“A smartphone with hacking tools? There is no such thing, "- just recently we would have told you. The usual tools for implementing attacks could be launched only on some Maemo. Now, many tools have been ported to iOS and Android, and some hack-tools have been specially written for the mobile environment. Can a smartphone replace a laptop in penetration tests? We decided to check.

Android is a popular platform not only for mere mortals, but also for the right people. The number of useful utilities here is simply off scale. For this, we can say thanks to the UNIX roots of the system, which greatly simplified the porting of many tools to Android. Alas, some of them are not allowed by Google in the Play Store, so you will have to install the corresponding APKs manually. Also, for some utilities, you need maximum access to the system (for example, the iptables firewall), so you should take care of root access in advance.

It uses its own technology for each manufacturer, but it is quite easy to find the necessary instructions. A decent set of HOWTOs has been put together by the LifeHacker resource (bit.ly/eWgDlu). However, if you could not find a model here, the XDA-Developers forum (www.xda-developers.com) always comes to the rescue, where you can find various information on virtually any Android phone model. One way or another, some of the utilities described below will work without root access. So we present you hacker utilities for android.

Package manager:

Let's start our overview with an unusual package manager. The developers call it "superuser utilities", and this is not far from the truth. After installing BotBrew, you get a repository from where you can download a huge number of familiar tools compiled for Android. Among them: Python and Ruby interpreters for running the many tools that are written in them, tcpdump sniffer and Nmap scanner for network analysis, Git and Subversion for working with version control systems, and much more.

Network scanners:

An inconspicuous smartphone that, unlike a laptop, easily fits into your pocket and never arouses suspicion, can be useful for network exploration. We have already said how you can install Nmap above, but there is another option. PIPS is a specially adapted, albeit unofficial port of the Nmap scanner for Android. This means that you can quickly find active devices on the network, determine their OS using fingerprinting options, perform a port scan - in short, do everything that Nmap can do.

l
With Nmap, for all its power, there are two problems. Firstly, the parameters for scanning are transmitted through launch keys, which you need not only to know, but also to be able to enter from an inconvenient mobile keyboard. And secondly, the scan results in the console output are not as descriptive as we would like. The Fing scanner is devoid of these shortcomings, which scans the network very quickly, does fingerprinting, after which it displays a list of all available devices in an understandable form, dividing them by type (router, desktop, iPhone, and so on). At the same time, for each host, you can quickly see a list of open ports. And right from here you can connect, say, to FTP using the FTP client installed in the system - it's very convenient.

When it comes to analyzing a specific host, NetAudit can be indispensable. It works on any Android device (even a non-rooted one) and allows not only to quickly identify devices on the network, but also to investigate them using a large fingerprinting database to determine the operating system, as well as CMS systems used on the web server. Now the database contains more than 3000 digital prints.

If, on the contrary, you need to work at a lower level and thoroughly examine the operation of the network, then you cannot do without Net Tools. This is an indispensable set of utilities in the work of a system administrator that allows you to fully diagnose the operation of the network to which the device is connected. The package contains more than 15 different kinds of programs, such as ping, traceroute, arp, dns, netstat, route.

Android wi-fi monitor mode:

All WiFi modules have a special monitor mode. This mode can also be used for sniffing, intercepting and cracking passwords. However, in Android devices, due to hardware limitations, access to this mode is closed. The fact is that most Android smartphones use the same ones from Broadcom - these are bcm4329 or bcm4330, which do not work in a completely standard way.

The site has published instructions for activating monitor mode on Nexus One (Cyanogen 7) and GS2 (Cyanogen 9). Ready-made packages can be downloaded.

For the code to work on other devices, you need to download the source code yourself and compile the package.

TRAFFIC HANDLING:

The tcpdump-based sniffer honestly logs all data into a pcap file, which can then be examined using familiar utilities like Wireshark or Network Miner. Since it does not implement any opportunities for MITM attacks, it is rather a tool for analyzing its traffic. For example, this is a great way to learn what programs installed on your device from questionable repositories are transmitting.

