FaceNiff app-capture unencrypted session ID cookies from the websites

FaceNiff is an Android application that allows you to smell and intercept profiles of web session through the WiFi that your mobile phone is connected to. It is possible to hijack sessions only when WiFi is not using EAP, but it should work on any private networks (open/WEP/WPA-PSK/WPA2-PSK)


Supported service

  • Facebook
  • YouTube
  • Blogger
  • Amazon
  • Twitter
  • Myspace


  • Android version 5.0 and above
  • Root required

How to download and use?

First you download FaceNiff application then install it once you install this application just give root permission Make sure you are connected to a WiFi network and you have a target on the same network
Now open your FaceNiff application the interface will be like below image.

Now, tap on the top left button “Offline” to make it “Online“. Then tap on the “START” button
The FaceNiff will start to display the unencrypted sessions see the below image




Leave a Reply

Your email address will not be published. Required fields are marked *