Detects and protects from all kinds of ARP (Address Resolution Protocol) related attacks in Wi-Fi networks, like DOS (Denial Of Service) or MITM (Man In The Middle) Attack.

Protects your phone from tools like FaceNiff, Cain & Abel, ANTI, ettercap, DroidSheep, NetCut, and all others that try to hijack your session via MITM through ARP spoofing / ARP poisoning.

Features:
– Uses very few resources
– Uses no resources if Wi-Fi is disabled
– Nearly zero battery consumption
– Requires very few permissions. Requests only absolutely necessary permissions
– No configuration required, works off the shelf for novices
– Experts can change many settings to adapt the app to their needs
– Undetectable by the bad guy
– 100% silent and passive inside the network. Generates no noise
– Highly customizable notifications
– Plays ringtone on attack (optional)
– Vibrates in a given pattern on attack (optional)
– Easy to use one-click-interface as well as detailed network view for experts
– “Immunity” protects you without disabling Wi-Fi (root required)
– Can also disable Wi-Fi if you don’t have root access to your phone
– Logging of all spoofing attempts with details about the network and the attacker
– Works in complex wireless LANs, like vWLAN and WDS (please see FAQ)
– Detects networks already under attack
– Automatic countermeasures

Download:
https://market.android.com/details?id=com.gurkedev.wifiprotector

The WiFi Protected Setup (WPS) PIN is susceptible to a brute force attack. A design flaw that exists in the WPS specification for the PIN authentication significantly reduces the time required to brute force the entire PIN because it allows an attacker to know when the first half of the 8 digit PIN is correct. The lack of a proper lock out policy after a certain number of failed attempts to guess the PIN on many wireless routers makes this brute force attack that much more feasible.

Description:
WiFi Protected Setup (WPS) is a computing standard created by the WiFi Alliance to ease the setup and securing of a wireless home network. WPS contains an authentication method called “external registrar” that only requires the router’s PIN. By design this method is susceptible to brute force attacks against the PIN.

When the PIN authentication fails the access point will send an EAP-NACK message back to the client. The EAP-NACK messages are sent in a way that an attacker is able to determine if the first half of the PIN is correct. Also, the last digit of the PIN is known because it is a checksum for the PIN. This design greatly reduces the number of attempts needed to brute force the PIN. The number of attempts goes from 108 to 104 + 103 which is 11,000 attempts in total.

It has been reported that many wireless routers do not implement any kind of lock out policy for brute force attempts. This greatly reduces the time required to perform a successful brute force attack. It has also been reported that some wireless routers resulted in a denial-of-service condition because of the brute force attempt and required a reboot.

Impact:
An attacker within range of the wireless access point may be able to brute force the WPS PIN and retrieve the password for the wireless network, change the configuration of the access point, or cause a denial of service.

Solution:
We are currently unaware of a practical solution to this problem. Please consider the following workarounds:

Disable WPS
Within the wireless router’s configuration menu, disable the external registrar feature of WiFi Protected Setup (WPS). Depending on the vendor, this may be labeled as external registrar, router PIN, or WiFi Protected Setup.

Vendor Information:

Credit:
Stefan Viehböck

References:
– wi-fi-protected-setup-pin-brute-force-vulnerability
– Wi-Fi_Protected_Setup
– WCN-Netspec.doc
– wifi-protected-setup
– WPS Vulnerability Tesing – Google Docs
– disabling-wps-on-the-router

inSSIDer is an award-winning free Wi-Fi network scanner for Windows Vista and Windows XP. Because NetStumbler doesn’t work well with Vista and 64-bit XP, an open-source Wi-Fi network scanner designed for the current generation of Windows operating systems.

What’s Unique about inSSIDer?

• Use Windows Vista and Windows XP 64-bit.
• Uses the Native Wi-Fi API.
• Group by Mac Address, SSID, Channel, RSSI and “Time Last Seen”.
• Compatible with most GPS devices (NMEA v2.3 and higher).

How can inSSIDer help me?

• Inspect your WLAN and surrounding networks to troubleshoot competing access points.
• Track the strength of received signal in dBm over time.
• Filter access points in an easy to use format.
• Highlight access points for areas with high Wi-Fi concentration.
• Export Wi-Fi and GPS data to a KML file to view in Google Earth.

Download: Inssider_Installer.msi

More Info: inSSIDer Wi-Fi Scanner | Metageek

You can leech free wifi from some paid hotspots by monkeying around with the URLs.

Most paid wifi hotspots accept your browser’s request and then redirect you to a login page where you need to pay to access the network.
But some systems of this nature are set up in such a way that images and other direct file requests seem to slip through without the redirect to the login page.
It’s essentially an oversight on the network administrator’s part, so it may not work with every hotspot.

But here’s the hack: just append ?.jpg to the end of your queries to trick the network into loading the full web page for free.
The browser passes this info along as an extra parameter and the site in question will likely just ignore it, loading the page as normal.

Of course this tip comes from a blog post that’s nearly two years old, so there’s no guarantees.
But here’s the basic code, which I pulled from a commenter on Lifehacker’s write up:
if (window.location.toString().match(".jpg") == null) {
window.location.replace(window.location + '?.jpg');
}
Save that as JavaScript file and add it to Firefox via Greasemonkey and give it a shot.

Of course since there are plenty of free networks in most places, there isn’t much point to hacking paid networks.
But for situations like airports, hotels and other isolated, expensive networks, it could come in handy.

Is it legal? No idea. I’m not a lawyer, so use this info at your own risk.
If you try it, be sure to let us know how it works.