What is cookies files and how to intercept. Methods for kidnapping cookies. View cookies

Many users and do not realize that filling the username and password when registering or authorization on a closed Internet resource and pressing ENTER, these data can easily intercept. Very often they are transmitted over the network not in protected form. Therefore, if the site you are trying to log in, uses the HTTP protocol, it is very easy to capture this traffic, analyze it with Wireshark and then use special filters and programs to find and decrypt the password.

The best place to intercept passwords - the network core, where all users travel goes to closed resources (for example, mail) or before the router to access the Internet, when registered on external resources. Customize the mirror and we are ready to feel like a hacker.

Step 1. Install and run Wireshark to capture traffic

Sometimes it is enough to choose only the interface through which we plan to capture traffic, and click the Start button. In our case, we make the capture on the wireless network.

Traffic capture began.

Step 2. Filtration captured POST traffic

Open the browser and try to log in on any resource using the login and password. Upon completion of the authorization process and opening of the site, we stop the capture of traffic in Wireshark. Next, open the protocol analyzer and see a large number of packages. It is at this stage that most IT professionals give up, as they do not know what to do next. But we know and we are interested in specific packages that contain POST data that are formed on our local machine when filling out the form on the screen and sent to the remote server when you press the "Login" or "Authorization" button in the browser.

We enter in the Special Filter window to display captured packages: http.request.method \u003d\u003d "POST "

And we see instead of thousands of packets, just one with the we encountered the data.

Step 3. Find a username and password of the user

Quick click right mouse button and choose from the item item Follow TCP Steam


After that, the new window will appear in the new window, which in the code restores the contents of the page. We find the fields "Password" and "User" that match the password and username. In some cases, both fields will be easily readable and not even encrypted, but if we are trying to capture traffic when accessing very well-known resources like: Mail.Ru, Facebook, VKontakte, etc., the password will be encoded:

HTTP / 1.1 302 Found

Server: Apache / 2.2.15 (CENTOS)

X-POWERED-BY: PHP / 5.3.3

P3P: CP \u003d "NOI ADM DEV PSAI COM NAV OUR OTRO STP IND DEM"

Set-Cookie: Password \u003d ; EXPIRES \u003d THU, 07-NOV-2024 23:52:21 GMT; path \u003d /

Location: Loggedin.php.

Content-Length: 0

Connection: Close.

Content-Type: text / html; Charset \u003d UTF-8

Thus, in our case:

Username: NetworkGuru

Password:

Step 4. Definition of coding type for password decryption

We go through, for example, to the site http://www.onlinehashcrack.com/hash-identification.php#res and enter our password in the Identification window. I was issued a list of coding protocols in order of priority:

Step 5. Deciphering user password

At this stage we can use the HashCat utility:

~ # hashcat -m 0 -a 0 /root/wireshark-hash.lf /root/rockyou.txt

At the exit we received a decrypted password: SimplePassword

Thus, with Wireshark, we can not only solve problems in the work of applications and services, but also to try yourself as a hacker, intercepting passwords that users are introduced in web forms. You can also recognize passwords to user mailboxes using unnewned filters to display:

  • POP protocol and filter looks like this: pop.request.command \u003d\u003d "User" || pop.request.command \u003d\u003d "PASS"
  • IMAP protocol and filter will be: imap.request contains "login"
  • SMTP protocol and you will need to enter the following filter: smtp.req.command \u003d\u003d "AUTH"

and more serious utilities for decoding the coding protocol.

Step 6. What if the traffic is encrypted and is used by https?

To answer this question there are several options.

Option 1. Connect to break the connection between the user and the server and capture traffic at the time of establishing the connection (SSL Handshake). At the time of installation, you can intercept the session key.

Option 2. You can decrypt HTTPS traffic using session key log file recorded by Firefox or Chrome. To do this, the browser must be configured to record these encryption keys to the log file (sample Firefox), and you must receive this log file. In fact, you need to kidnap the file with the key session from the hard disk of another user (which is illegal). Well, further capture traffic and apply the resulting key to decrypt it.

