Jump to content
IGNORED

it's not safe to use public wifi without a vpn

chaosmachine

By chaosmachine
in General Banter

Recommended Posts

chenGOD Grand Master

chenGOD

Posted
Posted

well it appears that my school's network is safe.cause i'm not capturing shit. :( I was looking forward to doing some stalking!!

 

i totally didn't try this at starbucks, and didn't manage to get some guy's facebook in about 10 seconds.

 

also, if you're on windows, you need to install winpcap.

 

I'm on Snow leopard latest, and using my school's default network for students, wasn't able to capture anything. I'll try it in a bigger class later on this afternoon. However, I have started using my school's secure network just in case...lol let's hear it for WPA enterprise!!

Maybe I'll start using the school's VPN at home....although I don't think that there's anyone else on my network at home.

 

Just to make sure I'm doing this right, I have to be on the same network as others in order to capture right? I mean, hypothetically speaking.

Link to comment
Share on other sites
  • Replies 107
  • Created
  • Last Reply
chaosmachine Grand Master

chaosmachine

Posted
  • Author
Posted

I'm on Snow leopard latest, and using my school's default network for students, wasn't able to capture anything. I'll try it in a bigger class later on this afternoon. However, I have started using my school's secure network just in case...lol let's hear it for WPA enterprise!!

Maybe I'll start using the school's VPN at home....although I don't think that there's anyone else on my network at home.

 

Just to make sure I'm doing this right, I have to be on the same network as others in order to capture right? I mean, hypothetically speaking.

 

i think you have to be on the same access point, too. if you have a phone that uses wifi, that's an easy way to test.

Link to comment
Share on other sites
oscillik Grand Master

oscillik

Posted
Posted

maybe some wireless cards can't do it? much like with air crack that some wifi cards aren't good for it.

it used to be the case that not all 802.11b or 802.11g cards could enter promiscuous mode.

 

not too sure if that's changed now, though

Link to comment
Share on other sites
plstik Mentor

plstik

Posted
Posted

well it appears that my school's network is safe.cause i'm not capturing shit. :( I was looking forward to doing some stalking!!

 

i totally didn't try this at starbucks, and didn't manage to get some guy's facebook in about 10 seconds.

 

also, if you're on windows, you need to install winpcap.

been running firesheep for ~2h now and nothing´s on display, winpcap and all. Still... I dont trust no lousy wep-encryption :fear:

Link to comment
Share on other sites
Guest Scrambled Ears

Guest Scrambled Ears

Posted
Posted

what about tucking your penis behind your legs? If i browse with my penis tucked behind my legs will i be safe? Can they get my passwords if my penis is tucked behind my legs?

i think you may be on to something

Link to comment
Share on other sites
kokoon Grand Master

kokoon

Posted
Posted

Or just set up a SSH daemon on your home network and route your internet traffic over your home line. Ofcourse your speed will be limited to your home connection upload rate. But I can't imagine free VPN providers doing much better. Oh and you'll need some sort of home server ofcourse (although you could do it with router software like DD-WRT.)

 

It's pretty easy to do. Set up daemon, connect with putty, set firefox to use SOCKS5 proxy.

this. fortunately.

Link to comment
Share on other sites
chenGOD Grand Master

chenGOD

Posted
Posted

Or you could always use the wonderful extension HTTPS everywhere made by the folks over at the EFF in combination with the tor project.

 

Additionally, if you're concerned about privacy there's a good firefox addon called better privacy which is useful.

Link to comment
Share on other sites
Joyrex Grand Master

Joyrex

Posted
Posted

What about WiFi that uses MAC address authentication? I know you can 'spoof' MAC addresses, but I would imagine this can pick up the packets regardless...

 

I would imagine the only 'safe' option is not use WiFi on your personal network. More and more homes are setting up WiFi (I can see about 7-8 networks in my general area, and I would imagine most of those that have 'NONE' listed as the security really are 'NONE' - no MAC addresses, nothing.

 

What if you use OpenDNS?

Link to comment
Share on other sites
Guest Deep Fried Everything

Guest Deep Fried Everything

Posted
Posted

What about WiFi that uses MAC address authentication? I know you can 'spoof' MAC addresses, but I would imagine this can pick up the packets regardless...

 

I would imagine the only 'safe' option is not use WiFi on your personal network. More and more homes are setting up WiFi (I can see about 7-8 networks in my general area, and I would imagine most of those that have 'NONE' listed as the security really are 'NONE' - no MAC addresses, nothing.

