1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Two clients being simultaneously handled by the captive portal

Discussion in 'Radio Network Analysis' started by snow-bt, Apr 11, 2013.

  1. snow-bt

    snow-bt Member

    Mar 3, 2013
    Likes Received:
    1) Relies on auto-connections ie the device connnects without the owner being aware. You can then attempt to exploit it.
    Target the fake-AP ESSID to something the device has likely connected to previously eg Starbucks WiFi

    2) Sometimes it is easier to steal the handshake than sniff it passively. Set up the AP with the same name and channel as the target, and then DOS the target.
    Airbase will save a pcap containing the handshake to /root/PwnSTAR-n.cap.

    3) Provides an open network, so you can sniff the victim's activities.

    4) Uses apache to serve a webpage. There is an option to load your own page eg one you have cloned. The provided page (hotspot_3) asks for email details.
    Note the client is forced to the page by DNS spoofing. They can only proceed to the internet if you manually stop dnsspoof.
    DNS-caching in the client is a problem with this technique. The captive portal in the advanced menu is a better way of hosting hotspot_3

    5&6) Provides all the arduous config files to properly set-up these attacks.

    Have fun, and READ THE SCRIPT!
    error404 and wlan0 like this.
  2. phadeb

    phadeb New Member

    Jun 1, 2013
    Likes Received:
    Thanks Good Job :)
  3. dragon

    dragon New Member

    May 31, 2013
    Likes Received:
    thank bro
    snow-bt likes this.

Share This Page