The apps gives you access to others accounts. Now how does it work.
When the victim is using the WiFi, his laptop sends all the data intended to be received by Facebook, over the air to the coffee bars wireless router. “Over the air” means “ the data can be captured by anybody”, attacker can read all the data sent by victim. As some data is encrypted before being sent, attacker cannot read victims Facebook password, but in order not to make victim enter his password after each click, Facebook sends victim a so called “session id” after logging in, which sends with each interaction, making it possible for Facebook to identify Bob. Usually only victim knows this id, as he receives it encrypted. But when victim uses the coffee bars WiFi, he spreads his session id over the air to everybody. So attackers takes this session id and uses it as his– and Facebook cannot determine who used the id.
There are two possible ways to install DroidSheep:
- One of the Android Markets (Google, AppBrain, …) — Simply search for DroidSheep and install the application
- Download it from the “GET-IT” section using your phones browser and open the file — your phone should ask for installing the app.
Make sure, your phone is connected to a WiFi-Network, start DroidSheep and push the “start” button. Just wait for few seconds and it will show all accounts opened which can be directly opened.