Recently, we found that the system has a wireless NIC driver. You can use a simple command to create a wireless network access point. With this free virtual wireless route, we can control the Wi-Fi data of our mobile phone! Packet capture, sniffing, protocol analysis, traffic hijacking, and code injection... Let's take full advantage of what you want to do ~
First, sniff mobile phone data packets.
It is very easy to create a virtual access point in win7. You only need two lines of command:
netsh wlan set hostednetwork mode=allow ssid=APName key=passwordnetsh wlan start hostednetwork
Save it as a bat file and run it in administrator mode. The virtual AP appears immediately!
We created an access point called the FBI and renamed the adapter to wifi. Open your phone and you can find the connection. The password is successfully entered, but the obtained IP address is always displayed...
This is because a local adapter is created only once. It does not have a complete DHCP service and NAT Function required by the router. However, the system has built-in functions that we can easily enable.
We will share the adapter with the Internet access capability to wifi. Compared with simple bridging, Windows connection sharing provides essential functions for home routers.
Then we can successfully connect to the FBI and access the internet.
Success! Next, start packet capture.
Use Wireshark, a well-known protocol analysis tool, to bind the 192.168.137.1 adapter (Windows connection shared fixed IP address ). Start sniffing.
Because the iPad is running QQ and other software, many data packets are captured instantly. Most communication applications use binary encrypted communication, which makes it difficult to crack.
Therefore, in the future, we will only consider plaintext communication-HTTP-based web applications are our key objects.
Input HTTP in the filter and repeat it again.
At this time, we successfully caught the search content sent by the HTTP request sent by the mobile phone. Sniffing successful!
Of course, the content we caught this time is of little significance, because this is a passive sniffing, and we can only get what users access. Therefore, we must take the initiative to allow users to be automatically controlled by us.
By inserting a Javascript script on the returned page, you can achieve a wider range of data intrusion and sniffing.
However, we have to modify the content of the returned page. Is it still easy to implement? The answer is yes!
Thanks to Windows for providing a simple and powerful network adapter system, we can easily modify the network configuration of the Wi-Fi access point: simply set the DNS to the IP address of the machine.
In Wireshark, we found that a large number of DNS requests from the iPad were sent to the local machine.
Like traditional DNS hijacking, we resolve the domain name we want to hijack to a local IP address and bring the user to our reverse web server. By modifying the HTTP returned content, we can inject more powerful attack scripts to achieve a larger scope of intrusion!