Network Spoofer Logo

Network Spoofer - Hacking networks from Android

Network Spoofer is a navite app for the Android platform that requires root access to perform a multitude of attacks against a router.
Network Spoofer is a 100 mb download, which then requires another 450 mb of storage on the SD card to download and inflate a Debian System Image where the attack scripts are run from.
You can find more information on the Network Spoofer home page here:
http://digitalsquid.co.uk/netspoof/
An explaination of how Network Spoofer works internally can be found here:
http://digitalsquid.co.uk/2012/01/how-network-spoofer-works/

Proof of Concept:

Attacks Include:

Adblock - block all advertisements
All sites -> Kittenwar.com - redirect all traffic to kittenwar.com
All sites -> other website - redirect all traffic to a URL of your choice
Blur Images - Blurs all the images on a webpage
Custom Google Search Change - Change the text in Google Searches
Custom YouTube video - Change all videos on YouTube to a custom video
Custom Image Change (image on phone) - replace all images on websites with an image stored on your phone
Custom Image Change (image on web) - replace all images on websites with an image stored on the internet
Flip Images - Flip all images upside down on webpages
Redirect Traffic Through Phone - ARP poison the router to direct all traffic through your device
Rickroll - replace YouTube videos with a rickroll
Text Change - change all text on websites
Trollface - replace all images with a trollface image

The Attack:

Step 1) Arp poison the router. This leverages the root capabilities of a rooted android operating system to perform a Man in the Middle attack against all the hosts on the network. Because it attacks the arp cache of the router, you will be able to MITM both wired and wireless hosts on the same network from a single wireless connection. This also requires that you have already obtained an IP Address from the victim network which means Wireless Encryption will not prevent this attack if the attacker already knows the encryption key.

Step 2) Choose the attack you would like to execute.

Step 3) Execute the attack.

Preventing this Attack:

This attack will be successful on all networks where a user can connect to the network (they must have the encryption key if encryption is in use) and can successfully ARP poison the router.

To prevent this type of attack, use wireless encryption and keep untrusted hosts off of your network.