Playing back wireless traffic - Page 2
Page 2 of 6 FirstFirst 1234 ... LastLast
Results 11 to 20 of 56

Thread: Playing back wireless traffic

  1. #11
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Are you talking about WEP as opposed to WPA or WPA2?

    WEP is weak.......that has been known for a long time, please take look here:

    http://www.openxtra.co.uk/articles/wep-weaknesses.php

    It is a question of where in the communications chain the weakness exists?
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  2. #12
    Junior Member
    Join Date
    Mar 2007
    Posts
    5
    Farmikol0t:

    I don't think it is possible to gain access if the password hash is SSL encrypted.

    Clearly you aren't talking about the encryption to the router, but rather the security mechanism for logging in as provided by the authenticating web server. This should hold up even if traffic is presented in the clear, or with WEP, over a LAN, etc.

    If you could tell me what "Windows program" was used to analyze the traffic and log you into the authenticating system it would help a lot.

    Obviously if the password is presented in the clear, as in the AO forum, it is trivial to authenticate.

    If the password or hash is not presented in the clear, then for well-known web mail systems it would be a big deal (and I believe impossible) to authenticate if provided with the traffic only.

    Have a nice day.

  3. #13
    Junior Member
    Join Date
    Mar 2007
    Posts
    20

    replies...

    Quote Originally Posted by Aardpsymon
    Where did you see this?
    Coworker showed me.

    Quote Originally Posted by nihil
    Are you talking about WEP as opposed to WPA or WPA2?
    Neither. Talking about SSL encrypted hashes and authentication.

    Quote Originally Posted by marsbarz
    I don't think it is possible to gain access if the password hash is SSL encrypted...If you could tell me what "Windows program" was used to analyze the traffic and log you into the authenticating system it would help a lot...If the password or hash is not presented in the clear, then for well-known web mail systems it would be a big deal (and I believe impossible) to authenticate if provided with the traffic only.
    That's what I thought also, but what I thought and what you have stated above are incorrect. Apparently it is possible to gain access by replaying traffic (wireless or wired), even when the password or hash is presented via SSL.

  4. #14
    Senior Member Aardpsymon's Avatar
    Join Date
    Feb 2007
    Location
    St Annes (aaaa!)
    Posts
    434
    what was the login for? as I say, replaying web traffic should throw off bad time stamps, session ids and probably other things I don't know about.
    If the world doesn't stop annoying me I will name my kids ";DROP DATABASE;" and get revenge.

  5. #15
    Junior Member
    Join Date
    Mar 2007
    Posts
    20

    Replay...

    Quote Originally Posted by Aardpsymon
    what was the login for? as I say, replaying web traffic should throw off bad time stamps, session ids and probably other things I don't know about.
    Web mail accounts where the password hash is encrypted via SSL.

    It's a lot more than showing what was re-played, rather full access to the account was provided.

  6. #16
    Senior Member Aardpsymon's Avatar
    Join Date
    Feb 2007
    Location
    St Annes (aaaa!)
    Posts
    434
    Then the authentication on those webmail accounts is flawed. Badly flawed.

    Replaying login traffic isn't a vulnerability that was created with wireless.
    If the world doesn't stop annoying me I will name my kids ";DROP DATABASE;" and get revenge.

  7. #17
    Junior Member
    Join Date
    Mar 2007
    Posts
    20

    Doesn't make sense though...

    Quote Originally Posted by Aardpsymon
    Then the authentication on those webmail accounts is flawed. Badly flawed.
    I tried the procedure myself (obviously with my own accounts) over the weekend and there is a serious problem, it's endemic, and not for just one provider. The problem is present even with very large web mail providers (the world's largest, in fact).

    Now more confused than before...

  8. #18
    Senior Member Aardpsymon's Avatar
    Join Date
    Feb 2007
    Location
    St Annes (aaaa!)
    Posts
    434
    That is rather scary. Tie that in with the fake hotspots mentioned in that other thread and you have everything you need to compromise a LOT of email accounts in seconds.
    If the world doesn't stop annoying me I will name my kids ";DROP DATABASE;" and get revenge.

  9. #19
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Hmmmm,

    OK, the first issue to my simple mind is "where is the interception taking place"? in other words just what is getting exploited or circumvented?

    What and/or who is "leaking"?

    Have cookies got anything to do with it?

    Given the number of security "wannabes" out there I find it very strange that something so fundamental has gone unnoticed for so long

    Does this only affect e-mail?
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  10. #20
    Senior Member Aardpsymon's Avatar
    Join Date
    Feb 2007
    Location
    St Annes (aaaa!)
    Posts
    434
    aha! that could be it, cookies. I suspect you have it there nihil. Its not redoing the authentication at all, its reading the saved cookie. No session ID/timestamp problems there, just reading the contents of the cookie which doesn't change.

    Perhaps the moral here is to never remember logins on a wireless connection?
    If the world doesn't stop annoying me I will name my kids ";DROP DATABASE;" and get revenge.

Similar Threads

  1. PIX: Access Control Lists and Content Filtering
    By Nokia in forum The Security Tutorials Forum
    Replies: 0
    Last Post: October 23rd, 2006, 04:58 PM
  2. Capturing, Sanitizing and posting Ethereal dumps.
    By Tiger Shark in forum The Security Tutorials Forum
    Replies: 13
    Last Post: August 12th, 2004, 09:35 PM
  3. Building a wireless nervous system
    By SDK in forum AntiOnline's General Chit Chat
    Replies: 0
    Last Post: May 12th, 2004, 04:02 PM
  4. HaHaHa Akamaitechnologies Port Scan
    By mathgirl32 in forum IDS & Scanner Discussions
    Replies: 10
    Last Post: February 3rd, 2003, 06:20 PM
  5. The Worlds Longest Thread!
    By Noble Hamlet in forum AntiOnline's General Chit Chat
    Replies: 1100
    Last Post: March 17th, 2002, 08:38 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides