Menu

Database

Hotspotter

WVE ID: WVE-2005-0054

Type: Exploit

Status: Candidate

Classification:
Hijacking

Description:
Hotspotter is a tool used to exploit wireless clients probing for their preferred networks.

Discussion:
Hotspotter is a free open source tool that will passively monitor probe
requests from Windows XP clients and compares them to common
"hotspot" SSID names. If there is a match with the client’s request,
the rogue client will act as an AP with the same SSID.
Once associated to the rogue AP the hacker can assign an IP via
DHCP or run other scanning tools against the victim.

Credits
Author: Joshua Wright (jwright@hasborg.com) : None
Author: Max Moser (mmo@remote-exploit.org) : remote-exploit.org

References
URL: http://www.remote-exploit.org/index.php/Hotspotter_main
URL: http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/019764.html

Released: 2004-04-05

Submitter
Andrew Lockhart (alockhart@networkchemistry.com) : Network Chemistry

Submitted: Thu Dec 01 10:46:23 -0800 2005

Candidate Date: Thu Dec 01 12:57:12 -0800 2005


Recent Entries

TKIP Replay and Plaintext Discovery
WVE-2008-0013 11/18/2008
Active Https Cookie Hijacking
WVE-2008-0012 9/18/2008
Auto Immune Attack
WVE-2008-0011 9/17/2008
Marvell Null SSID Association Request
WVE-2008-0010 9/15/2008
Marvell EAPOL-Key Length Overflow
WVE-2008-0009 9/15/2008
Atheros IE Tag Overflow
WVE-2008-0008 9/15/2008
Weaknesses in the A5/1 Cipher
WVE-2008-0007 4/9/2008
Block ACK DoS
WVE-2008-0006 4/9/2008
GF Mode WIDS Rogue AP Evasion
WVE-2008-0005 4/9/2008
HT Intolerant Degradation of Service
WVE-2008-0004 4/9/2008
More Entries...

News

SANS Institute Sponsors WVE
4/19/2008
Wireless Attackers and Honeypot Technology
4/15/2008
High Speed Risks in 802.11n Slides Posted
4/11/2008
Vulnerabilities in 802.11n
4/9/2008
WVE Editors Speaking at SHARKFEST.08
1/3/2008
More News...