Bypassing Wi Fi HotSpot Access Control By Session Stealing [Hacking]
Disclaimer: For Educational purpose only, We DO NOT take responsibility of any harm caused by this method to any one or any organization.
We are using PC with Backtrack OS, You can also do it without installing backtrack but I am not going to explain around here how you can. Because if you want to really dig in to some real hacking grab Backtrack for free here & Install on your PC.
If you around a paid wi fi network & you need to connect to internet you need to pay per hour for any network. To use it for free hackers use the method call session stealing to bypass the Wi Fi Hotspot’s Access Control. In plain words we have to create a fake MAC address for our network card. And the fake one should resemble to some paid user already on network. (Don’t worry you’ll understand stuff in process)
You can read our Tutorial – What is Session Hijacking For more information.
Goal: Changing your MAC Address to Someone’s Who has already purchased for using the network.
Step 1: Verify Wi Fi Network is Around
Start Wireless Assistant in Backtrack & confirm you have some wireless network around. Then you can click “Connect” to that network. It won’t let you connect because you are not the paid user. It will open up browser and will ask you to pay for usage.
Step 2: Connectin up With Wi Fi Network (rausb0)
There are multiple ways you can do this & very simple would be to use Ping Scan from backtrack. I am demonstrating here by using AiroDump which will be an add on method for you to learn.
Open up your Shell or Konsole form Backtrack & now we have to put network in Monitor mode.
Type in ifconfig -a (Hit Enter)
You ll see list of network interfaces. I see “rausb0” in my list which I want to connect so type in following and hit enter again.
ifconfig rausb0 up
Now your network is up & we have to put network in monitor mode so type in following.
iwconfig rausb0 mode monitor (Hit Enter)
iwconfig (Enter again)
So now we are up in monitor mode. We have to start Airodump Next.
Step 3: Start Airodump
In the same shell type in
Then, type next
airodump –ng rausb0 (And guess what – Enter again)
Now we will see the SSID of the whole network. We have to find the user’s MAC address that is already on a network.
Step 4: Capturing MAC Address For Spoofing (of Connected User)
You ll see a list of SSID’s around there. But at the end of all lines you have to find out the name of Wi Fi access point. E.g – You’ll Find attwifi if you are on the AT&T wifi network. As shown in following image.
You have to copy the MAC address corresponding to that wifi network. And use it in following command.
airodump –ng –bssid xx:xx:xx:xx:xx:xx rausb0 (Replace copied MAC Address at XX & Hit Enter)
It will now open up the rausb0 interface & will take some time to find out network traffic. Then you’ll see some stations with its packet data flow information. For security pick up the station that have more data packets flowing. (Like more than 30-40)
Copy the MAC ADDRESS of this station.
Now you have finalized the address to replace as our MAC address, you have to put back the network to Manage mode from monitor Mode.
If you have USB dongle plugged in simply unplug it, change MAC adrdress and plug it back again. If you are not USB dongle type in following and it enter again.
Ifconfig rausb0 down
Step 5 : Changing MAC Address
In your shell type in mac and hit enter to change MAC Address.
macchange –m xx:xx:xx:xx:xx:xx rausb0 (replace xx with copied MAC address & Enter)
Now you’ll see current MAC address & Fake MAC address .
Now you have to plug back in your USB you took out few minutes ago. Or if you have used command to put your interface down use following command to put it back up.
Ifconfig rausb0 up
Now your MAC address successfully changed you can check by typing ifconfig in console.
Step 6: Connecting to Hacked Wi Fi Network
Now you are done at Bypassing Wi Fi HotSpot’s Access Control Using Session Stealing & you can connect to hotspot as follows.
- Open Wireless Assistant.
- Select Network
- Hit Connect
And you’re done !!!
You can thank me, give suggestions, ask any question in comments section below.