Someone Stealing Your Wifi? Find Out What They’re Looking At With These 3 Apps

James Bruce 21-08-2011

<firstimage=”//”>wifi monitoring softwareIf your Wifi is being hijacked by some dirty rotten thieves – I showed you how to check this before How to Check If Someone Is Stealing Your WiFi & What You Can Do About It Read More – what can you do to get your own back, or find out a little more about who is responsible? Or rather, if a hacker has gained access to your wifi network, what kind of nasty things could they do to you?


In this tutorial today, I’ll be demonstrating some low-level but terrifying utilities you can run on your compromised network. If you weren’t paranoid enough Become Really Paranoid By Monitoring Your Network's Comings & Goings With WallWatcher & DD-WRT If you have access to your router, and it’s able to log activity, it’s relatively easy to watch everything that’s going on to try to find any untoward activity. Today I’d like to show you... Read More after I showed you how to crack a WEP network in 5 minutes How to Crack Your Own WEP Network to Find Out Just How Insecure It Really Is We’re constantly telling you that using WEP to 'secure' your wireless network is really a fools game, yet people still do it. Today I’d like to show you exactly how insecure WEP really is, by... Read More last week, you will be after today.


Note: This isn’t the only way to sniff out packets on the wifi, but as far as I’m concerned it’s the easiest for beginners and consists of really only a few shell commands to see results. It certainly isn’t the most comprehensive or effective way to do things, and there are certain drawbacks and limitations I’ll discuss beside each utility.

Today we’ll be covering 3 different basic-level utilities for figuring out what’s going on: urlsnarf, webspy, and driftnet.

Setting Up

Boot into Backtrack5 as described last week. Before continuing, make sure you have the following information noted down somewhere:

  • The BSSID (Mac address) of your target network.
  • The NAME of your target network.
  • The CHANNEL number that the network operates on (1-12).
  • The WEP key (if needed).

Start by placing your wifi card into monitor mode on the specified channel, using:

airmon-ng start wlan0 [channel]

Replace wlan0 with the name of your wireless device – iwconfig will tell you this if you don’t know it already – and with the relevant [channel] in there too (don’t include the brackets). You should now have a mon0 interface for monitoring network traffic.

Since the packets need to be decrypted on the fly, we need to run them through the airtun-ng utility, which will give us a live stream of the decrypted packets as it sees them on the network, in a suitable format for some of the other apps we will use today. Type in the following command, replacing your details:

airtun-ng -a [bssid] -w [password] -t 1 mon0

Leave out the -wbit if you’re doing this on an open wifi network. You should see something similar to this if it’s successful.

wifi monitoring software


The utility created a new network device stream called at0, which we need to activate using another command (open a new terminal for this, and don’t close the one running airtun-ng):

ifconfig at0 up

Okay, setup is complete, onto stage 2.


This is going to list out all the websites visited by users on the network, so you can see in real time what sites they are browsing too.

urlsnarf -i at0

It’s also going to give a lot of noise though, as each website visited results in a number of requests being made to various places. Here’s a snapshot of me browsing the iTunes store. A quick look over the list will tell me:


wifi monitor freeware

  • The user is on an IP address of (useful for finding out more later)
  • The request is coming from a 32GB model iPad.
  • Exactly which URLs are being loaded.
  • The user has gone through a number of mobile applications, like Mobile Safari, Reeder (a Google Reader app), and the iTunes store.

wifi monitor freeware

With multiple users it could become difficult to tell which requests are made by who, but there are additional filters I won’t get into. For now, this is scary enough.


This one is used to capture images that are being downloaded from websites and such, and it’s pretty much as voyeuristic as you can get.

driftnet -v -i at0

Note: -v isn’t needed, but it shows a textual output in the console window which I prefer to know it’s working or found something. It isn’t perfect by far – during tests I found it only tended to pick up smaller images, presumably because it wasn’t able to fully grab the packets for larger JPGs and such, but it is effective none the less. Here I’ve browsed to a famous Chinese movie streaming website.

wifi monitoring software

It certainly doesn’t pick up everything, but I can assure you that if they’re browsing to a certain pR0n site thats begins with Red and ends with Tube, you’re going to know about it.


While I prefer the log file format of URLSnarf, this utility will actually attempt to mirror what the user is browsing on your computer. In practice it doesn’t work as well as I’d hoped, but it’s intriguing none the less. You need to target a specific user IP on the network though – which you should have through URLSnarf, then type in the following:

webspy -i at0 [target ip address]

In another terminal, launch Firefox using:

firefox &

Now, in theory, whatever they visit will be mirrored onto your local Firefox browser. In reality, I found it would open a new browser window for every request the website site made – so a site like MakeUseOf might open new tabs for the various advertisers, and Disqus commenting – added to which some sites would only open by IP address. Certainly good fun and some sites work as expected, but of limited real world use.


Running these utilities on your own network to see who’s stealing your wifi and what they’re doing with it is probably acceptable, but once you start running these in public spaces (as someone did with this wifi picture frame that grabs traffic from open wifi spots), you enter a whole new realm of illegalities. Or do you? It’s actually quite easy to secure your traffic even on an open wifi by tunnel everything through a VPN or such, so I hope this just goes to show you exactly how dangerous WEP networks and open wifi can actually be. Think twice before jumping on that local “free internet” someone seems to be broadcasting for fun. I plan to explore some more wifi trickery over the coming weeks, so stay tuned and play safe people.

As ever, feel free to comment and ask questions, or head over to our support community for crowd-sourced advice and unrelated questions.

Explore more about: Computer Networks, Wi-Fi.

Whatsapp Pinterest

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. jasray
    August 21, 2011 at 10:49 pm

    It would be nice to know how to crack WPA, and maybe you could confirm the legal aspects of running an open WiFi.  It's my understanding from an article in PC World that it's actually best to run an open WiFi and let others use some bandwidth.  The rationale is that anyone could have been pirating music, film, etc.  In other words, if the all claim they didn't do it, there is no prosecution. 

    • Tina
      August 22, 2011 at 5:15 am

      That`s an interesting idea, but not a strategy I would recommend. As far as I know, the owner of the connection can be held responsible regardless of who used the network for illegal activity. Besides, what if they find the files on your computer?

      • James Bruce
        August 22, 2011 at 8:18 am

        Actually Tina, this case in America set's a precedent for bittorrent cases whereby the IP address does not equate to the user:

        in the UK however, there was a hi-profile case where the owner of a pub was held responsible for a copyright infringement with the free wifi he offered on his premises []. 

        More recently, the Digital Economy Bill warned businesses running open wifi:

        So yes, it would appear in the UK you can be prosecuted for the actions of your users. As far as I can see, America is not the same right now. The digital economy bill itself is still in debate as it was rushed in...

    • James Bruce
      August 22, 2011 at 8:19 am

      Hi Jasray. Since WPA is much harder to crack I'm not sure an article would be of much use, but I will try it out at home and see if I can knock something up. In the meantime, see my reply to Tina below for why you shouldnt run an open Wifi.