Clarification. We are talking about a person's web browser who have to steal the password. If we mean the decryption of our own HTTPS traffic and want to work out, then this strategy will work. If you are trying to decrypt HTTPS traffic of other users without access to their computers, it will not work - it is also encryption, and personal space.

After receiving the keys by option 1 or 2, you must register them in Wireshark:

  1. We go to the Edit menu - Preferences - Protocols - SSL.
  2. We put the flag "Reassemble SSL Records Spanning Multiple TCP Segments".
  3. RSA KEYS LIST and press Edit.
  4. Enter data to all fields and prescribe the path to the key file

Cookies (Cookies) - Information as a text file, saved on the user's computer website. Contains authentication data (login / password, ID, phone number, mailbox address), user settings, access status. Stored in the browser profile.

Hacking cookies - This is theft (or "hijacking") session of the visitor web resource. The closed information becomes available not only to the sender and the recipient, but also a third party - a person to the interception.

Tools and methods of hacking cookies

Computer thieves, like their colleagues in real life, in addition to skills, skills, and knowledge, of course, have their own tools - a kind of arsenal of bastards and probe. We will get acquainted with the most popular hectares of hackers, which they use to learn cookies from the Internet masters.

Sniffiers

Special programs for tracking and analyzing network traffic. Their name comes from the English verb "Sniff" (sniff), because In the literal sense, the words "sniff" transmitted packets between nodes.

But the intruders with the help of a sniffer are intercepting session data, messages and other confidential information. The objects of their attacks become mainly unprotected networks, where cookies are sent in an open HTTP session, that is, practically not encrypted. (Public Wi-Fi is most vulnerable in this regard.)

To embed a sniffer to the Internet channel between the user node and the web server, the following methods are used:

  • "Listening to" network interfaces (hubs, switches);
  • branch and copy traffic;
  • connection to the rupture of the network channel;
  • analysis by means of special attacks, redirecting the traffic of sacrifice for a sniffer (Mac Spoofing, IP Spoofing).

XSS abbreviation means Cross Site Scripting - cross-site scripting. It is applied to the attack on websites for the purpose of kidnapping user data.

The principle of XSS is as follows:

  • an attacker introduces malicious code (special disguised script) on the website of the site, the forum or to the message (for example, when correspondent in the social network);
  • the victim enters the infected page and activates the established code on its PC (clicks, transfers by reference, etc.);
  • in turn, the fastening code "retrieves" confidential user data from the browser (in particular, cookies) and sends them to the attacker's web server.

In order to "enlist" the program XSS mechanism, hackers use all sorts of vulnerabilities in web servers, online services and browsers.

All XSS vulnerabilities are divided into two types:

  • Passive. The attack is obtained by a request to a specific web page script. Malicious code can be entered into various forms on a web page (for example, in the site search string). Most susceptible to passive XSS resources on which there is no dataset filtering HTML tags;
  • Active. Located directly on the server. And driven in the victim's browser. Actively used by fraudsters in all sorts of blogs, chat rooms and news feeds.

Hackers carefully "camouflage" their XSS scripts so that the victim does not suspect anything. Change the extension of the files, give the picture code, motivated to go through the link, attract an interesting content. As a result: the PC user who did not comply with his own curiosity, his own hand (click of the mouse) sends cookies of the session (with a login and password!) The author of the XSS script is a computer villain.

Cook substitution

All cookies are saved and sent to the web server (from which they "came") without any changes - in pristine form - with the same values, rows and other data. A deliberate modification of their parameters is called Cook Rezy. In other words, when changing cookies, an attacker issues the desired for valid. For example, when making a payment in the online store, the amount of payment changes in the cookie in a smaller side - thus the "savings" on purchases occurs.

Stolen cookies of the session in the social network with someone else's account "are published" to another session and on another PC. The owner of the stolen cook receives full access to the victim's account (correspondence, content, page settings) until it is on its page.

Cook editing is carried out using:

  • functions "Cookies ..." in Opera browser;
  • addon Cookies Manager and Advanced Cookie Manager for Firefox;
  • iECookiesView utilities (Internet Explorer only);
  • aKELPAD text editor, NotePad or Windows Notepad.

