Interceptor- it is multifunctional network tool, which allows you to get data from traffic (passwords, messages in instant messengers, correspondence, etc.) and implement various MiTM attacks.

Intercepter interface
Main functionality

• Interception of messenger messages.
• Interception of cookies and passwords.
• Interception of activity (pages, files, data).
• Ability to spoof file downloads by adding malicious files. Can be used in conjunction with other utilities.
• Replacing Https certificates with Http.

Operating modes
Messenger Mode- allows you to check the correspondence that was sent in unencrypted form. It was used to intercept messages in such messengers as ICQ, AIM, JABBER messages.

Recovery Mode– recovery of useful data from traffic, from protocols that transmit traffic in the clear. When the victim views files, pages, data, it is possible to partially or completely intercept them. Additionally, you can specify the size of the files so as not to download the program in small parts. This information can be used for analysis.

Password Mode– mode for working with cookies. Thus, it is possible to gain access to the visited files of the victim.

scan mode– the main mode for testing. To start scanning, press right click mouse Smart Scan. After scanning, the window will display all network members, their operating system and other parameters.

Additionally, in this mode, you can scan ports. You need to use the Scan Ports feature. Of course, there are much more functional utilities for this, but the presence of this function is an important point.

If we are interested in a targeted attack on the network, then after scanning, we need to add the target IP to Nat using the (Add to Nat) command. In another window, it will be possible to carry out other attacks.

Nat mode. The main mode, which allows you to carry out a number of ARP attacks. This is the main window that allows targeted attacks.

DHCP mode. This is a mode that allows you to raise your DHCP server to implement DHCP attacks in the middle.

Some types of attacks that can be carried out
Website spoofing

To spoof the victim's site, you need to go to Target, after that you need to specify the site and its substitution. Thus, you can replace a lot of sites. It all depends on how good the fake is.

Website spoofing

Example for VK.com

Choosing a MiTM attack

​

Changing the Injection Rule
As a result, the victim opens a fake site when requested vk.com. And in the password mode, there should be the login and password of the victim:

To conduct a targeted attack, you must select a victim from the list and add it to the target. This can be done with the right mouse button.

Additions of MiTm attack
Now you can recover various data from traffic in Ressurection Mode.

Files and information of the victim through a MiTm attack
Traffic spoofing

Specifying Settings
After that, the victim will change the request "trust" to "loser".

Additionally, you can kill cookies so that the victim logs out of all accounts and re-authorizes. This will intercept logins and passwords.

Destruction of cookies

How to see a potential sniferr on the network using Intercepter?
Using the Promisc Detection option, you can detect a device that is scanning on the local network. After scanning, the status column will be "Sniffer". This is the first way that allows you to define scanning on the local network.

Sniffer detection
SDR HackRF Device

​

Hack RF
SDR is a kind of radio receiver that allows you to work with different radio frequency parameters. Thus, it is possible to intercept the signal of Wi-Fi, GSM, LTE, etc.

HackRF is a complete $300 SDR device. Project author Michael Ossman is developing successful devices in this direction. Previously, the Ubertooth Bluetooth sniffer was developed and successfully implemented. HackRF is a successful project that has raised over 600k on Kickstarter. 500 such devices have already been implemented for beta testing.

HackRF operates in the frequency range from 30 MHz to 6 GHz. The sampling frequency is 20 MHz, which allows you to intercept the signals of Wi-FI and LTE networks.

How to protect yourself at the local level?
First, let's use the SoftPerfect WiFi Guard software. There is a portable version that takes no more than 4 MB. It allows you to scan your network and display which devices are displayed on it. It has settings that allow you to choose network card and maximum amount scanned devices. Additionally, you can set the scan interval.

​

SoftPerfect WiFi Guard interface
After scanning, the program sends notifications, as many as there are unknown devices. This allows us to add and mark trusted users and notice if someone has connected and starts sniffing traffic. Notifications will come after each scan interval. This allows you to disable a specific rogue at the router damage if there are suspicious activities.

