J
J
JSent2017-09-10 17:33:16
WiFi
JSent, 2017-09-10 17:33:16

Can an attacker intercept Wi-Fi traffic?

There is a video on the Internet where, with the help of sniffers, pages, passwords, cookies and other data are easily intercepted. And for this you just need to download the program and be close to the victim.
As far as I understand, these methods only work with sites that use regular http.
And now there are already many places where https and a hacker can only get encrypted traffic. Correctly?
And is it really possible to decrypt it and steal data on the way between the victim’s device and the access point? Or is this method no longer valid?

Answer the question

In order to leave comments, you need to log in

8 answer(s)
A
Alexander, 2017-09-10
@NeiroNx

Maybe Main In the Middle has not been canceled.

V
Valentine, 2017-09-10
@vvpoloskin

The theory for intercepting directly https is here.
https://habrahabr.ru/company/cbs/blog/318592/
Everything has long been automated. Although for greater convenience, you can write your own scripts.
Wi-Fi traffic is even easier to miss. There are a lot of open networks around, go and take it. WPA2 is also hacked pretty quickly and easily.

L
lukoie, 2017-09-10
@lukoie

Somehow I had an interview and a test task in an Israeli company that deals with just such tasks. It's possible. But it's hard with HTTPS.

M
mzG2Gzm, 2017-09-12
@mzG2Gzm

If WiFi is without a password (and what else is there somewhere?) - you don’t even need to strain.
HTTPS - if the user does not install a left certificate on his computer, then it is impossible. But by controlling the point, you can FORCE it to install this certificate, refusing to display sites until it installs a certificate for itself.
Some public routers sin this way, allegedly for the purpose of transparently registering a Wi-Fi user through VKontakte (the developers of such systems unsubscribed on Habré). Why are they doing this in fact - hell knows.

D
Dimonchik, 2017-09-10
@dimonchik2013

watch the videos more closely
between the device and the router, it is difficult if the victim's body really asks to be gone - why not give him a point? and wrap everything up...

P
Psq, 2017-09-10
@Psq

Yes, since the data from your PC is transmitted along the radius, and not directly to the access point. During normal operation, other access points drop extra packets, an attacker can disable this functionality (enable monitoring mode).

V
Vadim Shorin, 2017-09-10
@shorinvadim

if you need to intercept https, then you will need to send your certificate to the "client", after that, through wireshark or whatever is more convenient for you, see the traffic.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question