Physical access to data

A very simple implementation scheme consists of several steps. But effective only if the computer of the victim with an open session, such as VKontakte, was left unattended (and enough for long!):

  1. The JavaScript feature that displays all saved cookies is entered into the browser's address bar.
  2. After pressing "Enter", they all appear on the page.
  3. Cookies are copied, stored in a file, and then transferred to the USB flash drive.
  4. On another PC, the Cookie substitution is carried out in a new session.
  5. Access to the account of the victim.

As a rule, hackers use the above tools (+ others) both in the complex (since the level of protection on many web resources is high enough) and individually (when users exert excessive naiveness).

Xss + sniffer

  1. A XSS script is created, which indicates the address of the Sniffera-online (own manufacture or a specific service).
  2. Malicious code is saved with extension.img (image format).
  3. Then this file is loaded to the site page, in chat, or in a private message - where an attack will be carried out.
  4. The user's attention is drawn to the created "trap" (social engineering is already entering into force).
  5. If the "trap" works, cookies from the browser victims are intercepted by a sniffer.
  6. The hacker opens the Sniffer logs and removes abducted cookies.
  7. Next performs the substitution to obtain the rights of the account owner through the above tools.

Cookies protection from hacking

  1. Use the encrypted connection (using appropriate protocols, and methods of ensuring).
  2. Do not respond to dubious links, pictures, tempting offers to get acquainted with "new free software." In particular, unfamiliar people.
  3. Use only trusted web resources.
  4. Finish an authorized session by pressing the "Exit" button (and not just close the tab!). Especially if the entry into account was not executed from a personal computer, but, for example, with a PC in an Internet cafe.
  5. Do not use the "Save Password" browser feature. Saved registration data increase the risk of theft at times. Do not be lazy, do not regret a few minutes of time to enter the password and login at the beginning of each session.
  6. After web surfing - visits to social networks, forums, chat rooms, sites - remove saved cookies and clean the browser cache.
  7. Regularly update browsers and antivirus software.
  8. Use browser extensions protecting from XSS attacks (for example, Noscript for FF and Google Chrome).
  9. Periodically in accounts.

And most importantly - do not lose vigilance and attention during rest or work on the Internet!

"Smartphone with hacker utilities? No such, "we would have recently told you. To run cairca, the usual tools for implementing attacks could only be on any Maemo. Now, many familiar tools ported under iOS and Android, and some Hack Tulza were specially written for mobile surroundings. Can a smartphone replace a laptop in penetration tests? We decided to check.

Android

Android is a popular platform not only for ordinary mortals, but also for the right people. The number of useful] [- the utilities here simply rolls. For this, you can say thanks to Unix-roots of the system - it has greatly simplified porting many tools on Android. Alas, some of them Google does not allow the Play Store, so you have to put the appropriate APK manually. Also, for some utilities, you need maximum access to the system (for example, IPTables firewall), so you should take care of root-access in advance. For each manufacturer, its own technology is used here, but simply finds the necessary instructions. A good set of HOWTO has collected Lifehacker resource (bit.ly/ewgdlu). However, if some model failed here, it always comes to the help of XDA-developers (www.xda-developers.com), where you can find various information in fact according to any Android-phone model. One way or another, part of the described utilities will earn and without root access.

Package Manager

Botbrew Let's start a review from an unusual package manager. Developers call it "utilities for superupers", and it is not far from the truth. After installing BotBrew, you get a repository where you can download a huge amount of android compiled tools. Among them: Python and Ruby Interpreters to launch numerous tools that are written on them, TCPDUMP sniffer and NMAP scanner for network analysis, Git and Subversion to work with version control systems and much more.