​

SoftPerfect WiFi Guard settings

​

Ability to add comments for users

​

Notification window for unfamiliar devices after each specified scan interval

Conclusion
Thus, we have considered in practice how to use software to intercept data within the network. We considered several specific attacks that allow you to get login data, as well as other information. Additionally, we considered SoftPerfect WiFi Guard, which allows you to protect at a primitive level local network from listening to traffic.

“Smartphone with hacking tools? There is no such thing,” we would have told you recently. It was possible to launch some familiar tools for implementing attacks only on some Maemo. Now, many familiar tools have been ported to iOS and Android, and some hack-tools have been specially written for the mobile environment. Can a smartphone replace a laptop in penetration tests? We decided to check.

ANDROID

Android is a popular platform not only for mere mortals, but also for the right people. The number of useful ][-utilities here is overwhelming. For this we can say thanks to the UNIX roots of the system - it greatly simplified the porting of many tools to Android. Alas, some of them are not allowed by Google in the Play Store, so you will have to install the corresponding APK manually. Also, some utilities need maximum access to the system (for example, the iptables firewall), so you should take care of root access in advance. Each manufacturer uses its own technology here, but finding the necessary instructions is quite simple. A good set of HOWTOs has been put together by LifeHacker (bit.ly/eWgDlu). However, if some model could not be found here, the XDA-Developers forum (www.xda-developers.com) always comes to the rescue, where you can find various information on virtually any Android phone model. One way or another, some of the utilities described below will work without root access.

Let's start the review with an unusual package manager. The developers call it "superuser utilities" and that's not far from the truth. After installing BotBrew, you get a repository from where you can download great amount compiled for Android familiar tools. Among them: Python and Ruby interpreters for running numerous tools that are written on them, tcpdump sniffer and Nmap scanner for network analysis, Git and Subversion for working with version control systems, and much more.

Network scanners

An inconspicuous smartphone that, unlike a laptop, fits easily into a pocket and never arouses suspicion, can be useful for network exploration. Above, we already said how you can install Nmap, but there is another option. PIPS is a specially adapted for Android, albeit an unofficial port of the Nmap scanner. This means that you can quickly find active devices on the network, determine their OS using fingerprinting options, perform a port scan - in short, do everything that Nmap is capable of.

There are two problems with using Nmap, despite its power. Firstly, the parameters for scanning are transmitted through launch keys, which you not only need to know, but also be able to enter from an uncomfortable mobile keyboard. And secondly, the scan results in the console output are not as clear as we would like. The Fing scanner is deprived of these shortcomings, which very quickly scans the network, does fingerprinting, and then displays a list of all available devices in an understandable form, dividing them by type (router, desktop, iPhone, and so on). At the same time, for each host, you can quickly see the list of open ports. Moreover, right from here you can connect, say, to FTP using the FTP client installed in the system - very convenient.

When it comes to analyzing a specific host, the NetAudit utility can be indispensable. It works on any Android device (even non-rooted) and allows you not only to quickly identify devices on the network, but also to explore them using a large fingerprinting database to determine operating system, as well as the CMS systems used on the web server. Now there are more than 3000 digital prints in the database.

If, on the contrary, you need to work at a lower level and carefully examine the operation of the network, then you can not do without Net Tools. It's indispensable at work system administrator a set of utilities that allows you to fully diagnose the operation of the network to which the device is connected. The package contains more than 15 different kinds of programs, such as ping, traceroute, arp, dns, netstat, route.

Traffic manipulation

Based on tcpdump, the sniffer honestly logs all data to the pcap file, which can then be studied using familiar utilities like Wireshark or Network Miner. Since no opportunities for MITM attacks are implemented in it, it is rather a tool for analyzing your traffic. For example, this is a great way to study what programs installed on your device from dubious repositories transmit.

If we talk about combat applications for Android, then one of the most sensational is FaceNiff, which implements the interception and injection into intercepted web sessions. After downloading the APK package with the program, you can run this hack tool on almost any Android smartphone and, by connecting to a wireless network, intercept accounts of a wide variety of services: Facebook, Twitter, VKontakte, and so on - more than ten in total. Session hijacking is carried out using the ARP spoofing attack, but the attack is possible only on insecure connections (FaceNiff cannot wedge into SSL traffic). To contain the flow of scriptkidis, the author limited the maximum number of sessions to three - then you need to contact the developer for a special activation code.

If the creator of FaceNiff wants money for using it, then DroidSheep is completely free tool with the same functionality. True, you will not find a distribution kit on the official website (this is due to the harsh laws of Germany regarding security utilities), but you can easily find it on the Web. The main task of the utility is to intercept user web sessions of popular social networks, implemented using the same ARP Spoofing. But with secure connections, the trouble is: like FaceNiff, DroidSheep flatly refuses to work with the HTTPS protocol.

This utility also demonstrates the insecurity of open wireless networks, but in a slightly different plane. It does not intercept user sessions, but allows using a spoofing attack to pass HTTP traffic through itself, performing specified manipulations with it. Starting from the usual pranks (replacing all the pictures on the site with trollfaces, flipping all the images, or, say, replacing issuance of Google) and ending with phishing attacks, when fake pages of such popular services as facebook.com, linkedin.com, vkontakte.ru and many others are slipped to the user.

If you ask which Android hack utility is the most powerful, then Anti, perhaps, has no competitors. This is a real hacker combine. The main task of the program is to scan the network perimeter. Further, various modules enter the battle, with the help of which a whole arsenal is implemented: this is listening to traffic, performing MITM attacks, and exploiting the vulnerabilities found. True, there are also disadvantages. The first thing that catches your eye is that vulnerabilities are exploited only from the central server of the program, which is located on the Internet, as a result of which you can forget about targets that do not have an external IP address.

Traffic tunneling

Well known file manager now on smartphones! As in the desktop version, there is a system of plug-ins for connecting to various network directories, as well as the canonical two-pane mode - especially convenient on tablets.

Okay, but how do you ensure the security of your data that is transmitted over an open wireless network? In addition to the VPN that Android supports out of the box, you can set up an SSH tunnel. To do this, there is a wonderful utility SSH Tunnel, which allows you to wrap through remote SSH server traffic of selected applications or the entire system as a whole.

Often it is necessary to send traffic through a proxy or socks, and in this case ProxyDroid will help out. It's simple: you choose the traffic of which applications you want to tunnel, and you specify a proxy (HTTP/HTTPS/SOCKS4/SOCKS5 are supported). If authorization is required, then ProxyDroid also supports this. By the way, the configuration can be bound to a specific wireless network by doing different settings for each of them.

Wireless networks

The built-in wireless network manager is not informative. If you need to quickly get a complete picture of nearby access points, then wifi utility Analyzer is a great choice. It will not only show all nearby access points, but also display the channel on which they operate, their MAC address and, most importantly, the type of encryption used (having seen the treasured letters “WEP”, we can assume that access to a secure network is provided ). In addition, the utility is ideal if you need to find where the desired access point is physically located, thanks to a clear signal strength indicator.

This utility, as its developer claims, can be useful when the wireless network is full of clients that use the entire channel, and it is at this moment that you need a good connection and a stable connection. WiFiKill allows you to disconnect clients from the Internet both selectively and according to a certain criterion (for example, it is possible to make fun of all Yabloko). The program just performs an ARP spoofing attack and redirects all clients to themselves. This algorithm is stupidly simple implemented on the basis of iptables. Such is the control panel for fast food wireless networks :).

Web Application Audit

Manipulating HTTP requests from a computer is a trifling matter, there are a huge number of utilities and browser plugins for this. In the case of a smartphone, things are a little more complicated. Send a custom HTTP request with the parameters you need, such as the desired cookie or a modified User-Agent, using the HTTP Query Builder. The result of the request will be displayed in a standard browser.

