Re: Pen-Testing Users/Wireless APs?

["Jezebel Ali" <jezebel_ali () hush com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greeting brother Steven,

I are been think of this same strategy, however from point of
honeypot.  I are plan to setup AP and wait for War driver/walker to
attempt connect and observe browsing habit and perhaps collect
interesting data.

I did not complete task, but my approach was use Linux to setup AP
using Wireless card.  You may have to tweak linux kernel to setup
AP on PC.  After, I plan to view standard unix log for any
activity.  Perhaps you try this way.

I try project and post to list when can.

Kind regards,
Jez

On Sat, 24 Jun 2006 00:57:20 +0400 steven () lovebug org wrote:
> Greetings,
>
> I am wondering if anyone has done what I am looking to do or knows
> of a
> recommended way to go about doing it.  This may be used for a pen-
> test in
> the future (would be allowed by ROE) or just for my own personal
> use not
> affecting others.  I want to setup an access point that clones the
> SSID of
> the valid network that uses WPA.  When a users tries to connect to
> my AP
> and they enter in their information to authentication -- I want it
> to just
> be sent to me so I can read what they wrote.  Basically then
> allowing me
> to enter this information into my own machine to connect onto the
> network
> with their credentials.  Is there a tool that does this already?
> Perhaps
> one of the WRT firmwares that have a logging option or maybe just
> some
> other tool altogether?
>
> Has anyone tried doing this before?  If so how did you go about
> doing it?
>
> Thanks.
>
> Steven
>
>
> -------------------------------------------------------------------
> -----------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security?
> Why not go with the #1 solution - Cenzic, the only one to win the
> Analyst's
> Choice Award from eWeek. As attacks through web applications
> continue to rise,
> you need to proactively protect your applications from hackers.
> Cenzic has the
> most comprehensive solutions to meet your application security
> penetration
> testing and vulnerability management needs. You have an option to
> go with a
> managed service (Cenzic ClickToSecure) or an enterprise software
> (Cenzic Hailstorm). Download FREE whitepaper on how a managed
> service can
> help you: http://www.cenzic.com/news_events/wpappsec.php
> And, now for a limited time we can do a FREE audit for you to
> confirm your
> results from other product. Contact us at request () cenzic com for
> details.
> -------------------------------------------------------------------
> -----------
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5

wpwEAQECAAYFAkSdavkACgkQC68hZJzwc9jAXgP+JDaRBC2DRZ7mCwU9byN8wdCkqPmQ
Ur1YTXJsLlYjw36DhpQ/H9CdXolZwvsmkElJatxTo6Yty8xIZfXuVBpsj5LWldT1lHx0
EdUG+ETw/wkb5gMA5bwIFotdwtEJoRvugCAczSj1nYltX+NSz/7W7eKfJi7GrgoJ+cHQ
JLSSNAM=
=4TXa
-----END PGP SIGNATURE-----




Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485


------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------