Bypass authorization via social networks when connecting to public Wi-Fi
It all started when I came across an article . In short, the video shows how two users connect to the institution’s network and enter the browser, which opens a page with a suggestion to log in via “VKontakte”: you must enter a login / password, that's just the domain not vk.com, a typical phishing site. As a result, with this authorization, credentials are transferred to a third party, and the application is installed with unlimited rights, which has 24-hour access to your page.
If you google, you can find a large number of companies that are ready to make a connection to your Wi-Fi through registration with SMM.
For owners of cafes, restaurants, hotels, etc. they offer the collection and analysis of statistics on attendance of institutions, plus advertising through customer publications. For us, as clients, this results in an invasion of personal space, because they get full access to a page on the social network, including correspondence. Everything is done to track the client, this is confirmed by the picture from the presentation of one such company.
')
It became interesting to me how authorization through SMM is implemented, since there are lots of ways. On the sites of those who provide such services 1 , 2 , 3 , they offer to collect information about customers immediately after registration. I signed up for one of the owners of a cafe in Moscow. I was given a trial period and instructions for setting up my Wi-Fi router. Everything turned out to be very simple.
They use the banal substitution of IP addresses at the DNS level , when you try to access any page, they slip you a phishing page with authorization through a social network. The solution seems obvious: put the DNS you trust on your device. But it was decided to check, and pretending to be a fool, I wrote in those hold.
Replacing the DNS with a trusted one solves problems, but the support port suggests wrapping all traffic on port 53, then the NS request will still go to the bad DNS. I doubt that somewhere in the cafe they do it, because for this the usual router does not fit, but you need something like MikroTik.
If you google, you can find a large number of companies that are ready to make a connection to your Wi-Fi through registration with SMM.
For owners of cafes, restaurants, hotels, etc. they offer the collection and analysis of statistics on attendance of institutions, plus advertising through customer publications. For us, as clients, this results in an invasion of personal space, because they get full access to a page on the social network, including correspondence. Everything is done to track the client, this is confirmed by the picture from the presentation of one such company.
')
It became interesting to me how authorization through SMM is implemented, since there are lots of ways. On the sites of those who provide such services 1 , 2 , 3 , they offer to collect information about customers immediately after registration. I signed up for one of the owners of a cafe in Moscow. I was given a trial period and instructions for setting up my Wi-Fi router. Everything turned out to be very simple.
They use the banal substitution of IP addresses at the DNS level , when you try to access any page, they slip you a phishing page with authorization through a social network. The solution seems obvious: put the DNS you trust on your device. But it was decided to check, and pretending to be a fool, I wrote in those hold.
Replacing the DNS with a trusted one solves problems, but the support port suggests wrapping all traffic on port 53, then the NS request will still go to the bad DNS. I doubt that somewhere in the cafe they do it, because for this the usual router does not fit, but you need something like MikroTik.
On a note
- You came to a cafe, bar, etc., connected to Wi-Fi. Go to the browser, and you transfer to the authorization page through social networks.
- Log out of the browser and check if the Skype, Vk, viber, etc. applications work? If yes, then all that is needed to bypass authorization is to replace DNS with trusted google public-dns 8.8.8.8 and 8.8.4.4.
- How to do it: Android , iPhone , Windows
- If you have already fished, in one of the cafes. Go to the Applications on your page, delete all suspicious, change the password.
All beaver.
Source: https://habr.com/ru/post/265227/
All Articles