Time for action – orchestrating a Misassociation attack
Follow these instructions to get started:
In the previous labs, we used a client that had connected to the
Wireless Lab
access point. Let's switch on the client but not the actualWireless Lab
access point. Let's now runairodump-ng wlan0mon
and check the output. You will very soon find the client to be in thenot associated
mode and probing forWireless Lab
and other SSIDs in its stored profile:To understand what is happening, let's run Wireshark and start sniffing on the
wlan0mon
interface. As expected, you might see a lot of packets that are not relevant to our analysis. Apply a Wireshark filter to only display Probe Request packets from the client MAC you are using. The filter should bewlan.addr==<your mac> && wlan.fc.subtype==0x04)
:You should now see Probe Request packets only from the client for the previously identified SSIDs.
Let's now start a fake access point for the network
Wireless Lab
on the hacker machine...