Network scanners

PIPS. An invisible smartphone, which, unlike a laptop, is easily placed in his pocket and never causes suspicion, can be useful for networking. Above, we have already said how to install NMAP, but there is another option. PIPS is a specially adapted android, although the unofficial port of the NMAP scanner. So, you will be able to quickly find active devices on the network, determine their OS using options for fingerprinting, to scan ports - in short, do everything that NMAP is capable of. Fing. Using Nmap, despite all its power, there are two problems. First, the parameters for scanning are transmitted through the keys to start, which you need to not only know, but also be able to enter with an uncomfortable mobile keyboard. And secondly, the scan results in the console conclusion are not such visual, as I would like. These shortcomings are deprived of the Fing scanner, which very quickly scans the network, makes fingerprinting, after which it displays a list of all available devices, separating them by type (router, desktop, iPhone, and so on). At the same time, for each host you can quickly see the list of open ports. And right from here you can connect, say, to FTP, using the FTP client installed in the system, is very convenient. Netaudit. When it comes to analyzing a specific host, the Netaudit utility may be irreplaceable. It works on any Android device (even unworthy) and allows not only to quickly identify devices on the network, but also to explore them using a large fingerprinting database to determine the operating system, as well as CMS systems used on a web server. Now in the base of more than 3000 digital fingerprints. Net Tools. If you need, on the contrary, work at the level below and thoroughly examine the operation of the network, it is not necessary to do without NET Tools. This is an indispensable utility set in the operation of the system administrator, which allows you to completely digitize the operation of the network to which the device is connected. The package contains more than 15 different kinds of programs, such as Ping, Traceroute, ARP, DNS, Netstat, Route.

Manipulation with traffic

Shark for root. Based on TCPDUMP Sniffer honestly logs in a PCAP file all the data that can be further explored using the usual utility like Wireshark or Network Miner. Since no possibilities for MITM attacks are not implemented, it is rather a tool for analyzing your traffic. For example, it is a great way to explore what programs set on your device from dubious repositories. Faceniff. If we talk about Android combat applications, then one of the most sensational is Faceniff, implementing the interception and introduction into the intercepted web sessions. By downloading the APK-package with the program, you can almost on any Android-smartphone to start this hack tool and connecting to the wireless network, intercept accounts of various services: Facebook, Twitter, Vkontakte and so on - only more than ten. The hijacking session is carried out by the use of ARP Spoofing attack, but the attack is possible only on unprotected connections (Faceniff cannot be embedded in SSL traffic). To restrain the flow of scripts, the author limited the maximum number of three sessions - then you need to refer to the developer for a special activation code. DroidSheep If the Creator Faceniff wants to use a money, then DroidSheep is a completely free tool with the same functional. True, on the official website you will not find a distribution (this is due to the harsh laws of Germany in terms of the Security-utility), but it can be found in the network without any problems. The main task of the utility is to intercept custom web sessions of popular social networks implemented using all the same ARP Spoofing. But with the safe connection troubles: like Faceniff, DroidSheep flatly refuses to work with the HTTPS protocol. Network Spoofer. This utility also demonstrates unsuccessful open wireless networks, but somewhat in another plane. It does not intercept custom sessions, but allows you to skip the HTTP traffic through yourself using a spoofing attack, performing the set manipulations with it. Starting from ordinary pranks (replace all the pictures on the site by troll flashes, flip all the images or, say, changing the issuance of Google) and ending with phishing attacks when the user fit the fake pages of such popular services like Facebook.com, LinkedIn.com, vkontakte.ru and Many others. Anti (Android Network Toolkit by Zimperium Ltd)
If you ask what a hack utility for Android is the most powerful, then Anti, perhaps, no competitors. This is a real hacker combine. The main task of the program is to scan a network perimeter. Next, various modules come into battle, with the help of which a whole arsenal is implemented: it is also a traffic listener, and the execution of MITM attacks, and the operation of the found vulnerabilities. True, there are also its cons. The first thing that rushes into the eye is to use vulnerabilities only from the central program server, which is on the Internet, as a result of which the purposes that do not have an external IP address can be forgotten.