If we talk about combat applications for Android, then one of the most sensational is FaceNiff, which implements interception and injection into intercepted web sessions. By downloading the APK package with the program, you can launch this hack-tool on almost any Android smartphone and, by connecting to a wireless network, intercept accounts of various services: Facebook, Twitter, VKontakte, and so on - more than ten in total. Session hijacking is carried out by means of ARP spoofing attack, but the attack is possible only on unsecured connections (FaceNiff cannot wedge into SSL traffic). To contain the flow of scriptdis, the author limited the maximum number of sessions to three.

l
If the creator of FaceNiff wants money for using it, then DroidSheep is a completely free tool with the same functionality. True, on the official website you will not find the distribution kit (this is due to the harsh laws of Germany regarding security utilities), but it can be found on the Web without any problems. The main task of the utility is to intercept user web sessions of popular social networks, implemented using the same ARP Spoofing. But the trouble with secure connections: like FaceNiff, DroidSheep flatly refuses to work with the HTTPS protocol.

This utility also demonstrates the insecurity of open wireless networks, but in a slightly different plane. It does not intercept user sessions, but it allows HTTP traffic to pass through itself using a spoofing attack, performing specified manipulations with it. Starting from the usual pranks (replacing all the pictures on the site with trollfaces, flipping all the images, or, say, changing the Google search results) and ending with phishing attacks when fake pages of such popular services as facebook.com, linkedin.com, vkontakte.ru and many others.

If you ask which hack utility for Android is the most powerful, then Anti probably has no competitors. This is a real hacker harvester. The main task of the program is to scan the network perimeter. Further, various modules enter the battle, with the help of which a whole arsenal is implemented: this is wiretapping, and the execution of MITM attacks, and the exploitation of the vulnerabilities found. True, there are also disadvantages. The first thing that catches your eye is that the exploitation of vulnerabilities is carried out only from the central server of the program, which is located on the Internet, as a result of which you can forget about goals that do not have an external IP address.

TUNNELING TRAFFIC:

Okay, but how do you keep your data safe on an open wireless network? Besides the VPN that Android supports out of the box, you can set up an SSH tunnel. For this, there is a wonderful utility SSH Tunnel, which allows you to wrap the traffic of selected applications or the entire system through a remote SSH server.

It is often necessary to send traffic through a proxy or sox, in which case ProxyDroid will help out. It's simple: you choose which applications' traffic you want to tunnel, and specify the proxy (HTTP / HTTPS / SOCKS4 / SOCKS5 are supported). If authorization is required, then ProxyDroid also supports this. By the way, the configuration can be linked to a specific wireless network by making different settings for each of them.

WIRELESS NETWORKS:

The built-in wireless manager is not very informative. If you need to quickly get a complete picture of nearby access points, then the Wifi Analyzer utility is an excellent choice. It will not only show all nearby access points, but also display the channel on which they work, their MAC address and, most importantly, the type of encryption used (seeing the cherished letters "WEP", we can assume that access to the secured network is provided ). In addition, the utility is ideal if you need to find where the desired access point is physically located, thanks to a clear signal strength indicator.

This utility, according to its developer, can be useful when the wireless network is packed to capacity with clients, and at this very moment you need a good connection and stable connection. WiFiKill allows you to disconnect clients from the Internet both selectively and according to a specific criterion (for example, it is possible to joke over all apple trees). The program just performs an ARP spoofing attack and redirects all clients to itself. This algorithm is foolishly simply implemented on the basis of iptables. Such is the control panel for fast food wireless networks.

AUDIT OF WEB APPLICATIONS:

Manipulating HTTP requests from a computer is a breeze, there are a huge number of utilities and browser plugins for this. In the case of a smartphone, things are a little more complicated. The HTTP Query Builder will help you send a custom HTTP request with the parameters you need, for example, the desired cookie or a modified User-Agent. The query result will be displayed in a standard browser.

If the site is password protected using Basic Access Authentication, then you can check its reliability using the Router Brute Force ADS 2 utility. Initially, the utility was created to brute force passwords to the router admin area, but it is clear that it can be used against any other resource with similar protection ... The utility works, but is clearly damp. For example, the developer does not provide for brute force, but only brute force is possible using the dictionary.

You've probably heard of Slowloris, a program to disable web servers. Its principle of operation is to create and maintain the maximum number of connections with a remote web server, thus preventing new clients from connecting to it. So, AnDOSid is an analogue of Slowloris right in your Android device! Sadly, two hundred connections are often enough to make one in four Apache websites unstable.

MISCELLANEOUS USEFULS:

When working with many web applications and analyzing their logic, it is quite common to encounter data transmitted in encoded form, namely Base64. Encode will help you decode this data and see what exactly is stored in it. Perhaps, substituting a quotation mark, encoding them back in Base64 and substituting them in the URL of the site under investigation, you will receive the coveted error of executing a query to the database.

