FaceNiff is an Android app that allows you to sniff and intercept web session profiles over the Wi-Fi that your mobile is connected to.
It is possible to hijack sessions only when Wi-Fi is not using EAP, but it should work over any private networks (Open/WEP/WPA-PSK/WPA2-PSK).
It’s kind of like Firesheep for Android and it works on WPA2.
A rooted phone is required and keep in mind that if the user uses SSL this application won’t work.
Here’s a video of FaceNiff for Android in action on LG Swift 2X:
Confirmed to work on:
- HTC Desire CM7
- Original Droid/Milestone CM7
- SE Xperia X10
- Samsung Galaxy S
- Nexus 1 CM7
- HTC HD2
- LG Swift 2X
- LG Optimus Black – original rom
- LG Optimus 3D – original rom
- Samsung Infuse.