What this book covers
Chapter 1, Introduction to Wireless Penetration Testing, presents the general concepts of penetration testing and covers its four main phases with a particular focus on wireless networks.
The chapter explains how to agree and plan a penetration test with the customer and gives a high-level view on the information collection, attack execution, and report writing phases of the process.
Chapter 2, Setting Up Your Machine with Kali Linux, introduces the Kali Linux distribution and the included tools that are specifically designed for wireless penetration testing. Then we see the hardware requirements for its installation, the different installation methods, and also cover, step by step, installation in a VirtualBox machine, supplying the relative screenshot for every step.
After installing Kali Linux, the chapter exposes the features that the wireless adapter must meet to be suitable for our purposes and how to practically test these requisites.
Chapter 3, WLAN Reconnaissance, discusses the discovery or information gathering phase of wireless penetration testing. It begins with the basic theory of the 802.11 standard and wireless local area networks (WLANs) and then covers the concept of wireless scanning that is the process of identifying and gathering information about wireless networks.
We then learn how to use the tools included in Kali Linux to perform wireless network scanning, showing practical examples.
Chapter 4, WEP Cracking, speaks about the WEP security protocol, analyzing its design, its vulnerabilities and the various attacks that have been developed against it.
The chapter illustrates how command-line tools and automated tools can be used to perform different variants of these attacks to crack the WEP key, demonstrating that WEP is an insecure protocol and should never be used!
Chapter 5, WPA/WPA2 Cracking, starts with the description of WPA/WPA2 cracking, its design and features, and shows that it is secure. We see that WPA can be susceptible to attacks only if weak keys are used. In this chapter, we cover the various tools to run brute force and dictionary attacks to crack WPA keys. Also, recent and effective techniques for WPA cracking such as GPU and cloud computing are covered.
Chapter 6, Attacking Access Points and the Infrastructure, covers attacks targeting WPA-Enterprise, access points, and the wired network infrastructure. It introduces WPA-Enterprise, the different authentication protocols it uses and explains how to identify them with a packet analyzer. Then, it covers the tools and techniques to crack the WPA-Enterprise key.
The other attacks covered in the chapter are the Denial of Service attack against access points, forcing the de-authentication of the connected clients, the rogue access point attack and the attack against the default authentication credentials of access points.
Chapter 7, Wireless Client Attacks, covers attacks targeting isolated wireless clients to recover the WEP and the WPA keys and illustrates how to set up a fake access point to impersonate a legitimate one and lure clients to connect to it (an Evil Twin attack). Once the client is connected to the fake access point, we show how to conduct the so-called Man-in-the-middle attacks using the tools available with Kali Linux.
Chapter 8, Reporting and Conclusions, discusses the last phase of a penetration test, which is the reporting phase, explaining its essential concepts and focusing, in particular, on the reasons and purposes of a professional and well-written report.
The chapter describes the stages of the report writing process, from its planning to its revision, and the typical professional report format.
Appendix, References, lists out all the references in a chapter-wise format. We also cover the main tools included in Kali Linux to document the findings of the penetration test.
