Hello Guys , Today I Am gone Share My One Of My findings In WIFI Network
I Have Found This Vulnerability In My College Network , We have 70 Rooms In Our College , Every Room Has a Router , All Routers Are Connected To A Switch , When I Tried To Connect To A Router It Was Showing Only 1 AP , Rather Than Showing 70 AP's , ( For Both Smartphones And lappies)
This Made Me To Think Something Evil , What will happen If i Started A Wifi Hotspot With The Same SSID :D :D ,
Ya this Worked , Who Are Near To Me Will Connect To My Wifi , *If He Was Connecting For The First Time * , Between I Have Put The Same password as that of my college wifi password ,
But This is Something Social Engg , To make hime To Connect Him For The First time :/ , I dont Like It
Then i Got A New Idea , Y I Should Not Try In Public Open Networks
There Are Many Public Places Which Gives Open Wifi Hotspot . like kfc ,starbucks , pizzhut ...etc
So I Have Tested This Vulnerability With Two Android Devices and Windows 8 lappy
- I Opened My Lappy And It Was Only Showing One SSID
- When I Tried To Connect , It Was Connecting To The Wifi Hotspot Which is Near
- So if in a public place , if the attacker starts a fake access point with same SSID , The Victime Who Is Near To Attacker hotspot , Will Be Connected To The Attacker's AP , The Attacker Can Now Sniff The Packets
I Have Checked This Vulnerability In Laptops And Smartphones , Both Are Vulnerable
So Every Traffic Will be Sent To Your Access Point So U Can Do Man In The Middle Attack
This Video Will Help You In How To Create An Fake AP and Capture traffic
The Script used In The Video :- link
So I Will Be Going To Make A Full Demonstration Video On This After My Exams , probably in the end of this month.
if u have any details regarding this contact me here :- nekkantisriharsha@gmail.com or facebook.com/nbLORDS
Thanks For Viewing :)
Nuv keka ra...
ReplyDeleteif its httpS then u cant decrypt the traffic kada?
ReplyDeleteThis comment has been removed by the author.
ReplyDelete