2012
How Network Spoofer Works
Android Development Hacks Network Spoofer
A few people have been asking how Network Spoofer actually works; hopefully this explanation will allow people to understand its working and try out their own spoofs.
The download file
Firstly, the extra download file is a minimal version of a debian system – having the same system on each device makes it easier to ensure the same will happen on the same device.
When Network Spoofer is run, the file is loaded (mounted) on the phone to allow the files to be accessed. This is where almost all of the bugs with Network Spoofer not loading occur; for some reason some devices just won’t load the file. If you want to have a go at mounting the file on the phone, then this script is used to actually load it, and the variables used are set by the application itself before running the script.
One of the reasons this stage sometimes doesn’t work is that Android’s app2SD (applications on the SD card) uses this same method to load SD card applications, and this could be interfering on some phones.
Running programs inside the debian system
For programs to function correctly on this new system, a few system folders have to be mounted inside the new system – namely /dev, /proc and /sys. This is also done in the script mentioned above.
The unix command chroot is used to actually run programs inside the new debian system – it makes the program think it has a different ‘root’ (top) folder.
Setting the system up to run spoofs
Inside this new environment (where programs think they are actually running on a debian computer), the script /usr/local/bin/spoof is run. This script uses the phone settings given by the Android app (as well as some detected settings) to set up the phone, ready to start spoofing.
First, it starts arpspoof running in the background on the phone (line 97) which basically gets all internet traffic going first through the phone. The phone tells the victim computer that it is the router, and tells the router that it is the victim – this is called a ‘man in the middle’ attack.
To change information on websites, data travelling on port 80 needs to be redirected to something else (line 115) and then picked up by a proxy server which is started on the phone (line 112). The proxy server can then change or redirect whatever it wants to on the phone.
Changing data on websites
There are a set of scripts in the /rewriters folder in the debian image. Each one waits for URLs to be inputted (typed into it), then returns a new and potentially modified URL. The easiest way to add a new spoof is to add a new script (based off one of the others) along with a text file describing it (see one of the others for an example).
A link is created to the script to be used (line 111), or if multiple spoofs are used a script is created which chains the selected scripts together. There is an option in the configuration for the proxy which tells it to use the linked script to change URLs as they are asked for – this is the key feature of the proxy.
If data on the webpage is changed, the script may download the HTML file, change it and put it in the folder /var/www/images. This folder is visible on a webserver which is run on the phone (see the image flip script for an example)
The spoof is now running – the script then waits for an enter key press before stopping. It then stops the arp spoof, shuts down the proxy and the webserver, removes the port 80 redirect rule and finishes.
I hope this has explained the inner workings and will help people to expand the project, fix issues on certain devices and create more spoofs. If you have a feature that you’ve created / would like implementing, file a request / question or add your own branch of the code on the launchpad code hosting page.
RSS Feed
Hi there –
I have a rooted Nexus One and installed Network Spoofer (downloaded from Android Market) a few days ago. I used it ONCE and It worked great but then today, my antivirus program (AVG) detected a virus and suggested I remove (uninstall) your program. I did and downloaded the install package again just now and got the following: “Antivirus Warning: Installed package: uk.digitalsquid.netspoofer is infected”.
What gives?
A pleasingly riataonl answer. Good to hear from you.
@virus reporter
There doesn’t seem to be a legit use for this app, it mangles network requests by design. It seems appropriate for it to be identified as a virus. Is it going to do something you don’t want it to? I don’t know… But if you are the type that is so worried over a virus report, unroot your phone and stop installing foolish stuff like this..
So yeah I kinda het it im a newbie im fascinated w pen testing I just got into a intro to Linux course in college im going to take network security next sem. My question is how exactly is this app to b used and wat is goin on while u use the app could u b tracked potentially
hi..
could you please give us a tutorial on how to setup manually.
i’m not able to download it automatically.maybe because of the internet connection or my phone.so i’ve downloaded the required debian-0.8.img file. so could you give us a tutorial how setting it up manually.
i’ve tried to put the img file inside /sdcard/android/data/uk.digitalsquid.netspoofer/
but it never works.. when open up the apps, it still asks to install.
So, starting at line 97, the arpspoofing must be done for every wireless client in the wireless network, right?
What happens here when you want to apply the hack to everyone? you run the script for every ip in the network? How is done the network scanning to know who are online?
Hi,
I am also unable to install it on my Atrix,
I am facing the exact same issue as posted above.
Could you pls update a tutorial.?
hi, i install it on my phone, it seems like working, but i can’t see the result.
after i install, here’s my procedure:
it ask for superuser->yes
select hack->i select 1:yes, select multi: yes
select IP of victim? -> all:yes, 1 IP:yes
Start:yes
SU Permission:yes
then some hex show up : apt XX XX???
but when i tried to look on other pc or phone on same network, nothings change, is there something i need to configure?
Hello .. I installed the app but when I press Network Spoofer start says “Something went wrong whilst Trying to load. Perhaps the SD card is not plugged in, or the superuser acceot Did you command?. It should be noted that I am ROOT user and allowed them permissions to the app … I can not find solution! They could make a video tutorial (if not too much to ask) how to solve this problem .. Many thanks and sorry for my English. Best Regards
hello
wanted to know if can you tell me what I have to be modified to redirect traffic only when the victim tries to enter a url specified
Nose esplicado well if I am using the translate googel
You solve that problem I m I have I would appreciate
Very good application
Hello! I have seen some problems in ZTE blade device.
the app is running but it doesnt work. Its only makes the internet conexion slower and with some problems but it dont do which it says.
sorry for my english, im from spain
regards.
I Really Love Your Application, it’s an very awesome experience with it. But My Only Concern is that every Single time i Use it to Have Fun it will Do The Job, But After it somehow Crashes my Whole Lan or makes it Slow. For then i have to Manually Turn On My Router. Which is Very Obvious. And one More Problem i Have is Redirecting to An Website, i donot use kittenwar option but the custom one still shows it. Please Fix!
The program says that it could not find a special path and that I have to update my kernel because iptables are not working correctly.