Exploring Search History and Current Connections on Same WiFi: Router Access Queries

Question

This question has been bothering me for several years. I checked the information on the internet and found a few topics related to him. No specific answer was given in any topic. I hope that someone here will explain my doubts once and for all. I am asking for answers from people who are 100%...

WMichał · Answer

In both cases, you assume that someone has access to the network, and thus one of the methods may be eavesdropping on traffic using, for example, wireshark. Whether the results will be live or available back, depends on how long someone will be listening.

TvWidget · Answer

A router is a small specialized computer. Its internal software and configuration determine what it does.
Knowing the router's configuration password or any vulnerabilities in its security, you can mess with it a bit. DNS server address replacement viruses are quite popular. I think such an attack is called pharming. Among other things, it allows remote online monitoring of what users are downloading.

Operation of the router requires the storage of the IP addresses of the servers with which currently users are connected. Perhaps some models can read such a NAT table. However, the server's IP address is not the same as the HTML page address.

jarek7714 · Answer

You can, all you need is a router with OpenWRT Gargoyle as an ISP gateway / local network (you can have the entire history of pages and content entered into search engines, e.g. Google).

genuinejanbar · Answer

And Tomato?

pitron · Answer

At least 90% of websites on the internet are https and to see this traffic you have to decrypt it. The google search engine itself works by default on https.

Anonymous · Answer

Can not. To make it possible, the router must save traffic to logs and the second condition is access to the place where the logs are saved (e.g. to some NAS). If it is HTTP traffic then you can. All you need is a Wireshark sniffer (search the web) or something similar. If it is HTTP traffic NS (security) is NOT possible. That is why HTTPS was required in banks (so that the password could not be read by the sniffer) and that is why HTTPS has recently become common also on regular websites, e.g. Electrode.

jarek7714 · Answer

I haven't used it for years, due to limited device support, I don't know either? And what does this have to do with your own LAN-nothing, I have just checked by including the network monitoring option and the soft router saves everything http and https.

elektrobonkers · Answer

Hi, thank you for so many replies. The subject was supposed to dispel my doubts, but I can see that the opinions are divided. I will clarify my question. My point is whether in the above-mentioned circumstances it is possible to access the opened pages and carefully review what someone was doing on them. I do not mean data such as when the router worked, or information recording, which does not translate into a detailed result, i.e. the website address.

I am asking about it because it is hard for me to believe that it is possible. Imagine such a situation. A neighbor comes to us and asks us to provide wifi, we do it and can the neighbor monitor our activity on the net from then on? The second example, a client comes to our company and asks us for wifi, can this person monitor the company's activity on the Internet from now on? After all, this can already be used as economic intelligence. What if the apartment is rented by four strangers and shared one wifi? In such a situation, can either of them monitor the rest? Know what pages he opens when he logs in to e-mail, see exactly what content he enters on these pages, exactly as it looks in the search history of the search engine?

Anonymous · Answer

I've already explained it. If it is encrypted traffic (e.g. HTTPS) then no. Another move, unfortunately, and as I wrote Wireshark is the answer. Install yourself and listen to the noise you have in your network, coming from all devices, not only from your computer. [edited] And on a different barrel: do not pay anyone bitcoin for stolen data because it's a fake.

TvWidget · Answer

The sentences are not divided, but the question asked cannot be given a simple and unequivocal answer. Of course, full technical monitoring is possible. However, various safeguards are used against this. Some of them are easy to overcome and others require more resources. Whether someone decides to do it and what path they choose, depends on the value of the information they can obtain. It is similar with potential victims. Some people care about confidentiality and for others it is not particularly important. So in reality, the situations are very different. Many companies do not use WiFi and connection of a device to the LAN requires approval. There are also companies where you are not allowed to even bring a smartphone.

pikarel · Answer

You cannot distinguish logging into WiFi networks through which you access the Internet and LAN shared resources from logging into the router; only through them you can access its configuration and - if any - logs. I would like to add that only the idiot leaves the default login to the configuration of the network device. Where knowledge ends - imagination begins to work, fairy tales and myths are created, and then fear has big eyes.

Tommy82 · Answer

The wifi password and the router password should be different things. What the router shows after logging in is a software issue. With a note on https.

m.jastrzebski · Answer

There is no simple answer as usual. First, the wifi password should be different from the router password. Having access to the router and assuming it has the appropriate software, you can see each connection, but only on the basis of where and where traffic is going. You will not see what someone entered in the Google search engine, or the bank password, because this data is encrypted. You will only see which computer (ip address) connected to the ip address of Google or the bank. Having access to wifi only, you can see a part of the same information with the appropriate software, but it is more difficult and via wifi you will not see, for example, traffic from a computer connected with a cable, not using wifi. But it's much harder to get something this way. Good practice. Router and wifi password different. Access Point wifi creates two separate networks: one for the office / home, the other for guests. In turbo version, wifi access for guests with some time-limited code. I know a case of a car showroom where customers waiting for the service were given access to wifi without restrictions. Password never changed. Until someone pulled up to the gate at night and did something wrong from their address.

IC_Current · Answer

Then maybe I will answer yes - having access to the router or using the vulnerabilities in its software, you can easily get information about who and with what hosts on the Internet is currently connected. If the transmission is not encrypted, you can also see what who is doing and on what page. Of course, on some routers it is a matter of typing one command and uploading malware on another.
However, you do not need to have access to a router to view what someone else is doing on the network. If someone allows untrusted computers to log into the WiFi network, they are extremely irresponsible. 100% of home networks and 99% of small business networks are not immune to a simple ARP attack. After this attack, you can pretend to be any network device and take over all traffic to the Internet (or e.g. a NAS server). Then only traffic encryption at the application layer will protect against data theft.

elektrobonkers · Answer

Thank you for your time and answers. Another question arose. So, physically destroying the router will make it impossible to find the search results? Of course, for someone who tried to find something using wifi and router settings.

