- Joined
- May 15, 2017
- Messages
- 981
- Likes
- 760
- Points
- 1,045
In this topic, I will teach you to intercept accounts of social networks, mail and personal information via Wi-Fi using only your smartphone with Android OS.
Foreword
How often do you connect to public networks? I bet it is not always possible to “throw” money on your phone, but the need to connect to the Internet always exists.
Imagine you are traveling in a bus, and you are conducting correspondence, which you cannot postpone until later. And at one point you suddenly end up with available traffic. Unfortunately, there is nowhere to replenish the account in the trolleybus, but there is public Wi-Fi! If you are not particularly concerned about the security of your data, feel free to connect to it and continue. However, if your privacy is important to you, it makes sense to continue reading this article, because if you have a smartphone with Root rights, each one can simply steal your social network account, or get access to your mailbox.
Theory
Data exchange on the Internet is encrypted. In this article, we are not interested in how data packets are sent from the user to the web server. We are more interested in the return path of datagrams to the user. So, after processing the HTTP request, the server checks if the client has the right to use the GET request, and if the answer is positive, the server finds the content requested by the client, encrypts it into a packet, and sends the result back using PHP.
A thief of information cannot use a GET request, since only a person who possesses the necessary information has access to it (in the case of a social network, this is a login and password). However, a hacker doesn’t always need to send a GET request - it’s enough for a person who is on the same subnet to do it. This subnet in this case is the Wi-Fi network.
The cracker only needs to “pick up” the incoming data packet at the right time, which in any case passes through the subnet, write the cookie, and the trick is done. For this kind of hacking and there is cSploit for Android.
How does this happen in practice
? So, a brief excursion into the program. Officially, cSploit is used to analyze the Wi-Fi network for security, but we will consider a slightly different application of the program. But only within the law.
Attention!
The program requires Root rights and the BusyBox libraries. I hope there should be no problems with their installation.
Now that we know in more detail how and when the user receives data from the server, it is time to consider how to intercept them using Sploit
.
What do we need to do? Just follow the steps:
Foreword
How often do you connect to public networks? I bet it is not always possible to “throw” money on your phone, but the need to connect to the Internet always exists.
Imagine you are traveling in a bus, and you are conducting correspondence, which you cannot postpone until later. And at one point you suddenly end up with available traffic. Unfortunately, there is nowhere to replenish the account in the trolleybus, but there is public Wi-Fi! If you are not particularly concerned about the security of your data, feel free to connect to it and continue. However, if your privacy is important to you, it makes sense to continue reading this article, because if you have a smartphone with Root rights, each one can simply steal your social network account, or get access to your mailbox.
Theory
Data exchange on the Internet is encrypted. In this article, we are not interested in how data packets are sent from the user to the web server. We are more interested in the return path of datagrams to the user. So, after processing the HTTP request, the server checks if the client has the right to use the GET request, and if the answer is positive, the server finds the content requested by the client, encrypts it into a packet, and sends the result back using PHP.
A thief of information cannot use a GET request, since only a person who possesses the necessary information has access to it (in the case of a social network, this is a login and password). However, a hacker doesn’t always need to send a GET request - it’s enough for a person who is on the same subnet to do it. This subnet in this case is the Wi-Fi network.
The cracker only needs to “pick up” the incoming data packet at the right time, which in any case passes through the subnet, write the cookie, and the trick is done. For this kind of hacking and there is cSploit for Android.
How does this happen in practice
? So, a brief excursion into the program. Officially, cSploit is used to analyze the Wi-Fi network for security, but we will consider a slightly different application of the program. But only within the law.
Attention!
The program requires Root rights and the BusyBox libraries. I hope there should be no problems with their installation.
Now that we know in more detail how and when the user receives data from the server, it is time to consider how to intercept them using Sploit
.
What do we need to do? Just follow the steps:
- Install Root rights, as well as BusyBox.
- Download cSploit, and also install it on your smartphone.
- If the first two steps were performed correctly, when you start the application and connect to Wi-Fi, you will see all devices connected to the network.
- Next, you need to select the "victim" and tap on it once.
- Before you appeared a lot of interesting modules to influence the selected device, but we are interested in the section MITM (man-in-the-middle). Choose it.
- Next, select the section "session sniffer". I see no reason to explain what it is, because the name speaks for itself J
- Now, if you know the victim personally, you can through social. engineering to "convince" him that he urgently needs to go to his "Contact", or wait until he does it himself.
- At the moment when the victim enters his account - on your smartphone in the list of intercepted sessions there will be a new, often named simple IP session, which must be intercepted.
- We make the interception with a simple tap and confirmation.
- The browser opens with the victim's page. Now you can make changes to the victim's account, read and write messages, and also upload photos (for example).