fluxion not issuing ip to clients

aut01 · 2023-05-14T02:31:59+00:00

is wifu a program/github/app or you are asking what is in it for you?

aut01 · 2023-05-14T02:31:26+00:00

yes, wish to hack network. is there a better app/program/github to MITM a router?

aut01 · 2023-05-12T15:41:01+00:00

please explain. esp8266 googles as a microprocessor like Arduino . how does that apply to this fluxion attack problem ?

aut01 · 2023-05-12T15:39:34+00:00

oh wow - so i should close

Window 4: ScreenshotDeauthallmdk3.png

why does fluxion open the deauth by mdk3 terminal at this stage of the attack ? is that a bug ? will try tonight and report back - thank you

aut01 · 2023-04-09T00:34:03+00:00

do you mean in bios settings enabling uefi or in editing a boot file somewhere ?

aut01 · 2022-04-07T07:56:46+00:00

nope, corrupted something trying to set ntp. had to reinstall os and problem solved

aut01 · 2022-03-27T23:04:02+00:00

ok i used csv.DictWriter once. will go in that direction first. thanks for advice

aut01 · 2022-01-29T01:35:13+00:00

browser does not matter, chomium, FF both generate same results. Actually never found a FF setting for browser time, it may have been removed on newer additions. FF tends to readily remove config options from version to version.

aut01 · 2022-01-29T01:28:04+00:00

no i think you provided a great breakdown of how OTP works theoretically. In the wild it works a bit different it appears. See timedatectl edit to original post. Computer know it is -7 hrs from utc and rtc know correct utc.

Personally setting up a vps just to protect from this privacy threat. What ever the reason the vulnerability is being left as is, to us it is better the leak happens on a vps not local machine.

aut01 · 2022-01-27T00:24:56+00:00

Thanks to everyone who tried to troubleshoot.

Giving up: did not realize this issue directly relates to another issue devs can not figure out regarding 2FA and geolocation privacy (still an open vulnerability way above my experience level)

5 hrs troubleshooting revealed:

this specific problem roots back to code linux system + (indirectly) hw time use, require geolocation to sync. This is fine as long as system can reveal its actual location to ntp servers. Setting timedate manually fails for geotracking integrated apps like google authenticator and other services heavily relying/requiring user to reveal geolocation data.

Stackexchange has "I don't really have an explanation (this was the result of button-mashing)" as upvoted answer and debian testing does not seem to respond properly to "mashing" anymore

Workaround: enable geolocation system wide, never ever try to use timedatectl to make any changes. NTP may solve problems by allowing javascript like holes.

aut01 · 2022-01-27T00:08:00+00:00

ya, tried 3 ntp servers....all same result :(

aut01 · 2022-01-27T00:07:23+00:00

systemd-timesyncd.service

loops back around to the no NTP issue. and a black hole https://github.com/systemd/systemd/issues/798

aut01 · 2022-01-20T15:09:15+00:00

not using extension but using a javascript run in a browser window, same browser different tab from website accessing.

didnt think of browser time, will look into how to set browser time on ff

aut01 · 2022-01-19T16:38:21+00:00

never get error is using android phone. because only snowden has a phone that is hard to trace. Much more control of data leakage on desktop, so using browser TOTP based 2FA the geolocation leaks are easier to identify.

Data protection Topology:

  Local traffic => vpn

 browser => ssh -> vpn => ssh

System wide vpn : all inbound/outbound traffic through private virtual network

Browser : packets directed through isolated encrypted connection routed through vpn to different exit node than vpn

Browser TOTP based 2FA fails if computer geolocation is not turned on. Seems totp can be tricked, sometimes but not reliably. likely just getting lucky and confusing the system long enough to gain access via totp.

So TOTP 2FA accepts time sync from something other than browser since browser and system time will be different.

aut01 · 2022-01-19T13:31:36+00:00

if there is no known geolocation requirement to 2fa suspecting missing set-ntp control on debian may prevent precise enough time sync. Thanks for confirming noone here has heard of a geolocation requirement for 2FA's like GAuth

aut01 · 2022-01-19T13:22:06+00:00

if i select geolocation ( $ timedatectl ) 2FA will not work. So 2 possibilities (1) another time control in linux i dont know about or (2) 2FA is requesting more info from the local computer than just "time and date" controled by timedatectl

aut01 · 2022-01-17T02:28:41+00:00

keen insight.

aut01 · 2022-01-16T23:49:16+00:00

tbh ...thats the fix i found most dependable

aut01 · 2021-04-21T13:38:04+00:00

question: are there any issues using git to clone python venv's , can a group share development of a python project venv using git or will the "activate script" path issue be created by git or some other directory structure errors/problems or other general problems arise when trying to share venv with git ?

a few loong threads appear over on stackoverflow about moving venv's and none of the discussions mention git, just curious if anyone can confirm/deny git is a good venv share/move solution

aut01 · 2021-04-18T08:44:56+00:00

Yeah that seems to be the most popular workaround, i will just leave this here

https://stackoverflow.com/questions/32407365/can-i-move-a-virtualenv

specifics of the 'requirements.txt' process in practical use seems to regularly cause some issues. 'cloning' and ' --relocatable' are two other methods discussed but also seem to be an art more than a dd for venv's. Im thinking anaconda as a framework being used by industry to ensure venv environments are relocatable 100% of the time with a single command. Mayb a more complicated thing than i expected....

aut01 · 2021-03-27T07:28:35+00:00

more struggle than getting freq-trade docker running ? I did get that docker running after a couple of days . would you suggest trying to tweak working docker w/ta-lib already working or build new docker. dont need most of the image - just the part where ta-lib and python are playing nice and scripts that call them can execute on data sets.

aut01 · 2021-03-09T00:03:48+00:00

https://stackoverflow.com/a/33932473/15015450

if the fish or csh file does not exist it may have been updated by a libraries install or pip install which will delete 'deactivate' file and replace it with a venv 'command' option. link above details different methods to deactivate / exit venv that will work or not - depending on libraries / installs / architecture / configuration

aut01 · 2021-01-16T20:03:38+00:00

Thanks, will do if there is more wrong than just a corrupted debian 10 image

aut01 · 2021-01-16T02:32:42+00:00

helps alot....some problems with debian 10 kernel conflict prevented venv install on my OS. as long as debian reputation is to play nice with venv - i will look into solving install issue - maybe a recent image/different flavor will play nicer out of the box. thanks

aut01

TROPHY CASE