Episode85

From Security Weekly Wiki
Revision as of 14:26, 4 October 2007 by Pauldotcom (talk | contribs)
Jump to navigationJump to search


Wifizoo - Wireless Auditing Made Easy (With Pictures!)

Wifizoo is a fun tool written by Hernan Ochoa from Core Security. It passively monitors the wireless network and collects the following information:

  • A list of SSIDS (access points that are beaconing)
  • BSSID->Clients Graph - This produces some really interesting output, as its based on destination BSSID (so sometimes you may get a BSSID from an AP that is out of range, and from a client that is within range?). Its interesting to see some client MAC addresses with connections to all of the BSSIDs in the area...
  • Probe requests - All probe requests by clients are logged by source mac address and SSID. A list is kept for future reference :)
  • Cookies - Ala Hamster, all cookies are collected off the network and then placed on a web page. Clicking on a cookie sets Wifizoo's proxy server to use that cookie. Set your browser to the Wifizoo proxy, then click the "Jump To.." link for that cookie in Wifizoo, and well, you know, pwnage.
  • "other" information - Ala Ferret, POP3, FTP, and SMTP data are collected.