If the site is password-protected using Basic Access Authentication, then you can check its reliability using the Router Brute Force ADS 2 utility. Initially, the utility was created to brute-force passwords on the router's admin panel, but it is clear that it can be used against any other resource with similar protection . The utility works, but is clearly damp. For example, the developer does not provide for brute force, but only dictionary brute force is possible.

You've probably heard of the infamous web server crash program Slowloris. Its principle of operation is to create and maintain the maximum number of connections to a remote web server, thus preventing new clients from connecting to it. So, AnDOSid is an analogue of Slowloris right in the Android device! I'll tell you a secret, two hundred connections are enough to ensure unstable operation of every fourth website running the Apache web server. And all this - from your phone!

Miscellaneous utilities

When working with many web applications and analyzing their logic, it is quite common to encounter data transmitted in encoded form, namely Base64. Encode will help you decode this data and see what exactly is stored in it. Perhaps by substituting a quote, encoding them back to Base64 and substituting them into the URL of the site under study, you will get the treasured database query execution error.

If you need a hex editor, then Android has it too. With HexEditor, you can edit any files, including system files, if you elevate the program's rights to superuser. Great replacement a standard text editor that allows you to easily find the desired piece of text and change it.

Remote access

Having gained access to a remote host, you need to be able to use it. And that requires customers. Let's start with SSH, where ConnectBot is already the de facto standard. Apart from user-friendly interface, provides the ability to organize secure tunnels over SSH connections.

A useful program that allows you to connect to a remote desktop via RDP or VNC services. I am very pleased that these are two clients in one, there is no need to use different tools for RDP and VNC.

Specially written for android browser MIB with which you can manage network devices using the SNMP protocol. It can be useful for developing an attack vector on various routers, because no one has canceled the standard community string (in other words, the access password) for managing via SNMP.

iOS

The iOS platform is no less popular among developers of security utilities. But if in the case of android rights root was needed only for some applications, then on devices from Apple jailbreak almost always required. Fortunately, even for latest firmware iDevice (5.1.1) already has a jailbreak tool. Along with full access, you also get an alternative manager Cydia applications, which already contains many utilities.

Working with the system

The first thing you want to start with is the installation of the terminal. For obvious reasons, it is not included in the standard delivery of the mobile OS, but we will need it to run the console utilities, which we will discuss further. best implementation The terminal emulator is MobileTerminal - it supports several terminals at once, gestures for control (for example, to transfer Control-C) and generally impresses with its thoughtfulness.

Another, more complicated option to access the console of the device is to install OpenSSH on it (this is done through Cydia) and connect to it locally via an SSH client. If you use the right client like iSSH, which has amazing touchscreen control, this method is even more convenient than using MobileTerminal.

Interception of data

Now that you have access to the console, you can try the utilities. Let's start with Pirni, which went down in history as a complete iOS sniffer. Unfortunately, the limited Wi-Fi module built into the device cannot be switched to the promiscious mode required for normal data interception. So, classic ARP spoofing is used to intercept data, with the help of which all traffic is passed through the device itself. The standard version of the utility is launched from the console, where, in addition to the parameters of the MITM attack, the name of the PCAP file is indicated, into which all traffic is logged. The utility has a more advanced version - Pirni Pro, which boasts GUI. Moreover, it can parse HTTP traffic on the fly and even automatically pull out interesting data from there (for example, logins and passwords), using regular expressions, which are set in the settings.

The notorious Intercepter-NG sniffer, which we have written about many times, has recently had a console version. As the author says, most of the code is written in pure ANSI C, which behaves the same in almost any environment, so the console version has worked from the very beginning both on desktop Windows, Linux and BSD, and on mobile platforms, including iOS and Android. The console version has already implemented grabbing passwords transmitted over various protocols, intercepting messenger messages (ICQ / Jabber and many others), as well as resurrecting files from traffic (HTTP / FTP / IMAP / POP3 / SMTP / SMB). At the same time, network scanning functions and high-quality ARP Poison are available. For correct operation, you must first install the libpcap package via Cydia (do not forget to enable developer packages in the settings). The entire launch instruction boils down to setting the correct permissions: chmod +x intercepter_ios. Further, if you run the sniffer without parameters, a clear interactive Itercepter interface will appear, allowing you to launch any attacks.

