

DroidSheep - Simple OpenSource Session hijacking on Android devices - pimeys
http://droidsheep.de/

======
atmz
Now, Firesheep was an important, and arguably justified, experiment in that it
brought the perils of not using SSL over public wifi (a problem that's been
around for years) to public attention by making it quick and simple to
demonstrate. However, I fail to see a real justification for this. Of course,
people have the right to make and distribute this software, but it feels a bit
irresponsible; the source link seems to only superficially warn against
illegal use, and the capability to hijack any cookie (instead of just the
well-known services) doesn't seem to serve a useful non-illegal purpose.

------
christefano
Why does this app want permissions to modify Gmail messages?

~~~
wladimir
As you need root access to be able to put network interfaces in promiscuous
mode and capture raw packets, I think it gets all permissions that are
possible. I'm not sure how Android shows this on install, though, whether it
still shows all the specific privileges... if so, it would explain this weird
privilege.

~~~
christefano
It's been a few hours since I checked, but I recall it wants only 2-3
permissions, not all permissions. One I remember is "full internet access" and
the other is "modify Gmail".

