Jump to content

Droid Facebook App Sniffing

r00ster

By r00ster
in Security

 Share

Recommended Posts

r00ster Newbie

r00ster

Posted
Posted

Ok like everyone else who is trying to learn i've got Backtrack and messed around, done some wifi cracking and now i've progressed to tinkering with MitM attacks on my network. I've been able to successfully capture email and other ssl logins using sslstrip, but when I connect my Droid or an Iphone to my network via wifi I can't get it to sniff the login info. This is when the devices use the facebook app and not using a browser.

Do those apps send out data on another port than 80? I've been googling for what I thought would be basic information on them but I have yet to find out anything about what port those apps use or the encryption. I'm assuming SSL on the encryption. Can anyone tell me what the problem is or point me towards some proper research material?

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted

Its possible the apps are tied into the carrier, and don't allow use over wifi, or they explicitly enforce SSl, and don't allow http access through the app.

Link to comment
Share on other sites
r00ster Newbie

r00ster

Posted
  • Author
Posted

Its possible the apps are tied into the carrier, and don't allow use over wifi, or they explicitly enforce SSl, and don't allow http access through the app.

I understand the part about not running through wifi even while connected that way but i'll admit the other part goes a bit over my head. Is there any way to test that idea?

Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted (edited)

I understand the part about not running through wifi even while connected that way but i'll admit the other part goes a bit over my head. Is there any way to test that idea?

To test this idea, what you could do is a MITM attack on your phone. Open Wireshark on the attacker machine and then connect your phone to the WIFI and run the facebook app then go back to Wireshark and analyse the packets captured.

The packets captured should tell if the facebook app is using HTTPS all the way. And with Wireshark still running, you could do a SSLStrip and see what happens.

Edited by Infiltrator
Link to comment
Share on other sites
r3b00tz Newbie

r3b00tz

Posted
Posted (edited)

As an android developer I've had the misfortune of dealing with facebook functionality....

The success of this is going to depend on the app itself, if its the actual Facebook one or one that uses the Facebook sdk, it uses single sign on with OAuth (which is an HTTPS connection), with the idea being that you don't want to handle the actual log in. If it's an older app there's no telling as they had all kinds of ways to implement.

So depending on if the user has previously signed in on the device, they may never enter the login but just 'allow' the app to work with your profile. For instance I dont use facebook so when I test I have to enter a login, but after that one time every other facebook app I test just wants permission to use my profile. They've gone to a key system, so you may end up snagging the app key, which might be fun too.

The facebook sdk is crap, but the point of the single sign on was solely to avoid entering usernames and passwords. Hope this helps.

As far as ports and ssl, there's nothing that specifically states which is being used, but being what it is I'd say port 80 and ssl would depend on the user having it turned on or not.

Edited by r3b00tz
Link to comment
Share on other sites
r00ster Newbie

r00ster

Posted
  • Author
Posted

As an android developer I've had the misfortune of dealing with facebook functionality....

The success of this is going to depend on the app itself, if its the actual Facebook one or one that uses the Facebook sdk, it uses single sign on with OAuth (which is an HTTPS connection), with the idea being that you don't want to handle the actual log in. If it's an older app there's no telling as they had all kinds of ways to implement.

So depending on if the user has previously signed in on the device, they may never enter the login but just 'allow' the app to work with your profile. For instance I dont use facebook so when I test I have to enter a login, but after that one time every other facebook app I test just wants permission to use my profile. They've gone to a key system, so you may end up snagging the app key, which might be fun too.

The facebook sdk is crap, but the point of the single sign on was solely to avoid entering usernames and passwords. Hope this helps.

As far as ports and ssl, there's nothing that specifically states which is being used, but being what it is I'd say port 80 and ssl would depend on the user having it turned on or not.

The app on my phone, is the standard Facebook app from the marketplace. My wife is the iphone user and I have little to do with it but it would be whatever came on that phone. Like you I don't use FB either and also noticed that once you signed in it stayed signed in. I figured the -k option in sslstrip would make it have to re-authenticate. Certainly have some more options to try and if all else failed like Mr-P suggested I could take the gung-ho approach and listen on all ports.

Thanks guys

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...