If you need a hex editor, Android has one too. With the help of HexEditor, you can edit any files, including system files, if you raise the program to superuser rights. An excellent replacement for the standard text editor, allowing you to easily find the desired piece of text and change it.

REMOTE ACCESS:

After gaining access to a remote host, you need to be able to use it. And this requires clients. Let's start with SSH, where ConnectBot is already the de facto standard. In addition to a user-friendly interface, it provides the ability to organize secure tunnels via SSH connections.

A useful program that allows you to connect to a remote desktop via RDP or VNC services. I am very glad that these are two clients in one, there is no need to use different tools for RDP and VNC.

MIB browser specially written for Android, with which you can manage network devices using SNMP protocol. It can be useful for the development of an attack vector on various routers, because the standard community string (in other words, a password for access) for management via SNMP has not yet been canceled.

IPHONE

The iOS platform is no less popular among developers of security utilities. But if in the case of Android, root rights were needed only for some applications, then on Apple devices, jailbreak is almost always required. Fortunately, even the latest iDevice firmware (5.1.1) already has a jailbreak tool. Along with full access, you also get an alternative Cydia application manager, which already contains many utilities.

WORKING WITH THE SYSTEM:

The first thing to start with is installing the terminal. For obvious reasons, it is not included in the standard delivery of the mobile OS, but we will need it to run the console utilities, which we will talk about further. The best implementation of a terminal emulator is MobileTerminal - it supports multiple terminals at once, gestures for control (for example, for transferring ) and generally impresses with its thoughtfulness.

Another, more difficult option to access the device console is to install OpenSSH on it (this is done through Cydia) and connect to it locally via an SSH client. If you use the right client like iSSH, which has amazing touch screen control, you can work with your local console and remote hosts from one place.

DATA INTERCEPTION:

Now that you have access to the console, you can try the utilities. Let's start with Pirni, the first full-fledged sniffer for iOS. The structurally limited Wi-Fi module built into iDevices cannot be switched to promiscious mode, which is necessary for normal data interception. So for sniffing, classic ARP spoofing is used, with the help of which all traffic is passed through the device itself. The standard version of the utility is launched from the console, but there is a more advanced version - Pirni Pro, which boasts a graphical interface. Moreover, she knows how to parse HTTP traffic on the fly and even automatically extract interesting data from there (for example, usernames and passwords) using regular expressions that are set in the settings.

The notorious sniffer Intercepter-NG recently has a console version that runs on iOS and Android. It has already implemented the grabbing of passwords transmitted over various protocols, the interception of messenger messages, as well as the resurrection of files from traffic. At the same time, network scanning functions and high-quality ARP Poison are available. To work, you must first install the libpcap package via Cydia. All startup instructions boil down to setting the correct rights: chmod + x intercepter_ios. Further, if you run the sniffer without parameters, a clear interactive interface will appear.

It's hard to believe, but this most complex tool for implementing MITM attacks was ported to iOS. After colossal work, it turned out to make a full-fledged mobile port. To save yourself from dancing with a tambourine around dependencies during self-compilation, it is better to install the already built package using Cydia, after adding heworm.altervista.org/cydia as a data source. The set also includes the etterlog utility, which helps to extract various useful information from the collected traffic dump (for example, FTP accounts).

ANALYSIS OF WIRELESS NETWORKS:

In older versions of iOS, craftsmen ran aircrack and could break the WEP key, but we checked: the program does not work on new devices. Therefore, to explore Wi-Fi, we will have to be content with only Wi-Fi scanners. WiFi Analyzer analyzes and displays information about all available 802.11 networks around, including information about SSID, channels, vendors, MAC addresses and encryption types. With such a program, it is easy to find the physical location of the point, if you suddenly forgot it, and, for example, look at the written WPS PIN required for connection.

NETWORK SCANNERS:

What program does any pentester use anywhere in the world, regardless of goals and objectives? Network scanner. And in the case of iOS, it will most likely be the most powerful Scany toolkit. With a set of built-in utilities, you can quickly get a detailed picture of network devices and, for example, open ports. In addition, the package includes network testing utilities such as ping, traceroute, nslookup.

However, many people prefer Fing. The scanner has a fairly simple and limited functionality, but it is quite enough for the first acquaintance with the network of, say, a cafeteria :). The results display information about available services on remote machines, MAC-
addresses and names of hosts connected to the scanned network.

