Has anyone looked into this?  I plan on checking it out later this week but thought this group might be interested in the information.

http://www.dontsteal.net/dontsteal/index.htm

According to their little video it will also allow your to see all of their activity including viewing inside of their hotmail (webmail) accounts. 

http://dontsteal.net/dontsteal/video/all.html

Here is a link to a thread on Airsnare... cool stuff

http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,1124.0/

I use AVG and I have never see any kind of virus or trojan in Airsnare. I am not sure why your anti-virus responded that way but it could be because Airsnare dose sniff and detect spoofing so some of the code could be simpler to password catching programs. I would say keep an eye on it and uninstall if you do not feel safe with it. I have ran if for while and never had issue with it.

Brian

Actually your wireless router does not do this.  Your wireless router can provide you the MAC id of someone connecting to your network, which would not enable you to determine the identity of the person accessing your wireless network.

The program that this fellow listed - dontstealmywifi (and thanks for listing it) provides you with the identity of the person who is tapping into your wireless connection.  it also allows you to send and receive new email from their webmail account.  I tried it today and it works for yahoo classic mail, yahoo beta mail, hotmail classic and hotmail lite live mail.  It is supposed to work for other webmail accounts as well, although I have not tried it.

This is, in fact interesting, because you are actually able to log to the account, which means that it has somehow circumvented SSL, but what is even more interesting is the other program on the same website called dontstealmysecrets.  With it you can do the same thing WITH ONLY THE WIRELESS TRAFFIC.  You do not have to be monkey-in-the-middle to do so.  It also works for wired traffic, and I tried this also (you have to perform the playback from the same network).

You said that you know of other programs that can do this (enable you to send and receive email from an account where the login occurs wirelessly, with only capturing the traffic).  Could you name them please?

You're right, this program does do more than the average WAP as far as traffic analysis goes, but as far as actively protecting you, I don't think it does much more (I havn't used it as you have though, so please correct me if this is wrong).


Ethereal, tcpdump, or any other packet sniffer.


I seriously doubt that...it has probably captured the session cookie and is using that to impersonate the user. Most Web mail does not use SSL after the initial log in, so no SSL circumvention is necessary.

Still an interesting app though.

Cain & Able might "come to mind" but it wouldn't work here - the authentication for these webmail providers is transmitted using SSL and Cain cannot sniff SSL traffic. 


Many routers cannot be upgraded from WEP.  Also, a substantial percentage of WPA sites can be cracked with a rainbow table.  The dontstealmywifi appears to be designed for use WITH an encrypted connection.  It appears to be for companies or individuals that are worried that someone is hacking their ENCRYPTED wireless network.

As you said, you should not use it on an unsecured wireless network.

d1spat3r - thanks for bringing this program to my attention.

The program doesn't like my wireless card so it refuses to run, but based on the information/error messages I recieved during setup, here's how I think it works:

It mentioned setting up a new wireless router using the PC's wireless and ethernet connections. I assume that what it is doing is setting up a second WAP via the wireless card and bridging the connection to the ethernet connection. If this is the case, then it doesn't actually protect/monitor your current wireless network, so anyone who connects to the original WAP rather than this new one would remain unaffected. If it is setting up a new WAP, then I suspect it using MITM techniques to glean the logon information from various sites.

I know that dontstealmysecrets was mentioned earlier in this thread too (it didn't want to run for me either unfortunately), and that t0lomp said specifically that it doesn't use MITM techniques and can still provide access to email accounts accessed via SSL. It would be interesting to see if dontstealmysecrets is sniffing the cookies and using those, or if it still provides account access after the session has expired like dontstealmywifi does.

t0lomp, now that you've got me interested in how this thing works any input on the above would be appreciated. I'm going to have to see if I can get either of these programs running on my computer when I get home tonight.