Ok, I've been testing these apps, and it looks like password sniffing from both FaceNiff and dSploit doesn't work if the victim has a smartphone (it still sniffs if the page is http instead of https), but if the victim has a PC, it works every time. The only way I've been able to obtain Facebook logins is by using session sniffing in dSploit, and sometimes it doesn't work. Other attacks still work - redirect, replace text, script injection etc. Also, I've discovered that by installing SSLStrip, running password sniffer in dSploit on subnet, then activating both ARP Spoof and SSLStrip in the SSLStrip app while dSploit is in background (by pressing home button), it logs every password on PC, including eBay, PayPal... Only google account seem to be secure from this - I couldn't sniff either gmail or youtube.
![[Image: n3wbcJQ.png]](http://i.imgur.com/n3wbcJQ.png)
Check out my thread Essential android tools for modern players and alphas to find out how to make your android phone your wingman, or click here and scroll down if you only need to root it.
Want sound that puts iPods and iPhones to shame? I got you covered!