0

I have some questions about rogue access points.

  1. How attackers can get victim's creds over secured HTTPS websites?

  2. Can attackers do this kind of attack only by using basic tools + sharing the AP from computer without the need of devices (like wifi pineapple)?

  3. If we connect to a rogue AP using VPN, can the attacker seriously intercept the data logins on web?

  4. Can we replace the pineapple with a simple tplink TL-WA701ND or Alfa or even the default computer's wifi card?

nobody
  • 11,251
  • 1
  • 41
  • 60
9ys
  • 36
  • 4
  • 1
    1) SSL-strip attacks are still effective in many cases, because many sites still don't implement HSTS - and in that case, there are no explicit browser warnings that the victim has to click through. – mti2935 Aug 01 '21 at 12:28
  • Nothing you've listed is specific to a rogue AP. All your points are relevant to any wifi. – schroeder Aug 01 '21 at 16:45
  • @nobody i heared something about installing certificats on the victim's machine to intercept the plaintext data as "mti2935" said. – 9ys Aug 01 '21 at 19:36
  • @schroeder can you explain please? – 9ys Aug 01 '21 at 19:38
  • @9ys Installing certificates on the victim machine equates to a compromise of the victim machine itself, and can't be achieved simply by a rogue AP. But yes, mti2935 is right, SSLstrip attacks are still possible in many cases. – nobody Aug 01 '21 at 19:40
  • @nobody yes i totally agree with you, but hmmm i've another question about it : can attackers in this case use some social engineering tips without compromising the victim's machine? for example : redirecting all websites for victims to a specified webpage (hosted on the attackers machine) then showing the ways to access to internet can only be by installing certificats (of attacker) , something like tricking victims. – 9ys Aug 01 '21 at 19:52
  • A "rogue AP" is simply an unauthorised AP or (in some definitions) one where the SSID copies another. There is no special magic in how they function. Each one of your questions apply to *any* wifi AP, even authorised APs or your normal public AP, like in coffee shops. – schroeder Aug 02 '21 at 07:14

1 Answers1

0

If we connect to a rogue AP using VPN, can the attacker seriously intercept the data logins on web?

That's not how it works. The AP provides Internet access, and your VPN client use that Internet access to connect to the VPN server. The AP could still try a man in the middle attack but if your VPN setup involves certificates and the identity of the remote VPN server is verified properly the AP cannot really interfere. The AP can see that it is relaying VPN traffic but doesn't know the data inside the tunnel.

Of course the rogue AP could provide a flawed DNS service but it's up to you to use it. You should normally used the DNS service bundled with the VPN.

The Pineapple is nothing special. It's just packaging and preconfiguration. Any wifi card that has AP capabilities can potentially be used as a rogue AP.

Kate
  • 6,967
  • 20
  • 23
  • oh thanks for all your answers, well another point about any wifi card that has AP capabilities can be used : "only the ones who has the monitoring mode right ?" – 9ys Aug 01 '21 at 19:43
  • Monitor mode is not a requirement. If you have it you can sniff the traffic in the neighborhood but this is something else. This is not the same as running a rogue AP. – Kate Aug 01 '21 at 19:51
  • So running a rogue AP isn't only for sniffing the traffic? – 9ys Aug 01 '21 at 19:57