Traffic tunneling

Total Commander. Well-known File Manager now and on smartphones! As in the desktop version, there is a system of plug-ins here to connect to various network directories, as well as canonical two-layered mode - especially convenient on tablets. SSH Tunnel. Well, but how to ensure the security of your data, which are transmitted in an open wireless network? In addition to the VPN, which Android supports from the box, you can raise an SSH tunnel. To do this, there is a wonderful SSH Tunnel utility that allows you to wrap through the remote SSH server of the selected applications or the entire system as a whole. ProxyDroids often have to start traffic through proxy or juice, and in this case the proxyDroid will help. Everything is simple: you choose, what applications are you need to tunneling, and you specify a proxy (supported HTTP / HTTPS / SOCKS4 / SOCKS5). If you need authorization, ProxyDroid is also supported. By the way, the configuration can be bored on a specific wireless network by making different settings for each of them.

Wireless networks

WiFi Analyzer The built-in wireless network manager does not differ in informative. If you need to quickly get a full picture of the number of access points, then the WiFi Analyzer utility is a great choice. It will not only show all the access points nearby, but also displays the channel on which they work, their MAC address and, which is most importantly used by the type of encryption (seeing the cherished letters "WEP", we can assume that access to the protected network is provided ). In addition, the utility is ideal if you need to find where the desired access point is physically located, thanks to the visual indicator of the signal level. Wifikill This utility, as its developer declares, can be useful when a wireless network is clogged with customers who use the entire channel, namely at this moment you need a good connection and a stable connection. Wifikill allows you to disable customers from the Internet as selectively and on a specific criterion (for example, it is possible to press over all the apples). The program of all-going to the ARP Spoofing attack and redirects all customers to themselves. This algorithm to stupidity is simply implemented on the basis of IPTables. Such a control panel for fast-powded wireless networks :).

Web Application Audit

Http Query Builder. Manipulate HTTP requests from a computer - Pleum business, there is a huge amount of utilities and plug-ins for browsers. In the case of a smartphone, everything is more complicated. Send a custom http request with the parameters you need, such as the desired cookie or modified user-agent, will help HTTP Query Builder. The result of the query will be displayed in a standard browser. Router Brute Force Ads 2 If the site is being protected by a password using Basic Access Authentication, you can check its reliability using the Router Brute Force ADS 2 utility. Initially, the utility was created for broofer passwords on the adjuster router, but it is clear that it can be used and against any other resource with similar protection . The utility works, but clearly damp. For example, the developer does not provide a rough bust, and only Brutfors in the dictionary is possible. Andosid Surely you heard about such a sensational program of outcasting the web servers, like Slowloris. The principle of its action: Create and hold the maximum number of connections with a remote web server, thus not allowing to connect to new customers. So, andosid is an analogue of Slowloris right in Android-deva! I will say in secret, two hundred connections are enough to ensure unstable work to each fourth website running apache web server. And all this - from your phone!

Different usefulness

Encode. When working with many web applications and analyzes their logic, it is often common for the data transmitted in the encoded form, namely BASE64. Encode will help you decode this data and see what it is stored in them. Perhaps substituting the quotes, coding them back to Base64 and substituting the studied site in the URL, you will get a cherished error of performing a database. Hexeditor If you need a hex editor, then it also has for Android. Using Hexeditor, you will be able to edit any files, including system, if you enhance the program of right to superuser. Excellent replacement for the standard text editor, allowing you to easily find the desired text fragment and change it.

Remote access

ConnectBot Having access to a remote host, you need to be able to use it. And for this you need customers. Let's start with SSH, where the standard de facto is already ConnectBot. In addition to the user-friendly interface, it provides the ability to organize protected tunnels via SSH connections. PocketCloud Remote RDP / VNC Useful program to connect to a remote desktop through RDP or VNC services. It is very pleased that these are two clients in one, there is no need to use different Tuls for RDP and VNC. SNMP MIB BROWSER. Specially written for Android browser MIB, with which you can manage network devices via the SNMP protocol. It can be useful for the development of the attack vector to various routers, because the standard Community String (Simply put, no one has canceled password to control via SNMP.

iOS.

No less popular among the developers of the Security-utilities platform iOS. But if in the case of Android root rights, they needed only for some applications, then on devices from Apple jailbreak almost always. Fortunately, even for the latest firmware of Ideevis (5.1.1) there is already a Toolz for jailbreak. Together with full access, you still get an alternative Cydia application manager, which has already contained many utilities.

