What is AirSnarf Attack?

What is Airsnarf ?

Airsnarf is a rogue Access point setup utility.  It was designed to demonstrate how a rogue AP can steal usernames and passwords from public wireless hotspots.  Airsnarf was developed and released to demonstrate an inherent vulnerability of public 802.11b hotspots-snarfing usernames and passwords by confusing users with DNS and HTTP redirects from a competing AP.

AirSnarf Attack

AirSnarf Attack


How does this attack work ?

This is how the tool works –

  • This tool helps create a competing hotspot with a captive portal.
  • All the variables like the local network, gateway, SSID to assume can be configured very easily using the configuration files.
  • Wireless clients that gets associated to this tool will get their IP, DNS, gateway and other details from the tool as configured, as is the case with any other hotspot.
  • Wireless clients will have all their DNS queries resolve to the IP address of the box running Airsnarf tool regardless of their DNS settings.  So, any website they attempt to visit will bring up the Airsnarf “splash page” requesting the username and password.
  • If the users enter the username and password, the same will be mailed to the attacker who can exploit the same.

What can be the impact of this attack ?

The usernames and passwords obtained from the legitimate user can be misused at any of the hotspot of the same service provider leaving the original duped user to pay the bill.

What should the WLAN Administrator do ?

  • WLAN administrators at hotspot should consider providing strong authentication mechanism.

Airsnarf Security

WiFi Manager raises this alarm when it detects that Airsnarf tool is in use.

LAB: Step by Step Demonstration of AirSnarf Attack

For Detailed Course on Wireless Pentesting & Security click here