I was looking online for scripts on scripts on determining
geolocation via BSSID. Many of the scripts were based on skyhook api
which were broken due to changes in the api. The “Share Location”
function by Google seems like an excellent alternative and it is very
accurate unless you live in the middle of the desert.
Using Tamper This (Firefox Addon), I am able to find out the information that is passed to Google. Yes, I was too lazy to look up Google’s geolocation APIs
.
It seems that the browser is passing information about neighboring wireless access points to Google.
The information that are passed to Google include BSSID, SSID and RSSI (Received Signal Strength Index) of the access points.
Using these information, Google is able to pinpoint your location accurately.
Sometimes it is useful to find out the an accurate location of a remote target especially when geolocation identification using IP address is vague.
We can hide and run this inside in a Java applet.. No one clicks RUN on a Java applet right?
Currently, the applet outputs the below information to the Java console. It can be modified to send the information to a remote location instead.
What the applet does is that it runs the below system commands to gather information about the access points and pass it to Google so that we can determine your Geolocation accurately.
Below are the system commands that are called by the Java applet to gather the information required.
1. Windows
netsh wlan show networks mode=bssid
2. Mac
/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s
The applet works on a Mac / Windows OS for now.
The below is the actual URL which retrieves the longitude and latitude based on the access point information
https://maps.googleapis.com/maps/api/browserlocation/json?browser=firefox&sensor=true&wifi=mac:[mac_address]|ssid:[ssid_name]|ss:[rssi]&wifi=mac:[mac_address]|ssid:[ssid_name]|ss:[rssi]
The below query string is passed to Google to retrieve the Street Address using the GPS longitude and latitude.
https://maps.google.com/maps?q=[longitude],[latitude]&iwloc=A&hl=en
This attack can be made more persistent in future by modifying the Applet to install an agent remotely on the target and then reporting back to the control centre with the updated gps location even after the user had closed the browser.
If you are starting to get paranoid over Wifi, please use the good old LAN cable and disable your wireless card.
You can install QuickJava and NoScript add-ons in Firefox to disable Java, Javascript, Flash, Silverlight and all other goodness from your browser.
But by doing so, you probably will realize that you aren’t able to access 2/3 of the internet after doing so.
I am looking into submitting this to #beefproject in the near future once I fixed some bugs in my #beef module. I suck at #beef.
You can download the files via this link http://flashmirrors.com/files/19vzwqlffpij9rf/getGPSLocation.zip
If you are just interested in the source file, you can get it from here http://pastebin.com/zKENyhXv
[Updated: A windows executable version of the program has been uploaded to http://flashmirrors.com/files/0t0rjparbzcaxfc/getGPSLocationWin.zip]
Using Tamper This (Firefox Addon), I am able to find out the information that is passed to Google. Yes, I was too lazy to look up Google’s geolocation APIs
.
It seems that the browser is passing information about neighboring wireless access points to Google.
The information that are passed to Google include BSSID, SSID and RSSI (Received Signal Strength Index) of the access points.
Using these information, Google is able to pinpoint your location accurately.
Sometimes it is useful to find out the an accurate location of a remote target especially when geolocation identification using IP address is vague.
We can hide and run this inside in a Java applet.. No one clicks RUN on a Java applet right?
Currently, the applet outputs the below information to the Java console. It can be modified to send the information to a remote location instead.
What the applet does is that it runs the below system commands to gather information about the access points and pass it to Google so that we can determine your Geolocation accurately.
Below are the system commands that are called by the Java applet to gather the information required.
1. Windows
netsh wlan show networks mode=bssid
2. Mac
/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s
The applet works on a Mac / Windows OS for now.
The below is the actual URL which retrieves the longitude and latitude based on the access point information
https://maps.googleapis.com/maps/api/browserlocation/json?browser=firefox&sensor=true&wifi=mac:[mac_address]|ssid:[ssid_name]|ss:[rssi]&wifi=mac:[mac_address]|ssid:[ssid_name]|ss:[rssi]
The below query string is passed to Google to retrieve the Street Address using the GPS longitude and latitude.
https://maps.google.com/maps?q=[longitude],[latitude]&iwloc=A&hl=en
This attack can be made more persistent in future by modifying the Applet to install an agent remotely on the target and then reporting back to the control centre with the updated gps location even after the user had closed the browser.
If you are starting to get paranoid over Wifi, please use the good old LAN cable and disable your wireless card.
You can install QuickJava and NoScript add-ons in Firefox to disable Java, Javascript, Flash, Silverlight and all other goodness from your browser.
But by doing so, you probably will realize that you aren’t able to access 2/3 of the internet after doing so.
I am looking into submitting this to #beefproject in the near future once I fixed some bugs in my #beef module. I suck at #beef.
You can download the files via this link http://flashmirrors.com/files/19vzwqlffpij9rf/getGPSLocation.zip
If you are just interested in the source file, you can get it from here http://pastebin.com/zKENyhXv
[Updated: A windows executable version of the program has been uploaded to http://flashmirrors.com/files/0t0rjparbzcaxfc/getGPSLocationWin.zip]
No comments:
Post a Comment