Uncover your Neighbours Passwords Over his Wifi (MITM)
In this article I will show you how simple it is to uncover passwords which are sent over your wifi network.
In a nutshell
When you connect to a network, you are sending all of your data as packets to the router which in turn sends it on to your ISP and from there to the WWW, so if you are connected to a network in which others are connected to, there are very simple ways to see all of the data they are sending to the router (as you yourself are also connected to it).
This technique is called Man in the middle attack or in short MITM, it is using APR messages spoofing and other uninteresting tech methods behind the scenes to uncover all traffic going through the same network.
I will show you how to do it using the Windows operating system, with an application having a good-enough gui (cain & abel).
Most hacking tools are created for the linux OS and the windows hacking tools are mediocre at best, that being said, Cain & Abel is an exception as it is a very powerful tool, written for windows machines. Unfortunately, development for this tool has stopped at 2014, which means that I encountered the following hurdles:
Cain & Abel Issues
1. It is hard to start Cain & Abel on windows 10 - In order to solve this issue, I recommend using the NPCap (Instead of the discontinued since 2013 winpcap) while configuring it during installation to impersonate the winpcap API, other issues may arise - all of which are temporary and solveable. That being said, if you don't manage to solve the compatibility of C&A on your win10, I suggest running C&A over a virtual machine (XP in my case, but it should work as well on Win7).
2. Most antivirus programs mark C&A as a virus (although it is not!) - In order to overcome this one you can disable your antivirus during your attacks, or use the above virtual machine on which you won't install any anti virus in the first place (If the firewall is important to you, you should try to leave it as it is as much of the C&A functionality doesn't conflict with the firewall).
3. Since 2015, google has recommended all sites to use HTTPS instead of the regular HTTP, since January 2017, google has begun enforcing the above protocol, thus most sites nowdays are using the more secure HTTPS (SSL) which is more difficult to hack, C&A doesn't cope well with this protocol (Out of the box), although some modifications can be made for it to work on SSL protected site (Like starting a service which strips the SSL etc), but it is not a simple and elegant solution any more - So in this article I will focus on getting all passwords and usernames which don't use HTTPS.
Guidlines to Follow for the MITM attack
0. If you don't know which network are around and which one you should connect to then you can use C&A "wireless" tab or a conjunction of these two simple tools: WirelessNetView and Wireless Network Watcher
1. Gain access to the victim's network which means connecting to the same router the victim is connected to.
1. Gain access to the victim's network which means connecting to the same router the victim is connected to.
- I won't delve into this section as it is out of scope, but the following are the regular ways:
- You can use social engineering to gain access to your neighbour's wifi
- Many don't use a password - so access is simple
- In the case the neighbour uses WEP security then hacking it is super easy and quick
- If the neighbour uses WPA or WPA2 then it is more complicated (unless he has WPS on)
2. Map the network IPs in order to identify the router's IP and the victim's IP as we are interested in the traffic moving between these two entities.
- There are so many pieces of software which easily do this task, I recommend Wireless Network Watcher from Nirsoft
3. Poison the network and capture all packets going between the above entities
- Easily done using C&A, will be explained in the next paragraph
4. Parse those packets in order to isolate only the packets containing the important information (username & passwords), then parse those packets in order to grab the url, username and password.
- Automatically done by C&A, will be explained in the next paragraph
Step by Step guide for the MITM attack
- In order to overcome the C&A issues mentioned above, I would use a virtual machine, so just create a simple XP or Win7 virtual machine and download the hacking software into it.
- The hacking software you will need to download will be the following
- Cain and Abel
- Nirsoft WirelessNetView
- Nirsoft Wifi Network Watcher
- In the virtual machine settings, configure the network adapter to be defined as a bridged adapter ((Optional?) make it promiscuos)
- Run Nirsoft's WifiInfoView in order to discern which wifi network you intend to connect to (to hack :-) )
- Connect to the above network
- Start Nirsoft's Wireless network watcher in order to find the router & the victim's IPs
- So now you are in the right network, and have the IPs, and are running under a VM, so all that is left is to fire up Cain & Abel and start the sniffing.
- Start Cain&Abel
- Click Configure -> Sniffer -> select network adapter -> ok
- Click Start Sniffer
- Click Sniffer tab -> AddToList -> Ok
- Select APR tab (bottom) -> Click on table -> AddToList -> Select router IP (left) -> Select victim IP (Right) -> ok
- Click Start APR
Final Thoughts
Cain & Abel is a very intuitive tool to use for MITM, but as it didn't get updated in the latest years, its age is showing by means of compatibility with Windows 8.1 & Win10, Capturing drivers and most important - the ability to capture HTTPS isn't there which reduces the usability of the tool to do the work.
Which brings me to alternatives, so first of all, I didn't find a decent Windows OS alternative, so sadly, I will suggest several linux alternatives, that being said, I did search for a decent alternative which means, one that is constantly updated and has some form of good-enough GUI (although still in linux).
The following alternatives are just MITM tools I found at large without going into the details of them so use them at your own risk:
BetterCap
BetterCap
Comments