Client Attacks: Captive Portal

Summary

Excerpt From Wi-fi vulnerabilities part 2 Webinar
Discover More About Client Attacks: Captive Portal With CTO Dr. Brett Walkenhorst.
Dr. Brett Walkenhorst, CTO, describes in the video below a cybersecurity attack, known as the captive portal. When an attacker discovers that a client is using an evil twin network, they show them a counterfeit login page that looks real. The attacker will then verify the password’s validity by using a 4-way handshake that was recorded. Using familiarity and trust, this tactic deceives customers into giving away their important information.

Video Transcript

The captive portal is a phishing style attack where I'm targeting a captive client that I've captured with an evil twin, and I'm going to try to trick that client into giving up credentials. So it kind of belongs under the evil twin category. It kind of belongs under the credential cracking category.

Although it's not technically a crack, it's really a phishing attack. I'm just trying to get you to give me your credentials. So the way this works is I capture you as a client, and I present you with a splash page. And it's not gonna look like what's in the upper right, but that's a nice little example of how it could look.

You've got some network. This is the SSID, and you're asking for the password. But you can make that a lot more convincing. You can you can talk about how you're undergoing maintenance and you want them to reenter their password for security, and and you can add logos for for the company that you're trying to spoof and whatever whatever else you want.

You can make that pretty convincing. So you're not gonna get access to the network until you enter your credentials on this splash page. So if you're a smart client, hopefully, people have had phishing training and they're like, that smells a little fishy. Let me try something a little weird.

Let me just let me just enter the wrong password. And and if it gives me access, then I know it's it's, you know, it's phishing attempt. So they enter a wrong password. But luckily, I'm a smart attacker, and in addition to capturing you and giving you this splash page, I had also previously captured a four way handshake on that network.

So all I have to do is take the password that you gave me, run it through the math that I talked about with the four way handshake. At the end of the day, I get a. And if it doesn't match the mic in the four way handshake I captured, I know you gave me a bogus password.

So what do I do? I say, thanks. Try again. Wrong password. And so now now maybe you're convinced. Oh, hey. They've got the right password. They knew this was wrong. You enter your right password. I say, that's it because I checked the mic. You're good to go, but now I've got your credentials.

So this is actually pretty straightforward to do. It's surprisingly easy to execute an attack like this. So so be aware. Don't enter your credentials on the splash page.