[Droid Facebook App Sniffing]

As an android developer I've had the misfortune of dealing with facebook functionality....

The success of this is going to depend on the app itself, if its the actual Facebook one or one that uses the Facebook sdk, it uses single sign on with OAuth (which is an HTTPS connection), with the idea being that you don't want to handle the actual log in. If it's an older app there's no telling as they had all kinds of ways to implement.

So depending on if the user has previously signed in on the device, they may never enter the login but just 'allow' the app to work with your profile. For instance I dont use facebook so when I test I have to enter a login, but after that one time every other facebook app I test just wants permission to use my profile. They've gone to a key system, so you may end up snagging the app key, which might be fun too.

The facebook sdk is crap, but the point of the single sign on was solely to avoid entering usernames and passwords. Hope this helps.

As far as ports and ssl, there's nothing that specifically states which is being used, but being what it is I'd say port 80 and ssl would depend on the user having it turned on or not.

The app on my phone, is the standard Facebook app from the marketplace. My wife is the iphone user and I have little to do with it but it would be whatever came on that phone. Like you I don't use FB either and also noticed that once you signed in it stayed signed in. I figured the -k option in sslstrip would make it have to re-authenticate. Certainly have some more options to try and if all else failed like Mr-P suggested I could take the gung-ho approach and listen on all ports.

Thanks guys

[Droid Facebook App Sniffing]

I had planned on learning to use wireshark in a few weeks but your idea sounds interesting enough for me to make time this week :)

Thanks dude I will post my results when I'm done.

[Droid Facebook App Sniffing]

Its possible the apps are tied into the carrier, and don't allow use over wifi, or they explicitly enforce SSl, and don't allow http access through the app.

I understand the part about not running through wifi even while connected that way but i'll admit the other part goes a bit over my head. Is there any way to test that idea?

[Droid Facebook App Sniffing]

Ok like everyone else who is trying to learn i've got Backtrack and messed around, done some wifi cracking and now i've progressed to tinkering with MitM attacks on my network. I've been able to successfully capture email and other ssl logins using sslstrip, but when I connect my Droid or an Iphone to my network via wifi I can't get it to sniff the login info. This is when the devices use the facebook app and not using a browser.

Do those apps send out data on another port than 80? I've been googling for what I thought would be basic information on them but I have yet to find out anything about what port those apps use or the encryption. I'm assuming SSL on the encryption. Can anyone tell me what the problem is or point me towards some proper research material?