April 30th, 2003, 11:30 AM
HHTP Decoding On WiFi
I'd like to demonstrate to some of my users the vulnerabilities of WiFi Wireless LANs. A particularly graphic way to do this to non technical users would be to sniff their web browsing session.
I've set up two laptops, connected via WiFi. One of them has a dial-up connection to the internet. The other laptop web browses via the WiFi connection and Internet Connection Sharing on the first laptop.
I'd like to use a third laptop to "sniff" this web browsing session off the WiFi connection and replay the user's web browsing session to them. Iris can do this off a regular RJ45/Cat5 connection, but not over WiFi.
does anyone know of any (preferrably shareware/freeware) products that can sniff HTTP from a WiFi network and replay the HTTP session back?
This presentation is for non-technical users so regular packet sniffing using, say, ethereal, will not have the required impact.
April 30th, 2003, 02:32 PM
Ettercap. Create a dummy hotmail account before the presentation. Then, while in the presentation, start ettercap, have someone log into the dummy account and log out, then end ettercap session. You should have the password from that account. I think it'd be quite the learning experience.
April 30th, 2003, 02:35 PM
hehehe its good to see that me and msmittens agree on something, i love the way ettercap somehow manages to get mentioned in 30-50% of your posts msm :P
but ettercap will sniff wifi?
April 30th, 2003, 02:40 PM
Ya. One of my students did it on a bus ride home.
And no, I don't intentionally mean to mention it in every post, well near every post.
April 30th, 2003, 02:54 PM
I found an http sniffer (trial may be downloaded) called EffeTech HTTP Sniffer at
http://www.effetech.com/sniffer/. for windows platform.
It does not seem to have any WiFi restriction. It should work at the IP level.
It worth a try
[shadow] SHARING KNOWLEDGE[/shadow]