2021 International Conference on Informatics, Multimedia, Cyber and Information System (ICIMCIS)

Conformity Analysis of HTTP Strict Transport

Security (HSTS) Configuration and Implementation
Using Bettercap Tools
1stAmiruddin Amiruddin 2ndDaffa Akbar Putra Yusa 3rdRizky Ainur Rofiq
Politeknik Siber dan Sandi Negara Politeknik Siber dan Sandi Negara Politeknik Siber dan Sandi Negara
2021 International Conference on Informatics, Multimedia, Cyber and Information System (ICIMCIS) | 978-1-6654-2733-3/21/$31.00 ©2021 IEEE | DOI: 10.1109/ICIMCIS53775.2021.9699358

Bogor, Indonesia Bogor, Indonesia Bogor, Indonesia

[email protected] [email protected]. [email protected]

Abstract— Currently, HTTPS is commonly used because it configuring the use of HTTP strict transport security (HSTS)
offers more protection when compared to HTTP. However, it headers. Referring to RFC 6797, HSTS can be defined as a
does not rule out the possibility of attacks being carried out mechanism that allows a website to be accessed only through
against HTTPS. One of the features that can improve HTTPS a secure connection and for a user to direct interaction with a
security is configuring HTTP strict transport security (HSTS).
particular site only through a secure connection [6]. The
Unfortunately, not all HSTS is successfully configured and
implemented correctly due to administrator ignorance. The webserver declares most HSTS via the HTTP Response
purpose of this study is to provide an overview of what Header field [6].
configurations need to be done to run HSTS properly to increase HSTS policies can defend against HTTPS stripping attacks
the functionality of existing features and improve security.
Configuration conformity testing is done using three
to some extent. Unfortunately, there are still new security
parameters, i.e., max-age, includeSubDomains, and preload. issues such as misconfiguration due to the lack of
The attack attempts carried out in this exploratory study used understanding of the administrator about this HSTS policy.
Bettercap, which allows multiple types of attacks to be carried Errors in the configuration that set the max-age value too
out simultaneously. The results obtained from this study include large will cause the policy to work all the time, even if the
a list of parameters that need to be met as a condition of an server no longer wants to provide HTTPS services. This can
adequately configured HSTS on a website, such as the max-age have an impact on the inability of the website to be accessed.
value, which has a minimum value of 31536000. On the other hand, an error in the configuration that gives the
max-age value too small will invalidate the HSTS policy in a
Keywords— Configuration conformity, HTTP, HTTPS,
HSTS, Bettercap
short time that attackers can use to carry out Man in the
Middle attacks. In addition, there is also abuse of the
I. INTRODUCTION includeSubdomain and preload fields which makes HSTS
In this global era, communication and information vulnerable to denial-of-service (DoS) attacks. If the server is
exchange processes must be carried out quickly and not aware of being added to the preload list and does not
efficiently. One option to achieve this is to use wireless provide HTTPS service, then the website will fail to access
technology [1]. For the exchange of information to occur and [7].
run correctly, a protocol is needed to regulate it. In 2017, there was research that discussed the importance
Hypertext transfer protocol (HTTP) is an application-level of implementing HSTS to bring communication security to a
network protocol for distributed, collaborative, and higher level [8]. However, that research has not examined
hypermedia information systems used by the world wide web what parameters must be met so that the conformity of the
(WWW) to unlink web pages and jump from one page to the HSTS configuration can be achieved and runs well. Based on
next across search engines and websites [2]. In other words, these considerations, we decided to carry out an in-depth
HTTP provides a path for clients to communicate with the analysis of the HSTS configuration conformity. The
webserver. Then came HTTPS (HTTP with security), a conformity of the configuration will be tested by performing
secure version of the HTTP protocol [3]. HTTP and HTTPS attacks on the HSTS connection so that it can generate a list
have some differences, such as in the port used, where HTTP of parameters that need to be configured.
uses the transmission control protocol (TCP), which In this study, the Bettercap tool is used to carry out attacks
generally goes through port 80 to send and receive data on several examples of websites. Furthermore, an analysis is
packets over the web [2]. At the same time, HTTPS performs carried out regarding several parameters used in HSTS. Based
the process of sending and receiving data packets in the on the fulfillment of these parameters, it can be determined
connection is encrypted by transport layer security (TLS) whether a website has configured and implemented HSTS
using port 443 [4]. properly or not. Our purpose is to find out whether the correct
HSTS configuration can protect the communication flow from
Although HTTPS offers more secure communication attacks such as SSL strips and what parameters a website
when compared to HTTP, that does not mean that it does not needs to say that it is correctly configured with HSTS.
have vulnerabilities and threats. Examples of attacks against
HTTPS that will be discussed in this study include Man-in- II. BASIC CONCEPTS
the-middle (MitM) attacks [5], including Packet Sniffing, A. HTTP Strict Transport Security (HSTS)
ARP Spoofing, and SSL Stripping. Especially for SSL strip
attacks, there is an option to mitigate these attacks by HSTS can be interpreted as a rule that forces the use of
TLS in web browsers (agents) [9]. This enables effective TLS

