Beware! FaceNiff Hijacks Facebook using just an Android phone

Good day Hackers Thirst Readers. Its in first guest post and I hope you all will surely like it. Recently, Wamiq Ali, posted about prevention of hacking into Facebook. He demonstrated that how Firefox along with a Firefox extension called fire sheep can be misused by hackers. This time around we'll do away with having to use a PC. Instead we will be demonstrating that using only an android phone a Facebook account can be hijacked. People would even think you hacker was only texting because he doesn't need a laptop. Here's what he will need:

1- Any android Phone with an app called "FaceNiff"

Regardless if the network is encrypted with WEP, WPA-PSK or WPA2-PSK as long as the users are on the same Local area network or Wi-Fi one could easily sniff and hijack into his Facebook.

How a hacker Hijack accounts using FaceNiff:-

Here are the steps to hi jacking an account:
  • He connects to the wifi network and opens FaceNiff.
  • Then he scans the network to find any cookies being transferred.
  • The transferred cookies are dumped by FaceNiff into his smartphone and Facebook thinks that the hacker is logged in.

This works by stealing their cookies and setting it as his own. Therefore one can log in with even knowing his username or password. An interface screenshot of FaceNiff:


How to prevent FaceNiff attack:
Prevention is easy, all you've to do is to visit every website on https which will encrypt transfer of data between the host website and the user. FaceNiff can work only if the victim uses http. Now, many modern browsers don't support http instead they prefer secure connection https.

About The Guest Author:-
Hey this is Xyzsor owner of MiniMaxima - A Minimalist Tech Blog.Stay in contact with me at