We spy on everyone with Yandex.Metro
Since Yandex, apparently, is not going to close its spyware "bug" , then let's actively use it.
The ability to determine the physical location of the user can sometimes be very useful if you are an employee of the Ministry of Truth, a collector, or just a criminal element.
To do this, using a known XSS or CSRF vulnerability in the firmware of the home router ( one , two , three , etc.) to determine the MAC address of the user's router (which will be the BSSID of the Wi-Fi network). If you have direct access to the user's PC, it is enough to view the ARP cache on the PC using the “arp -a” command. Usually the first line in the cache is the MAC address of the default gateway, which will be the desired BSSID.
')
The resulting BSSID can be inserted into the request that Yandex.Metro sends:
curl
curl -i -s -k -X 'POST' \
-H 'User-Agent: Dalvik / 2.1.0 (Linux; U; Android 5.0.1; Nexus 5 Build / LRX22C)' -H 'Content-Type: application / x-www-form-urlencoded' \
'http://mobile.maps.yandex.net/cellid_location/?
-H 'User-Agent: Dalvik / 2.1.0 (Linux; U; Android 5.0.1; Nexus 5 Build / LRX22C)' -H 'Content-Type: application / x-www-form-urlencoded' \
'http://mobile.maps.yandex.net/cellid_location/?
After that we get the following answer:
The response packet contains the coordinates of the requested wi-fi access point, carefully collected and saved by Yandex. You can drive them into Google Maps and find the house you need. The coordinates are not always accurate, but as a starting point for searches will fit.
Another interesting feature: the example shows the MAC address of the Krasnodar router (~ 1500 km to the metro). I hope this is a sign that we will soon have an underground!
Source: https://habr.com/ru/post/250267/
All Articles