It would seem that everyone forgot about Nikto, but why? After all, this web vulnerability scanner, written in a scripting language (namely Perl), you can easily install through Cydia. This means that you can easily launch it on your jailbroken device from the terminal. Nikto will be happy to provide you with additional information on the tested web resource. In addition, you can add your own search signatures to its knowledge base with your own hands.

REMOTE CONTROL:

Many network devices (including expensive routers) are SNMP-managed. This utility allows you to scan subnets for available SNMP services with a previously known community string value (in other words, standard passwords). Note that looking for SNMP services with standard community strings (public / private) in an attempt to gain access to device management is an integral part of any penetration test along with
identification of the perimeter itself and the identification of services.

Two utilities from the same manufacturer are designed to connect to a remote desktop using the RDP and VNC protocols. There are many similar utilities in the App Store, but these are the ones that are especially convenient to use.

RECOVERY PASSWORDS:

The legendary program that helps millions of hackers around the world "remember" the password has been ported to iOS. Now it is possible to brute-force passwords for services such as HTTP, FTP, Telnet, SSH, SMB, VNC, SMTP, POP3 and many others directly from the iPhone. However, for a more effective attack, it is better to stock up on good dictionaries for brute force.

Everyone knows firsthand such a vulnerability as the use of standard passwords. PassMule is a kind of directory that collects all kinds of standard logins and passwords for network devices. They are conveniently categorized by vendor name, product and model, so finding the right one is easy.

VULNERABILITY EXPLOITATION:

METASPLOIT
www.metasploit.com

It's hard to imagine a more hacky utility than Metasploit - and it is it that concludes our today's review. Metasploit is a multi-tool package whose main task is to exploit vulnerabilities in software. Imagine: about 1000 reliable, tested and necessary exploits in the daily life of a pentester - right on your smartphone! With the help of such a tool, you can really settle in any network. Metasploit allows you not only to exploit flaws in server applications - there are also tools for attacks on client applications (for example, through the Browser Autopwn module, when a combat load is inserted into client traffic). There is no mobile version of the toolkit, but you can install a standard package on an Apple device using

Interception programs for android- a relatively new "invention" that is gaining popularity. Today, when technologies and, in particular, the Internet, have penetrated into all spheres of our life and the presence of several personal pages on social networks has become the rule of good, modern tone, it is not surprising that people want, as before, to be aware of the lives of others. Especially when it comes to colleagues, acquaintances, bosses, loved ones and family.

Interception from android carried out less often than other "spy" exercises for the simple reason that it is not so easy to listen to someone else's device. We need appropriate technical equipment, which only the special services have. But today, some craftsmen have gone further and offer the sophisticated public services for hacking accounts, surveillance on the network, and in reality (detectives). But how effective is it all? You won't know until you meet in person ...

Interception of messages: difficulties and reality

Interception messages with Android Today they are performed by all and sundry - both craftsmen and assorted services. There are a lot of offers to intercept calls, hack pages in networks, remote hacking of devices, only they have different pitfalls - either the performer is unreliable (look like a blackmailer), then he asks for money in advance (a pig in a poke, not otherwise), besides the result may not be worth the cost and effort you put into it. Is it another matter - special services. Looking ahead, let's say that they cost money (small), but they work out their pretty penny. But not all services are equally functional and efficient.

The difficulty of intercepting messages is that not every program for interception data with android compatible with devices and has a wide functionality. After all, communication is not limited to calls alone: ​​people send SMS and messages in instant messengers more often, dozens of them a day. It means you need a standing program for android to capture packets- SMS, calls, messages from instant messengers, preferably and visited pages on the network ( interceptionhttp—requests for android will show frequently visited resources, which will help out parents in monitoring their children).

And also take into account this technological nuance: if it is stated that the program can intercept any incoming and outgoing packets, then it must have support - a server coupled with a service that will process a lot of messages, because a simple smartphone and a program simply cannot do it.

