hexlax Posted February 19, 2009 Share Posted February 19, 2009 So, I started to look in to the Jasager project and really liked what I saw there. Instead of attacking the client side, I was thinking about the AP side of the house. You know how most wireless routers have built in web management interfaces? I'd like to work on some code that would interject our own network configuration which could include DNS or static-route poisoning. I'm asking the forum for advice on the best implementation for this program. I have prototyped this already on a xp box by: 1) Zero Wireless Config automatically connects to an AP (based on Preferred Networks). 2) Currently only connects to SSID of "Linksys". 3) Launches wget at the default gateway URL to change router configuration (all a POST statement). 4) Brings down the interface then brings it back up which XP automatically reconnects to another Linksys access point, taking us back to step 1. I could see how I would be able to launch this attack at multiple vendors, all because they all use a single POST statement to change router configuration. This of course implies that the router has the default user/pass, no encryption, and a simple network topology behind a public IP address (what I like to call out of the box security). Although I have only implemented this on XP, I'm sure there are some Linux gurus out there who could shed some light on some APIs or something to implement this by. The only thing I am using wget for is the authentication to the web management interface and launching the config change. I could see how this could already be implemented in the BOOST libraries, making it nice for crossplatformability. I got kinda wordy, but please, I'm interested in what ya think. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.