978-1-6654-2733-3/21/$31.00
Authorized ©2021 IEEE
licensed use limited to: Mahasarakham 13
University provided by UniNet. Downloaded on September 05,2022 at 20:11:19 UTC from IEEE Xplore. Restrictions apply.
 2021 International Conference on Informatics, Multimedia, Cyber and Information System (ICIMCIS)

implementation by ensuring that all communications are mandatory [6]. Site configuration suitability classification will
carried out over a secure channel. The use of TLS by be based on the result of this parameters analysis.
browsers aims to reduce risks (threats) and prevent browsers
B. Bettercap
from navigating to sites that still use the HTTP protocol.
In this study, the attack simulations tested three types of
To implement HSTS, there should be an issuance attacks: packet sniffing, ARP spoofing, and SSL stripping. For
declaration of an HSTS policy, which is practically realized this, we used the Bettercap v2.29 tool from the KALI Linux
in addition to the HTTP Response Header called “Strict- 2020 device OS to know the vulnerabilities of websites that
Transport-Security” [9]. The HSTS header needs to be sent use HSTS with the correct configuration and websites that use
to the browser only if using HTTPS and otherwise ignoring it HSTS with the incorrect configuration.
if using HTTP. Once the web browser accepts the HSTS
policy, it will consider the server as a valid HSTS host, and Bettercap tool is a robust, expandable, and portable
the policy duration (max-age) will be stored internally [6]. framework that aims to offer researchers, red teamers, and
During this time, the client will convert unsafe URIs to HSTS reverse engineers an easy-to-use, all-in-one solution. It has
hosts (for domains to subdomains) to secure URIs (from many features needed to perform surveillance and attack on
HTTP:// to HTTPS://) before sending requests and will be Wi-Fi networks, Bluetooth devices, wireless HID devices, and
terminating the connection if an error or warning occurs. The Ethernet networks [10]. Bettercap is a MitM tool that can
connection will be closed if the HTTP is defined explicitly, perform various MitM attacks against networks, manipulating
while the client always uses the HTTPS. An example of a some protocols (HTTP, HTTPS, and TCP) traffic in real-time
connection can be seen in Fig. 1. and sniffing credentials [11].
B.1 Packet Sniffing
Packet sniffing, network analyzers, or packet tapping is a
process to capture packets that pass through a computer
network [12]. The packet sniffer is a software and hardware
mechanism used to obtain information that passes through a
computer network that uses any protocol (Ethernet, TCP / IP,
IPX, or others). The use of a packet sniffer is to create a NIC
(Network Interface Card), in this case, Ethernet in
promiscuous mode, to capture all traffic on the network [1]. In
this study, packet sniffing attacks will be carried out to capture
packets that pass between the target device and the webserver.
B.2 ARP Spoofing
Address resolution protocol (ARP) spoofing or ARP
Fig. 1. Communication ended by the browser when using HTTP
(upper) and replaced it with HTTPS (lower) poison routing (APR) is a technique used to attack wired
Ethernet or wireless networks [1]. ARP Spoofing allows an
In this study, there are three strict-transport-security HTTP attacker to generate fake ARP requests and ARP reply packets
response header field (STS header field) parameters of the to the target of the attack. Generally, attackers spoof the MAC
HSTS configuration on the website that have been analyzed. address of the gateway [13]. In this study, the ARP spoofing
The three parameters refer to RFC 6797 [6] are as follows: attack aims to convince the target to send a frame destined for
the gateway to the MAC address that the attacker wants. So
1. The “max-age” is a parameter of any value from 0 that the attacker will be able to read the packet sent by the
upwards, representing the time (in seconds) during which target and change the packet according to the attacker’s
the browser treats the domain or subdomain as an HSTS wishes.
host. A value of 0 has a special meaning for browsers, i.e.,
it should clear all policies for a given domain or B.3 SSL Stripping
subdomain.
In an attack on HTTPS using the SSL strip technique, the
2. Parameter “includeSubDomains” indicates that the attacker will use the MITM concept to eavesdrop and forward
browser must treat all subdomains of a particular domain communication. When the server responds to the client’s
as well as hosts of HSTS. request, the attacker will convert the HTTPS connection to
HTTP and forward the packet to the client on a normal HTTP
3. The “preload” is a parameter which is putting the preload connection [9].
domain on the HSTS preload list. Preload is used as a
solution to the problem of the browser not knowing the III. RESEARCH METHOD
policies of a site the first time you visit the site. Using the
HSTS preload, the browser will always use the HTTPS The method used in this study is a qualitative research
protocol in communication, even though it is the first method. This study aims to examine the effect of HSTS
communication done. configuration conformity on security features in an attack on
the connection. The basis of the research begins with
The parameters selected are the syntax of the STS header formulating a problem about what parameters must be met so
field and its directives. This parameter indicates to the user that a site can be said to have or have not configured and
agent (UA) that enforcing the HSTS Policy for the host implemented HSTS correctly. Next is to determine the type of
emitting the response message containing this header field is parameters on the HSTS, which will be analyzed to compare