It's hard to believe, but this most complicated tool for implementing MITM attacks was still ported to iOS. After colossal work, it turned out to make a full-fledged mobile port. To save yourself from dancing around dependencies during self-compilation, it is better to install an already built package using Cydia, after adding theworm.altervista.org/cydia (TWRepo repository) as a data source. The kit also comes with the etterlog utility, which helps to extract various kinds of traffic from the collected dump. useful information(for example, FTP access accounts).

Wireless network analysis

In old iOS versions the craftsmen ran aircrack and could break the WEP key, but we checked: the program does not work on new devices. Therefore, to study Wi-Fi, we will have to be content with only Wi-Fi scanners. WiFi Analyzer analyzes and displays information about all available 802.11 networks around, including information about SSID, channels, vendors, MAC addresses and encryption types. The utility builds visual graphs in real time based on the data present on the air. With such a program, it is easy to find the physical location of the point if you suddenly forgot it, and, for example, see the WPS PIN, which can be useful for connecting.

Network scanners

What program is used by any pentester anywhere in the world, regardless of goals and objectives? network scanner. And in the case of iOS, this will most likely be the most powerful Scany toolkit. Thanks to a set of built-in utilities, you can quickly get a detailed picture of network devices oh and, for example, open ports. In addition, the package includes network testing utilities such as ping, traceroute, nslookup.

However, many prefer Fing. The scanner has a fairly simple and limited functionality, but it is quite enough for the first acquaintance with the network, say, a cafeteria :). The results display information about available services on remote machines, MAC addresses and hostnames connected to the scanned network.

It would seem that everyone forgot about Nikto, but why? After all, this web vulnerability scanner, written in a scripting language (namely Perl), you can easily install through Cydia. And this means that you can easily run it on your jailbroken device from the terminal. Nikto will gladly provide you with additional information on the tested web resource. In addition, you can add your own search signatures to its knowledge database with your own hands.

This powerful tool for automatically exploiting SQL vulnerabilities is written in Python, which means that once you install the interpreter, you can easily use it directly from your mobile device.

Remote control

Many network devices (including expensive routers) are managed using the SNMP protocol. This utility allows you to scan subnets for available services SNMP with pre-known community string values ​​(in other words, standard passwords). Note that looking for SNMP services with standard community strings (public/private) in an attempt to gain access to device management is an integral part of any penetration test, along with identifying the perimeter itself and identifying services.

Two utilities from the same manufacturer are designed to connect to a remote desktop using the RDP and VNC protocols. Similar utilities in App Store There are many, but these are the most convenient to use.

Password recovery

The legendary program that helps millions of hackers around the world "remember" the password has been ported to iOS. Now, right from the iPhone, it is possible to crack passwords for services such as HTTP, FTP, TELNET, SSH, SMB, VNC, SMTP, POP3 and many others. True, for a more effective attack, it is better to stock up on good dictionaries for brute force.

Everyone knows firsthand such a vulnerability as using standard passwords. Pass Mule is a kind of reference book that contains all sorts of standard logins and passwords for network devices. They are conveniently organized by vendor, product, and model, so finding the right one is easy. The program is rather intended to save time searching for a manual for the router, the standard login and password for which you need to know.

Exploitation of vulnerabilities

It is difficult to imagine a more hacker utility than Metasploit - and it is she who completes our today's review. Metasploit is a package of various tools whose main task is to exploit vulnerabilities in software. Imagine: about 1000 reliable, proven and essential exploits for a pentester's daily life - right on your smartphone! With the help of such a tool, you can really settle in any network. Metasploit allows not only to exploit gaps in server applications - tools are also available for attacks on client applications (for example, through the Browser Autopwn module, when a payload is inserted into client traffic). It must be said here that mobile version There is no toolkit, but you can install a standard package on an Apple device using .

