Difference between revisions of "WiFi Sniffing"
MMehlfuehrer (talk | contribs) |
MMehlfuehrer (talk | contribs) |
||
Line 25: | Line 25: | ||
The following steps are needed to get the password: | The following steps are needed to get the password: | ||
1) | 1) Use monitor mode on the wireless interface using the AP channel | ||
2) | 2) Using airodump-ng on AP channel, collecting needed handshake | ||
3) | 3) Use aireplay-ng to deauthenticate a wireless client in the network | ||
4) | 4) Use aircrack-ng to crack the key using the collected handshake | ||
Revision as of 10:11, 17 December 2021
Summary
Sniff Wi-Fi traffic using wireless interfaces supporting monitor mode and packet injection (*). WPA/WPA2 uses various types for authentication. Aircrack-ng is only capable of cracking pre-shared keys! Meaning only networks using PSK can be attacked. (To determine if a network uses PSK, airodump-ng is used). The method used to crack the pre-shared key is a plain brute force attack. This means the PSK needs to be in the used dictionary for the brute force attack. If it is not in the list, aircrack-ng can not determine the key. For WPA/WPA2 cracking the initial 4-way handshake is needed. This handshake is conducted between a client and the AP, when a client tries to connect to the network.
Requirements
- Operating system: Kali Linux 64 Bit
- Wireless card: One that can inject packets Injection test
Prerequisites
The following information of the hardware used is needed:
- MAC of PC running the attack:
- MAC of a wireless client in the network:
- BSSID:
- ESSID:
- Channel used by AP:
- Wireless interface:
Description
Overview
The following steps are needed to get the password:
1) Use monitor mode on the wireless interface using the AP channel
2) Using airodump-ng on AP channel, collecting needed handshake
3) Use aireplay-ng to deauthenticate a wireless client in the network
4) Use aircrack-ng to crack the key using the collected handshake
Open a terminal.
Display your wireless interfaces:
iwconfig
Connect the external Wi-Fi adapter to your host computer.
iwconfig
The newly added interface in the list is the external adapter. In my case it was 'wlan1'. In the following steps I refer to the external adapter as 'wlan1'.
Start monitor mode on the external adapter (**):
airmon-ng start wlan1
The previous command creates a new interface called 'wlan1mon'. Verify with:
iwconfig
Display active Wi-Fi networks:
airodump-ng wlan1mon
Remember the channel of the network you want to attack. In my case it was channel 11.
Set your adapter to the appropriate channel:
iwconfig wlan1mon channel 11
Verify the frequency:
iwconfig wlan1mon iwlist channel
Start capturing data:
airodump-ng --channel 11 -w alfa wlan1mon
Filter URLs from captured traffic:
urlsnarf -p alfa-01.cap
Filter pictures from captured traffic:
driftnet -f alfa-01.cap -a -d Pictures/
Disable monitor mode:
airmon-ng stop wlan1mon
(*) Test if the adapter supports injection:
aireplay-ng -9 wlan1mon
Detailed information about wireless adapters available in ELVIS can be found here.
(**) This command did not work with ALFA NETWORK AWUS036ACH and ALFA NETWORK AWUS036EAC. The following commands are an alternative way to start monitor mode on the adapter:
ifconfig wlan1 down iwconfig wlan1 mode monitor ifconfig wlan1 up
Results
Browser | urlsnarf | driftnet |
---|---|---|
Microsoft Edge (Windows 10 host) | no results reading the pcap file | no results reading the pcap file |
Mozilla Firefox (Windows 10 host) | no results reading the pcap file | no results reading the pcap file |
Google Chrome (Windows 10 host) | no results reading the pcap file | no results reading the pcap file |
Google Chrome (Android host) | no results reading the pcap file | no results reading the pcap file |
Samsung Internet (Android host) | URLs captured | images captured |
Used Hardware
- Windows 10 host
- Kali Linux host
- Samsung Galaxy A8
- LG Nexus 5X Google Smartphone 32 GB, Android 6.0 Marshmallow, Carbon
- Panda 300 Mbps Wireless N USB Adapter PAU05
- Alfa AWUS036ACH Wide Range AC1200 Wireless Adapter
- Alfa AWUS036EAC AC1200 USB Wireless Adapter