14
Authorized licensed use limited to: Mahasarakham University provided by UniNet. Downloaded on September 05,2022 at 20:11:19 UTC from IEEE Xplore. Restrictions apply.
 2021 International Conference on Informatics, Multimedia, Cyber and Information System (ICIMCIS)

configuration conformity and look for legal sites to be used as The device targeted in this research is known as
attack targets. “DESKTOP-8AFR962” with IP address 192.168.43.47. The
In this study, the attacker is simulated to attack the next step is to configure Bettercap so that the attack can be
connection between the target device and the site using the run. Writing the command to carry out the attack can be seen
Bettercap tool, so it is necessary to configure the attacker’s in Fig. 4.
side so that the tool can run. Before the attack is executed, an
examination of the HSTS response header from the target site
will be carried out to determine the conformity of the
parameter configuration of the site. After the configuration of
the Bettercap tools completed and the parameter configuration
data from the site is obtained, an attack will be carried out
from the attacker’s device on the connection between the
target and the webserver. Fig. 4. Configuration on Bettercap tool

The attack results in responses obtained on the Bettercap The description of the configuration carried out on the
tools will be analyzed and adjusted to the parameters used on Bettercap tool is as follows:
the HSTS of the target site being tested. Based on the attack • set HTTP.proxy.sslstrip true: enable HTTP sslstrip.
data obtained, it is continued with making reports from the • set https.proxy.sslstrip true: enable HTTPS sslstrip.
research that has been done. Parameters with default values • set arp.spoof.internal true: enable internal network
such as max-age will be compared and displayed as an ARP spoofing.
argument why HSTS configuration is essential. An overview • set arp.spoof.targets (IP address): specify a specific
of the research stages used is shown in Fig. 2. target of ARP spoofing based on IP address.
• set net.sniff.verbose false: disable verbose sniffing
info.
• net.sniff on: activate the sniffer module.
• http.proxy on: enable HTTP proxy module.
• https.proxy on: enable HTTPS proxy module.
• arp.spoof on: enable ARP spoofing module.
After configuring as attached in Figure 5, the Bettercap
tool will automatically run packet sniffing, ARP spoofing,
and SSL stripping attacks simultaneously. Furthermore, there
will be four trials of access from the target device to four
different sites. The first try will target the website of
KORPSTAR Poltek SSN (korpstar-poltekssn.org). Korpstar
Poltek SSN is a web service created by the Senate Corps of
Poltekssn Cadets Organization. In addition, there is a login
page on the website, so if the user can log in, then the user’s
database will be visible—the target site is displayed as in Fig.
5.

