You think that's bad?
I decided to have a play about with Kali the other day to retest my home wifi network (I do it occasionally just for fun)
All the usual suspects that I shall not name failed however there was one that I had to install separately which took a bit of knowledge about packages and bash though nothing too taxing as there were step by step instructions (they didn't work btw but as I know Linux I could adjust to get it going)
So basically it forces the capture of a handshake (trivial and didn't take too long) then it kills my router and duplicates it without any encryption and uses nginx to serve up a page for login to the internet by entering my router wifi password which my phone was happy to show as "you need to log into to access the internet". The next thing is that it's checking the password against the handshake till I enter the correct one and once I do hey presto there's my password for me to see.
Now of course I wouldn't switch to a non-secure version of my own network but I'm sure there are many that would and with a bit of alteration you could quite easily change the login request to be facebook/apple/hotmail/gmail or whatever you wanted. Take it out and about with open free wifi and then you have an even bigger problem.
I understand the need for network testing tools but what I don't see is the need to make it easy. It's wrong and shouldn't be done. In my case it's freely available information which I suppose is different to trying to make money out of it but it's still there for all to see regardless.
Biting the hand that feeds IT
