Hacking public wifi spots (on OSX) for fun and profit!
This is going to be a short article as there isn’t much to teach :) There are much more complicated and in-depth ways to hack networks, but I’m going to show you one of the simplest — It takes about 30 seconds once you‘ve done it a few times.
I’m sitting at a coffee shop in Bangkok right now trying to get some work done (Yes, I’m being very productive by writing a Medium article instead!). Thailand often doesn’t have free wifi, but instead there are wifi spots setup around the country by cell phone companies like True and AIS. I have an AIS sim card right now, which entitles me to free wifi on their networks, but as I pull up the list of wifi spots I see this what you see on the left — No AIS wifi :(
No worries. There are a few unsecured networks, and as long as we can connect to one we’re usually good. So I connect to one and see this popup on my screen:
I obviously don’t have a password to whatever this is (a hotel?), but I am on their network. And other people are, presumably, on their network that have valid credentials. What we’re going to do now is trick the network into thinking we’re one of these other people.
Step 1: Be a Spy
- Open up a Terminal (if you don’t know what that is, click the “Spotlight Magnifying Glass” in the top right of your screen and type “Terminal”).
- Wait a couple of minutes (your computer needs to receive random wifi traffic from other computers, we’re just waiting for that)
- Now type “arp -ani en0” (note that that is a Zero at the end, Medium’s font doesn’t show it well) and you should get a result somewhat like this:
- Each of these lines represents another computer / device (cell phone, tablet, etc) that’s connected to the same network you are. What we care about is parts that I’ve obsfucated in my screenshot above, that say things like “at 00:11:22:33:44:55” — These #’s and colons are what are called “mac addresses”, they’re identifiers for devices on local networks and what most public wireless routers use to identify your internet traffic.
Step 2: Be a Ninja
- We now have a list of other devices on your same network, so what we do is simple — we impersonate one. Pick a line at random whose IP address (the part in Parenthesis at the beginning of the line, e.g. (192.168.2.241)) does not end in either .1 or .255. Copy the mac address (the 00:11:22:33:44:55 part after the IP) and type “sudo ifconfig en0 ether 00:11:22:33:44:55” (again “en0” actually contains a Zero). Now type your password and your mac address will be changed.
- Turn off your wifi, and turn it back on. You should reconnect to the same network and if everything worked you will now be online!
There are a few things to note while doing this.
- This won’t work with every device on the network (the device may not actually be logged in, it might just be randomly connected like you are). If it doesn’t work with the first one you try, try a different mac address, and reconnect again.
- This won’t work on every wifi network, but it will on many. Some networks do things like set browser cookies and you need an actual username and password.
- “en0” (Zero) is your “first network adapter”. For most people using a MacBook this will be your wifi adapter. I’m not positive what it will be on older MacBooks that have ethernet adapters. It may be “en1” if your ethernet is taking zero. If anyone feels this needs clarification leave a comment and I’ll amend the article :)
- You can probably do the same thing on a Windows machine, but I’m not certain how. Google “Windows sniff wifi traffic” and “Windows change mac address” for specific instructions, but the steps will be the same.
- You may be inadvertently costing some random person money. Take a look at the login page of whatever network you’re connecting to. If it’s a paid gateway, please don’t use this technique as you’re literally just stealing from some random person sitting next to you.