Work with the system

Mobileterminal The first thing I want to start, is the installation of the terminal. For obvious reasons, there is no standard for the mobile OS, but it will be needed to run the console utilities that we will continue to talk about. The best implementation of the terminal emulator is MobileTerminal - it supports several terminals immediately, control gestures (for example, to transmit Control-C) and is generally impressive with its thoughtfulness. Issh. Another, more complex option to access the device console is to install OpenSSH on it (this is done via Cydia) and locally connect to it via an SSH client. If you use the right client like ISSH, in which control from the touch screen is amazingly implemented, then this method is even more convenient than through MobileTerminal.

Data interception

PIRNI & PIRNI PRO Now that access to the console is, you can try utilities. Let's start with Pirni, which entered the story as a full sniffer for iOS. Unfortunately, a constructive limited Wi-Fi module embedded in the device cannot be translated into Promiscios-mode necessary for normal data interception. So, a classic ARP spoofing is used to intercept the data, with which all traffic is passed through the device itself. The standard version of the utility runs from the console, where in addition to the parameters of the MITM attack, the name of the PCAP file is specified in which all traffic is logged. The utility has a more advanced version - Pirni Pro, which boasts a graphical interface. Moreover, it knows how to pass HTTP traffic on the fly and even automatically pull out interesting data from there (for example, login-passwords), using regular expressions for this that are specified in the settings. Intercepter-NG (Console Edition) The notorious Sniffer Intercepter-NG, which we have repeatedly wrote, recently has a console version. As the author says, most of the code is written on pure ANSI C, which behaves equally practically in any environment, so the console version from the very beginning has earned both desktop Windows, Linux and BSD and on mobile platforms, including iOS and Android . The console version has already implemented grabbing passwords transmitted according to the most different protocols, interception of messages of messengers (ICQ / Jabber and many others), as well as the resurrection of files from traffic (HTTP / FTP / IMAP / POP3 / SMTP / SMB). The network scan functions and high-quality ARP POISON are available. For correct operation, you must first install via CYDIA LIBPCAP package (do not forget to include developer packages in the settings). The entire startup instruction comes down to installing the right rights: CHMOD + X Intercepter_ios. Next, if you run a sniffer without parameters, a clear interactive interface of the iTercePter will appear, which allows you to start any attacks. Ettercap-NG. It is difficult to believe, but this complex tool for implementing MITM attacks was still ported under iOS. After enormous work, it turned out a full-fledged mobile port. To save yourself from dancing with a tambourine around dependencies during self-compilation, it is better to install the already assembled packet using Cydia, after adding the data source with theworm.altervista.org/cydia (twrepo repository). The kit is also the Etterlog utility, which helps to extract useful information from the collected dump of various kinds of traffic (for example, access accounts to FTP).

Analysis of wireless networks

WiFi Analyzer In the old versions of IOS, the craftsmen launched the Aircrack and could break the WEP key, but we checked: the program does not work on new devices. Therefore, to study Wi-Fi, we will have to be content with only Wi-Fi-scanners. WiFi Analyzer analyzes and displays information about all available 802.11 networks around, including information about SSID, channels, vendors, MAC addresses and encryption types. The utility builds visual graphs in real time according to the data present. With such a program, it is easy to find a physical location of a point if you suddenly forgot it, and, for example, to watch WPS PIN, which can be useful for connecting.

Network scanners

SCANY Which program uses any feeder at any point of the planet regardless of the purposes and tasks? Network scanner. And in the case of iOS, it is likely to be the most powerful SCANY tulk. Thanks to the set of embedded utilities, you can quickly get a detailed picture of network devices and, for example, open ports. In addition, the package includes network test utilities, such as Ping, Traceroute, NSlookup. Fing However, many prefer Fing. The scanner has a fairly simple and limited functionality, but it is quite enough for the first acquaintance with the network, say, cafeteria :). The results displays information about available services on remote machines, MAC addresses and host names connected to the scanned network. Nikto would seem to have forgotten about Nikto, but why? After all, this web scanner of vulnerability written in the script language (namely on Perl), you can easily install through Cydia. And this means that you can easily run it on your jailbreak device from the terminal. Nikto will gladly provide you with additional information on the web resource test. In addition, you can add your own signatures to your knowledge database with your own hands. SQLMAP This powerful tool for automatic operation of SQL vulnerabilities is written in Python, and therefore setting the interpreter, they can be used without any problems directly from the mobile device.