Fig. 2. Research Method

IV. RESULT AND DISCUSSION

In the attack scenario, the target device (victim) is a
laptop with Windows 10 OS and uses the Mozilla Firefox
browser to visit several sites that will be tested. Attackers
(using KALI Linux) will carry out attacks using the Bettercap
tool against connections between the target device and the
webserver. When the Bettercap tool is turned on, the tool will
automatically detect or recognize other devices connected to
the same network as the attacker. As seen in Fig. 3. Fig. 5. Login attempt using an account of korpstar-poltekssn from the target
device

Based on the explanation in the previous section, one of

the HSTS parameters to be analyzed from this site is the
“max-age” value. If you use a browser such as Mozilla
Firefox, the max-age can be seen in the 'Headers' section on
the 'Network' tab using Inspect Element (Ctrl+Shift+I). The
Fig. 3. Another device connects to the same network as the attacker device use of the inspect element can be seen in Fig. 6.

15
Authorized licensed use limited to: Mahasarakham University provided by UniNet. Downloaded on September 05,2022 at 20:11:19 UTC from IEEE Xplore. Restrictions apply.
 2021 International Conference on Informatics, Multimedia, Cyber and Information System (ICIMCIS)

header of the https://ctflearn page is 63072000 seconds (720

days equivalent) which means the site will only run SSL for
the next 720 days and refuse to run non SSL connections.

Fig. 6. HSTS response header on korpstar-poltekssn.org has defined

includeSubDomain, preload, and the value of max-age
Fig. 9. Failed attempt to change the communication protocol HTTPS to
The first experiment found that HSTS was preloaded into HTTP on ctflearn.com
the browser, so even when entering the URL only wrote
korpstar-poltekssn.org the browser automatically connected
https://www.korpstar-poltekssn.org. While on the attacker's
side, the attempt to convert HTTPS communication to HTTP
was unsuccessful, but the Bettercap tool managed to capture
the credentials of the login attempt. But as seen in Fig. 7, the
credentials were not the original text (still encrypted).

Fig. 10. Website ctflearn.com reject and stop the communication using
HTTP

In the third experiment, an attack was carried out on the

Fig. 7. Credential captured form login attempt to korpstar-poltekssn.org overthewire.org site. The attack was carried out on one of the
The second experiment was conducted by targeting one 'Wargames' [14], namely natas1.natas.labs.overthewire.org.
of the challenges on the ctflearn.com site, namely The target is trying to do on this page is to authenticate by
https://web.ctflearn.com/web4. CTFlearn is a website that is entering a username and password. When the target is
used to learn some material about cybersecurity. In this authenticating, on the other hand, the attacker will monitor
challenge, the target (victim) is intended to gain access to the the data packets sent in the hope of convincing the target to
database by entering a value (string) and submitting it. When forward the frame to the specified MAC address, and the
Inspect Element is done, it is found that the site has attacker will be able to capture the credentials entered by the
configured HSTS in the response header (Fig. 8). When the target. The authentication attempt is shown in Fig. 11.
target tries to submit a string, on the other hand, the attacker
will use the Bettercap tool to detect, send frames, and monitor
packet traffic from the target to the web server and vice versa.

Fig. 11. Authentication attempt by the target device

When the Inspect Element was carried out, a discrepancy

was found in the form of the first access made to the
natas1.natas.labs.overthewire.org site via HTTP (not
HTTPS). It was caused by the HSTS status that had not been
previously loaded into the browser. In addition, the site
natas1.natas.labs.overthewire.org also does not have a direct
“includeSubDomain”. As seen in Fig. 12.
Fig. 8. Response Headers on the website of ctflearn.com indicating the
value of max-age=63072000

On the attacker side, all the attacks made on the second

experiment did not get any results. The redirecting process to
HTTP and attempts to obtain credentials failed because the
ctflearn server refused to send frames destined for the
gateway to the MAC address specified by the attacker (Fig.
9) and automatically cut off communication making the site
inaccessible (Fig. 10). Please note, the max-age value in the

16
Authorized licensed use limited to: Mahasarakham University provided by UniNet. Downloaded on September 05,2022 at 20:11:19 UTC from IEEE Xplore. Restrictions apply.
 2021 International Conference on Informatics, Multimedia, Cyber and Information System (ICIMCIS)

the webserver and gets all the credentials entered by the target
clearly (plaintext) and intact. As seen in Fig. 16.

