نوشته اصلی توسط
Alux
شما اینو به من بگو، منی که بعنوان یوزر تو browser خودم میزنم یاهو
و صفحه User/pass برای من میاد ، فرضا یوزر پس رو دادم
این یوزر پس که سمت سرور فرستاده میشه بصورت Clear/Text هست دیگه
و با یه اسنیف ساده میشه اونو دزدید
تنها زماني به صورت clear فرستاده مي شه كه از HTTP PAP استفاده بشه.در غير اينصورت كد شده فرستاده ميشه.
يا اصلا فرستاده نميشه.mac-cookie
Authentication
There are currently 5 different authentication methods. You can use one or more of them simultaneously:
HTTP PAP - simplest method, which shows the HotSpot login page and expect to get the authentication info (i.e. username and password) in plain text. Note that passwords are not being encrypted when transferred over the network. An another use of this method is the possibility of hard-coded authentication information in the servlet's login page simply creating the appropriate link.
HTTP CHAP - standard method, which includes CHAP challenge in the login page. The CHAP MD5 hash challenge is to be used together with the user's password for computing the string which will be sent to the HotSpot gateway. The hash result (as a password) together with username is sent over network to HotSpot service (so, password is never sent in plain text over IP network). On the client side, MD5 algorithm is implemented in JavaScript applet, so if a browser does not support JavaScript (like, for example, Internet Explorer 2.0 or some PDA browsers), it will not be able to authenticate users. It is possible to allow unencrypted passwords to be accepted by turning on HTTP PAP authentication method, but it is not recommended (because of security considerations) to use that feature.
HTTPS - the same as HTTP PAP, but using SSL protocol for encrypting transmissions. HotSpot user just send his/her password without additional hashing (note that there is no need to worry about plain-text password exposure over the network, as the transmission itself is encrypted). In either case, HTTP POST method (if not possible, then - HTTP GET method) is used to send data to the HotSpot gateway.
HTTP cookie - after each successful login, a cookie is sent to web browser and the same cookie is added to active HTTP cookie list. Next time the same user will try to log in, web browser will send http cookie. This cookie will be compared with the one stored on the HotSpot gateway and only if source MAC address and randomly generated ID match the ones stored on the gateway, user will be automatically logged in using the login information (username and password pair) was used when the cookie was first generated. Otherwise, the user will be prompted to log in, and in the case authentication is successful, old cookie will be removed from the local HotSpot active cookie list and the new one with different random ID and expiration time will be added to the list and sent to the web browser. It is also possible to erase cookie on user manual logoff (not in the default server pages). This method may only be used together with HTTP PAP, HTTP CHAP or HTTPS methods as there would be nothing to generate cookies in the first place otherwise.
MAC address - try to authenticate clients as soon as they appear in the hosts list (i.e., as soon as they have sent any packet to the HotSpot server), using client's MAC address as username
دوم اينكه Sniff كردن تو شبكه هاي hotspot قبل از اتصال به شبكه اصلا معني نداره چون تا زماني كه يوزر پسورد نداده نباشيد به هيچ جا ارتباط نداريد.
بعد از اتصال هم بنا بر تنظيمات شبكه مي توان جلوي هر گونه Sniff كردن را گرفت.(با استفاده از سوييچ يا Isolationلايه 2 در AP)
البته تمام اين ها زماني است كه از هات اسپات ميكروتيك استفاده كنيد.