Anonymous · Answer

What's the router got to do with it? You didn't understand any of this

TvWidget · Answer

In general, archiving information in the router is possible but not very convenient. It is easier to save everything on a computer connected to the local network or send it online to an external server.

KOCUREK1970 · Answer

Your (your) operator stores all your online activities and must do so by law for 12 months. You can destroy equipment, but it doesn't change anything.

m.jastrzebski · Answer

Well, if you go to any page, treat the router with a hammer and connect a new one, no one will certainly see your search history, whatever you mean by that. But if it has malware, it can send out your search results on the fly. And dooopa.

WMichał · Answer

Another thing is that the operator also has a history of where you entered.

m.jastrzebski · Answer

Well, maybe the physical destruction of the operator's headquarters will help. A colleague really cares ...

KOCUREK1970 · Answer

I have such an impression that someone somewhere has messed up and is afraid of trouble. Or maybe he's even in trouble and is now asking what can they have on me?

Tommy82 · Answer

@ KOCUREK1970 It's like not much because Logs are scattered.

Anonymous · Answer

I have the impression that someone received an e-mail informing him not to dirty in front of the monitor and to pay the fee, because if not, it will be made public.

KOCUREK1970 · Answer

@Erbit And the e-mail is probably from a Sudanese prince who has a $ 30 million donation for us from the foundation, or an inheritance from some of our distant relatives about whom we do not know anything, and by the way, he sells IPhon 12 for PLN 1, that about reprogramming our router and ripping I will not mention the contents of all disks - did I miss something? Of course, this prince does not want any money for his services, bitcoins are enough for him

markooff · Answer

Of course it can. First of all, Colleagues forget that network traffic or network activity does not mean the necessity to eavesdrop on the CONTENT of packets. Often - in OSINT cases it is enough (/ gives quite interesting results) the mere analysis of CONNECTIONS (i.e. who, when with whom), web searches (e.g. how to make a bomb with home methods + attack a neighbor?) And, 2) which may not surprise everyone - analysis of queries to DNS servers. The vast majority of these are open (they fly in an open, unencrypted connection). 3) Sometimes the analysis of connections (those already encrypted) can also tell a lot, or rather their metadata (unencrypted), i.e. packet headers, often a real mine of useful information ... Of course, for further processing and planning a wider ... reconnaissance 4) If the company uses traditional e-mail (traffic to / from non-web clients), then another thing - over 95% of transmission using e-mail protocols is unencrypted (the use of PGP in Polish companies is really marginal). *) We discussed with the rest not so long about this wonderful / sad fact wider on Niebezpiecznik on a few recent mishaps (including software for box routers or prank with the President in the background) 5) Etc. / etc It all depends - so on what - and how much determined 'opponent' we have before us. in other words, WHOM we let into our internal network ... Personally - if I could attempt any advice in this respectable group - I would suggest separating the two matters. 1) internal network for the company and its critical interests (such as servers, employee workstations, communication, e.g. VoIP type, etc.). the same for the home network - a man who wants to keep some confidentiality. 2) internal networks for customers / guests. How to do it ? There are several (a dozen) ways, but the simplest one is to separate both networks (corporate and for customers) into separate subnets, then set separate VLANs for them and watch over who we connect where / to whom we give access, where. More radical (but inherently safer) and more costly is the physical separation of infrastructure to support both of these networks. So separate switches, APs and everything connected with some good (sensible) mikrotik / qbiquity class router. Then, performing any network traffic diagnosis / analysis, although still possible, is much more difficult. best regards *) - of course, you cannot forget about the STARTTLS standard, which is more and more often enforced on e-mail clients by hosting companies

Anonymous · Answer

Of course you can. What a colleague wrote is of course true. A colleague only forgets that such skills require ... tools and knowledge, and such for the average Kowalski who logs into the Wi-Fi network is unavailable. So from a formal point of view - you can, but who would like to come to the author's house with such knowledge and ... follow him personally via wifi. Therefore - you can't ;) [edited] Of course, a giant like Google has such knowledge and tools, and for him you can.

markooff · Answer

I understand my colleague's position

However, I believe that knowledge in this field is not so niche anymore, nor does it require (in part) any special capabilities or equipment. Exactly in this regard, which I started to describe. Therefore - if I were in the place of my colleague who asked and wanted to have more peace of mind about my internal / private matters - I would at least take care of creating a separate Wifi subnet - with the purpose of making it available to customers inside my premises.

UPD: of course - unless I invite only my colleagues for whom I know "as much as they can and can" :)

best regards

Anonymous · Answer

I understand my colleague's position and I even support them! We all remember the times when you walked with a laptop around the estate and connected to unsecured WiFi networks, and times when only banks could afford SSL (that is, the rest of logins and passwords flowed through the links through wide open channels). Unfortunately, the awareness of users (including company ones) is nonexistent, and an attempt to identify holes and try to patch them involves costs, and these often determine the issue of security Well ... we all know how it is and there is no need to pull this thread in this direction.

Exploring Search History and Current Connections on Same WiFi: Router Access Queries

Post #1

Post #2

Post #3

Post #4

Post #5

Post #6

Post #7

Post #8

Post #9

Post #10

Post #11

Post #12

Post #13

Post #14

Post #15

Post #16

Post #17

Post #18

Post #19

Post #20

Post #21

Post #22

Post #23

Post #24

Post #25

Post #26

Post #27

Post #28

Post #29

Post #30

Topic summary