Be careful what you broadcast...

Dr. Z · 21-03-2008, 17:35

...if you are using a wifi connection in a public place (or anywhere, really)

I have been trying out this tool called WifiZoo which is like a kind of Wireshark for wireless but with a bit of a cool twist. Instead of showing you a long list of packets which you would have to walk through to get a handle on what is going on, this tracks connections and basically presents you with a categorical breakdown of useful stuff.

For example, you sit down in your hotel lobby and use their wireless LAN to check your GMail account. GMail tracks who you are and your authenticated status using cookies. You log in over SSL, so there is no chance of a MITM seeing your password, but google then issue you a cookie which says "yes, I am logged in" which has a limited expiration time. The rest of your session is then in plaintext, but without the cookie you can't get into the GMail site... WifiZoo tracks HTTP sessions and grabs any cookies set. With a click of the mouse, it injects that cookie into its own built-in proxy server and presents me with the page that only you should be able to see. Clever, huh?

Its not limited to cookies and stuff though, oh no! It can track POP3 auth details, MSN conversations, FTP data, SMTP data and thats just out of the box - if you know Python you could code it to track whatever you wanted.

When combined with a tool called KISMET it will channelhop too so you can track multiple APs at once to see which is the "best" one to pay more attention to or in multi-AP configurations you can keep track of multiple users which might not be on the same AP.

Here is a screenshot:

http://www.statichiss.co.uk/wifizoo.png

21-03-2008, 17:35	#1
Dr. Z I'm going for a scuttle... Join Date: Jul 2006 Posts: 2,021	Be careful what you broadcast... ...if you are using a wifi connection in a public place (or anywhere, really) I have been trying out this tool called WifiZoo which is like a kind of Wireshark for wireless but with a bit of a cool twist. Instead of showing you a long list of packets which you would have to walk through to get a handle on what is going on, this tracks connections and basically presents you with a categorical breakdown of useful stuff. For example, you sit down in your hotel lobby and use their wireless LAN to check your GMail account. GMail tracks who you are and your authenticated status using cookies. You log in over SSL, so there is no chance of a MITM seeing your password, but google then issue you a cookie which says "yes, I am logged in" which has a limited expiration time. The rest of your session is then in plaintext, but without the cookie you can't get into the GMail site... WifiZoo tracks HTTP sessions and grabs any cookies set. With a click of the mouse, it injects that cookie into its own built-in proxy server and presents me with the page that only you should be able to see. Clever, huh? Its not limited to cookies and stuff though, oh no! It can track POP3 auth details, MSN conversations, FTP data, SMTP data and thats just out of the box - if you know Python you could code it to track whatever you wanted. When combined with a tool called KISMET it will channelhop too so you can track multiple APs at once to see which is the "best" one to pay more attention to or in multi-AP configurations you can keep track of multiple users which might not be on the same AP. Here is a screenshot: http://www.statichiss.co.uk/wifizoo.png __________________