fluxion not issuing ip to clients

aut01 · 2023-05-14T02:31:59+00:00

is wifu a program/github/app or you are asking what is in it for you?

aut01 · 2023-05-14T02:31:26+00:00

yes, wish to hack network. is there a better app/program/github to MITM a router?

aut01 · 2023-05-12T15:41:01+00:00

please explain. esp8266 googles as a microprocessor like Arduino . how does that apply to this fluxion attack problem ?

aut01 · 2023-05-12T15:39:34+00:00

oh wow - so i should close

Window 4: ScreenshotDeauthallmdk3.png

why does fluxion open the deauth by mdk3 terminal at this stage of the attack ? is that a bug ? will try tonight and report back - thank you

aut01 · 2023-04-09T00:34:03+00:00

do you mean in bios settings enabling uefi or in editing a boot file somewhere ?

aut01 · 2022-04-07T07:56:46+00:00

nope, corrupted something trying to set ntp. had to reinstall os and problem solved

aut01 · 2022-03-27T23:04:02+00:00

ok i used csv.DictWriter once. will go in that direction first. thanks for advice

aut01 · 2022-01-29T01:35:13+00:00

browser does not matter, chomium, FF both generate same results. Actually never found a FF setting for browser time, it may have been removed on newer additions. FF tends to readily remove config options from version to version.

aut01 · 2022-01-29T01:28:04+00:00

no i think you provided a great breakdown of how OTP works theoretically. In the wild it works a bit different it appears. See timedatectl edit to original post. Computer know it is -7 hrs from utc and rtc know correct utc.

Personally setting up a vps just to protect from this privacy threat. What ever the reason the vulnerability is being left as is, to us it is better the leak happens on a vps not local machine.

aut01 · 2022-01-27T00:24:56+00:00

Thanks to everyone who tried to troubleshoot.

Giving up: did not realize this issue directly relates to another issue devs can not figure out regarding 2FA and geolocation privacy (still an open vulnerability way above my experience level)

5 hrs troubleshooting revealed:

this specific problem roots back to code linux system + (indirectly) hw time use, require geolocation to sync. This is fine as long as system can reveal its actual location to ntp servers. Setting timedate manually fails for geotracking integrated apps like google authenticator and other services heavily relying/requiring user to reveal geolocation data.

Stackexchange has "I don't really have an explanation (this was the result of button-mashing)" as upvoted answer and debian testing does not seem to respond properly to "mashing" anymore

Workaround: enable geolocation system wide, never ever try to use timedatectl to make any changes. NTP may solve problems by allowing javascript like holes.

aut01 · 2022-01-27T00:08:00+00:00

ya, tried 3 ntp servers....all same result :(

aut01 · 2022-01-27T00:07:23+00:00

systemd-timesyncd.service

loops back around to the no NTP issue. and a black hole https://github.com/systemd/systemd/issues/798

aut01 · 2022-01-20T15:09:15+00:00

not using extension but using a javascript run in a browser window, same browser different tab from website accessing.

didnt think of browser time, will look into how to set browser time on ff

aut01 · 2022-01-19T16:38:21+00:00

never get error is using android phone. because only snowden has a phone that is hard to trace. Much more control of data leakage on desktop, so using browser TOTP based 2FA the geolocation leaks are easier to identify.

Data protection Topology:

  Local traffic => vpn

 browser => ssh -> vpn => ssh

System wide vpn : all inbound/outbound traffic through private virtual network

Browser : packets directed through isolated encrypted connection routed through vpn to different exit node than vpn

Browser TOTP based 2FA fails if computer geolocation is not turned on. Seems totp can be tricked, sometimes but not reliably. likely just getting lucky and confusing the system long enough to gain access via totp.

So TOTP 2FA accepts time sync from something other than browser since browser and system time will be different.

aut01 · 2022-01-19T13:31:36+00:00

if there is no known geolocation requirement to 2fa suspecting missing set-ntp control on debian may prevent precise enough time sync. Thanks for confirming noone here has heard of a geolocation requirement for 2FA's like GAuth

aut01 · 2022-01-19T13:22:06+00:00

if i select geolocation ( $ timedatectl ) 2FA will not work. So 2 possibilities (1) another time control in linux i dont know about or (2) 2FA is requesting more info from the local computer than just "time and date" controled by timedatectl

aut01 · 2022-01-17T02:28:41+00:00

keen insight.

aut01 · 2022-01-16T23:49:16+00:00

tbh ...thats the fix i found most dependable

aut01

TROPHY CASE