Fig. 16. Credential targets successfully obtained by Bettercap tool

Fig. 12. URL Request on natas1.natas.labs.overthewire.org

Based on the results of trials conducted on several sites
such as korpstar-poltekssn.org, web.ctflearn.com,
In this third experiment, the Bettercap tool captured and natas.lab.overthewire.org, and wechall.net, it can be proven
got the credentials entered by the target in full and cleared. that ensuring the configuration and implementation of a
As seen in Fig. 13, the username and password of the target technology conforms to standards is essential. Summary of
were successfully obtained and displayed by the Bettercap configurations such as max-age values for some sites that
tool. have been tested is presented in Fig. 17.

Fig. 13. Target credential recorded by Bettercap tool

In the fourth experiment, the attack was carried out by

targeting the wechall.net site. Wechall.net is a challenging
site that focuses on computer problems. Users can log in and
complete challenges with various kinds of difficulty. Based
on the Inspect Element conducted on the wechall.net site
page, a discrepancy was found in the form of a first
redirection that did not lead to the root domain. Supposedly
the first redirection from the wechall.net site leads to the root
domain (wechall.net), but the first redirection to the address
www.wechall.net.
Fig. 17. The use of max-age parameter on tested website

In this study, it is shown that different configurations of

HSTS produce different security functions. Even though a
site has implemented HSTS, different configurations cause
the response or action to an insecure connection to vary.
Fig. 14. HSTS response header on wechall.net
Some sites disconnect communication entirely when the
connection used is not secure. An example in this study is
As seen in Fig.14, this site already has HSTS and is found on the website.ctflearn.com. Meanwhile, on the
configured “includeSubDomains”. However, the wechall.net natas1.natas.labs.overthewire.org site, the connection is still
site only has a max-age value of 86400 seconds, far from the running even when using an unsecured service. This can
minimum max-age value of at least 31536000 seconds [5]. happen because there are differences in the HSTS
The wechall.net site also has not put and specified preload configuration, namely the “includeSubDomains”, “preload”
domains on the HSTS preload list. So based on the and “max-age” values.
parameters used, it can be said that the HSTS configuration
on the wechall.net site is still not appropriate. Websites that have the includeSubDomains parameter
set, preload, and have a high max-age value, such as
web.ctflearn.com (63072000), force browsers to only use
secure connections (HTTPS) or can continue running non-
SSL connections after waiting for 720 days. The browser will
automatically cut off communication because the waiting
time is too long. Different things are found in
natas1.natas.labs.overthewire.org, which does not set the
includeSubDomains parameter, preload, and has a low max-
age value (604800) so that when an SSL strip attack is carried
out, the connection can be redirected using HTTP. The
Fig. 15. Input credential on website wechall.net from a target attacker can own the desired credentials.
device
When the attacker has run the Bettercap tool, and the HSTS configuration will be useless if done on-site without
target attempts to log in on his device, the Bettercap tool regard to the parameter standards set. On the wechall.net site,
manages to sniff the communication between the target and for example, the response header of this site shows that there
is an HSTS configuration marked by a max-age value of

17
Authorized licensed use limited to: Mahasarakham University provided by UniNet. Downloaded on September 05,2022 at 20:11:19 UTC from IEEE Xplore. Restrictions apply.
 2021 International Conference on Informatics, Multimedia, Cyber and Information System (ICIMCIS)

86400 but does not set the includeSubDomains and preload REFERENCES
parameters. The wechall.net site is also basically TLS-free, [1] A. Ariyanto and Asmunin, “Detecting Packet Sniffing on Wireless
and connections are run using HTTP only. This kind of HSTS Using ARP Watch,” Journal of Information Management, vol 8, no. 2,
configuration is useless as it fails to achieve its original pp. 178-181, 2018.
security goals. [2] R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, and
T. Berners-Lee, “Hypertext Transfer Protocol -- HTTP/1.1,” IETF,
RFC 2616, June 1999.
V. CONCLUSION
[3] D. Naylor, A. Finamore, I. Leontiadis, Y. Grunenberger, M. Mellia, M.
The conformity of the configuration and implementation Munafò, K. Papagiannaki, and P. Steenkiste, “The Cost of the “S” in
of technology is essential, including HTTP Strict Transport HTTPS,” Proceedings of the 10th ACM International on Conference
Security (HSTS). Based on the trials that have been carried on Emerging Networking Experiments and Technologies -
CoNEXT ’14. doi: 10.1145/2674005.2674991.
out, it is proven that to ensure that all available features can be
[4] E. Rescorla, “HTTP Over TLS”, IETF, RFC 2818, May 2000.
utilized optimally and to test whether the system has
implemented HSTS, it needs to perform all standard [5] M. Conti, N. Dragoni and V. Lesyk, "A Survey of Man In The Middle
Attacks," in IEEE Communications Surveys & Tutorials, vol. 18, no.
configurations wholly and correctly. Some essential 3, pp. 2027-2051, thirdquarter 2016, doi:
suggestions that can be considered in the HSTS configuration 10.1109/COMST.2016.2548426.
are as follows. [6] J. Hodgesl, C. Jackson and A. Barth, “RFC6797. HTTP Strict
Transport Security (HSTS),” IETF, RFC 6797, November 2012.
1. There is a need for configuration on the webserver to send
[7] X. Li, C. Wu, S. Ji, Q. Gu, and R. Beyah, “HSTS Measurement and an
the HSTS response header. Later, the HSTS web server Enhanced Stripping Attack Against HTTPS,” In: X. Lin , A. Ghorbani,
will immediately appear as a response header as Strict- K. Ren, S. Zhu, A. Zhang (eds) Security and Privacy in Communication
Transport-Security: max-age=expireTime [; Networks. SecureComm 2017. Lecture Notes of the Institute for
includeSubdomains] [; preload]. Computer Sciences, Social Informatics and Telecommunications
Engineering, vol 238. Springer, Cham. doi: 10.1007/978-3-319-78813-
2. The web browser must be able to understand the HSTS 5_25.
response header. [8] I. Dolnak and J. Litvik, “Introduction to HTTP security headers and
implementation of HTTP strict transport security (HSTS) header for
3. The initial HTTP request to the root domain must be HTTPS enforcing,” 2017 15th International Conference on Emerging
redirected to HTTPS immediately before being redirected eLearning Technologies and Applications (ICETA), 2017, doi:
to the "www" subdomain. 10.1109/iceta.2017.8102478.
[9] S. Puangpronpitag and N. Sriwiboon, “Simple and Lightweight HTTPS
4. The HSTS response header for HTTPS requests must meet Enforcement to Protect Against SSL Stripping Attack,” 2012 Fourth
the following conditions: "includeSubDomains" must be International Conference on Computational Intelligence,
specified, "preload" must be determined, and the "max- Communication Systems and Networks, Phuket, 2012, pp. 229-234,
doi: 10.1109/CICSyN.2012.50.
age" value must be at least 31536000 seconds (1-year
[10] “bettercap,” bettercap.org, [Online]. Available: bettercap ::
equivalent). Introduction [Accessed: 15 June 2021].
It is hoped that with good knowledge related to HSTS [11] “BetterCAP stable documentation,” bettercap.org, [Online]. Available:
configuration, the features and results obtained from using BetterCAP stable documentation [Accessed: 13 June 2021].
HSTS will be maximized to avoid many types of attacks [12] I. G. P. K Juliharta, “Business Impact Analysis of Computer Network
Applications Using Packet Sniffing Techniques,” Journal of Systems
currently spread in cyberspace [15]. and Informatics, vol 10, no. 1, pp. 149-158, November 2015.
The limitations of this study are the types of parameters [13] I. Ramadhan, H. B. Seta and R. Astriratma, “Wireless Local Area
used and the small number of websites used as samples. So Network Security From ARP Spoofing Attacks Using Passive
Detection Approach and Raspberry Pi-Based Deauthentication
that the comparison data of the configuration suitability is not Attacks,” National Seminar on Computer Science Students and Its
too large. In addition, the only web browser used in this study Applications, Jakarta, August 2020, ISBN 978-623-93343-1-4.
is Mozilla Firefox. [14] Thomas, “Engaging in OverTheWire's Wargames,” dev.to, October 7
2019, [Online]. Available: Engaging in OverTheWire's Wargames -
DEV Community [Accessed: 30 June 2021].
[15] A. S. Bodhe, B. S. Ram, and A. S. Umesh, “Attacks on Wireless
Network and Basic Tips for Securing Wi-Fi Zone,” IJIRMPS, vol 6, no.
2, pp. 235-240, 2018.

18
Authorized licensed use limited to: Mahasarakham University provided by UniNet. Downloaded on September 05,2022 at 20:11:19 UTC from IEEE Xplore. Restrictions apply.