Hello.
Have you ever thought that an ordinary connection to public Wi-Fi points can become very dangerous for you?
Today, my first article will be basic traffic interception. Also, in this article I will look at free software for obtaining remote access on local systems. Below is the correct setup and use of this software.
The purpose of this article is to open your eyes to the consequences of ordinary use of public Wi-Fi networks.
Intercepter:
Intercepter is a network multifunctional tool that can allow you to obtain data from traffic (passwords, correspondence, messages in instant messengers, and much more) with the implementation of various MiTM attacks.
Intercepter program interface
Main functionality:
● Interception of instant messenger messages.
● Replacement of Https certificates with Http.
● Intercepting cookies and passwords.
● Interception of activity (pages, files, data).
● Ability to spoof file downloads by adding malicious files. Can be used in conjunction with other utilities.
Operating modes:
Messengers Mode – checking correspondence that was sent in unencrypted form. Its main use is to intercept messages in such instant messengers as AIM, JABBER, ICQ messages.
Scan mode – main testing mode. To start scanning you need to right-click Smart Scan. After scanning, all network participants, their OS (operating system) and other parameters will be displayed in the window.
Not required, but optional in this mod you can scan ports. You must use the Scan Ports function. Of course, there are much more functional utilities for this, but the presence of this function is an important point.
If I am only interested in a targeted attack on the network, then after the scan I will need to add the target IP to Nat using the command
Add to Nat. In another window it will be possible to carry out other attacks. What Nat is, I will explain below.
Nat Mode is a main mode that can allow a number of ARP attacks. This is the so-called main window through which targeted attacks will be carried out.
Ressurection Mode is a very interesting thing for recovering useful data from traffic, from certain protocols that transmit traffic in the clear. In our case, when the victim views pages, files, data, they can be completely intercepted. Also, as an additional item, you can specify the size of these files, so as not to download the program in small parts. As a basis, this information can be used for data analysis.
Password Mode is already a mode for working with coockie files. This way I can access
the victim's visited files.
DHCP mode – this mode allows me to raise my DHCP server to implement basic DHCP attacks in the middle.
Types of attacks that can be carried out:
● Site spoofing:
To spoof the victim’s website, you need to go to the Target section, then you need to specify the site and its replacement. In this simple way you can replace a lot of sites. It all depends on how high-quality the fake is.
Site spoofing
Example for vk.com
Choosing a MiTM attack Changing the injection rule
As a result, the victim opens a fake website when requesting vk.com. And in password mode there should be a login and password of the victim: Authorization of the victim
● Traffic decryption:
In order for me to carry out a targeted attack, I will first need to select a victim from the list and add him to the target. This action is done by clicking with the right mouse button.
Adding a MiTM attack Now you can recover various data from traffic
in Ressurection Mode. Information and files of the victim via MiTm attack
● Traffic spoofing:
Request substitution
My next task is to specify several parameters in the settings: Specifying settings
Next, the victim's request will change from "trust" to "loser".
Additionally, you can kill cookies so that the victim logs out of all accounts and re-authorizes. This will allow me to intercept logins and passwords.
Destroyingcookies
Detecting a potential sniffer using Intercepter:
Using the exciting Promisc Detection option, you can detect a device that is somehow scanning the local network. After the scan has been completed, the status column will show “Sniffer”. This is the first way to detect scanning on a local network.
Sniffer detection
SDR HackRF Device:
HackRF
Yes, yes, yes, that's exactly him. The well-known SDR.
SDR - so to speak, is a kind of radio receiver that can allow you to interact with different radio frequency parameters. Thus, you can safely intercept signals from LTE, Wi-Fi, GSM, and much more.
HackRF - well, this is already a full-fledged SDR device for $300 . By the way, the author of the project, Michael Ossman, is developing successful devices in this direction. The Ubertooth Bluetooth sniffer was previously developed and successfully implemented.
HackRF in its default state operates in the frequency range from 30 MHz to 6 GHz. The sampling frequency is usually 20 MHz, which allows you to intercept signals from LTE and Wi-FI networks.
Your own security at the local level:
Let me start by using SoftPerfect Wi-Fi Guard software. There is also a portable version that takes no more than 4 MB. It will be able to allow me to scan my network and display what devices are displayed on it. It has settings that allow you to select the maximum number of scanned devices and network card. Additionally, you can set the scanning interval.
SoftPerfect WiFi Guard
Well, after scanning, the program sends notifications of how many unknown connected devices there are. This will allow me to add and mark trusted users and notice if someone has connected and starts listening to traffic. Notifications will be sent after each scanning interval. This allows you to disable a specific scammer on the router if there are suspicious activities.
SoftPerfect Wi-Fi Guard program settings Ability to add comments for users Notification window for unfamiliar devices after each specified scanning
Conclusion:
Thus, I examined in practice how to use software for absolute data interception within a network. I looked at several specific attacks through which you can obtain login information, as well as other information. Additionally, I reviewed SoftPerfect WiFi Guard, which allows you to protect your local network from eavesdropping traffic at a primitive level.
