2016-01-21
Sniffing insecure wireless networks 2 years ago
For an upcoming demonstration about security I plan to play with sniffing insecure wireless networks. I currently have a 'WiFi Pineapple' to play with which makes this quite easy. I created an open wireless network with the SSID of a very popular open network which should be 'attractive' to the visitors of the demonstration and I play with tools to show what can be found in the passing datastream. First of all dsniff for decoding usernames/passwords in a lot of open protocols, like:dsniff: listening on ----------------- 01/21/16 21:54:47 tcp xx.yy.zz.60683 -> ftp3.xs4all.net.21 (ftp) USER ftp PASS koos@ ----------------- 01/21/16 22:05:49 tcp xx.yy.zz.35913 -> pop.xs4all.nl.110 (pop3) USER bestaatniet PASS weetiknietIt took me a while to get dsniff working: it does not 'see' connections that originate on the system it is running on, which was my 'preferred' way to test it. And a more visual one: driftnet for picking out all images from passing traffic. It's a strong visual thing when you see the images from a site you visit popping up in another screen.