Remote control

SNMP Scan. Many network devices (including expensive routers) are managed by the SNMP protocol. This utility allows you to scan the subnet for the available SNMP services with a predetermined value of Community String (Simply put, standard passwords). Note that the search for SNMP services with standard Community String (Public / Private) in an attempt to access the device management is an integral part of any penetration test along with the perimeter identification and detection of services. ITAP Mobile RDP / ITAP Mobile VNC Two utilities from one manufacturer are designed to connect to a remote desktop using RDP and VNC protocols. There are many similar utilities in the App Store, but these are particularly convenient to use.

Password recovery

Hydra. The legendary program that helps "remember" password to millions of hackers around the world was ported under iOS. Now directly from the iPhone is possible passwords for services such as HTTP, FTP, Telnet, SSH, SMB, VNC, SMTP, POP3 and many others. True, for a more effective attack, it is better to stock up good dictionaries for Brutfors. Pass Mule. Everyone does not first know such a vulnerability as the use of standard passwords. Pass Mule is a kind of reference book, in which all sorts of standard logins and passwords for network devices are collected. They are conveniently decomposed by the names of vendors, products and models, so finding the necessary will not be difficult. The program is rather designed to save time on the search for the manual to the router, the standard login and password for which you need to know.

Operation of vulnerabilities

Metasploit.
It is difficult to imagine a more hacker utility than Metasploit - and it is she completes our today's review. Metasploit is a package of a variety of tools, the main task of which is to use vulnerabilities in software. Imagine: about 1000 reliable, proven and necessary in the daily life of the exploit pentester - right on the smartphone! With the help of such a tool, you can actually settle on any network. MetaSploit allows not only to operate bars in server applications - A tools for attacks on client applications are also available (for example, through the Browser AutoPWN module, when a battle load is inserted into customer traffic). It must be said here that the mobile version of the adobe does not exist, but the standard package can be installed on the Apple device using.

About what is dangerous open WiFi access points, which can intercept passwords.

Today we consider intercepting passwords by Wi Fi and intercept cookies via Wi Fi using the program.

Attack will be due to sNIFFING (SNIFFING).

Sniffing. - Sniff is translated as "sniff". Sniffination allows you to analyze network activity on the network, browse what sites the user visits and intercept passwords. But it can also be used for useful purposes, for wiretapping viruses that send any data on the Internet.


The way I will show pretty primitive and simple. In fact, you can more use the program.
The official site of the SNIFF.SU program (copy the link and open in the new tab), you can download it in the section "DOWNLOAD".
There is a version for Windows, UNIX systems and for android.
We will consider for Windows since this is the most popular system and here the program is the most advanced.
Your browser or antivirus can swear that the program is dangerous, but you yourself understand this hack program, and there will always be reacting.
A program in the zip archive is downloaded, the program you only need to unpack both in the folder and use anything needed.
The program has the ability to arrange various MITM attacks on the Wi Fi network.
The article is written purely for informational purposes to show the example of the dangers of open points WiFi any specified actions, you perform at your own risk. And I want to remind the criminal responsibility of protecting other people's data.

Service aVI1 It offers a breathtaking cheap prices for the opportunity to order subscribers to your profile in Instagram. Get an increase in popularity on a network or sales now, without spending a lot of effort and time.

Work with the Intercepter NG program

So, the program starts via intercepter-ng.exe.
The program has an English interface, but if you are a confident computer user I think you will figure it out.

