Z-x Posted October 18, 2013 Share Posted October 18, 2013 Does anybody have any helpful information regarding capturing a password attempt to access my own wifi network? So this is before the user even logs onto my network, I want the ability to see what passwords the user is trying. I am thinking about hacking an open source router which I may need for this to work? If anyone has any information regarding this that would be very helpful, I have wireshark but the question is specifically about the initial password attempt to access the wifi network. Thanks! Quote Link to comment Share on other sites More sharing options...
digip Posted October 18, 2013 Share Posted October 18, 2013 (edited) Pineapple? Edited October 18, 2013 by digip Quote Link to comment Share on other sites More sharing options...
digininja Posted October 18, 2013 Share Posted October 18, 2013 Simple answer, you can't. Neither WPA or WEP send the password over the network they use the password to encode some data which is exchanged. You might be able to try to crack a WPA password that someone is trying by capturing the first two packets of the handshake but that would only work if the word they are using is in the dictionary you are using Quote Link to comment Share on other sites More sharing options...
ZaraByte Posted October 18, 2013 Share Posted October 18, 2013 Ohh wow off topic but its cool to see digininja replying freaking legend in my books :D Quote Link to comment Share on other sites More sharing options...
Z-x Posted October 19, 2013 Author Share Posted October 19, 2013 Thank you for the reply! So if it's impossible to go down that route and collect passwords in the password field, is it possible to push somebody a pop-up that looks like the WAP password prompt as seen in my image above? For example, when I log into a Starbucks hotspot my computer is automatically sent to their landing page, if my landing page was a clone of a "page not found" or "No connection" could I push a pop-up prompting the user to enter a password in an HTML5 pop-up field? I know you can push the user a landing page when they first log onto your network but at any point after they navigate away can you push them another prompt or website? Thanks Again! Quote Link to comment Share on other sites More sharing options...
digininja Posted October 19, 2013 Share Posted October 19, 2013 You could I suppose, just do some DNS poisoning so that all the traffic is sent to your fake page until they enter some credentials. You'd have to put quite a bit of work in get the popup realistic. Not sure whether you could get rid of enough of the borders and other window furniture so make it look realistic. You'd have to stop multiple from popping up if more than one browser tab or window is open. Quote Link to comment Share on other sites More sharing options...
digininja Posted October 19, 2013 Share Posted October 19, 2013 And ZaraByte, to pinch a line from Gag Halfrunt, "Vell, I'm just zis guy, you know?" Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.