Packet Sniffing and Injecting
Introduction:
This is a multi-part tutorial that will show you the tools of wireless attacks and penetration testing.
This book covers a lot of the topics you’ll find on this site. However, it goes into much more depth. It goes in easy to follow, simple, step by step lessons. Highly recommended for anyone starting out in wireless security/hacking.
Tutorial 1: Setting up your wireless card.
Plug in the wireless adapter into your laptop’s USB port.
Log in, open up the console and type:
Now to put your wireless adapter into a monitor mode interface. To do this, simply type:
Tutorial 2: Getting networking on BackTrack
By default, backtrack does not boot with working networking, this is to increase its stealth when penetration testing. The easiest way to get networking is using the WICD Network Manager. Click Applications -> Internet -> WICD Network Manager. Then select your wireless access point and connect.
If you receive and error message that says “Could not connect to wicd’s D-Bus interface. Check the wicd log for error message.” then simply enter the following commands into your terminal:
Then restart your machine and the error should not occur anymore.
(Where “6” is the channel of your access point.)
This is a multi-part tutorial that will show you the tools of wireless attacks and penetration testing.
Required Hardware:
Most of this isn’t really required, but will be helpful on your hacking adventures.
- A laptop or two. One laptop will act as the penetration tester and the other will be the victim. Of course if you do not have two laptops you can use a desktop with virtual machines, which is what we will be doing for these lessons.
- One Alfa wireless adapter. This is sort-of required because the Alfa adapter will support packet injection and sniffing out as well as work with Backtrack right out of the box.
Alfa AWUS036H USB Wireless Long-Rang WiFi network Adapter with 5dBi Antenna - A wireless router that we can use.
D-Link DIR-601 Wireless-N 150 Router
- And finally, a connection to the internet.
This book covers a lot of the topics you’ll find on this site. However, it goes into much more depth. It goes in easy to follow, simple, step by step lessons. Highly recommended for anyone starting out in wireless security/hacking.
Tutorial 1: Setting up your wireless card.
Plug in the wireless adapter into your laptop’s USB port.
Log in, open up the console and type:
iwconfig.
The iwconfig command lists all wireless interfaces on your machine. In my case, I have my Alfa One adapter connected as wlan0. Typing iwconfig wlan0
will display more information about your wlan0 interface. The mac address that is displayed should match up with the MAC address written on the back of your wireless adapter.Now to put your wireless adapter into a monitor mode interface. To do this, simply type:
airmon-ng start wlan0.
The monitor interface will be named mon0.Tutorial 2: Getting networking on BackTrack
By default, backtrack does not boot with working networking, this is to increase its stealth when penetration testing. The easiest way to get networking is using the WICD Network Manager. Click Applications -> Internet -> WICD Network Manager. Then select your wireless access point and connect.
If you receive and error message that says “Could not connect to wicd’s D-Bus interface. Check the wicd log for error message.” then simply enter the following commands into your terminal:
root@bt:~# dpkg-reconfigure wicd
root@bt:~# update-rc.d wicd defaults
Then restart your machine and the error should not occur anymore.
Packet Sniffing and Packet Injecting
WLAN Frames:- Management frames: Management frames are responsible for maintaining
communication between the access points and wireless clients. - Control frames: Control frames are responsible for ensuring a proper exchange of
data between the access point and wireless clients. - Data frames: Data frames carry the actual data sent on the wireless network. There
are no sub-types for data frames.
Open wireshark by navigating the application menu or by typing “wireshark” in the console.
Once WireShark is open, Click Interface List (1). A second window will open with a list of interfaces that can capture packets. Notice our monitor device mon0 is there from when we set it earlier. Click on start (2) and WireShark will begin to capture packets and display them in the window. These are wireless packets which your wireless card (in my case the Alfa One Adapter), are sniffing out of the air.
Now lets sniff packets from our own access point. To do this, we are going to use airodump-ng. Airodump-ng is used to capture wireless packets which have WEP encryption with the idea that you will use aircrack-ng (don’t worry, we’ll get to that soon). But for this time around, lets turn off the encryption on our wireless access point.
Now open up the terminal and type:
airodump-ng --bssid 5C:D9:98:6A:64:8A mon0
Note:
5C:D9:98:6A:64:8A
is the MAC address of my wireless access point. To find yours, go to your wireless routerweb interface and look for status. There you should find the wireless mac address of your router.After airodump-ng finishes, you will see your access point with the channel it is running on.
Now we have to lock on to our access point by setting our wireless card to the channel of our access point. To do this, type:
iwconfig mon0 channel 6
(Where “6” is the channel of your access point.)
Now fire up wireshark, sniff for packet with your mon0 interface. Now type in the filter box:
(wlan.bssid == MAC ADDRESS HERE) && (wlan.fc.type_subtype == 0x20)
Packet Injecting
First we want to see only non-beacon packets in wireshark. So open wireshark and type in your filter box:
bssid ==
5C:D9:98:6A:64:8A
) && !(wlan.fc.type_subtype == 0x08).Note: Replace
5C:D9:98:6A:64:8A
with your own mac address.Then open the terminal and type:
aireplay-ng -9 -e "Hack Lab" -a 5C:D9:98:6A:64:8A mon0
Note: Replace Hack Lab with the name of your SSID and
5C:D9:98:6A:64:8A
with your own mac address.
Comments
Post a Comment