Downstairs will be a video configuration (for those who are more convenient to watch than read).
- Choose the desired network at the top if you have several of them.
- Switch type Ethernet / WiFi. If you have a Wi Fi then you need to select the Wi Fi icon (left from network selection)

- Press the button Scan Mode. (Radar icon)
- In the empty field, click the right mouse button and click in the context menu Smart Scan.
- all connected device devices will seem
- choose the victim (you can select everyone with the SHIFT clamping key), just do not mark the router itself, its IP is usually 192.168.1.1
- Having select the right mouse button and click Add to Nat.


- Go to the tab NAT.
- IN Stealth IP. It is advisable to change the last digit to anyone not occupied, it will allow you to hide your real IP.
- put the ticks on SSL strip. and Ssl mitm..


- Press Settings (Six gears on the right).
- put a tick on Resurrection. (This will allow you to intercept passwords and cookies encrypted HTTPS protocol) and remove Spoof IP / Mac . You can put a tick on Cookie Killer.Thanks to her, the sacrifice will throw out the current page for example a social network and the victim will have to introduce a password, and we already capture it. Compare settings with a picture.


- Here the setting is completed, close the settings on the tick.
- The setting is complete, you can proceed to the attack.
- Press up the button Start / Stop Sniffing (triangle), in the same window, press the radiation icon below Start / Stop Arp Poison
- go to the tab Password Mode. and click on the right mouse button and select Show cookies ("It will allow to show cookies and passwords introduced by victims")
Everything, we are waiting for someone to introduce a password.
Sometimes it happens that the Internet ceases to work, try to try the Internet yourself if it does not work restart the program.
I noticed that it is not always possible to intercept the password, but in essence it works almost without failure.

That's all, and everything, we looked at the interception of passwords on Wi Fi and intercept cookie via Wi Fi.

take care of yourself

Hello, this small article, rather even a brief description, I would like to devote the most simple way to intercept cookies files in Wi-Fi network. What is cookies and why they are needed, I here to tell Nebudu, if a person wondered the idea of \u200b\u200bintercepting "baking"; In a wireless network, I think he should know what it is and why he needs it. I will only say one thing, using these files you can access someone else's accounts on various sites requiring users to pass the authentication process (for example Mail.ru, vkontakte.ru, etc.).

So proceed. First, we need to find the wireless network itself, with an open Internet access gateway, and it is desirable that this network has enough customers. For example, any network is suitable in large shopping centers, airports, various coffee houses, in such places, people usually use Wi-Fi Internet access, to read mail, account checks on various dating sites, view LJ and all kinds of forums. It's all, just what we need. Deciding with the choice of network location by studying certain clocks of the maximum number of clients, we turn directly to the combat actions. To do this, we need a laptop, with a Wi-Fi adapter, and a specific set of programs. In my case, I used the Acer Aspire 3610 laptop, the client Wi-Fi D-Link DWL G650 card and the backtrack3 installed.

I advise you to use this OS, since it already includes the entire set of programs that may be needed, and most importantly, the most important thing is that you do not need to put backtrack on your hard disk, you can download this OS directly from the CD or Flash drive

We now turn to the necessary software. I used Kismet to detect networks, and WiFizoo, to intercept cookies. Stop in detail on the second program. Wifizoo is a passive ether scanner and collects quite a lot of useful information, such as: POP3, SMTP Traffic, HTTP Cookies / Authinfo, MSN, FTP Credentials, Telnet Network Traffic, NBT, etc. The only drawback of this program is the lack of Channel Hopping mode, WiFizoo simply listens to the wireless interface, and can not, if you can express it to jump from the channel on the channel. But this deficiency is compensated by another program, Kismet, which supports this mode. To launch WiFizoo you need:

  • python
  • scapy
  • Kismet.

Thus, run the program, to start start Kismet, to support Channel Hopping mode, then run directly WiFizoo, this window should appear in front of you:

Now it remains only to sit and wait for you so much to intercept, all that intercepts the program can be found in the logs that are located in the directory with the program / Logs /. You can also launch the GUI interface that automatically rises to HTTP by adding 127.0.0.1:8000

I will not write about all the features of this wonderful program, I think you yourself understand the rest of the opportunities, and since at the moment we are only interested in cookies. Click on the link with the inscription Cookies and see what we intercepted: