Page 5 of 23

Re: FaceNiff 2.x FINAL release thread

Posted: Wed Nov 02, 2011 2:23 pm
by prueba123
i have 2 problems, i got the new version unlocked.

1- when i sniff, the net go out, like wifikill, i think something is working bad
2- i use sslstrip on, but i dont get the mail - crippled password of facebook account, i test loggin when is on, an nothing, how it work?

Re: FaceNiff 2.x FINAL release thread

Posted: Wed Nov 02, 2011 5:53 pm
by ponury
prueba123 wrote:i have 2 problems, i got the new version unlocked.

1- when i sniff, the net go out, like wifikill, i think something is working bad
It's a hack it sometimes doesn't work. You could send me a catlog of this behavior.
prueba123 wrote:2- i use sslstrip on, but i dont get the mail - crippled password of facebook account, i test loggin when is on, an nothing, how it work?
http://forum.ponury.net/viewtopic.php?f=6&t=61

Re: FaceNiff 2.x FINAL release thread

Posted: Fri Nov 04, 2011 10:51 am
by fatcobrah
i like this app to hell :D @ponury u r the man :)
i have a question : can we use it to hack facebook application for android , ios or facebook mobile ?

Re: FaceNiff 2.x FINAL release thread

Posted: Fri Nov 04, 2011 4:46 pm
by AndroidUnite
Fantastic job with SSL-Strip, can't wait to test it and update the video on YouTube.

Re: FaceNiff 2.x FINAL release thread

Posted: Fri Nov 04, 2011 5:34 pm
by ponury
AndroidUnite wrote:Fantastic job with SSL-Strip, can't wait to test it and update the video on YouTube.
That would be super awesome!
fatcobrah wrote:i like this app to hell @ponury u r the man
i have a question : can we use it to hack facebook application for android , ios or facebook mobile ?
I believe this wouldn't be possible because these apps use SSL by default. But I'm not 100% sure.

Re: FaceNiff 2.x FINAL release thread

Posted: Fri Nov 04, 2011 6:13 pm
by AndroidUnite
psycon wrote:my intent was not to be rude. I know that in order for apps like this to exist people must support them by buying the app. i want to support you, but to me it makes sense to pay 5 bucks for an app that is only a proof, and provides nothing useful...

I agree that script kiddies will have a field day with this, but would that not generate more purchases for you... and if such an easy to use/portable app existed, it would force companies such as facebook to build a better defence to MiTM attacks such as this.

If this acutally decoded the passwords it would allow me to pentest clients networks without hauling my laptop around, or fiddling with a command shell on my phone...

this app is really nothing new as far as its capabilites, but it does make the process a hell of a lot easier from a portable device.

at the end of the day its your call of course, i just think you will get more purchases if it was not crippled, and dont think you should cripple the app just because of what some kiddies may or may not do.

again, i hope i did not offend you as that was not my intent.
Don't be an effing douche, if you're half as smart as you claim to be and truly want an "uncrippled" portable app, then write it yourself or pay someone to do it. This man is pushing out update after update for what? He himself has said he could MAYBE buy 3 beers with the money he's earned from this. Give Ponury credit for having a level head on his shoulders and keeping this project as a proof of concept and not just another full fledged tool for violating people's privacy. If you truly work in the corporate security business, you shouldn't be looking for this to do everything you need, quit being lazy and un-appreciative.

Re: FaceNiff 2.x FINAL release thread

Posted: Fri Nov 04, 2011 8:31 pm
by javipkt
Hi,

I have two suggestions:

1 - When Faceniif capture a Tuenti session, the browser redirects to the website for PC, which makes it very difficult to enter the site at times. Would be better if the browser redirects to the mobile version.

2 - Could you implement a generic mode as Droidsheep? --> [Cutcutcut, marketing]

Thanks!

Re: FaceNiff 2.x FINAL release thread

Posted: Fri Nov 04, 2011 8:48 pm
by ponury
javipkt wrote:Hi,

I have two suggestions:

1 - When Faceniif capture a Tuenti session, the browser redirects to the website for PC, which makes it very difficult to enter the site at times. Would be better if the browser redirects to the mobile version.
Are you sure it will work this way? After going to a desktop page you could always switch to mobile :-)
javipkt wrote:2 - Could you implement a generic mode as Droidsheep? --> [Cutcutcut, marketing]
Maybe I will, but I'm not so fond about it.

Re: FaceNiff 2.x FINAL release thread

Posted: Fri Nov 04, 2011 9:04 pm
by javipkt
The browser takes too long to enter in the PC web for Tuenti. If I switch to the mobile version, I think the cookie is no longer valid.
I also think that if someone accesses to Tuenti from the mobile version, then the cookie does not capture by Faceniff.

I have to do more testing, but still I have the Faceniff trial version.
Do you have Tuenti account? If you do not have, I can send an invitation to you, if you need to improve Faceniff.

Re: FaceNiff 2.x FINAL release thread

Posted: Fri Nov 04, 2011 9:24 pm
by ponury
javipkt wrote:The browser takes too long to enter in the PC web for Tuenti. If I switch to the mobile version, I think the cookie is no longer valid.
I also think that if someone accesses to Tuenti from the mobile version, then the cookie does not capture by Faceniff.

I have to do more testing, but still I have the Faceniff trial version.
Do you have Tuenti account? If you do not have, I can send an invitation to you, if you need to improve Faceniff.
someone gave me tuenti account some time ago... maybe I still have it