Insecure information disclosure(SECURITY ISSUE) about wifite2 HOT 10 OPEN

Thanks for pointing this out. Unfortunately I'll have to hexedit the PCap file to change the MAC address (including all packets referring to that MAC). Or take new captures using a device with a spoofed MAC.

The capture file is actually from an old router that was sold off years ago, so while I'm aware of the implications of this information leak, I'll leave the capture file as-is for now and treat this as low-severity.

from wifite2.

??? The mac itself is a mute/null-value information "Leak", unless your suggesting that the MAC Alone is of any value your 'Bug report' is of no importance as frankly, there is no location/GPRS mentioned, thus the 'Netlink' router could be anyone of 700million devices made by them at any location on earth... thats before you put in the whole It could easily be a spoofed mac anyway (* Even though derv82 has said/implied this isnt the case *)

Seriously, bug report for a Random MAC address, is a pretty big waste of time.

from wifite2.

He is not wrong with his issue. With a MAC (even better than a wifi name) you can lookup its location. There are several services online available for free use where you can track people via their near WLANs. And if that router was recognized by any neighbor/guy on the street it is registered. And so his annoymity is leaked.

This does not take into account that there might be simpler ways to get his location, but the reason to point this out is valid and important.

from wifite2.

False:
You cannot locate a person accurately with merely the use of a MAC address, the entire comment is spoken in the manner of a person who likes to talk hacking but doesnt get it... If you had the faintest idea what you were talking about you wouldnt have even commented as the WLAN Base stations arnt even mentioned nor are they included...

The sum total of this persons false claim to information disclosure is
A4:2B:8C:16:6B:3A
which resolves to == NETGEAR
which with that MAC address, being identified as being a Netgear one, narrows derv82 down to 1 in 467025 in the world.

Im attempting to be polite, but frankly this entire bug report and now your reply, have been the funniest things ive seen all day!

@derv82 Mate ignore this stupid report :) Also im going to submit a couple code changes in next few weeks, just minor bug fixing and tweaks 👍

from wifite2.

I mean such services:
https://blog.mozilla.org/services/2013/10/28/introducing-the-mozilla-location-service/

You can lookup the mac and find its location. Possibly not in this (free) database, but in others. If the wifite author wants to hide its location, this gives possibly a good hint.

from wifite2.

@NicoHood Actually I suggest you read the link you just posted to, which both contradicts the claim your implying of his location being compromised and confirms my dissertation to its a non-value bug-report.
Firstly this thread relates ONLY to A4:2B:8C:16:6B:3A nothing else, there is no GPRS, Cell Tower Information (* why would there be?? ) nor anything else that can be used to track his location ( The Pcap file he was using which would contain the wireless networks information, is not included, thus, the information is not 'Public'/Compromised *). Regarding the "Other" databases, as stated earlier, there is estimated 467025 Devices/IoT in the world with MAC address A4:2B:8C:16:6B:3A, which narrows @derv82 's location down to... the incredibly accurate, precise and highly useful location of.... anywhere on Earth. Again this assumes the MAC being referred to is a true MAC and not spoofed.

from wifite2.

Oh and the Google API which used to allow the service of viewing which Routers worldwide they detected with the matching MAC address, which is what the OP is likely referring to, no longer exists due to French and European Legal action of such Services being a breach of EU Privacy laws (* 2014/2015 if i remember correctly ) and Google have been forced to securely erase all such information gathered from the Google Streetmap scanning ( which is what was detecting and mapping MAC addresses in the first place *)

from wifite2.

@NovaCygni I think the keeping of the cap file as is and marking the issue low priority is how you address a none value issue without turning into a mutant over someone who thinks privacy is important enough to give a head's up about a unsanitized pcap.

"oh by the way, I will be submitting some valid issues and small bug issues and tweaks. please be aware they will be coming!! valid ones. i'm valid. i'm much more valid. highfive winks thumbs up"

easy there boy..... gooood boy.... you are valid....

from wifite2.

@flyoffthehandle

1. OP has no idea about what he is talking about, a Mac Address, being shown, is of no risk on its own, for the numerous above stated reasons, neither to Derv himself or anyone else...
2. Derv and myself have communicated numerous times, small bug issues and tweaks would be the missing WPS/PixieDust features, and the issue with the Wash command not showing WPS enabled networks, not my project to be doing it for though, but happy to help Derv with pointers.
3. Who gives a toss about being Valid or being "Nice"... if you had read the comments instead of trying to be a white knight maybe you to would also have seen the point raised, was indeed as a I stated, Not valid.
4. mnt /dev/brain before trying to be sarcastic,,, someone made a innocent report because they thought there may be a issue, which was addressed and the matter was confirmed as "Not an issue", but for the sake of the Paranoid out there its been left as a "Low Priority" issue when they also freak out over this, they will come to this thread and see, "Its not an Issue". If you think I should compromise in the "Matter of Fact" way that was put forward thats your problem not mine, I havnt the time, nor patience for the pandering to the feelings of the emotionally unstable.
5. Great job Necromongering a old "issue" with a No-Value-Input, Non-Contributing comment geared around trying to be a white Knight.

from wifite2.

I know. You made most of that very clear over a year ago and I actually predicted there would be a little extra wrist slapping for my transgressions in your reply. It is not a privacy concern and not issue worthy. I was just curious if making that point was still an issue.

You got me though.
Very sorry.

from wifite2.