webcamfere.blogg.se - Android packet capture tool

We can use this information to easily pick apart which services are running, even if they're only running in the background and the app hasn't been running in quite some time. To see a complete list of every domain the device has resolved, we can also look at a summary of resolved domains after the capture is complete.

To get a feeling for what the targeted device is up to, we'll be using capture filters to highlight DNS and HTTP packets we're looking for. We'll open Wireshark and access the menu to decrypt Wi-Fi packets, add the PSK to enable decryption, and wait for EAPOL packets from the targeted device connecting to the network. First, we need the password, we need to be in proximity to the victim so we can record traffic, and we need to be able to kick the targeted device off the network or wait for them to reconnect.

To pull off this attack, a few conditions need to be met. Also, DNS requests to resolve the domains that apps need to talk to in order to work are easy to see, identifying which apps and services are active. This may not seem like a big deal, but in only 60 seconds, it's easy to learn a lot about the type of device we're monitoring and what exactly is running on it. The content of HTTPS websites won't be able to be seen, but any plain HTTP websites you visit or any insecure HTTP requests apps on your phone makes are in plain view.

Don't Miss: Detect Script-Kiddie Wi-Fi Jamming with Wireshark.

If an attacker has the PSK to the Wi-Fi network and either observes you join the network or kicks you off for a moment, they can decrypt your Wi-Fi traffic to see what you're doing. The second is the actual handshake itself, which has to happen to establish a connection. The first is the password that's used to generate a much longer number, a PSK or pre-shared key. When you use a Wi-Fi network that uses WPA2 encryption, the security of your session is based on two things.