ServiceVkurSe

VkurSe is a service and a program of the same name for interception a packages android... Its functionality is superior to any other solution:

• intercept SMS from android: incoming and outgoing messages, forwarding all messages in archive to mail;
• interception of VKontakte messages with android a: you can read all messages from instant messengers, including Viber, Whatsapp;
• interception of calls and SMS for android: calls are recorded, archived and forwarded to you;
• android interceptionWiFi: you can turn off WiFi access for the listening device using a keyword query;
• positioning of the listening device by GPS;
• microphone recording remotely via a keyword query;
• changing the lock code through a message;
• reboot, turn on and turn off the phone;
• a snapshot by the front camera if the password is entered incorrectly;
• clearing phone memory via SMS;
• archiving all phone actions through a personal account on the site;
• uploading all intercepted files to Google Drive.

This is just a part of the VkurSe service and program.

Interception security

The biggest drawback of most programs for intercepting information from phones is that they can be easily detected. The program itself performs interception, archiving and forwarding of packets, which heavily loads the RAM of both the listening device and the phone for which the packets are intended. The phone being listened to starts constantly freezing, then turns on, then reboots, traffic is heavily consumed and its owner immediately realizes that something is wrong. He looks in the task manager or even scans the phone on a PC and detects a spy. Another thing is the VkurSe program. For example, interception of messagesWhatsapp for android requires sending a large package at once and from one phone to another it will take time. This is where the VkurSe service comes to the rescue, which processes the request and sends only information in fact to your personal account on the site. Traffic interception android falls on the shoulders of a whole service, which greatly facilitates the tracking of correspondence and calls, and plus - does not load the phone. InterceptionWhatsapp android is performed in a matter of minutes and you are already reading all the correspondence in your mail in the form of a report, or in your personal account.

As we said earlier, all interception and surveillance services operate strictly for a fee. But VkurSe made a small exception for the user: on the site, in the download category, there are versions for interception a sms with android is free- you can test the program and service within 7 days from the moment of registration, and then decide whether you want to continue using the service or not.

In conclusion, let's say that VkurSe is a really working service and program for interception SMS on android and not only, which gives 100% result. Of course, there is the issue of small user fees, but the truth is always worth every penny spent on it.

The Wireshark program will be an excellent assistant for those users who need to perform a detailed analysis of network packets - computer network traffic. Sniffer easily interacts with common protocols such as netbios, fddi, nntp, icq, x25, dns, irc, nfs, http, tcp, ipv6 and many others. Allows, when analyzing, to divide a network packet into appropriate components, according to a specific protocol, and display readable information in numerical form on the screen.
supports a huge number of different formats of transmitted and received information, is able to open files that are used by other utilities. The principle of operation is that the network card goes into broadcast mode and begins to intercept network packets that are in its range of visibility. Knows how to work as a program for intercepting wifi packets.

How to use wireshark

The program examines the content of information packets that pass through the network. To start and use the results of the sniffer's work, no specific knowledge is required, you just need to open it in the "Start" menu or click on the icon on the desktop (its launch is no different from any other Windows program). A special function of the utility allows it to capture information packets, carefully decrypt their contents and present them to the user for analysis.

Launching wireshark, you will see the main program menu on the screen, which is located in the upper part of the window. With the help of it, the utility is controlled. If you need to download files that store data about packets caught in previous sessions, as well as save data about other packets retrieved in a new session, then for this you need the "File" tab.

To start the function of capturing network packets, the user must click on the "Capture" icon, then find a special section of the menu called "Interfaces", with which you can open a separate window "Wireshark Capture Interfaces", where all available network interfaces will be displayed, through which will capture the required data packets. In the event that the program (sniffer) is able to detect only one suitable interface, it will display all the important information about it.

The results of the utility's operation are direct evidence that even if users are not independently (at a given time) transmitting any data, the exchange of information on the network does not stop. After all, the principle of operation of a local network is that in order to maintain it in working mode, each of its elements (computer, switch and other devices) continuously exchange service information with each other, therefore, such network tools are designed to intercept such packets.

There is also a version for Linux systems.

It should be noted that sniffer is extremely useful for network administrators and computer security services, because the utility allows you to identify potentially unprotected network nodes - likely areas that can be attacked by hackers.

In addition to its direct purpose, Wireshark can be used as a tool for monitoring and further analyzing network traffic in order to organize an attack on unprotected parts of the network, because the intercepted traffic can be used to achieve various goals.

Internet users are so reckless that it is easy for them to lose their confidential data. 42.tut conducted an experiment to show how many "holes" there are in public Wi-Fi networks. The conclusion is disappointing: anyone without special skills and knowledge can compile a complete dossier about a person using only an open wireless network.

