Playing back wireless traffic
Page 1 of 6 123 ... LastLast
Results 1 to 10 of 56

Thread: Playing back wireless traffic

  1. #1
    Junior Member
    Join Date
    Mar 2007
    Posts
    20

    Playing back wireless traffic

    I don't understand why it's possible to play back captured wireless traffic and get access to any web mail account. There seems to be some kind of fundamental flaw at work here.

  2. #2
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    The flaw is probably the users not changing default passwords, not using strong passwords and not using strong encryption.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #3
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    Nihil, as usual, has hit this right on the head... the flaw is not necessarily in the technology... it is in the way people use the technology... Routers, by default ship without encryption enabled... and most people never bother to switch it on. So it is trivial for an unauthorized user to sniff the wireless traffic and capture all kinds of information.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  4. #4
    Senior Member Aardpsymon's Avatar
    Join Date
    Feb 2007
    Location
    St Annes (aaaa!)
    Posts
    434
    well, aren't a lot of logins encrypted at the browser these days anyway?

    I know for sure my i-banking login is sent encrypted, reasonably sure my yahoo account is although I haven't used it in ages and I don't care about my hotmail, its mostly spam.

    Something a lot of people forget with wireless. Even IF they break the WEP/WPA or whatever you use, most sites use 128bit encryption anyway. So all really sensetive data ends up double encrypted.
    If the world doesn't stop annoying me I will name my kids ";DROP DATABASE;" and get revenge.

  5. #5
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    If the web mail account uses HTTPS, you're safe.

    Otherwise, you're probably at risk.

    Open wifi networks are easy to intercept from some distance away - this makes them very risky. If you're using an open wifi network (for some reason) you should be mindful of this and not log on to any non-HTTPS site which requires a password etc.

    Unfortunately some sites (possibly including AO) may use cookies to remember who you are - if you even *visit* such a site over HTTP on an open wifi connection, your account may be compromised.

    Slarty

  6. #6
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    AO is not encrypted... this is something I have never understood... the password is sent in plaintext...
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  7. #7
    Junior Member
    Join Date
    Mar 2007
    Posts
    20

    ssl doesn't seem to matter

    It's a playback of wireless traffic which provides access to any web mail account, and it appears to work even if the account password or hash is protected by SSL. I don't think it is an MITM attack since the traffic is pulled out of the air.

    Seems like a fundamental flaw in web authentication. I can't see how this could be though. Very confused.

  8. #8
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    Either you are making unreasonable assumptions, or you will need to provide much more detail........... like how the hell do you know:

    1. It is a playback of wireless traffic
    2. It doesn't matter if you are encrypted
    3. The traffic is pulled out of the air

    Huh?

    So far you have described nothing that couldn't be explained by a simple keylogger
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  9. #9
    Junior Member
    Join Date
    Mar 2007
    Posts
    20

    saw it done

    I guess because I saw it done.

    What I saw was that the traffic was pulled out of the air using Kismet under the Backtrack Live CD booted on a laptop. The .dump file was saved to USB. The same laptop was then booted into Windows XP and a Windows program was run against the traffic, first to convert it from 802.11 to a .pcap file, and the same Windows program then provided full access to every account accessed via 802.11.

    There was no keylogger involved. There was no access at all to the machines that originally accessed the accounts.

    I am really now completely mystified by this whole thing. The password hashes under the accessed accounts are encrypted via SSL.

  10. #10
    Senior Member Aardpsymon's Avatar
    Join Date
    Feb 2007
    Location
    St Annes (aaaa!)
    Posts
    434
    it sounds a lot like what they are doing here is replaying the traffic from a successful login like listening in to a spoken password. You hear it, you reproduce it. However given what I know of authentication protocols, surely the time stamp would be off. Also, good protocols have a random number and session ID assigned to them and those would be wrong indicating that it was a recording of a previous handshake not a new, live, one.

    Where did you see this?
    If the world doesn't stop annoying me I will name my kids ";DROP DATABASE;" and get revenge.

Similar Threads

  1. PIX: Access Control Lists and Content Filtering
    By Nokia in forum The Security Tutorials Forum
    Replies: 0
    Last Post: October 23rd, 2006, 04:58 PM
  2. Capturing, Sanitizing and posting Ethereal dumps.
    By Tiger Shark in forum The Security Tutorials Forum
    Replies: 13
    Last Post: August 12th, 2004, 09:35 PM
  3. Building a wireless nervous system
    By SDK in forum AntiOnline's General Chit Chat
    Replies: 0
    Last Post: May 12th, 2004, 04:02 PM
  4. HaHaHa Akamaitechnologies Port Scan
    By mathgirl32 in forum IDS & Scanner Discussions
    Replies: 10
    Last Post: February 3rd, 2003, 06:20 PM
  5. The Worlds Longest Thread!
    By Noble Hamlet in forum AntiOnline's General Chit Chat
    Replies: 1100
    Last Post: March 17th, 2002, 08:38 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides