Friday, June 12, 2020

PKCE: What Can(Not) Be Protected


This post is about PKCE [RFC7636], a protection mechanism for OAuth and OpenIDConnect designed for public clients to detect the authorization code interception attack.
At the beginning of our research, we wrongly believed that PKCE protects mobile and native apps from the so called „App Impersonation" attacks. Considering our ideas and after a short discussion with the authors of the PKCE specification, we found out that PKCE does not address this issue.
In other words, the protection of PKCE can be bypassed on public clients (mobile and native apps) by using a maliciously acting app.

OAuth Code Flow


In Figure 1, we briefly introduce how the OAuth flow works on mobile apps and show show the reason why we do need PKCE.
In our example the user has two apps installed on the mobile phone: an Honest App and an Evil App. We assume that the Evil App is able to register the same handler as the Honest App and thus intercept messages sent to the Honest App. If you are more interested in this issue, you can find more information here [1].

Figure 1: An example of the "authorization code interception" attack on mobile devices. 

Step 1: A user starts the Honest App and initiates the authentication via OpenID Connect or the authorization via OAuth. Consequentially, the Honest App generates an Auth Request containing the OpenID Connect/OAuth parameters: client_id, state, redirect_uri, scope, authorization_grant, nonce, …. 
Step 2: The Browser is called and the Auth Request is sent to the Authorization Server (usually Facebook, Google, …).
  • The Honest App could use a Web View browser. However, the current specification clearly advice to use the operating system's default browser and avoid the usage of Web Views [2]. In addition, Google does not allow the usage of Web View browser since August 2016 [3].
Step 3: We asume that the user is authenticated and he authorizes the access to the requested resources. As a result, the Auth Response containing the code is sent back to the browser.

Step 4: Now, the browser calls the Honest App registered handler. However, the Evil App is registered on this handler too and receives the code.

Step 5: The Evil App sends the stolen code to the Authorization Server and receives the corresponding access_token in step 6. Now, the Evil App can access the authorized ressources.
  • Optionally, in step 5 the App can authenticate on the Authorization Server via client_id, client_secret. Since, Apps are public clients they do not have any protection mechanisms regarding the storage of this information. Thus, an attacker can easy get this information and add it to the Evil App.

    Proof Key for Code Exchange - PKCE (RFC 7636)

    Now, let's see how PKCE does prevent the attack. The basic idea of PKCE is to bind the Auth Request in Step 1 to the code redemption in Step 5. In other words, only the app generated the Auth Request is able to redeem the generated code.


    Figure 2: PKCE - RFC 7636 

    Step 1: The Auth Request is generated as previosly described. Additionally, two parameters are added:
    • The Honest App generates a random string called code_verifier
    • The Honest App computes the code_challenge=SHA-256(code_verifier)
    • The Honest App specifies the challenge_method=SHA256

    Step 2: The Authorization Server receives the Auth Request and binds the code to the received code_challenge and challenge_method.
    • Later in Step 5, the Authorzation Server expects to receive the code_verifier. By comparing the SHA-256(code_verifier) value with the recieved code_challenge, the Authorization Server verifies that the sender of the Auth Request ist the same as the sender of the code.
    Step 3-4: The code leaks again to the Evil App.

    Step 5: Now, Evil App must send the code_verifier together with the code. Unfortunatelly, the App does not have it and is not able to compute it. Thus, it cannot redeem the code.

     PKCE Bypass via App Impersonation

    Again, PKCE binds the Auth Request to the coderedemption.
    The question rises, if an Evil App can build its own Auth Request with its own code_verifier, code_challenge and challenge_method.The short answer is – yes, it can.

    Figure 3: Bypassing PKCE via the App Impersonation attack
    Step 1: The Evil App generates an Auth Request. The Auth Request contains the client_id and redirect_uri of the Honest App. Thus, the User and the Authorization Server cannot recognize that the Evil App initiates this request. 

    Step 2-4: These steps do not deviate from the previous description in Figure 2.

    Step 5: In Step 5 the Evil App sends the code_verifier used for the computation of the code_challenge. Thus, the stolen code can be successfully redeemed and the Evil App receives the access_token and id_token.

    OAuth 2.0 for Native Apps

    The attack cannot be prevented by PKCE. However, the IETF working group is currently working on a Draft describing recommendations for using OAuth 2.0 for native apps.

    References

    Vladislav Mladenov
    Christian Mainka (@CheariX)
    More info

    Thursday, June 11, 2020

    Top 10 Most Popular Ethical Hacking Tools (2019 Ranking)

         Top 10 powerful Hacking  Tools in 2019.       

    If hacking is performed to identify the potential threats to a computer or network then it will be an ethical hacking.

    Ethical hacking is also called penetration testing, intrusion testing, and red teaming.

    Hacking is the process of gaining access to a computer system with the intention of fraud, data stealing, and privacy invasion etc., by identifying its weaknesses.

    Ethical Hackers:

    A person who performs the hacking activities is called a hacker.

    There are six types of hackers:

    • The Ethical Hacker (White hat)
    • Cracker
    • Grey hat
    • Script kiddies
    • Hacktivist
    • Phreaker

    A security professional who uses his/her hacking skills for defensive purposes is called an ethical hacker. To strengthen the security, ethical hackers use their skills to find vulnerabilities, document them, and suggest the ways to rectify them.

    Companies that provide online services or those which are connected to the internet, must perform penetration testing by ethical hackers. Penetration testing is another name of ethical hacking. It can be performed manually or through an automation tool.

    Ethical hackers work as an information security expert. They try to break the security of a computer system, network, or applications. They identify the weak points and based on that, they give advice or suggestions to strengthen the security.

    Programming languages that are used for hacking include PHP, SQL, Python, Ruby, Bash, Perl, C, C++, Java, VBScript, Visual Basic, C Sharp, JavaScript, and HTML.

    Few Hacking Certifications include:

    1. CEH
    2. GIAC
    3. OSCP
    4. CREST

    Let's Explore!!

    #1) Nmap

    Nmap

    Price: Free

    Description:

    Nmap is a security scanner, port scanner, as well as a network exploration tool. It is an open source software and is available for free.

    It supports cross-platform. It can be used for network inventory, managing service upgrade schedules, and for monitoring host & service uptime. It can work for a single host as well as large networks. It provides binary packages for Linux, Windows, and Mac OS X.

    Features: 

    • Nmap suite has:
      • Data transfer, redirection, and debugging tool(Ncat),
      • Scan results comparing utility(Ndiff),
      • Packet generation and response analysis tool (Nping),
      • GUI and Results viewer (Nping)
    • Using raw IP packets it can determine:
      • The available hosts on the network.
      • Their services offered by these available hosts.
      • Their OS.
      • Packet filters they are using.
      • And many other characteristics.

    Best for: Nmap is best for scanning network. It is easy to use and fast as well.

    Website: Nmap

    ******************

    #2) Netsparker

    Netsparker Vulnerability-Assessments-and-Penetration-Tests

    Netsparker is a dead accurate ethical hacking tool, that mimics a hacker's moves to identify vulnerabilities such as SQL Injection and Cross-site Scripting in web applications and web APIs. 
     
    Netsparker uniquely verifies the identified vulnerabilities proving they are real and not false positives, so you do not need to waste hours manually verifying the identified vulnerabilities once a scan is finished.
     
    It is available as a Windows software and an online service.

    ******************

    #3) Acunetix 

    Acunetix Dashboard

    Acunetix is a fully automated ethical hacking tool that detects and reports on over 4500 web application vulnerabilities including all variants of SQL Injection and XSS.

    The Acunetix crawler fully supports HTML5 and JavaScript and Single-page applications, allowing auditing of complex, authenticated applications.

    It bakes in advanced Vulnerability Management features right-into its core, prioritizing risks based on data through a single, consolidated view, and integrating the scanner's results into other tools and platforms.

    => Visit Acunetix Official Website

    ******************

    #4) Metasploit

    Metasploit

    Price: Metasploit Framework is an open source tool and it can be downloaded for free. Metasploit Pro is a commercial product. Its free trial is available for 14 days. Contact the company to know more about its pricing details.

    Description:


    It is the software for penetration testing. Using Metasploit Framework, you can develop and execute exploit code against a remote machine. It supports cross-platform.

    Features: 

    • It is useful for knowing about security vulnerabilities.
    • Helps in penetration testing.
    • Helps in IDS signature development.
    • You can create security testing tools.

    Best For Building anti-forensic and evasion tools.

    Website: Metasploit

    #5) Aircrack-Ng

    aircrack-ng

    Price: Free

    Description:

    Aircrack-ng provides different tools for evaluating Wi-Fi network security.

    All are command line tools. For Wi-Fi security, it focuses on monitoring, attacking, testing, and cracking. It supports Linux, Windows, OS X, Free BSD, NetBSD, OpenBSD, Solaris, and eComStation 2.

    Features:


    • Aircrack-ng can focus on Replay attacks, de-authentication, fake access points, and others.
    • It supports exporting data to text files.
    • It can check Wi-Fi cards and driver capabilities.
    • It can crack WEP keys and for that, it makes use of FMS attack, PTW attack, and dictionary attacks.
    • It can crack WPA2-PSK and for that, it makes use of dictionary attacks.

    Best For: Supports any wireless network interface controller.

    Website: Aircrack-Ng

    #6) Wireshark

    Wireshark

    Price: Free

    Description:

    Wireshark is a packet analyzer and can perform deep inspection of many protocols.

    It supports cross-platform. It allows you to export the output to different file formats like XML, PostScript, CSV, and Plaintext. It provides the facility to apply coloring rules to packet list so that analysis will be easier and quicker. The above image will show the capturing of packets.

    Features:

    • It can decompress the gzip files on the fly.
    • It can decrypt many protocols like IPsec, ISAKMP, and SSL/TLS etc.
    • It can perform live capture and offline analysis.
    • It allows you to browse the captured network data using GUI or TTY-mode TShark utility.

    Best For: Analyzing data packets.

    Website: Wireshark

    #7) Ettercap

    Ettercap

    Price: Free.

    Description:

    Ettercap supports cross-platform. Using Ettercap's API, you can create custom plugins. Even with the proxy connection, it can do sniffing of HTTP SSL secured data.

    Features:

    • Sniffing of live connections.
    • Content filtering.
    • Active and passive dissection of many protocols.
    • Network and host analysis.

    Best For: It allows you to create custom plugins.

    Website: Ettercap

    #8) Maltego

    Maltego

    Price: The Community version, Maltego CE is available for free. Price for Maltego Classic is $999. Price for Maltego XL is $1999. These two products are for the desktop. Price for the server products like CTAS, ITDS, and Comms starts at $40000, which includes training as well.

    Description:

    Maltego is a tool for link analysis and data mining. It supports Windows, Linux, and Mac OS.

    For the discovery of data from open sources and visualizing the information in graphical format, it provides the library of transforms. It performs real-time data-mining and information gathering.

    Features:

    • Represents the data on node-based graph patterns.
    • Maltego XL can work with large graphs.
    • It will provide you the graphical picture, thereby telling you about the weak points and abnormalities of the network.

    Best For: It can work with very large graphs.

    Website: Maltego

    #9) Nikto

    Nikto

    Price: Free

    Description:

    Nikto is an open source tool for scanning the web server.

    It scans the web server for dangerous files, outdated versions, and particular version related problems. It saves the report in a text file, XML, HTML, NBE, and CSV file formats. Nikto can be used on the system which supports basic Perl installation. It can be used on Windows, Mac, Linux, and UNIX systems.

    Features:

    • It can check web servers for over 6700 potentially dangerous files.
    • It has full HTTP proxy support.
    • Using Headers, favicons, and files, it can identify the installed software.
    • It can scan the server for outdated server components.

    Best For: As a Penetration Testing tool.

    Website: Nikto

    #10) Burp Suite

    BurpSuite

    Price: It has three pricing plans. Community edition can be downloaded for free. Pricing for Enterprise edition starts at $3999 per year. Price of the Professional edition starts at $399 per user per year.

    Description:

    Burp Suite has a web vulnerability scanner and has advanced and essential manual tools.

    It provides many features for web application security. It has three editions, community, enterprise, and professional. With community editions, it provides essential manual tools. With the paid versions it provides more features like Web vulnerabilities scanner.

    Features:

    • It allows you to schedule and repeats the scan.
    • It scans for 100 generic vulnerabilities.
    • It uses out-of-band techniques (OAST).
    • It provides detailed custom advisory for the reported vulnerabilities.
    • It provides CI Integration.

    Best For: Security testing.

    Website: Burp Suite

    #11) John The Ripper

    John-the-Ripper

    Price: Free

    Description:

    John the Ripper is a tool for password cracking. It can be used on Windows, DOS, and Open VMS. It is an open source tool. It is created for detecting weak UNIX passwords.

    Features:

    • John the Ripper can be used to test various encrypted passwords.
    • It performs dictionary attacks.
    • It provides various password crackers in one package.
    • It provides a customizable cracker.

    Best For: It is fast in password cracking.

    Website:  John the Ripper

    #12) Angry IP Scanner

    AngryIPScanner

    Price: Free

    Description:

    Angry IP Scanner is a tool for scanning the IP addresses and ports. It can scan both on local network and Internet. It supports Windows, Mac, and Linux operating systems.

    Features:

    • It can export the result in many formats.
    • It is a command-line interface tool.
    • It is extensible with many data fetchers.

    Website:  Angry IP Scanner

    Conclusion

    As explained here, Nmap is used for computer security and network management. It is good for scanning the network. Metasploit is also for security and is good for building anti-forensic and evasion tools.

    Aircrack-Ng is a free packet sniffer & injector and supports cross-platform. Wireshark is a packet analyzer and is good in analyzing data packets. As per the reviews available online, people recommend using Nmap instead of Angry IP scanner as Angry IP Scanner comes with unwanted applications.

    John the Ripper is fast in password cracking. Nikto is a good open source tool for penetration testing. Maltego presents the data in a graphical form and will give you information about weak points and abnormalities.

    This was all about the ethical hacking and the top ethical hacking tools. Hope you will find this article to be much useful!!

    @EVERYTHING NT

    More information


    Tuesday, June 9, 2020

    Scanning TLS Server Configurations With Burp Suite

    In this post, we present our new Burp Suite extension "TLS-Attacker".
    Using this extension penetration testers and security researchers can assess the security of TLS server configurations directly from within Burp Suite.
    The extension is based on the TLS-Attacker framework and the TLS-Scanner, both of which are developed by the Chair for Network and Data Security.

    You can find the latest release of our extension at: https://github.com/RUB-NDS/TLS-Attacker-BurpExtension/releases

    TLS-Scanner

    Thanks to the seamless integration of the TLS-Scanner into the BurpSuite, the penetration tester only needs to configure a single parameter: the host to be scanned.  After clicking the Scan button, the extension runs the default checks and responds with a report that allows penetration testers to quickly determine potential issues in the server's TLS configuration.  Basic tests check the supported cipher suites and protocol versions.  In addition, several known attacks on TLS are automatically evaluated, including Bleichenbacher's attack, Padding Oracles, and Invalid Curve attacks.

    Furthermore, the extension allows fine-tuning for the configuration of the underlying TLS-Scanner.  The two parameters parallelProbes and overallThreads can be used to improve the scan performance (at the cost of increased network load and resource usage).

    It is also possible to configure the granularity of the scan using Scan Detail and Danger Level. The level of detail contained in the returned scan report can also be controlled using the Report Detail setting.

    Please refer to the GitHub repositories linked above for further details on configuration and usage of TLS-Scanner.

    Scan History 

    If several hosts are scanned, the Scan History tab keeps track of the preformed scans and is a useful tool when comparing the results of subsequent scans.

    Additional functions will follow in later versions

    Currently, we are working on integrating an at-a-glance rating mechanism to allow for easily estimating the security of a scanned host's TLS configuration.

    This is a combined work of Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Robert Merget.  The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

    If you would like to learn more about TLS, Juraj and Robert will give a TLS Training at Ruhrsec on the 27th of May 2019. There are still a few seats left.
    Read more

    Linux Command Line Hackery Series - Part 4




    Welcome back to Linux Command Line Hackery, hope you have enjoyed this series so far. Today we are going to learn new Linux commands and get comfortable with reading text files on Linux.

    Suppose that you wanted to view your /etc/passwd file. How will you do that? From what we have learned so far what you'll do is type:

    cat /etc/passwd

    And there you go, but really did you see all the output in one terminal? No, you just ended up with last few lines and you'll have to cheat (i,e use graphical scroll bar) in order to see all the contents of /etc/passwd file. So is there a command line tool in linux with which we can see all the contents of a file easily without cheating? Yes, there are actually a few of them and in this article we'll look at some common ones.

    Command: more
    Syntax:  more [options] file...
    Function: more is a filter for paging through text one screenful at a time. With more we can parse a file one terminal at a time or line by line. We can also go backward and forward a number of lines using more.

    So if we're to use more on /etc/passwd file how will we do that? We'll simply type

    more /etc/passwd

    now we'll get a screenful output of the file and have a prompt at the bottom of terminal. In order to move forward one line at a time press <Enter Key>. Using enter we can scroll through the file one line at a time. If you want to move one screen at a time, you can press <Space Key> to move one screen at a time. There are more functions of more program, you can know about them by pressing <h key>. To exit out of more program simply type <q key> and you'll get out of more program.

    Command: less
    Syntax: less [options] file...
    Function: less is similar to more but less has more functionality than more. less is particularly useful when reading large files as less does not have to read the entire input file before starting, so it starts up quickly than many other editors.

    less command is based on more so what you've done above with more can be done with less as well. Try it out yourself.

    Command: head
    Syntax: head [OPTION]... [FILE]...
    Function: head command prints the head or first part of a file. By default head prints out first 10 lines of a file. If more than one file is specified, head prints first 10 lines of all files as a default behavior.

    If we want to see only first 10 lines of /etc/passwd we can type:

    head /etc/passwd

    We can also specify to head how many lines we want to view by using the -n flag. Suppose you want to see first 15 lines of /etc/passwd file you've to type:

    head -n 15 /etc/passwd

    Ok you can view the first lines of a file what about last lines, is there a tool for that also? Exactly that's what our next command will be about.

    Command: tail
    Syntax: tail [OPTION]... [FILE]...
    Function: tail is opposite of head. It prints the last 10 lines of a file by default. And if more than one file is specified, tail prints last 10 lines of all files by default.

    To view last 10 lines of /etc/passwd file you'll type:

    tail /etc/passwd

    and as is the case with head -n flag can be used to specify the number of lines

    tail -n 15 /etc/passwd

    Now one more thing that we're going to learn today is grep.

    Command: grep
    Syntax: grep [OPTIONS] PATTERN [FILE...]
    Function: grep is used to search a file for lines matching the pattern specified in the command.

    A PATTERN can simply be a word like "hello" or it can be a regular expression (in geek speak regex). If you aren't familiar with regex, it's ok we'll not dive into that it's a very big topic but if you want to learn about it I'll add a link at the end of this article that will help you get started with regex.

    Now back to grep say we want to find a line in /etc/passwd file which contains my user if we'll simply type:

    grep myusername /etc/passwd

    Wohoo! It gives out just that data that we're looking for. Remember here myusername is your username.
    One cool flag of grep is -v which is used to look in file for every line except the line containing the PATTERN specified after -v [it's lowercase v].

    Take your time practicing with these commands especially grep and more. We'll learn a lot more about grep in other upcoming articles.

    References:
    https://en.wikipedia.org/wiki/Regular_expression
    http://www.regular-expressions.info/
    Awesome website to learn Regular expressions - http://www.regexr.com/
    Related articles

    Monday, June 8, 2020

    10 Best Wifi Hacking Android Apps To Hack Others Wifi (Without Root)

     Top 10 Best wifi hacking apps to hack wifi^s.   

    Today, a smartphone without internet is like a decade ago featured phone which is mainly used to dial and receive the call. No one would even want such a phone today. The Internet is now a necessity for every mobile user. They can't live without the internet and unfortunately; if the Internet is not working due to some signal issues; they get frustrated and sometimes depressed too.


    Generally, we need to pay for the Internet subscription package to run mobile data on our smartphone. But what to do if I don't want to spend money on the Internet? The solution is to connect your mobile with WiFi. You can access the internet from there. Easy, right? NO, it's not easy until you know the password of WiFi. But what if you don't know.

    Two ways possible in this situation

    1. Either you ask for the password to the owner; he will provide you to use his internet through Wi-Fi
    2. You have to hack the Wi-Fi password of other's network and use the internet as an unauthorized person.

    First is not reliable when you don't know the person so, you only have a second option. Today, I am going to share a few apps that help you steal the password and allow you to use the internet from others' account.

    1. WiFi WPS WPA Tester

    This is the foremost tool to hack the WiFi password without knowing even the root. This is a preferred choice of numerous smartphone users to decipher the pin and get access to the Wi-Fi. As time passes, a tool is upgraded and now even hack the WiFi networks while it was used to check if an access point is highly vulnerable to the rancorous attacks or not.

    If you are using Lollipop or above version on your android mobile phone; you don't even need to root your device to crack a WiFi network.

    Android App

    Pros

    • Easy to use
    • Free
    • Decrypt the password in no time.
    • Implementation of several algos like Zhao, Arris, Dlink and more.

    Cons

    • Need root access if you are using the version below Lollipop.

    2. WPS Connect

    Routers which has enabled a WPS protocol can be hacked with this app. The important thing is that almost all routers found in public places and homes fall under this category. In short, you will have what you want. Moreover, you can focus on your router & examine that it's vulnerable to any malicious attack or not. It helps you hack the WiFi password without root and also strengthen your WiFi network.

    Once you identify the vulnerable (accessible) network, you can quickly get the password and start using the internet without any hassle. It uses algorithms like easyboxPIN and Zhao. Although, this app is not compatible with various Android phones as it is tested on Android devices like the Galaxy series, Nexus and more.

    Android App

    Pros

    • It's free and easy to use
    • Powerful algorithms (Zhao & easyboxPin) to crack the password
    • Supports pinning of Wi-Fi routers

    Cons

    • Incompatible with few android devices
    • Couldn't identify the network automatically.

    3. WiFi WPS WPA Tester Premium

    This is an excellent app to decrypt the WiFi network password on your android phone. This works fine on rooted & non-rooted android phones. If you can root the Android device; you can have a better chance to hack into. Today,  security is the primary concern and so, many people use the highly secured wireless router, I think. For such networks, this app will not work as it should be. But, still it can work for numerous times with the help of WPS; not all the time. Every time, you have to try your luck to get access to other's WiFi network. This WPS WPA tester is a premium apk.

    Android App

    Pros

    • Works for both rooted and non-rooted android devices
    • Find the nearby network and connect your mobile with it.

    Cons

    • It's a premium apk.
    • You have to try your luck to get access to the nearby network.
    • Not good to connect with highly secured wireless routers.

    4. AndroDumpper Wifi (WPS Connect) – Discontinued

    If you want to connect to a router which is WPS enabled; download this app immediately without going down to browse for other apps. Just open the app, start its interface & find the nearby wireless networks, you want to connect with. The app will provide an excellent option to regain the password of a selected network with & without root. Once you implemented the algorithm; it will display the password in app screen & connect to the network. Isn't it easy for you?

    Android App

    Pros

    • It's Free on Google Play Store
    • Easy to use and faster than some other tool.
    • Works fine for rooted & non-rooted devices
    • A dedicated blog is available for the tool (Get guidance anytime)
    • Supports for giant company routers (Vodaphone, Asus, Huawei, Dlink, etc.)

    Cons

    • Rooting is required if you are using a version below android 5.0
    • Works only for WPS enabled routers.

