We live in a world of open and I mean wide open 802 11 networks, we could go to an airport and find an open network, we can go to a coffee shop and find an open network, we can go almost anywhere and find an open network. Now, that's kind of a good thing because it provides us instantaneous and easy access to the internet, which is mainly why we're doing this. And there's no other really easy practical way to handle that other than passing everybody out pre shared keys or giving me everybody usernames and passwords on 802 dot one x. So the bottom line is, is we live in a world of open networks. The problem with this is open networks, by definition are absolutely wide open. Now to show you how bad the problem is.
I've got a little setup here. So what I have here is a little home router. This is a little asis 802 11 ac home router, very popular. I use these in all my courses. Over here I've got my windows 10 laptop, he's just a regular laptop, nothing special and he is connected to a wireless network called Simple, which is being passed out by this guy. And over here, I've got my Linux system, I'm running Kali Linux with a whole bunch of toys up and running.
And I'm using a very special wireless network card that is designed to allow us to be able to go into a promiscuous mode to get out there and monitor what's going on in the network. And we can do all kinds of fun stuff like this. So with this little setup in mind, one of the things you need to understand first and foremost is anything that I'm doing on here, unless very specific things are done on an open network. I can see it all over here. Now here I have Kali Linux running over on this system. And what you're looking at is all the data that I've captured off this wireless network, don't look too close kids, I didn't give you anything that you can actually do any danger to me with.
So being able to just capture data is fairly trivial. Now, of course, you'd have to be good at Wireshark and you'd have to know how to follow tea. TCP streams and be able to look for different types of data searching for HTTP searching for someone being silly enough to check their email insecurely do something like that. But if you're comfortable with Wireshark, you basically got keys to the kingdom, and you can look at anything you want. So, in and of itself, that's already bad, but I can make it worse. One of the problems we run into is the idea of using cookies for sessions.
So I could go up to a particular website, and I will create a session cookie that will exist during the length of whatever session I might have. Now, these session cookies hold different types of information. And a lot of times, especially if you're typing in usernames and passwords, what will happen is this website will go to HTTPS, and you type in your username and password securely, which I'm not going to be able to do anything with. But then the server is going to pass down a cookie, which gives your authentication information in it. So this can be a big problem. So one of the tools we can use is, for example, what I have over here is a wonderful tool called cookie catcher.
Cookie catcher only has one job, he looks out to anybody who's passing out just cookies, just HTTP cookies, that's all he's looking for. And he grabs them, and it brings him down into the system. And if I want to, I can go ahead and do something called a replay attack with these, let me show you how this works. Here's my happy little victim computer merrily logging onto the internet onto some URL that is insecure. So we'll call it some very insecure sounding name. Now, a lot of times when people log in if they're typing in usernames and passwords, a lot of websites will shift to HTTPS for the actual authentication of that particular system.
So this is done in such a way that it's encrypted, nobody can get to it. However, a lot of times after this has done some form of cookie holding authentication information is held on the victim computer. Now, us using our evil computer over here, we can use tools like cookie catcher to intercept the actual cookies, the cookies themselves are not sent over secure, they're sent over insecure, only the actual log on itself was. So we can grab this, make a copy for ourselves. And even after the victim leaves, we can go ahead and use the authentication information in this cookie to an essence replay just as though we were the original victim ourselves. And that is a classic replay attack.
So what do we do to protect ourselves? What can we do on our good computers to prevent these bad computers from sniffing our networks? What do we do to keep these bad guys using tools like cookie catcher from grabbing our cookies and taking out all that SSL information and using it against us in these replay attacks? Which by the way is also known as SSL stripping. So be comfortable with that term. So what can we do?
Well, there's a lot of things you can do. Number one, use secure protocols when you're on insecure wireless networks. If you're going to be doing FTP, use secure FTP, if you're going to be getting email, use secure email, do what you can to be secure. In particular, though, I want to concentrate on HTTPS because well, people use the web a lot. So I want to talk about, in particular, some of the things we can do. Number one, what I'd like you to do is that you need to watch your browser bar.
So if you take a look up here, you can see right here, I'm on a secure website. Of course, it says HTTPS, but it also shows very, very clearly secure. Now over here is a very insecure website. This is my own website. Trust me, if you try to buy something online, we go very, very secure, but at this point, it is insecure. So you need to be able to have the wherewithal to think about what are you doing on a particular Or site, you might be on just one particular website, but it can pop from HTTP to HTTPS.
If you're insecure, you probably don't want to be typing in usernames and passwords on that particular page. Now the problem is, as security people, we can think this much about it. Unfortunately, users don't. So we need tools to help them make sure they're always in a secure environment. One of the great tools we use, and I use this in Chrome all the time, is something called HTTPS Everywhere. So if you take a look right up here, you'll see I've added a little extension called HTTPS Everywhere.
And what I'm going to do is I'm going to turn it on by blocking all unencrypted requests. Now, right now, you'll see that I'm on a insecure website. Watch what happens. When I go back in, you'll see that it's popped instantly to a secure www dot total sem.com. And that's the power of HTTPS. In fact, making people use it HTTPS is so critical that even the industry has developed protocols where servers require your browser to go to HTTPS.
This is known as HTTP strict transport security or hsts. It is a beautiful thing. It pretty much automagically does what HTTPS Everywhere does for you. So it's a very, very powerful tool, but only on servers that actually use it. So between hsts and HTTPS Everywhere, and watching the little green bar at the top, I'm pretty safe from bad guys doing naughty things. Now there's one more thing I'd like to add.
That is a VPN. If you really want to be secure. What you do is get on the internet but have everything go through a VPN. Now you got to be careful here. You could have a corporate VPN where you dial in to the internet and get on blind for your corporate stuff, and that's great. But a lot of corporations will set up a VPN Not for you to just access the internal network.
But as a tool that makes sure all the corporate computers, when they're at airports or when they're in some foreign country with open networks can be guaranteed that anything these machines do, allows them to do it through the VPN, even just general browsing. Now, you've got to be careful with this. I want to show you some VPNs. And again, I'm doing this in Chrome. If you go through, you'll see that there's a lot of extensions that are offered in Chrome and and no way am I going to offer any of these up to you these different VPN proxies. The problem with these VPNs is that well, they're free.
So anytime something's free, that means you're the product so they tend to look at information you may not want them to. Also these VPNs that you'll see are often used by bad guys that what they'll do with the VPN is that they can set the VPN so they come out in the UK if they want to watch Manchester United or some soccer team. So there is a bit of nefarious side for using these VPN as well as a very good aspect of it, and that is simply using it to prevent bad guys from doing things in open networks. So there you go. We've got a number of different tools for you. You're going to be seeing a lot of this on the exam.
So take some time to be comfortable you can do to protect yourself on open networks.