Monday, August 31, 2020

Wi-Fi Attacks Pre-Requisites

 

There are N number of ways to compromise a Wi-Fi router but generally you can't directly attack because your systems Wi-Fi module does not support Monitor Mode and Packet Injection. And also if you are using a virtual Kali Machine to perform a Wi-Fi attack then certainly you were unable to do so because Virtualized generally uses NAT (Network Address Translation) network which creates a subnet inside your machine where your host operating system acts a router to the VMs(Virtual Machines) so you don't really have a direct access to the real router.

What is Monitor Mode and Packet Injection?

Monitor Mode: or RFMON (Radio Frequency MONitor) mode, allows a computer with a wireless network interface controller (WNIC) to monitor all traffic received on a wireless channel. Unlike promiscuous mode, which is also used for packet sniffing, monitor mode allows packets to be captured without having to associate with an access point or ad hoc network first. Monitor mode only applies to wireless networks, while promiscuous mode can be used on both wired and wireless networks. Monitor mode is one of the eight modes that 802.11 wireless cards can operate in: Master (acting as an access point), Managed (client, also known as station), Ad hocRepeaterMeshWi-Fi DirectTDLS and Monitor mode.

Packet Injection: also known as forging packets or spoofing packets in computer networking, is the process of interfering with an established network connection by means of constructing packets to appear as if they are part of the normal communication stream. The packet injection process allows an unknown third party to disrupt or intercept packets from the consenting parties that are communicating, which can lead to degradation or blockage of users' ability to utilize certain network services or protocols. Packet injection is commonly used in man-in-the-middle attacks and denial-of-service attacks

Whats the solution?

Solution is to use a new Wi-Fi module which supports the Monitor Mode and Packet Injection, this solution in only viable if you are not using Kali Linux as a VM. But if you are using it as a VM then use an external Wi-Fi adapter.

Which adapter to choose?

Actually here the brand does not really matter that much, here you should looking for the correct chipset. Though the brand like Alfa have better injection rates and less chances of failures, then that of created by the local brands, but according to me chipset is the only thing which matters if you are just started learning Wi-Fi attacks and trying to attempt the attacks.

The following Chipset one should look for in a Wi-Fi adapter:
  1.  Atheros AR9271: This one is only capable to attack on a router working on 2.4GHz frequency.
  2.  Realtek RTL8812AU: This one is capable to attack on both 2.4GHz&5GHz frequency.
  3.  Ralink 3070/2870: It supports 2.4GHz frequency but I don't trust this chipset. 

Some Products which I/my friend have used  

Alfa AWSS036ACH

 

  • Alfa AWUS036NHA [b/g/n USB]
  • Alfa AWUS036ACH(a/b/g/n/ac) is the best performing card, but the driver can be unstable enough to crash your kernel
  • Alfa AWUS036ACM (a/b/g/n/ac) is the highest performing of the STABLE devices, but it requires kernel 4.19.5 or higher, and the driver doesn't work on the Raspberry Pi yet
  • TP-Link TL-WN722N v1(b/g/n) :[NOTE:Only the gen1 not gen2]
  • Ubiquiti SRX [a/b/g Cardbus]
  • Ubiquiti SRC  [a/b/g ExpressCard]

Where you can buy these things?

You can buy these form Amazon (website), Aliexpress and other well known online retailer but for some local made adapters you can check out your near by computer market and ask about adapters with Monitor Mode and Packet Injection, or you can also find some adapters on Zsecurity

link to buy from amazon India : https://amzn.to/2PsoBiw
  

You ask question in the comment section if you have any kind of doubts regarding the hardware.


No comments:

Post a Comment