 08:57

Re: [Request] FaceNiff (facebook sniffing/hacking tool)
 
@Mentalist Traceur....

i can only compromise if hacking is been done by authorities (police & etc) in some cases but not by normal people...even police need a warrant @ sepina if you want to hacked somebody account...hacking without warrant will be consider guilty & all evidence that have been collected will not be relevent in court....
deal the situations by your own??? well we can do but honesty in the heartless world we living there only two outcome you gonna get...

1.you will die for it...
2.we will see you in court....

Mentalist Traceur 2011-06-03 19:16

Re: [Request] FaceNiff (facebook sniffing/hacking tool)
 
Quote:

Originally Posted by pusak gaoq (Post 1021515)
@Mentalist Traceur....

i can only compromise if hacking is been done by authorities (police & etc) in some cases but not by normal people...even police need a warrant @ sepina if you want to hacked somebody account...hacking without warrant will be consider guilty & all evidence that have been collected will not be relevent in court....

In an ideal world, maybe (although in an ideal world laws would permit more leeway for ethical action by normal citizens, and there would be far better means of psychologically evaluating people and whether their intentions are genuinely from rational ethical reasoning or from other crap...). But there's ideal, and there's reality.

Depending on what/who you're dealing with and who your local authorities are, it might not be possible to do so. In the examples I listed for example, police wouldn't get involved unless there was serious evidence already.

Especially in the cases of rape, going through the official legal channels (even more so for teenagers and people still in school otherwise) typically makes things worse, both for the victim's recovery psychologically, for the victim's reputation, and so on.

Quote:

Originally Posted by pusak gaoq (Post 1021515)
deal the situations by your own??? well we can do but honesty in the heartless world we living there only two outcome you gonna get...

1.you will die for it...
2.we will see you in court....

Again, not exactly true. If it was, there wouldn't be unsolved crimes and plenty of criminals who go uncaught for as long as they do.

And keep in mind that the above examples aren't serious criminals with resources and weapons. They're the kind of psychologically and physically devastating crime that people in their late teens and early twenties commit against each other, mostly. Serious criminals, the ones hardened by experience, I suspect, don't discuss their activities over facebook, on average.

Naturally, the more hardened the criminals you're dealing with, the greater the risk of death or serious injury if you get involved. Same with whether or not you end up charged/persecuted yourself (law enforcement agencies typically look very harshly upon vigilantism). But sometimes situations come up where you can't expect authorities to reliably act, and then it's down to whether the individual in question believes the ethical need to help others is great enough to warrant taking those risks.

Dr.Marcial 2011-06-03 20:52

Re: [Request] FaceNiff (facebook sniffing/hacking tool)
 
Quote:

Originally Posted by Mentalist Traceur (Post 1021446)
He pointed out that the pro isn't the direct ability to hack social network accounts, but that the ease of such things pushes others to be more secure. Of course, you're more than welcome to argue that that sociological pro isn't worth the cost. And, honestly, I agree that it's now. But it's a reality that such programs happen, and while they do, he's pointing out that there is a positive side-effect.

Ideally, this wouldn't be an issue in the first place, of course.


I agree with you, however I want to point out unlikely scenarios that do still happen, where this could easily be relevant:

Suppose the account being hacked is of some school's local gang member kid / vicious "bully" (hate that word, it sounds WAY too benign), etc., and he and his buddies were discussing jumping some kid and beating him up in the near future, etc. And you happened to overhear of it, and given that this is teenagers we're talking about, they could easily be expected to have facebook accounts, and be stupid enough to discuss such activity over them. Anyway, said hacking could easily get you evidence needed to anonymously tip off authorities, or to deal with the situation on your own (which, sadly, is sometimes more effective... often a LOT more effective, depending on your luck with the authorities in question, and your skills and connections otherwise..).

Or, suppose you yourself are the victim of something at the hands of a person - let's say you're female, and have been raped by some *******, who is still threatening things like blackmail and the like (or, as is often the case with rapes, especially in high school, you'll get raped and then the ******* goes around telling everyone that you willingly slept with them, etc. For all you know it was a drug-helped rape and they took pictures during the act and are distributing them, etc). Now, the average rape victim goes through horrible trauma and only some are able to seek revenge or any sort shortly after the event, but given how difficult it is to get convictions when dealing with rapes, being able to access private messages could be helpful in terms of evidence later. I can also think of quite a few other ethical ways that hacking can come in handy when dealing with people heinous enough to rape someone, but I don't want to bore the people who actually read what I write more than I already do.

Or, you know, there countless other ways you can use facebook hacking, given how much communication happens over facebook nowadays, towards ends that are ethical in context of that hypothetical situation.

Now, I'm not necessarily saying that justifies the existence of programs like this - obviously far more abuse will happen than legitimately ethical use - it's just that the cons/pros of such a capacity existing in general came up, so I felt I should point out that pros could happen.

Disturbingly detailed :P lol

I agree about the abuse potential and the ethical implications, I am a rookie at security testing/hacking, and my ethical standards are as average as any other doctor out there, but as a hobby I enjoy pen testing, and love to show off my phone to my less tech savvy friends. They joke around with the fact that my phone(n900) does pretty much anything and how proud I am of it.

I really dont want to get flamed or anything. I just wanted to have a tool like this at my disposal just for having it. Im not a thief nor a spy, nor a guy with trust issues :P just a n900 enthusiast that likes having as many features possible on my "phone"; specially if now other Os can have them too.

anyway, thanks for the replys, I'll keep playing with etthercap, ssltrips, janus attks, etc, until someone desides to make a one-button python app that does it for me.

Ps. thx to Mentalist for maintaining Aircrack-ng, its great to have in the community. keep it up

corrosion 2011-06-13 06:22

Re: [Request] FaceNiff (facebook sniffing/hacking tool)
 
@hellflyer it will if you run sslstrip

Radicalz38 2011-06-13 07:32

Re: [Request] FaceNiff (facebook sniffing/hacking tool)
 
Hey isn't this just plain arp spoofing made easy? I think you can do this with the current available tools of maemo it's just the differences are this one is just button clicks away & is limited. While on maemo you need to familiarize the commands & is of unlimited use. And yeah... With maemo using sslstrip you can hack it even through https while on faceniff you can't.

Faizahamed 2011-09-15 20:13

Re: [Request] FaceNiff (facebook sniffing/hacking tool)
 
Hello there!!!

I got some idea about facebook sniffing. Actually,its an hacking tool which is available on

www.learnhackings.blogspot.com

I've downloaded it from the above site.....& its seems like working to me.....

Unhuman 2011-09-15 20:31

Re: [Request] FaceNiff (facebook sniffing/hacking tool)
 
Search the repositories for Yamas ... It is 56789times better and more usable than that really. There is a thread on the forums as well.

Or http://pcsci3nce.info/?p=291

kaos_king 2011-09-17 12:25

Re: [Request] FaceNiff (facebook sniffing/hacking tool)
 
Quote:

Originally Posted by Unhuman (Post 1089181)
Search the repositories for Yamas ... It is 56789times better and more usable than that really. There is a thread on the forums as well.

Or http://pcsci3nce.info/?p=291

Big +1

Along with some more characters to satisfy the validation.


All times are GMT. The time now is 01:08.

vBulletin® Version 3.8.8