Someone Stealing Your Wifi? Find Out What They’re Looking At With These 3 Apps

featured wifi hack   Someone Stealing Your Wifi? Find Out What Theyre Looking At With These 3 AppsIf your Wifi is being hijacked by some dirty rotten thieves – I showed you how to check this before – what can you do to get your own back, or find out a little more about who is responsible? Or rather, if a hacker has gained access to your wifi network, what kind of nasty things could they do to you?

In this tutorial today, I’ll be demonstrating some low-level but terrifying utilities you can run on your compromised network. If you weren’t paranoid enough after I showed you how to crack a WEP network in 5 minutes last week, you will be after today.

Prerequisites

  • These apps will only work on a wifi network that is either open or has compromised WEP security for which you have the passphrase.
  • Backtrack5 Security Linux Live-CD: if you’re unfamiliar with the boot process and how to get into a GUI, read last week’s tutorial on how to hack your WEP network.
  • A wireless card that supports monitor mode (where it captures all the packets on the network).

Note: This isn’t the only way to sniff out packets on the wifi, but as far as I’m concerned it’s the easiest for beginners and consists of really only a few shell commands to see results. It certainly isn’t the most comprehensive or effective way to do things, and there are certain drawbacks and limitations I’ll discuss beside each utility.

Today we’ll be covering 3 different basic-level utilities for figuring out what’s going on: urlsnarf, webspy, and driftnet.

Setting Up

Boot into Backtrack5 as described last week. Before continuing, make sure you have the following information noted down somewhere:

  • The BSSID (Mac address) of your target network.
  • The NAME of your target network.
  • The CHANNEL number that the network operates on (1-12).
  • The WEP key (if needed).

Start by placing your wifi card into monitor mode on the specified channel, using:

airmon-ng start wlan0 [channel]

Replace wlan0 with the name of your wireless device - iwconfig will tell you this if you don’t know it already – and with the relevant [channel] in there too (don’t include the brackets). You should now have a mon0 interface for monitoring network traffic.

Since the packets need to be decrypted on the fly, we need to run them through the airtun-ng utility, which will give us a live stream of the decrypted packets as it sees them on the network, in a suitable format for some of the other apps we will use today. Type in the following command, replacing your details:

airtun-ng -a [bssid] -w [password] -t 1 mon0

Leave out the -wbit if you’re doing this on an open wifi network. You should see something similar to this if it’s successful.

airtun ng   Someone Stealing Your Wifi? Find Out What Theyre Looking At With These 3 Apps

The utility created a new network device stream called at0, which we need to activate using another command (open a new terminal for this, and don’t close the one running airtun-ng):

ifconfig at0 up

Okay, setup is complete, onto stage 2.

URLSnarf

This is going to list out all the websites visited by users on the network, so you can see in real time what sites they are browsing too.

urlsnarf -i at0

It’s also going to give a lot of noise though, as each website visited results in a number of requests being made to various places. Here’s a snapshot of me browsing the iTunes store. A quick look over the list will tell me:

reeder urls   Someone Stealing Your Wifi? Find Out What Theyre Looking At With These 3 Apps

  • The user is on an IP address of 192.168.0.5 (useful for finding out more later)
  • The request is coming from a 32GB model iPad.
  • Exactly which URLs are being loaded.
  • The user has gone through a number of mobile applications, like Mobile Safari, Reeder (a Google Reader app), and the iTunes store.

itunes ipad   Someone Stealing Your Wifi? Find Out What Theyre Looking At With These 3 Apps

With multiple users it could become difficult to tell which requests are made by who, but there are additional filters I won’t get into. For now, this is scary enough.

DriftNET

This one is used to capture images that are being downloaded from websites and such, and it’s pretty much as voyeuristic as you can get.

driftnet -v -i at0

Note: -v isn’t needed, but it shows a textual output in the console window which I prefer to know it’s working or found something. It isn’t perfect by far – during tests I found it only tended to pick up smaller images, presumably because it wasn’t able to fully grab the packets for larger JPGs and such, but it is effective none the less. Here I’ve browsed to a famous Chinese movie streaming website.

driftnet   Someone Stealing Your Wifi? Find Out What Theyre Looking At With These 3 Apps

It certainly doesn’t pick up everything, but I can assure you that if they’re browsing to a certain pR0n site thats begins with Red and ends with Tube, you’re going to know about it.

WebSpy

While I prefer the log file format of URLSnarf, this utility will actually attempt to mirror what the user is browsing on your computer. In practice it doesn’t work as well as I’d hoped, but it’s intriguing none the less. You need to target a specific user IP on the network though – which you should have through URLSnarf, then type in the following:

webspy -i at0 [target ip address]

In another terminal, launch Firefox using:

firefox &

Now, in theory, whatever they visit will be mirrored onto your local Firefox browser. In reality, I found it would open a new browser window for every request the website site made – so a site like MakeUseOf might open new tabs for the various advertisers, and Disqus commenting – added to which some sites would only open by IP address. Certainly good fun and some sites work as expected, but of limited real world use.

Conclusion:

Running these utilities on your own network to see who’s stealing your wifi and what they’re doing with it is probably acceptable, but once you start running these in public spaces (as someone did with this wifi picture frame that grabs traffic from open wifi spots), you enter a whole new realm of illegalities. Or do you? It’s actually quite easy to secure your traffic even on an open wifi by tunnel everything through a VPN or such, so I hope this just goes to show you exactly how dangerous WEP networks and open wifi can actually be. Think twice before jumping on that local “free internet” someone seems to be broadcasting for fun. I plan to explore some more wifi trickery over the coming weeks, so stay tuned and play safe people.

As ever, feel free to comment and ask questions, or head over to our support community for crowd-sourced advice and unrelated questions.

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

4 Comments -

0 votes

jasray

It would be nice to know how to crack WPA, and maybe you could confirm the legal aspects of running an open WiFi.  It’s my understanding from an article in PC World that it’s actually best to run an open WiFi and let others use some bandwidth.  The rationale is that anyone could have been pirating music, film, etc.  In other words, if the all claim they didn’t do it, there is no prosecution. 

0 votes

Tina

That`s an interesting idea, but not a strategy I would recommend. As far as I know, the owner of the connection can be held responsible regardless of who used the network for illegal activity. Besides, what if they find the files on your computer?

0 votes

James Bruce

Actually Tina, this case in America set’s a precedent for bittorrent cases whereby the IP address does not equate to the user: http://torrentfreak.com/open-wi-fi-is-not-a-crime-110621/

in the UK however, there was a hi-profile case where the owner of a pub was held responsible for a copyright infringement with the free wifi he offered on his premises [http://www.zdnet.co.uk/news/networking/2009/11/27/pub-fined-8k-for-wi-fi-copyright-infringement-39909136/]. 

More recently, the Digital Economy Bill warned businesses running open wifi: http://www.pcpro.co.uk/news/security/358342/ofcom-warns-off-free-wi-fi-providers

So yes, it would appear in the UK you can be prosecuted for the actions of your users. As far as I can see, America is not the same right now. The digital economy bill itself is still in debate as it was rushed in…

0 votes

James Bruce

Hi Jasray. Since WPA is much harder to crack I’m not sure an article would be of much use, but I will try it out at home and see if I can knock something up. In the meantime, see my reply to Tina below for why you shouldnt run an open Wifi.