security - Can a hacker sniff HTTP packets transmitted via WIFI? -


my work has login system doesn't use https. login details transmitted in plain text using http post.

i isolated post request sends login details using wireshark, , found username , password in packets, in plain text.

could attacker listen http post request wirelessly being close client's router or laptop somehow?

is possible sniff ambient wifi transmissions being in close range (if so, how)?

level 1

network utilities, wireshark can monitor tcp/ip network data when connected network. wifis without passwords can attacked closer wifi router using same ssid or wifi name. becoming part of network , monitor tcp/ip network data.

if wifi has password know password can part of network , monitor tcp/ip data using method.

level 2

some usb wifi adapter supports monitor , promiscuous modes (alfa awus036h) or similar , on kali linux can use other versions of linux can monitor data sent on wifi radio signals without being logged in.

tcpdump, pyrit wifi tools allow people capture , anaylze wifi radio traffic pick ssid signals, google may have used these vehicles created google maps street view.

since data sent on wifi may include http posted data these can read using these modes.

if wifi signal encrypted if posted data http not https server data still encrypted.

level 3

the government among others have software can monitor encrypted wifi signal wait arp request has specific length in bytes can identified arp request. using brute force go through millions of potential encryption keys until 1 key appears resolve captured arp request valid arp request. takes rather powerful computer running linux wifi antenna on roof sitting next home several hours. of encryption keys 128 bits, 3 38 zeros. need supercomputer.

once crack wifi encryption thing standing in way https encryption, have 4,294,967,296 possibilities don't provide easy method computer determine if key has correct since not know suppose looking at. none less still crackable brute force take long time.

if strange van generator , antenna outside home, send random data through wifi. ay9wwahwh8948yr9sfsahfkh never find encryption key since ay9wwahwh8948yr9sfsahfkh looks garbage when gets ay9wwahwh8948yr9sfsahfkh think encryption key wrong.

level 4

government, go isp , request sites visit ask sites information.


Comments

Post a Comment

Popular posts from this blog

angular - Ionic slides - dynamically add slides before and after -

hi i'm using ngfor create set of 3 slides while starting in middle i'm guaranteed able slide left or right on start. when slide right can simple listen reachedend , push slide array i'm looping. but have problem adding slide beginning. if same above , use e.g. array.unshift() or spread add item beginning, view think it's on position 0 , snaps view new slide. the code below work animates slide change index 1. slide = [0,1,2] //example loop slidechanged(event) { if(this.slides.isbeginning()){ this.slide = [this.slide[0]-1, ...this.slide]; this.slides.update(); this.slides.slideto(1) } } <ion-slides [initialslide]="1" (ionslidedidchange)="slidechanged($event)"> <ion-slide *ngfor="let item of slide"> <h1>slide {{item}}</h1> </ion-slide> </ion-slides> any appreciated! you can using ionslidenextend , ionslideprevend events slides . please
Read more

minify - Minimizing css files -

i want know how css files can minimized. currently, using external sites css minifier compress css files. however, after removing whitespaces, comments, etc, file sizes reduced 10-15%. how frameworks bootstrap manage make minimized versions kilobytes. as example, css is: body { background-color: #ff0; } the reduction goes 28 bytes 22 bytes other css files have lot more characters still smaller this. actually minifying code means it's remove thing code white space characters new line characters comments block delimiters it reduces amount of code has transferred on web , speed site load fastly.but unreadable format.
Read more

Add a dynamic header in angular 2 http provider -

i have http interceptor built via tutorial https://scotch.io/@kashyapmukkamala/using-http-interceptor-with-angular2 the problem need have dynamic header changes automatically once changes 'mode' in app. service able tell interceptor change header, or have interceptor pull header (which string)from service each request. able throwing away patch method, call http.patch('new header string') set header string. call in service controls 'mode' setting. wondering if there way interceptor pull recent value service each request or if can add method http provider via interceptor? i've tried call service in interceptor each request returns undefined. because creating new instance of service or copying value before service fired , loaded/changed data. i don't want pass header string every http provider call because defeats purpose of having interceptor, id able set once changes or have provider fetch service before makes request. tl;dr : need add autom
Read more