foulab.org / ARTICLE

Malicious access point workshop

By ML, on 2018-04-20 10:00:00 -0400 EDT





Saturday April 28th 2018 @ 12:00

Goals:
Learn how to setup a wifi access point to eavesdrop on traffic and launch man in the middle attacks on wifi devices.

Secondary goal is to learn how to intercept communications between mobile applications and their manufacturers and third parties.

References:
http://www.cbc.ca/news/technology/citizen-lab-sandvine-report-turkey-egypt-spyware-ads-1.4568717
https://privacylab.yale.edu/press/android-trackers

Subjects covered

  • Creation of a malicious access point with hostapd
  • Firewall configuration with iptables
  • Wireshark basics
  • Man in the middle with owasp zap, mitmf and similar tools
  • Loading system certificates in android (root access required)

And, as a bonus, a test run of my talk about blackbear ssh (fork of openssh to get reverse ssh shells) that I am scheduled to give at nsec.