September 20, 2011, 1:52 PM — Did you root your Android-based smartphone or tablet, or are you thinking about it? Well, here are seven free network-related apps that take advantage of the superuser permissions. In this list, you'll discover apps that help with the network configuration and security of your device, apps to do sharing and sniffing on networks, and apps that demonstrate network hacking and security risks.
DroidSheep by Andreas Koch
Heard of the Firefox add-on called Firesheep that can hack people's accounts? Well, this Android app provides similar web session hijacking (sidejacking) on social networking and other sites that don't fully secure logins and cookies with SSL encryption. It works on Wi-Fi networks secured with WEP or the Personal (PSK) mode of WPA or WPA2, in addition to unsecured or hotspot networks. Like other session hijacking tools, it doesn't work on WPA/WPA2-Enterprise networks using 802.1X authentication, which isn't vulnerable to user-to-user eavesdropping.
You can use DroidSheep to demonstrate to yourself or others of how easy it is to take-over other user's unsecured web sessions. You just open the app, agree to their disclaimer, and tap Start. You'll start seeing the list populate once users on the network login to unsecured sites, displaying their URLs and session IDs. Then you can tap on an entry to open the site in full or mobile view, save the cookies, or export the cookies via email.
Seeing just how simple session hacking is may prompt you or others to better secure your web sessions. Some websites, such as Facebook and Twitter, let you optionally enable HTTPS/SSL encryption. Remember, the URL of SSL-encrypted web sessions begin with https instead of http. So before logging onto any site on a public or untrusted network, you might just try adding an s to the http of the URL to see if SSL encryption is supported.