Identity Theft Tool: dsniff
Blinklist
Blogmemes
del.icio.us
digg
Furl
Mister Wong
Netscape
Netvouz
Newsvine
PlugIM
propeller
reddit
Slashdot
Socializer
Spurl
Squidoo
StumbleUpon
Technorati
Wink
Yahoo My WebIdentity Theft hackers love the dsniff tool. It automatically extracts login details, like names and passwords, for all the accounts being accessed on a wireless network. This article shows how hackers use it to get your information, what type of information they get, and what they can do with it.
Before you read any further, note that Wireless Personal Secure (Wifi Security Guy’s wireless security service) completely protects you and if you were using it the following would not happen to you. Click here to get this amazing protection or to learn more about it.
Dsniff can be ran in two different modes, “live” mode where it extracts names and passwords from an active wireless network, or “delayed” mode where it extracts names and passwords from a file that has all the network activity saved in it. This allows a hacker to use a tool like kismet to “passively” capture all the network activity and later extract all the login names and passwords when they go back home. It also lets a hacker record the activity of a “secured” network and crack the security at home, then extract all the login names and passwords that passed over the “secured” network. We will show how it’s used in “delayed” mode, it’s the easiest and most convenient use for a hacker.
When kismet runs, it records everything sent or received over a wireless network in a “dump” file. In our example we have a file named ‘Kismet-Apr-15-2008-2.dump’. This particular file was collected from a local sandwich shop during lunch. Let’s see what dsniff can pull out of this file:
Please notice we’ve smudged out all the login information. All in all there were 24 login names and passwords obtained in the course of that lunchtime. A hacker’s feast! In this little screen shot you can see a lot of pop logins captured. Pop (aka POP3) stands for “Post Office Protocol”, this is people logging in to read their email. You can read how once a hacker has access to your email (as now anyone who would have used kismet and dsniff as I did) he can now commit Identity Theft against you at our article: Wireless Network Identity Theft Example (technical).
As you can see the three most important pieces of information are displayed: (1) the server connected to, (2) the username on the email account, and (3) the password on that account. With those three pieces of information a hacker can now monitor all of these accounts and commit Identity Theft against them within just a few weeks.
There wasn’t enough screen space to show everything captured, so I’ve done another small screen shot so you can see other examples of the information captured:
The first entry (starting with “GET /sas/LoginSubmit”) is a web browser that is opening a “secured” page. Notice dsniff pulls out the Account ID, Username, and Password (look on that same line and you’ll see the entries, I’ve smudged out the user name and password to protect the user).
The second entry is a vulnerable snmp server. It’s a little complicated (and beyond the scope of this article), but with an unsecured snmp server around a hacker can break into the system and use it to exploit more users and gain more information.
So as you can see dsniff is a powerful tool that extracts login information on a wireless network (or file with all the network activity saved in it). The login information contains all the names, passwords, and which servers those names and passwords work on. The hacker then uses this information to commit Identity Theft. How a hacker can use this information to commit Identity Theft is covered in this article: Wireless Network Identity Theft Example (technical).
Tags: dsniff, Identity Theft, wireless hackers