Interception programs for android- a relatively new "invention" that is gaining popularity. Today, when technology, and in particular the Internet, has penetrated into all areas of our lives and the rule of a good, modern tone has become the presence of several personal pages on social networks, it is not surprising that people want to keep abreast of the lives of others as before. Especially when it comes to your colleagues, acquaintances, bosses, loved ones and family.

Interception from android carried out less often than other "spy" exercises for the simple reason that it is not so easy to listen to someone else's device. We need appropriate technical equipment, which only the special services have. But today, individual craftsmen have gone further and offer services to the sophisticated public for hacking accounts, spying on the network, and even in reality (detectives). But just how effective is it? You won't know until you see it in person...

Interception of messages: difficulties and reality

Interception messages With Android are performed today by all and sundry - both craftsmen and various services. There are a lot of proposals for intercepting calls, hacking pages on networks, remote hacking of devices, only they have different pitfalls - sometimes the performer is unreliable (that looks like a blackmailer), then he asks for money in advance (a pig in a poke, no other way), besides, the result may not be worth the cost and effort you put in. Is it another matter special services. Looking ahead, let's say that they cost money (small), but they work out their penny. But not all services are equally functional and effective.

The difficulty of intercepting messages lies in the fact that not every program for interception data With android compatible with devices and has wide functionality. After all, communication is not limited to calls alone: ​​people send more often SMS and messages in instant messengers, and dozens of them a day. So we need a standing packet sniffing software for android- SMS, calls, messages from instant messengers, preferably and visited pages on the network ( interceptionhttp—requests for android will show frequently visited resources, which will help parents in monitoring their children).

And also take into account such a technological nuance: if it is stated that the program can intercept any incoming and outgoing packets, then it must have support - a server paired with a service that will process a lot of messages, because simple smartphone and programs are simply not enough.

ServiceVkurSe

VkurSe is a service and a program of the same name for interception a packages android. Its functionality surpasses any other solutions:

• intercept sms from android: incoming and outgoing messages, forwarding all messages by archive to mail;
• interception of VKontakte messages With android a: you can read all messages from instant messengers, including Viber, Whatsapp;
• intercepting calls and sms on android: calls are recorded, archived and forwarded to you;
• android interceptionWiFi: you can use a keyword request to disable WiFi network access for the listening device;
• positioning of the listening device by GPS;
• microphone recording remotely via request from keyword;
• changing the lock code through a message;
• reboot, turn on and off the phone;
• snapshot front camera if the password is entered incorrectly;
• cleaning phone memory via SMS;
• archiving of all phone actions through a personal account on the site;
• uploading all intercepted files to Google Drive.

This is only a part of the VkurSe service and program.

Interception Security

The biggest drawback of most programs for intercepting information from phones is that they can be easily detected. The program itself performs the interception, archiving and forwarding of packets, which is heavily loaded RAM and the listening device and the phone for which the packets are intended. The listening phone starts to freeze constantly, then it turns on, then it reboots, the traffic is heavily consumed and its owner immediately understands that something is wrong. He looks in the task manager or even scans the phone on the PC and detects a spy. Another thing is the VkurSe program. For example, message interceptionwhatsapp for android requires sending a large package at once and from one phone to another it will take time. This is where the VkurSe service comes to the rescue, which processes the request and sends only information upon the fact to your personal account on the site. Android traffic interception falls on the shoulders of the whole service, which greatly facilitates the surveillance of correspondence and calls, and plus - it does not load the phone. Interceptionwhatsapp android is completed in a matter of minutes and you are already reading all the correspondence in your mail in the form of a report, or in personal account.

As we said earlier, all interception and surveillance services operate strictly for a fee. But VkurSe made a small exception for the user: on the site in the download category there are versions for interception a sms With android is free– you can test the program and the service within 7 days from the moment of registration, and then decide whether you want to continue using the service or not.

In conclusion, let's say that VkurSe is a really working service and program for interception SMS on the android and not only, which gives a 100% result. Of course, there is the issue of a small fee for use, but the truth is always worth every penny spent on it.