 

What if you use OpenDNS?

 

edit: nm, chaos already covered this.

 

nothing to see here, move along now!

Link to comment
Share on other sites
mcbpete Grand Master

mcbpete

Posted
Posted

how do you install this .xpi file ?

You, erm, click on it ! :lol:

 

.xpi installs generally get blocked as default though, you'll probably see a bar has added to the top of the page saying Firefox has prevented this site from installing software. Just click the allow button.

Link to comment
Share on other sites
chaosmachine Grand Master

chaosmachine

Posted
  • Author
Posted

Or you could always use the wonderful extension HTTPS everywhere made by the folks over at the EFF in combination with the tor project.

 

Additionally, if you're concerned about privacy there's a good firefox addon called better privacy which is useful.

 

"https everywhere" only works on sites that provide https support on all pages. most don't, unfortunately.

Link to comment
Share on other sites
Guest the anonymous forumite

Guest the anonymous forumite

Posted
Posted

how do you install this .xpi file ?

You, erm, click on it ! :lol:

 

.xpi installs generally get blocked as default though, you'll probably see a bar has added to the top of the page saying Firefox has prevented this site from installing software. Just click the allow button.

 

Yeah I eventually figured this out but now, when the firefox modules dialog box appears, it says that it's not compatible firefox 3.6

Link to comment
Share on other sites
chaosmachine Grand Master

chaosmachine

Posted
  • Author
Posted

What about WiFi that uses MAC address authentication? I know you can 'spoof' MAC addresses, but I would imagine this can pick up the packets regardless...

 

I would imagine the only 'safe' option is not use WiFi on your personal network. More and more homes are setting up WiFi (I can see about 7-8 networks in my general area, and I would imagine most of those that have 'NONE' listed as the security really are 'NONE' - no MAC addresses, nothing.

 

What if you use OpenDNS?

 

opendns won't help. mac filtering won't help, either.

 

basically, you're reasonably safe using WPA, if you're using a strong passphrase and a unique ssid (ie: "joyrex98765" not "james").

 

everything else can be bruteforced or pulled out of a precomputed table, and once they have the key, they can read your traffic and steal your sessions.

 

mostly, though, i'd worry a lot more about unencrypted public connections, like starbucks, than i would about someone bruteforcing your home network. if you don't use public wifi, you probably don't need a vpn.

Link to comment
Share on other sites
plstik Mentor

plstik

Posted
Posted

how do you install this .xpi file ?

You, erm, click on it ! :lol:

 

.xpi installs generally get blocked as default though, you'll probably see a bar has added to the top of the page saying Firefox has prevented this site from installing software. Just click the allow button.

 

Yeah I eventually figured this out but now, when the firefox modules dialog box appears, it says that it's not compatible firefox 3.6

i´ve got firefox 3.6(windows 7) and it installed just fine :huh:

Link to comment
Share on other sites
Guest Babar

Guest Babar

Posted
Posted

maybe some wireless cards can't do it? much like with air crack that some wifi cards aren't good for it.

it used to be the case that not all 802.11b or 802.11g cards could enter promiscuous mode.

 

not too sure if that's changed now, though

 

In my understanding promiscuous mode works on the ip level by redirecting frames that are not destined to your computer to the rest of the system.

Monitor mode is similar except that it works on a the wifi protocol level, allowing frames that are not destined to your computer, to be processed further by the ip-level and its pals.

 

 

As for chen's macbook: your card need to support these modes, which is not the case for all airport cards.

 

 

So I installed the beast, a nice "firesheep" window/tab showed up but I closed it and now i'm unable to find where it is in the menu. Seriousl ! someone help me.

Link to comment
Share on other sites
Guest Babar

Guest Babar

Posted
Posted

how do you install this .xpi file ?

 

I couldn't just click on it (i'm on osx), so i opened it from firefox (file>open etc...)

 

 

 

And i wasn't able to grab anything interesting.

 

Imo it's because my interface's flags as shown by ifconfig are (when firesheep is running)

flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500

 

 

while they should read as

flags=48943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,MONITOR> mtu 1500

 

So no, chengod, you won't be able to steal cookies via passive wifi sniffing because airport's hardware doesn't support it. You can still download backtrack 4, launch it via vmware and use a wifi dongle : it comes with wifizoo preinstalled (=firesheep+).

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.