Hey /g/ if I were to set up a wireless access point in my students union what would I be able to see when people connected and surfed the web?
Pic unrelated, inna lecture
>>50771450
only if they were browsing unencrypted sites. Facebook, Google, etc... are all encrypted.
this is also a stupid question that should be in the stupid question thread; also, what the fuck are you doing browsing and posting to 4chan in lecture? are you some kind of subhuman faggot?
>>50771501
Is this suddenly a problem? If you run a wireless hotspot you can mitm the certs and just present your own to the clients. This is what most companies do to monitor browsing. I believe only Google protects against that.
>>50771501
Would there be any way to redirect the traffic or modify what's coming through? I heard someone once had an AP that changed all images to pictures of cats.
>>50771566
Where could I learn more about this?
>>50771566
>Is this suddenly a problem?
what?
>If you run a wireless hotspot you can mitm the certs and just present your own to the clients.
most companies just check against the domain query or hit. There's nothing you can do to obfuscate the destination of a packet unless you use tunneling like a VPN/proxy, but breaking the encryption of the message is exceedingly difficult.
>>50771575
for unencrypted traffic, sure. encrypted traffic would make it impossible for you to determine that an image is even being transmitted.
You could block all traffic on port 443, forcing some sites to fall back to HTTP on port 80 (although you can serve and receive traffic on pretty much whatever port you want, assuming you actually have control of your operating system) since those are the defaults, but that would seriously break people's browsing.
What do you want to do? If you just want to be a troll, then find something else to do. People do real business over the Internet, and fucking with traffic is like jamming cell phone signals in the area; you might think it has no negative repercussions and you're just having fun, but you can't possibly know that you're fucking up something critical until after it's too late.
>>50771566
>mitm the certs
don't you need the browser to trust your CA?
>>50771689
yes you do. falsifying the certs would be a non-trivial endeavor. It'd be dramatically easier to socially engineer whatever you need from someone (e.g. phishing, directing them to your site/form, and just asking them to give you the necessary credentials).
>>50771714
>>50771689
>using your browsers list of trusted ca's instead of individually trusting sites
what is this the fucking 90's?
>>50771743
I'm sorry, how does whatever you're advocating have any bearing on the broader discussion?
>>50771654
Essentially I wanted to see what exactly I could do, then make a project with a friend with some kind of goal for personal, trivial gain, learning along the way.
>>50771772
>personal gain
not a good motivation. if you want to do something interesting, ultimately do a write-up about something important or worthwhile learned from the exercise, but contribute it back to the world in some way.
And you can get a surprising amount of access to stuff by asking for permissions (e.g. make a chrome extension, ask for permission to access everything; make a web service, ask for permission to access everything, etc...)