And automatically launches them, thanks to which HTTPS / HSTS bypass is achieved. With mitmAP, you don't need to delve into this process, but if you want to do something similar, for example, with create_ap , then check out "Instructions for using SSLStrip+ and dns2proxy to bypass HSTS".

mitmAP allows you to use the most effective ways to downgrade HTTPS to HTTP with little to no command (and understanding of the HTTPS bypass mechanism). In my tests, an open password was transmitted for vk.com, yandex.ru, mail.ru.

This script is made in two versions - to work in Kali Linux or in Raspberry PI.

The script should work on Debian derivatives if the dependencies are installed; but will not work, for example, in Arch Linux / BlackArch due to the way the author has chosen to start services.

Instructions for using mitmAP

Download the script:

Git clone https://github.com/xdavidhu/mitmAP.git cd mitmAP/

Run it:

sudo python3 mitmAP.py

The script will start with a question:

[?] Install/Update dependencies? Y/n:

Translation: install / update dependencies?

If you are launching for the first time, then you will agree, i.e. press Enter. Later you can choose n(No).

Next question:

[?] Please enter the name of your wireless interface (for the AP):

Translation: enter the name of your wireless interface (for AP). If you do not know the name of your interfaces, then in another window, run the command:

It will show all network interfaces on your system. A team

sudo iw dev

will only show wireless network interfaces.

In Kali Linux, the wireless interface is usually called wlan0(and if there are two of them, then the second one has the name wlan1).

[?] Please enter the name of your internet connected interface:

Translation: Please enter the name of the interface connected to the Internet.

In Kali Linux, the wired interface is usually called eth0. You can also use a second Wi-Fi card to connect to the Internet.

[?] Use SSLSTRIP 2.0? Y/n:

Translation: the script asks whether to use SSLStrip+ . Nowadays, when a significant, if not already large, portion of traffic is transmitted over HTTPS (encrypted), this option is highly recommended.

[?] Create new HOSTAPD config file at "/etc/hostapd/hostapd.conf" Y/n:

Translation: Create a new one configuration file hostapd.

If you are running for the first time, then this must be done. On subsequent launches, if you are not going to change the AP settings, you can select n(i.e. "no").

AP setup:

[?] Please enter the SSID for the AP:

Translation: enter a name for the AP.

[?] Please enter the channel for the AP:

Translation: enter the channel number of the AP.

[?] Enable WPA2 encryption? y/N:

Translation: do you enable WPA2 encryption?

If you enable encryption, you will need to enter a password to connect to your AP. For our purposes, choose "no".

Last AP setting:

[?] Set speed limit for the clients? Y/n:

Translation: Should I set a speed limit for clients?

I choose "no"

[?] Start WIRESHARK on wlan0? Y/n:

mitmAP data analysis

mitmAP displays captured data, including logins and passwords in its main window:

In her folder, she creates a directory logs with two files: mitmap-sslstrip.log and mitmap-wireshark.pcap. The first file contains the collected data in text form. And the second is designed for analysis in the Wireshark program.

Please note that when you restart the program, these files are overwritten! Those. if you intend to analyze these files later, then you need to take care of moving or renaming them, otherwise they will simply be deleted.

If you have chosen to launch a Wireshark window and display transmitted images using Driftnet , then you can also use them to monitor the transmitted data in real time.

Data analysis in Wireshark

Wireshark has a very detailed data filter, you can find its variety on the official documentation page

I will give examples of several running filters.

To display in Wireshark all HTTP requests submitted using the POST method:

http.request.method == "POST"

To display data transmitted or received from a specific domain (instead of enter the domain of interest, for example, vk.com):

Http.host==" "

To search for a string in the entire stream of transmitted data, the following filter is used (instead of<строка>enter the string you want to search for):

frame contains"<строка>"

To display cookies in Wireshark:

Http.cookie

If you are interested in a cookie with a specific name, then use:

Http.cookie contains "<имя_куки>"

To show requests in Wireshark sent GET method or POST:

Http.request.uri contains "?" or http.request.method=="POST"

If you want to find exchange data with FTP server, then you can use one of the following filters in Wireshark:

tcp.port==21 || tcp.port==20

Sniffing data in other programs

Although mitmAP uses interesting programs, you can always analyze the data with other tools. For example, if you want to use Bettercap , then you need to consider that:

• ARP spoofing is not needed
• No client discovery required
• You don't need to enable SSLStrip.

