Android Internet

Stealing Passwords With An Android App Is Easy: Learn How To Protect Yourself

Skye Hudson 23-07-2013

You read that headline right: If  you and I were on the same WiFi network, I could probably log in to some of your sensitive accounts — and I’m not even a hacker. This is thanks to an app for rooted Android devices called dSploit. You see, most websites out there nowadays use HTTPS instead of HTTP, and it’s that extra S that makes web surfing safe. But if any of the websites you use don’t use HTTPS, a hacker could get into those accounts using dSploit.


DSploit may sound pretty malicious then, but its intentions are surprisingly good. If you understand how other people could hack your information, you can learn to protect yourself. Please please please do not use any of the information in this article to steal other people’s information. Only test it on your own devices and accounts. Plus, it has some other features that are pretty fun just to play with.

So with that out of the way, what all can you do with this app? Read on to find out.

Steal Passwords

We’re all warned when logging onto public WiFi that our information may be viewable to others on the network. I’ve always seen that and thought that it would take a really advanced hacker to actually do that. I was wrong.

Turns out that it’s pretty easy. Good news is that most major websites use HTTPS, keeping your stuff safe from wannabe hackers using dSploit. Facebook, Twitter, Google, and most major websites all use HTTPS by default. In fact, in using this app, it was very difficult for me to find any website not using HTTPS by now. But I did find one: InterPals.

Screenshot (22)


It’s smaller websites like these that people with malicious intent could access, should you happen to be on the same WiFi network as them. I don’t imagine you would have much sensitive information on InterPals (maybe you do — I don’t know you), but this could open up the gateway if your other security priorities aren’t in order.


For instance, do you have one password across all your accounts? That is dangerous. If a hacker gets a low-level password, like to InterPals, they could then access your bank website, Facebook, or PayPal account. You should try to vary your passwords as much as possible across your different accounts.

Hijack A Session

This is the slightly less capable cousin of the stealing passwords feature. Session hijacking allows the user to intercept information sent over WiFi and then access whatever page (login information intact) the victim was on. Again, this won’t work with HTTPS websites, but many websites only use HTTPS when sending sensitive login information, leaving other parts of the session open to hijacking, which is still relatively dangerous.



From my phone, I was able to hijack the session that was running on my computer. This gave me access to everything in my Amazon account. Terrifying, right? Well, the good news is that Amazon has you verify your password before major events like checking out, viewing your credit card info, etc. All I could really do was add items to my cart without ever buying them.


My main worry was initially with 1-Click ordering, Amazon’s fancy way of allowing you to buy items with just the push of a button. It turns out, though, that 1-Click ordering should really be called 1-Click-Then-Type-A-Password-Then-Click-Again ordering. So I wouldn’t worry too much about strangers hijacking your Amazon account. Still, the fact that they could login as you without you ever knowing is eerie to say the least.



I also managed to hijack my College’s website session. Not a whole lot someone could do with this information except for seeing what classes I’m taking and maybe read some of my submitted essays. Aside from being creepy and stalker-ish, this wouldn’t really affect me too terribly.


I could even hijack my session on the XDA Developers forums. But again, this doesn’t affect me unless the hacker just wanted to spam like crazy and get me banned.


Replace All The Images On A Website

Now, this is the most fun part of this app. If you don’t care about security at all and just want to have some fun, download this app and connect to the same WiFi network as one of your friends. This feature is absolutely hilarious, and if you don’t believe me, here’s the MakeUseOf website with all the pictures replaced with a picture of me wearing a horse mask.

Screenshot (21)

Come on, tell me that’s not funny. Horse masks just make you forget about all the world’s problems, don’t they?

Usability And User Interface

The app itself is pretty simple to use, but you’ll probably be better if you have a good level of tech knowledge. There are many other features available in this app that I didn’t cover, including Trace, Port Scanner, Inspector, Vulnerability Finder, Login Cracker, and Packet Forger. If you’re a real security master, those other features may interest you, but for the average user, let me show you to the MITM (Man In The Middle) section.


The MITM section has all the features I went through before: Password Sniffer, Session Hijacker, and Replace Images. You can also do a Simple Sniff which will just log all the information coming through.

Redirect could be the most malicious thing here if this app fell into the wrong hands. The hacker could potentially redirect someone to a scam website that poses as Facebook or Google and asks for login information, or the victim could get one of those “Please Download Flash Now” pop-ups even though they’re pretty sure they’ve already downloaded flash but they do it anyway and, BAM, virus.


Also, the app forces itself into landscape mode, which is infinitely aggravating. It would freeze for about 30-40 seconds every few seconds while sniffing for passwords or trying to hijack sessions, and it crashed my phone twice, causing it to reboot. That’s just my personal experience on my Galaxy S3, so your mileage may vary. For me, the app was too unstable to think about using it on a daily basis. I might just use it to prank my friends a bit, test my own safety, and then be rid of it.

Protect Yourself

Are you scared yet? Perfect, now just buy my anti-dSploit app for only 3 monthly payments of — I’m kidding, I’m kidding! The best way to protect yourself is to be especially careful when on public WiFi or even protected WiFi that you potentially share with untrustworthy folks like on a large university campus.

Always use HTTPS. There is a Firefox and Chrome extension called HTTPS Everywhere that will attempt to force all the websites you visit to use HTTPS. It’s not perfect, but it can help, and you can learn how to use the Firefox version in this handy article Encrypt Your Web Browsing With HTTPS Everywhere [Firefox] HTTPS Everywhere is one of those extensions that only Firefox makes possible. Developed by the Electronic Frontier Foundation, HTTPS Everywhere automatically redirects you to the encrypted version of websites. It works on Google, Wikipedia and... Read More . If you have an absolutely most favorite website ever that seems to think HTTPS is too mainstream, avoid using it on public WiFi. I’m looking at you, InterPallers.

While on unsecure WiFi connections, be wary of redirected web pages. If you type in and comes up, asking for your login information or credit card to confirm your account, don’t do it! You can also use VPNs and tunnels which are described in more detail in this article How To Combat WiFi Security Risks When Connecting To A Public Network As many people now know, connecting to a public, unsecured wireless network can have serious risks. It’s known that doing this can provide an opening for all manner of data theft, particularly passwords and private... Read More .

We also have 5 Firefox add-ons Stay Safe & Private With These 5 Encryption Add-Ons [Firefox] Ciphers have been used throughout history to maintain secrecy and security for sensitive pieces of data. Instead of leaving important information out in the open and available to anyone for reading, these ciphers kept knowledge... Read More that can help protect you and 8 Chrome extensions The Top 8+ Security & Privacy Extensions For The Chrome Browser Google’s Chrome Web Store hosts many extensions that can protect your security and privacy while using Chrome. Whether you want to block JavaScript, plug-ins, cookies and tracking scripts or force websites to encrypt your traffic,... Read More . There’s even a Firefox add-on called Blacksheep that can help detect apps like dSploit on the network. Remember, always practice safe web browsing.

Have you ever had your information stolen over a public WiFi network? Any other tips for staying safe out there? Let us know in the comments!

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Christina Sparks
    October 2, 2016 at 9:59 pm

    Yes I was hacked by my landlady upstairs. I didn't realize it was her at first. For 3 months in a row she gained access to my Amazon account and therefore my credit card information. As I am her tenant I have free Wi-Fi through her, therefore the same password. Month after month she used my new credit card that I got every month to make purchases through Amazon. Thankfully I had my bank monitoring my account therefore they reverse each and every charge that was made. I also installed a secure line VPN as well as no longer doing any online shopping for a time until I felt more secure. The secure line VPN was a lifesaver. I highly recommend it. As for my landlady and what to do about my claims against her...well I'm just going to wait until I gather more evidence likethe make and model numbers of items I've seen up in her place that look exactly the same as a couple of items on my order history on my Amazon account. Which I did not order. I will confront her when I have enough hard evidence or I'm about to move out. Again thank you for your useful information. I will continue to use my VPN and continue coming to your site for your useful tips and tricks.

  2. akki
    May 16, 2015 at 10:10 am

    how to read a wifi password in android...?????

  3. robert
    February 9, 2015 at 2:35 pm

    I agree too

  4. Johann
    July 24, 2013 at 4:26 am

    And watch out if you're even on your own network should you being using your default SSID and password because there's plenty of tools to generate default passwords for common routers like those supplied by BigPond.

    • Sassah122 S
      July 24, 2013 at 4:49 am

      I agree. You should always change your default router password.