(c) Author: Shim
Have you ever thought that an ordinary connection to public Wi-Fi points can become very dangerous for you?
Today, my first article will be basic traffic interception. Also, in this article I will look at free software for obtaining remote access on local systems. Below is the correct setup and use of this software.
The purpose of this article is to open your eyes to the consequences of ordinary use of public Wi-Fi networks.
Intercepter:
Intercepter is a network multifunctional tool that can allow you to obtain data from traffic (passwords, correspondence, messages in instant messengers, and much more) with the implementation of various MiTM attacks.
Intercepter program interface
Main functionality:
● Interception of instant messenger messages.
● Replacement of Https certificates with Http.
● Intercepting cookies and passwords.
● Interception of activity (pages, files, data).
● Ability to spoof file downloads by adding malicious files. Can be used in conjunction with other utilities.
Operating modes:
Messengers Mode – checking correspondence that was sent in unencrypted form. Its main use is to intercept messages in such instant messengers as AIM, JABBER, ICQ messages.
Scan mode – main testing mode. To start scanning you need to right-click Smart Scan. After scanning, all network participants, their OS (operating system) and other parameters will be displayed in the window.
Not required, but optional in this mod you can scan ports. You must use the Scan Ports function. Of course, there are much more functional utilities for this, but the presence of this function is an important point.
If I am only interested in a targeted attack on the network, then after the scan I will need to add the target IP to Nat using the command
Add to Nat. In another window it will be possible to carry out other attacks. What Nat is, I will explain below.
Nat Mode is a main mode that can allow a number of ARP attacks. This is the so-called main window through which targeted attacks will be carried out.
Ressurection Mode is a very interesting thing for recovering useful data from traffic, from certain protocols that transmit traffic in the clear. In our case, when the victim views pages, files, data, they can be completely intercepted. Also, as an additional item, you can specify the size of these files, so as not to download the program in small parts. As a basis, this information can be used for data analysis.
Password Mode is already a mode for working with coockie files. This way I can access
the victim's visited files.
DHCP mode – this mode allows me to raise my DHCP server to implement basic DHCP attacks in the middle.
Types of attacks that can be carried out:
● Site spoofing:
To spoof the victim’s website, you need to go to the Target section, then you need to specify the site and its replacement. In this simple way you can replace a lot of sites. It all depends on how high-quality the fake is.
Site spoofing
Example for vk.com
Choosing a MiTM attack Changing the injection rule
As a result, the victim opens a fake website when requesting vk.com. And in password mode there should be a login and password of the victim: Authorization of the victim
● Traffic decryption:
In order for me to carry out a targeted attack, I will first need to select a victim from the list and add him to the target. This action is done by clicking with the right mouse button.
Adding a MiTM attack Now you can recover various data from traffic
in Ressurection Mode. Information and files of the victim via MiTm attack
● Traffic spoofing:
Request substitution
My next task is to specify several parameters in the settings: Specifying settings
Next, the victim's request will change from "trust" to "loser".
Additionally, you can kill cookies so that the victim logs out of all accounts and re-authorizes. This will allow me to intercept logins and passwords.
Destroyingcookies
Detecting a potential sniffer using Intercepter:
Using the exciting Promisc Detection option, you can detect a device that is somehow scanning the local network. After the scan has been completed, the status column will show “Sniffer”. This is the first way to detect scanning on a local network.
Sniffer detection
SDR HackRF Device:
HackRF
Yes, yes, yes, that's exactly him. The well-known SDR.
SDR - so to speak, is a kind of radio receiver that can allow you to interact with different radio frequency parameters. Thus, you can safely intercept signals from LTE, Wi-Fi, GSM, and much more.
HackRF - well, this is already a full-fledged SDR device for $300 . By the way, the author of the project, Michael Ossman, is developing successful devices in this direction. The Ubertooth Bluetooth sniffer was previously developed and successfully implemented.
HackRF in its default state operates in the frequency range from 30 MHz to 6 GHz. The sampling frequency is usually 20 MHz, which allows you to intercept signals from LTE and Wi-FI networks.
Your own security at the local level:
Let me start by using SoftPerfect Wi-Fi Guard software. There is also a portable version that takes no more than 4 MB. It will be able to allow me to scan my network and display what devices are displayed on it. It has settings that allow you to select the maximum number of scanned devices and network card. Additionally, you can set the scanning interval.
SoftPerfect WiFi Guard
Well, after scanning, the program sends notifications of how many unknown connected devices there are. This will allow me to add and mark trusted users and notice if someone has connected and starts listening to traffic. Notifications will be sent after each scanning interval. This allows you to disable a specific scammer on the router if there are suspicious activities.
SoftPerfect Wi-Fi Guard program settings Ability to add comments for users Notification window for unfamiliar devices after each specified scanning
Conclusion:
Thus, I examined in practice how to use software for absolute data interception within a network. I looked at several specific attacks through which you can obtain login information, as well as other information. Additionally, I reviewed SoftPerfect WiFi Guard, which allows you to protect your local network from eavesdropping traffic at a primitive level.
(c) Author: Shim