    5. Wi-fi Password Hacker Prank

    Wifi Password hacker prank is a free app for the android users and can help you to connect your android phone to wifi networks available nearby. This free app simulates a process of hacking the wireless network with your smartphone. With this app, you can hack all wifi network passwords with just one key. The Prank word itself says it's a funny app used to prank with your friends. Sometimes, girls can be impressed with this prank as well. But try this at your own risk. Look excellent and professional in front of your friends and colleagues.

    Steps to Hack Wifi using the Wifi Password Hacker Prank:

    • Catch up the wireless networks near to you and then select the secure network you wish to hack.
    • Wait for a while & a dialogue will be opened with the wifi password.
    • Bingo! Paste the password and start using others' Internet without spending single money.
    • Watch your favourite show and movie in High-Definition quality without worrying about your mobile data.
    Android App

    6. WiFi Warden

    WiFi Warden is one of the finest and free android WiFi hacking apps to get access to others WiFi with ease. With WiFi Warden, a user can Analyze the WiFi networks, connect to your WiFi using the passphrase and WPS and view saved WiFi passwords without root.

    By analyzing the WiFi networks, you can see all necessary information that can be discovered on the wireless networks around including BSSID, SSID, Channel bandwidth, encryption, security, router manufacturer, distance and channel number, etc.

    Android App

    Pros

    • Find the less crowded channel to get WiFi access.
    • You can root your device on all Android versions.
    • Easy to use and connect with the router quickly.
    • All features of this app are available for free.

    Cons

    • This app doesn't work on all types of router, use a passphrase instead.
    • Access Point (AP) must have enabled WPS.
    • Require Android version 6 (Marshmallow) or higher version is necessary to display Wi-Fi networks around you.
    • Some of the features are in the testing phase. So, use it your own risk.

    7. WiFi Password

    'WiFi Password' is a completely free app for those who don't want to get away from the Internet even when their internet data is running out. You can connect with others' WiFi routers and use their Internet.

    If you are using Android Version 5 or above; 'WiFi Password' can be the right choice for you to watch your favorite shows on YouTube in HD without even worrying about Mobile Data.

    Android App

    Pros:

    • Millions of WiFi Hotspots
    • Scan and detect the WiFi security
    • Connect WiFi Hotspot nearby without knowing the WiFi Password
    • You can simply add a free WiFi Hotspot by sharing the passwords with others.

    Cons :

    • Still, there are some glitches in it but works well.

    8. WiFi Kill Pro

    WiFi Kill is one the best WiFi network controller application which can disable the Internet connection of others who are connected to the same network. Yes, this is true. It is a useful tool for internet users who want to improve their data speed by disabling other's internet connection and allocate all the bandwidth to your device only.

    Currently, this app is only for Android users and needs root access to perform well.

    Android App

    Pros


      • You can see all connected device on the same network you are connected.

      • Display the data transfer rate of all devices

      • Monitor network activity

      • You can cut the network connection of any connected device.
    • It works well on tablets too.

    Cons


      • Require root access
    • Require Android version 4.0.3 or up to use this app.

    9. Penetrate Pro

    A popular Wifi hacker app for android users, Penetrate pro is free and works well on Android devices. This app is widely used to find WEP and/or WPA keys to connect the devices with network routers without knowing the wifi password. Just install the app and search for the network; this app starts automatically displaying the WEP/WPA keys on the screen. Tap on the network you want to connect; one it gets connected; you can start watching videos on YouTube. Quite interesting, doesn't it?

    Android App

    Pros


      • Easy to search nearby free wifi networks.

      • Connect the network without knowing keys
    • Available for Free

    Cons


      • Not available on Google Play Store; need to download manually.
    • Works well only for the rooted android devices

    So, you have got the list of apps that help you use the internet from other's wireless network without getting caught. If you have any idea of any other Wi-Fi password hacking app; just let me know. We would love to discuss it here.


    Disclaimer: VR Bonkers is not responsible for any consequences if you face while using any of the above apps. This is just a list and we are not taking any responsibility for the same. So, use them at your risk.


    @EVERYTHING NT

    Read more

    Classic Lishi Tools page:1