Ok. I am in no way a programmer but I do have a basic understanding of the web and HTML, etc. For those of you who have used Starbucks WiFi service, you know that it is not free. Sure one could crack the passwords, but I was wondering if anyone new of a method for acquiring the username and passwords of other persons trying to connect up at a given Starbucks.

Here is what I'm thinking of:

1. I show up with my notebook loaded with BackTrack 2. Setup a DHCP server, LAMPP server, and some kind of honeypot.

2. A customer comes up and attempts to log in to the WLAN. They would normally be faced with a login page for them to authenticate. Howver, instead of them typing their credentials into the real page, they would type it my fake page which looks identical.

3. The login information is then saved into my database which I can then call up and use to gain access to the hotspot for free.

Is there a way to do this. I have tried to think about it but I can't come up with a method I know would work.

How would I be able to force the Windows or Mac based systems to hit my web page first instead of the real page?:confused:

Has anyone ever done this before? Surely I can't be the only person up till now that has thought about trying something like this.

ummm...dude...pretty sure that would be breaking some computer law, aka ITS ILLEGAL. You'll be in the idiots corner soon enough. If you had actually phrased your post a little different, you wouldnt look so much like the imbisal that you are, and someone might have offered you some help. too late now. We do not condone or promote illegal activity here, maybe you could ask the Starbucks IT guys how to do that, I'm sure they would be quite interested in your ideas.:rolleyes:

Your right! Perhaps I didn't phrase my question in the right sense. I used Starbucks as an example. I understand that would be illegal. I not asking so I can break the law. I am asking to see if it can be done and if so how. That is part of what BT is about. Learning, right?

BackTrack is all about penetration. Which is itself is a very thin line between legal in illegal.

Learning to crack WEP and WPA could be used for illegal purposes or it could be used for testing of your WLAN.

The same can be said for Hotspotter, John the Ripper, Medusa, Bluesnarfer, etc. I could go on and on. most of the tools in BT could be used for illegal purposes. That doesn't mean the they have to be.

By the way thanks for the childish insults. Perhaps that is what happens within this community when people such as yourself assume that someone must have bad intentions.

I don't see any reason for you to just come out and start calling someone names and insulting them. You know nothing about me, yet you assume I'm some scriptkiddy. I'm not. I am a senior Enterprise Administrator who happens to run a network that supports over 11,000 users worldwide with over 700 servers, and nearly 12,000 systems.

believe me when I tell you I can afford to pay for Starbucks or any other wifi hotspot. I am just trying to learn if it can be done and how.

http://airsnarf.shmoo.com/

BT Tools (http://backtrack.offensive-security.com/index.php?title=Tools#Radio_Network_Analysis)

See you at Starbuck's
:D

Your right! Perhaps I didn't phrase my question in the right sense. I used Starbucks as an example. I understand that would be illegal. I not asking so I can break the law. I am asking to see if it can be done and if so how. That is part of what BT is about. Learning, right?

BackTrack is all about penetration. Which is itself is a very thin line between legal in illegal.

Learning to crack WEP and WPA could be used for illegal purposes or it could be used for testing of your WLAN.

The same can be said for Hotspotter, John the Ripper, Medusa, Bluesnarfer, etc. I could go on and on. most of the tools in BT could be used for illegal purposes. That doesn't mean the they have to be.

By the way thanks for the childish insults. Perhaps that is what happens within this community when people such as yourself assume that someone must have bad intentions.

I don't see any reason for you to just come out and start calling someone names and insulting them. You know nothing about me, yet you assume I'm some scriptkiddy. I'm not. I am a senior Enterprise Administrator who happens to run a network that supports over 11,000 users worldwide with over 700 servers, and nearly 123,000 systems.

believe me when I tell you I can afford to pay for Starbucks or any other wifi hotspot. I am just trying to learn if it can be dtne and how.

I agree that BT is about learning and that it can be, and often is, used for illegal purposes. If I didn't know any better, by looking at the apps on BT, I would assume was designed by hackers for hackers. I assume everybody on here has some bad intentions, hell it is evident by the number of views on the tut i did on cracking WEP. total views last time I checked was around 1600. way more than any other thread in that forum. shows me that more people want to get free internet than anything else on here. although i could be wrong. if i didnt say what i did someone else would have, ive seen it happen more than once. you shouldnt take it personally, supposedly if posts like that show up and people assist them without questioning their motives the forum could get shut down. which would be bad for everybody. I was lucky enough to learn from other peoples posts or I probably would have posted something like you did. You might wanna check the sniffing tut, seems like I saw something about doing what you want. there's some tool where it allows you to put a fake page where the real one should be, you setup your own server and redirect all traffic to your page. (no sure though). good luck .

@ghost8786

No hard feelings. I understand what you are saying. You are probably very right in that most people who use BT are not using if for its ability to help you make your network more secure, but rather to learn how to break the law. In any case, this is the reality that those of us in the network security field face. The media/Hollywood could be partly to blame for the hype they put on "hacking".

I appreciate your honesty and concern for the community. Maybe you could just ask your questions without insulting people. This may be a virtual community, but respect still carries a lot of weight.

I would find it hard to believe that any law enforcement agency could shut the site down for teaching people how to "hack" as it would be against the 1st Amendment.

If people can write books that teach how to be a "Hit man" :eek: without any legal consequence, then I would think a site can teach people how to "hack" without any fear also.