Intercepter –NG is an application for Android which let us capture traffic of a local network if we are connected using ARP Poisoning attacks. We can get this free App from Google Play Store, but to use it we need to have a rooted phone or tablet. Its purpose is making black box audits without being detected.

After downloading the App and giving it Root permissions we can start exploiting all its potential. When we run the App we can see the main menu, this menu show us which network interface we are connected, the network name, our IP and Gateway.

On the top we can find one button with radar shape, if we push this button Intercepter-NG will start scanning the network and will show us all the devices connected and its operative system. This is possible because this tool uses Fingerprinting tactics. Once we´ve selected our “victim” we will see a new menu on the top of the screen showing us the tools available.

At the right we can find a gear icon, if we click on it we can set up the tool. From this menu you can select which kind of attacks you want to use and other options like keeping your screen on. The radioactive icon let us start an ARP Poisoning attack, this attack makes the man in the middle and let us capture the network traffic. This part of Intercepter-NG is the most important because it is necessary for the rest of options. When we push the play button the tool starts keeping the sites visited by the victim. If the user visits an HTTP page and introduce its credentials Intercepter-NG will show us the username and password. If the web visited is HTTPS it’s also possible obtaining users credentials, but only when SSLStrip works correctly and there isn’t a robust Certificate Pinning.

On the right we have a shark icon, this tool is similar and works like Whireshark, if we click on the icon we can see all the traffic and we can analyze it exhaustively, it works as a traffic sniffer.

On the third icon we can see a cookie. That is because with Intercepter-NG you can find cookies which you can use to hijack Facebook or other internet sessions only by copying the cookies and using it in your browser.

Last but not least we have the gallery icon. If you click on this one you´ll see the images seen by the user in its screen during its navigating session.

As you can see this App has an incredible potential and it lets you make your audits anywhere you are without rising suspicion.