Notices

As most people know, the n900 is an awesome pentesting/hacking tool, I just saw this article on engadget about an Android app called FaceNiff

I was wondering if anyone can help port it to maemo.

yes we have sslsptrip, ettercap, metasploit, easy-creds, etc.. but just like Faircrack, having everything with a touch of one button seems so much cooler.

firesheep never really worked for me, but maybe this is a lot better.

FaceNiff homepage

just run it on nitdroid if you're jonesing for someone else's private information

I used it today and it opens in NitDroid, but it didn't sniff any passwd.
Maybe it's my work wifi network that's causing problems, so I'll test it @ home.

I'm always divided between liking that tools are available and thinking that it's pure ******** that they make things so easy.

Of course, indirectly, they force security to improve, but still. Stuff like this, that targets one specific site, is like having a gun that can only fire when it's pointed, at, say, women 65 years old and up.

Now, there MIGHT be legitimate use cases for it, but chances are, if you're getting it knowing what it does, you're interested in shooting old women due to some mental issue more so than having a tool for shooting things that might legitimately need to be shot.

The same applies here. You might be interested in completely benign uses of the software. But unlike actual versatile tools, the overwhelming majority of users of something like this as going to be kiddies wanting to get some jollies of getting into people's facebook accounts.

Not that there can't be good reasons for doing that - sometimes there can be - but that's not what most people will use it for, and everyone knows that.

Oh yes. 100% skiddie stuff.
But what could you do to stop it? Tools like this are out there and force us to be aware that nowadays EVERYONE could "hack" the s**t out of you within two clicks.
So, this thing is encouraging us to use https, to stop these script kiddies who don't give a **** what a MITM attack is.

Everything has it's pro and it's cons. You are pointing out the cons, and I'm pointing out the pro's. But we have the same opinion about this type of programs.-

Well, I implicitly meant to point out the pro by saying it can indirectly help increase security. But at the same time, there have been many many events that have shown massive insecurities in much of what we do in our online habits. Yet people, websites, and even large well-funded companies continue making most of the same mistakes, on and on and on.

I mean, facebook has implemented SSL a while ago (I think shortly after FireSheep got publicity), but they still don't bother making that the default login page, last I checked.

I certainly agree with you, these kind of things are almost necessary, the way society is now, for security to be increased. However, at the same time, society shouldn't have to be this slow at getting better security everywhere, and shouldn't have to depend on malicious exploitation as motivation.

It's pretty intrinsic to the nature of both humans and large collectives thereof, of course, so that's not changing any time soon.

i dont see any pro's on hacking someone else social account...what really do you want after hacking it???
download their private picture???
spying on their activities???
reading their private message???
or just to show other how genius you are???

This is not pro's at all....have you thinks how do people thinks after their account have been hacked??? or why dont i hacked on your account so you can feel how other feel when they account have been hacked...would you like that????

He pointed out that the pro isn't the direct ability to hack social network accounts, but that the ease of such things pushes others to be more secure. Of course, you're more than welcome to argue that that sociological pro isn't worth the cost. And, honestly, I agree that it's now. But it's a reality that such programs happen, and while they do, he's pointing out that there is a positive side-effect.

Ideally, this wouldn't be an issue in the first place, of course.

I agree with you, however I want to point out unlikely scenarios that do still happen, where this could easily be relevant:

Suppose the account being hacked is of some school's local gang member kid / vicious "bully" (hate that word, it sounds WAY too benign), etc., and he and his buddies were discussing jumping some kid and beating him up in the near future, etc. And you happened to overhear of it, and given that this is teenagers we're talking about, they could easily be expected to have facebook accounts, and be stupid enough to discuss such activity over them. Anyway, said hacking could easily get you evidence needed to anonymously tip off authorities, or to deal with the situation on your own (which, sadly, is sometimes more effective... often a LOT more effective, depending on your luck with the authorities in question, and your skills and connections otherwise..).

Or, suppose you yourself are the victim of something at the hands of a person - let's say you're female, and have been raped by some *******, who is still threatening things like blackmail and the like (or, as is often the case with rapes, especially in high school, you'll get raped and then the ******* goes around telling everyone that you willingly slept with them, etc. For all you know it was a drug-helped rape and they took pictures during the act and are distributing them, etc). Now, the average rape victim goes through horrible trauma and only some are able to seek revenge or any sort shortly after the event, but given how difficult it is to get convictions when dealing with rapes, being able to access private messages could be helpful in terms of evidence later. I can also think of quite a few other ethical ways that hacking can come in handy when dealing with people heinous enough to rape someone, but I don't want to bore the people who actually read what I write more than I already do.

Or, you know, there countless other ways you can use facebook hacking, given how much communication happens over facebook nowadays, towards ends that are ethical in context of that hypothetical situation.

Now, I'm not necessarily saying that justifies the existence of programs like this - obviously far more abuse will happen than legitimately ethical use - it's just that the cons/pros of such a capacity existing in general came up, so I felt I should point out that pros could happen.

It wont work if you're connect to Facebook via https

tested and working in nitdroid!!