Jump to content

free internet... xfinity exploit...


i8igmac

Recommended Posts

These xfinity hot spots are everywhere... there is so much to explain...

I have a raspberry pi kali with 3 alfa cards. One card is associated with a xfinity open access point... at this time we are not yet authenticated with login.xfinity.com... with a second alfa card I will broadcast a encrypted access point for my home device's to connect to... some iptables will complete the configuration along with dnsmasq to issue local ip address to my device's...

(I will post command line configuration later)

And now the exciting part... when a device in my home authenticates with login.xfinity.com, this will allow all my devices internet access ;-) because this legit login will come from my raspberry pi...

How so? when a paying xfinity customer is in range of a xfinity access point, there handheld device will automatically connect and authenticate with login.xfinity.com...

How can I exploit this? I can use a 3rd alfa card to broadcast a open xfinity access point and some more iptables... only need one paying xfinity customer to pass by my house...

Now, I can point a long range antenna broadcasting xfinity at a highway or a road lots of cars travel down ,-)

Not much of a exploit, I don't have to tamper with the traffic... it just works

Link to comment
Share on other sites

I believe you can even record and deduce the login credentials from the traffic. It's either plain-text or equally shit encryption that's employed. Also, most of these accounts allow at least 2 people to be simultaneously connected with the same account so chances are nobody will be the wiser.

On the other hand, getting access to free internet these days isn't half as hard as it used to be.

Link to comment
Share on other sites

I believe you can even record and deduce the login credentials from the traffic. It's either plain-text or equally shit encryption that's employed. Also, most of these accounts allow at least 2 people to be simultaneously connected with the same account so chances are nobody will be the wiser.

On the other hand, getting access to free internet these days isn't half as hard as it used to be.

wpa2 and wps pins have become harder to crack... wep does not exist... xfinity is not bad, i find it convenient because its everywhere... just dont look past whats simple...

https://wifilogin.xfinity.com/start.php

i have not tested yet, i would like to see this traffic redirected to a local machine, to see if a hand held device will still auto authenticate with my local server...

i would love to see some plain text... maybe some iptables and a mitm proxy can get control of this traffic before its encrypted... it would be simple to produce a fake login page, but im not interested...

the idea here is, "Auto connect and auto authenticate"

Link to comment
Share on other sites

  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...