Forum Thread: WiFi Hotspot as Weapon

WiFi Hotspot as Weapon

Hi guys,

Can we make hotspot as a weapon. I converted my computer to Wi-Fi hotspot and couple of devices are already connected to my computer Wi-Fi hotspot ,is there any way I trace down their activity like what they are doing on net , which website is open ,as well as there keyboard strokes. As we all know that all the data is pass through my computer Wi-Fi hotspot.so can I see that data or request.

15 Responses

Yes, you can sniff traffic that passes through your machine. No, you cannot capture every keystroke.

To capture traffic, use tcpdump or Wireshark, but you are not restricted to using either of the two. There are plenty of other tools out there that fulfil the same needs, and you have Google to help you locate those.

TRT

Why can't I capture keystrokes.

Capturing keystrokes requires (to some degree) a certain level of control over your victim's device. Pressing a keystroke doesn't necessarily send any data through your machine; they could just be using Notepad.

TRT

Can I redirect the client to any website ?

For e.g. that somebody requests to go to the site www.Google.com and I given the data of www.facebook.com or my evil clone website template.

This is known as a DNS Spoofing attack. I have a tutorial on this which you can check out, as well as OTW's tutorial.

Also this and this might help you (read the comments in particular).

TRT

Ok thanks as well as for quick reply

So that mean I also use there devices for botnet attack...?

Is it possible ?

If by "botnet attack" you mean a Distributed Denial of Service (DDoS) attack, then no. This would require that each victim sends traffic to a target using their own internet connection. Since all traffic is routed through you, it is you that will be considered as the attacker (from the target's perspective).

Unless you are talking about something completely different...

TRT

to capture keystrokes just launch an MIMT attack using mitmf with the --jskeylogger options ...
or combine with BeEF l,set up auto pwn and redirect victims to pwnable url.

Yes. ARP poison your network and then use some commands to monitor what websites they are on. There's a driftnet command to monitor the pictures they're looking at.

Also, you can use wireshark to catch the packets.

problem solved

Their is still a lot of Advance things you can do here,now a days almost all traffic is going through SSL/Encrypted, so you cannot get Most of the POST requests, which has user pass because of the encryption, BUT you can do that by using dummy SSL Certs using Mitmproxy.you can hack amost any account like fb,gmail..etc..etc the only thing you have to do is to install your CA cert on your victim device,that can be done by a multiple techniques. for more info do some search on mitmproxy,or even ask me if you have any questions regarding mitmproxy.

moreover you can also use MITMF in whcih you use javakeylogger , DNS Spoof , ARP etc etc... and last but not the least you can intercept and modify traffic between your hotspot and your hotspot users and deliver your payload on a fly.which could be .exe .zip .apk any format.

and the user will never get to know that he just downloaded your payload.

so wifihotspot as a weapon.. yes you can create one with advance techniques. using wireshark and simple ARP poisoning is now old stuff.

if you have any question you can ask me here anything...
hope it helps.

Share Your Thoughts

  • Hot
  • Active