1. Find out the MAC address of the WiFi router through which you access the Internet. (Via the web interface, give the arp – request "arp -a", look at the back of the device.)
2. Go to
samy.pl/mapxss
')
3. We drive in the MAC-address text box and click “Search MAC”.
How it works?
Related information: Samy Kamkar's Black Hat 2010 / Defcon 18 presentation:
The method works like this:
1. You visit a malicious web site (why are people so mean?)
You are visiting a malicious website.
2. The XSS has been hidden from your router (I’ve discovered in the Verizon FiOS router)
On this site, XSS works against your router (although I'm sure this is CSRF / XSRF)
3. The XSS obtains the MAC address of the router via AJAX.
We pull mac using AJAX.
4. The MAC address is sent to the malicious person. In the test case below, it's sent to me (not that I'm malicious!)
We send the mac to the attacker.
5. I then take the MAC Location Services. This is an HTTP-based service where the router MAC addresses are. There is NO need to be prompted. I determined this protocol by using Firefox's Location-Aware Browsing.
We punch this mac through Google Location Services.
6. I have a pretty map below.
We display on the map.