We installed several applications for the experiment. They differ in functionality, but they have the same essence - to collect everything that passes through the network to which the device is connected. None of the programs are positioning themselves as "pirate", "hacker" or illegal - they can be downloaded from the net without any problems. The experiment was carried out in a mall with free Wi-Fi.

Interception

We connect to Wi-Fi: there is no password, the name of the network contains the word “free”. We start scanning, one of the programs immediately finds 15 connections to the network. Each one can see the IP-address, MAC-address, for some - the name of the device manufacturer: Sony, Samsung, Apple, LG, HTC ...

We find the “victim's” laptop among the devices. We connect to it - data that passes through the network begins to appear on the screen. All information is structured by time, there is even a built-in viewer of intercepted data.

User identification

We continue to observe. An online game has clearly begun on the partner's laptop: software commands are constantly being sent to the network, information about the situation on the battlefield is being received. You can see the nicknames of the opponents, their game levels and much more.

The message “VKontakte” comes. In one of the detailed message specifications, we find that each of them has a user ID visible. If you paste it into a browser, it will open the account of the person who received the message.

At this time, the "victim" writes a response to the message, and clearly does not realize that we are staring at the photos in his account with might and main. One of the social network applications gives a signal - we can listen to this sound in the player.

Passwords and messages

Photos and sounds are not all that can be “given” to available Wi-Fi. For example, one of the programs has a separate tab to track exactly the correspondence in social networks and instant messengers. Messages are decrypted and sorted by the time they were sent.

Demonstrating someone else's correspondence is already beyond good and evil. But it works. As an illustration - a part of the dialogue of the author of the text, caught by the tracking computer from the “victim” device.

Another program separately stores all cookies and user information, including passwords. Fortunately, in encrypted form, but immediately suggests installing a utility that will decrypt them.

conclusions

Almost any information can be lost over Wi-Fi. Many public networks do not provide any protection at all, and sometimes even a password. This means that the traffic of colleagues, friends or strangers can be intercepted by anyone.

The most reliable way out of this situation is one: do not transmit any important information through public networks. For example, do not send phones and passwords in messages and do not pay with a payment card outside the home. The risk of losing personal data is extremely high.

For the program to function, root user rights are required.

FaceNiff is a program for intercepting web sessions and credentials from social networks and some services using Android mobile devices.
Can only capture sessions when WiFi is not using EAP, but it should work on any private network (Open / WEP / WPA-PSK / WPA2-PSK)
Please note that if the web uses SSL this application will not work.

You can scan and intercept Internet sessions:
facebook.com twitter.com vkontakte.ru vk.ru nk.pl youtube.com amazon tumblr.com meinvz.net studivz.net tuenti.com blogger.com myspace.com

(for example, you can send messages from the intercepted profile on behalf of the user of this profile)
on the WiFi network to which your mobile is connected (even encrypted with WEP, WPA or WPA2).
It's kind of like Firesheep, only for Android. Maybe a little easier to use.
What is Firesheep:

Some introductory theory.
On many services, the encryption of the connection occurs only at the moment of reconciliation of the login and password, and the subsequent session of the site with the user is already open. For this, the session ID is used, i.e. - a randomly generated code is transmitted to the user in cookies, according to which the definition of "friend or foe" occurs. These same cookies are the target for the "Firesheep" plugin. By intercepting the http session (SideJacking) and seizing the session identifier, an attacker can log into someone else's accounts, disguising himself as another user.
Firesheep plugin can intercept cookies from sites: Twitter, Facebook, Google, Flickr, Windows Live, bit.ly, Amazon.com, Enom, Slicehost, tumblr, WordPress, Evernote, CNET, Pivotal Tracker, Basecamp, HackerNews, Yahoo, Cisco, Yelp, Github, NY Times, Cisco, Dropbox, and more. dr.
After that, information about Firesheep appeared on the Web, in just an hour the plugin was downloaded more than 1000 times (!), And evidence of the effectiveness of its use immediately began to appear on Facebook and Twitter.
According to Butler, he created this seemingly diabolical tool just to show that we spend a lot of time arguing over little details in privacy policy, but we overlook huge gaping security holes. Websites are responsible for protecting the people who depend on their services. This responsibility has been ignored for too long, and now is the time for everyone to take notice and start demanding a safer Internet. And the Firesheep plugin should help with this.

(Log in and the first time it will be written locked, then you need to exit and log in again, and the program will no longer write that it is not registered)