Those. the command might look like:

Sudo bettercap -X -I wlan0 -S NONE --no-discovery

sudo bettercap -X -I wlan0 -S NONE --no-discovery --proxy --no-sslstrip

Shutting down mitmAP

To turn off the program, press twice quickly. CTRL+C. Let me remind you that when you restart the program, the files with the received data will be overwritten. Those. you need to move them to another folder if you want to analyze them later.

About how dangerous open Wifi access points are, about what passwords can intercept.

Today we will consider the interception of passwords over Wi Fi and the interception of cookies over Wi Fi using the program.

The attack will take place sniffing.

sniffing- sniff translates as "sniff". Sniffing allows you to analyze network activity on the network, view which sites the user visits and intercept passwords. But it can also be used for useful purposes, for listening to viruses that send any data to the Internet.

The method I will show is quite primitive and simple. In fact, you can use the program more strongly.
The official website of the sniff.su program (copy the link and open it in a new tab), you can download it in the section Download.
There is a version for Windows, Unix systems and Android.
We will consider for Windows, since this is the most popular system and the program here is the most advanced.
Your browser or antivirus may swear that the program is dangerous, but you yourself understand this is a hack program, and it will always react to such.
The program is downloaded in a zip archive, the program only needs to be unpacked into a folder and there is no need to install anything.
The program has the ability to arrange various Mitm attacks on Wi Fi networks.
The article is written purely for informational purposes, to show an example of the dangers of open hotspots any of these actions, you perform at your own peril and risk. And I want to remind you of the criminal liability that protects other people's data.

Service avi1 offers breathtakingly cheap prices for the ability to order followers for your Instagram profile. Achieve an increase in popularity in the network or sales now, without spending a lot of effort and time.

Working with Intercepter NG

So, the program is launched via Intercepter-NG.exe .
The program has an English interface, but if you are a confident computer user, I think you will figure it out.

Below there will be a video on setting up (for those who are more comfortable watching than reading).
- Select the desired network at the top if you have several of them.
- switch type Ethernet/WiFi, if you have Wi Fi then you need to select the Wi FI icon (to the left of the network selection)

- Press the button Scan Mode(radar icon)
- In an empty field, right-click and click in the context menu smart scan
- All devices connected to the network will be shown
- Choose a victim (you can select everyone with a clamped Shift key), just do not mark the router itself, its Ip is usually 192.168.1.1
- Right-click on the selection and click Add to nat

- Go to tab Nat
- AT stealth ip it is advisable to change the last digit to any unoccupied one, this will hide your real IP.
- put checkmarks on SSL Strip and SSL Mitm.

- Press Settings(gears on the right).
- Put a check mark on resurrection(This will allow you to intercept passwords and cookies of the encrypted Https protocol) and Remove Spoof IP/Mac. You can tick the cookie killer, thanks to her, the victim will be thrown out of the current page, for example social network and the victim will have to re-enter the password, and we will intercept it. Compare the settings with the picture.

- Here the setting is completed, close the settings with a tick.
“The setup is complete, you can start the attack.
- Press the button at the top Start/stop sniffing(triangle), in the same window, click on the radiation icon below Start/Stop ARP Poison
- Go to the tab password mode and right click in the window and select Show Cookies("This will show cookies and passwords entered by the victims")
Everything, we are waiting for someone to enter the password.
Sometimes it happens that the Internet stops working, try to try to access the Internet yourself, if it doesn’t work, restart the program.
I noticed that it is not always possible to intercept the password, but in fact it works almost without failure.

That's all, we have considered the interception of passwords over Wi Fi and the interception of cookies over Wi Fi.

take care of yourself