Viewing Unencrypted Wifi Traffic in 5 Minutes or Less

Everyone knows that unencrypted wireless traffic can be viewed by anyone, and your data can easily be compromised. But how often have you disregarded unsecured wifi, and used it anyway? You know, when you’re at that local Starbucks or other coffee shop, or when you’re staying in that cheap motel, or even nicer Hotel.

I’m sure you’ve told yourself “Well yes, I’m sure it is easy to view unecrypted traffic, but it probably takes a little work!”. You’ve reassured yourself, and talked yourself into using an unecrypted connection under the guise that surely no one will go through the work of listening, regardless of how “easy” it is.

This tutorial will show you, in detail, how to view unencrypted Wifi (Wireless) 802.11 G (Or a & b) traffic using a simple linux-based security suite titled BackTrack 3. You don’t even need linux! A free, downloadable CD ISO image will do all the work for you! The steps outlined here have been tested for clarity in a controlled, legal home networking environment, and work great.

Viewing Unencrypted Wifi in 5 minutes or less:

Alright, you got me. You really can view unencrypted traffic in 5 minutes or less, but you’ll need to do some prep first.

What you need:

  1. A Computer (laptop) with a CD-ROM Drive and a wireless adapter (Preferrably not USB)
  2. The ability to burn ISO images to CD or DVDThe ability to burn ISO images to CD or DVD
  3. A copy of BackTrack 3 Security Suite from Remote-exploit.org

Brief Background:

BackTrack 3 is a legal and mostly open-source security suite designed by security experts in the computer and software Industry. It’s creation is intended as both an educational tool, and as a toolbox for network adminstrators who wish to secure a private or corporate network, or used in testing a ‘secured’ network. When searching for it, you’ll often see it titled as BackTrack3 or Backtrack 3. 3 is the version number, and will change with time.

Unecrypted wireless technology is so dangerous because packets are broadcast in a digital, 010101 format in the open air without any form of encryption. Any device capable of sniffing radio traffic can read your datagrams, and view your traffic including IM’s, passwords, URL’s, and other HTTP GET and POST Content.

Step 1 – Get BT3 and Burn the Image:

Download Backtrack 3 from Remote-exploit.org. You’ll need to download the bt3-final.iso image. You can also use the USB version, bt3final_usb.iso which includes some extra tools, but we won’t be using them here.

Burn the ISO images to a CD or DVD. You won’t need to make any changes. I won’t go into specifics of how to burn an ISO here. If you don’t have the vaguest idea how to do this, then it’s highly likely that “cracking WEP” is definitely not for you. However for those of you know think you can figure it out on your own, I have used CDBurnerXP. It’s open-source and simple to use, so that’s good.

Alternatively, you can image a thumbdrive with the ISO. That’ll be MUCH faster than the optical drive at any rate.

 Step 2 – Boot BackTrack 3:

Throw the Backtrack 3 disc into your laptop or desktop (I haven’t tested this on a desktop, but I’m sure the steps are the same), set your BIOS to boot from your optical drive, and BOOT! You’ll get a prompt asking how to boot into Backtrack 3. You should boot using the KDE method. If you have weird display issues, you can try the VESA boot method. At any rate, one of these should work. Once you’ve become an elite hackmaster, and have memorized this process, you can use the command console.

Step 3 – Find your Adapter Name:

Open a linux command console (The little black Monitor Icon next to the KDE Icon{Where the startmenu would be}) and type:

iwconfig

This will tell you what wireless adapter to use, usually eth0 or ath1. Something like that.

Step 4 – Open up Wireshark and View data!:

Yep. You’re already done. In fact, if you already knew your Adapter name, and already had this disc burned, you’d be capturing unecrypted wireless traffic in less than 5 minutes.

Navigate to the KDE Icon (again, where the start menu would be). KDE > BackTrack > Privelege Escalation > Sniffers > WireShark

Navigate to Capture > Interfaces…

Select the Start button next to your adapter.

Wireshark will immediately begin capturing data packets through your wireless radio, from any network within range. Both encrypted and unencrypted packets will be capture. For this reason I recommend you filter your results in Wireshark by TCP or UDP traffic.

You can view clear text instant messages (MSN Messenger sends in clear text), emails in POP or SMTP that isn’t encrypted, and most all web traffic that isn’t being used via an SSL socket.

It’s really that easy. There is NOTHING to it! In fact, I bet a lot of those hotels have a creepy IT guy that set up his laptop in the basement to record ALL the traffic pushed through the hotel network, just to get his jollies.

Think of this the next time you think no one is watching. It’s far too easy to view unencrypted traffic, and well worth the time for people with less than honorable intentions. Don’t fall for the trap. If it’s not secured, it’s not for you.

Next step? Cracking WEP.