Programs for selecting Wi-Fi passwords. Hacking wifi! How to find out the Wi-Fi password


Nowadays, wireless networks are used literally everywhere. It is fast, convenient, reliable, does not require a lot of cables around the house and gives freedom of movement when using the device. Wi-Fi technology was designed to be a secure network that can only be accessed by participants who have a password. But over time, people found vulnerabilities in the protocol itself and its implementations, causing networks to become insecure.

Accordingly, new versions of the protocol were released to solve old problems. So, first the WEP encryption algorithm appeared, then WPA and WPA2. The latter is the most reliable at the moment. Since the inception of this type of wireless communication, many tools have been created for Wi-Fi security testing and hacking. If you want to be sure that your network is safe, you better know what attackers can use to attack it. In this article we have collected the most popular Wi-Fi hacking programs.

1.Aircrack

First on our list is Aircrack or Aircrack-ng. It is the best WiFi hacking software and the most popular wireless network security testing tool. Essentially, it's a set of tools that can do almost anything, but only work from the command line. Each tool in the set performs exactly one function. Here are the main ones: searching for available networks and viewing detailed information about them (airodump), capturing network packets and filtering them (airodump), setting up a network interface to work in monitor mode (airmon), sending packets to the network (aireplay), brute force passwords using algorithms or a dictionary (aircrack), traffic decryption (airdecap).

The principle of operation is quite simple: first the attacker must switch the card to monitor mode, then find your network and start collecting packets or other data from it. As soon as he gets what he needs, he will move on to brute force the password. In the case of WEP, only a large number of packets will be enough and the password will be found with 100% probability. For WPA, you need to intercept the handshake that is sent the moment you connect to the Internet. And then you can sort it through the dictionary. The simpler the password, the faster it will be calculated. The program is cross-platform and can run on Windows and Linux.

2. AirSnort

AirSnort is another popular utility for obtaining a password from a Wi-Fi network. It only works with WEP networks. The password is searched using special algorithms. The program monitors all data transmitted on the network and, when it intercepts a sufficient number of packets, decrypts the password from them. Available for Linux and Windows and very easy to use. The last time the program was updated was three years ago, but it is still relevant and working.

3. Kismet

Kismet is a different type of program. This is a Wi-Fi 802.11a/b/g/n wireless network analyzer and intrusion detection system. Very often this tool is used to solve problems with Wi-Fi networks. Kismet works great with all Wi-Fi cards that support monitor mode. Works on Windows, Linux, MacOS and BSD. The program allows you to intercept packets of different protocols: a/b/g/n -, as well as detect hidden networks. If a GPS is connected to the computer, the program can save the location where the network was found on a map.

4. Fern Wi-Fi Wireless Cracker

Another good tool that will help improve the security of wireless networks. It allows you to view transmitted packets in real time, as well as detect devices connected to the network. The program was developed to identify shortcomings in network protocols and eliminate them. Works on Linux, Windows, MacOS.

The program can recover WEP/WPA keys in the same way as Aircrack does, as well as WPS keys using brute force. Can be used to test Ethernet networks. To crack WPA/WPA2 keys, dictionary search is used, and for WEP the following algorithms are available: Chop-Chop, Caffe-Latte, Hirte, ARP Request Replay. The tool is actively being developed and is constantly receiving new features.

5. CoWPatty

CoWPAtty is a program for hacking Wi-Fi on a PC by brute-forcing WPA/WPA2 passwords using rainbow tables. This is a variant of a dictionary attack that is slightly faster than regular brute force. The utility cannot intercept handshakes. She needs to transfer already intercepted packets. Everything works in the command line interface. If the password is in the list, the program will find it. But the speed of the program very much depends on the complexity of the passwords and their number.

SHA1 is used to represent the SSID name, which means that a new rainbow table will have to be created for different access points. In the latest versions, developers have tried to increase speed by using a hash file that contains 172,000 entries and more than 1,000 of the most popular SSIDs.

6.Airjack

Airjack performs functions similar to aireplay. This is a utility for sending packets to a wireless network. It can be used to perform denial of service attacks and MITM attacks. This can be useful when creating a fake access point when you need to jam the main one.

7.WepAttack

Another simple tool for cracking passwords for WEP networks. Like previous similar tools in the list, it allows you to recover a password from a number of intercepted packets. But for the program to work, you need a card that supports monitor mode.

8. Wifiphisher

The operation of this tool is very different from what we have seen before. If all the tools described above are aimed at technical vulnerabilities of the protocol, then social engineering is used here. The utility obtains a password from a WPA/WPA2 network using phishing. It disconnects the user from his network and connects him to hers. And then it displays a message in the browser that the user must enter the Wi-Fi password to install updates. The password is then passed on to the hacker, and the user continues to use the Internet, unaware of what happened.

9. Reaver

Reaver is a WiFi password cracking program that allows you to obtain the cipher from WPS networks by brute force. The utility works based on the fact that the WPS PIN can be tried an unlimited number of times. It was last updated 4 years ago and most routers have already received protection from the vulnerability, but not all.

10.Wifite

Wifite is a tool similar to Reaver, also written in Python and also designed to hack WPS networks. It operates using a similar brute force method, but is newer and has several additional functions. Works only on Linux.

11. WepDecrypt

WepDecrypt is a tool for cracking WEP networks, written in C. Several key cracking methods are supported, ranging from dictionary attacks to analysis algorithms. Some system libraries are needed for the program to work.

12. Pyrit

Pyrit is an excellent tool for performing dictionary attacks on WPA/WPA2 protocols. Written in Python and can run on FreeBSD, Linux, Windows and MacOS. The utility supports parallel computing using a video card using Cuda or OpenCL, which means it can be very efficient. But this is still a dictionary attack, which means the more complex the password, the more secure it is.

13. Infernal Twin

Evil twin is a tool for creating a fake Wi-Fi access point. The user connects to the fake network and transfers his data to it. It can be used to steal passwords, intercept traffic, phishing, and much more.

14. Pixiewps

Pixiewps is a new tool for selecting PINs for WPS, written in C. It supports offline PIN guessing, without connecting to a network, searching for vulnerable networks and using the Pixie Dust attack. To work, you need a modified version of Wifite or Reaver.

Description Reviews (0) Screenshots

    commit connection to any network within reach- Isn’t this the dream of every device user? However, in order to make a successful connection and use traffic, you should first find out the password for successful verification. And if you don’t have a direct way to find out the network connection key, you should download a Wi-Fi hacking program onto your computer, which will allow you to seamlessly connect to any active access point.

    Wi-fi hacking algorithm

    The Aircrack-ng utility itself, which is designed specifically for hacking wireless networks, is a package and consists of a whole collection of utilities that serve not only the purpose of finding and intercepting network traffic, but also provide a direct connection to the network through its own channels. The processing stages, followed by direct use of the network completely free of charge, are presented below:

    • Initially, the program conducts audit of all types of encryption for areas vulnerable to burglary;
    • Checking the resistance of the equipment to hacking, which will be done after the client wants to download a program for hacking wi-fi, will lead to a certain result. If the outcome is favorable, you will be given the opportunity to intercept and decode packets to gain access.

    A special feature of the application is the complete absence of an interface, which, in fact, is a disadvantage and an advantage at the same time. All control is done through context menus, and the result will become known to you after connecting to the desired network. It is worth noting that the application itself was quite well put together: it has its own dictionaries and a unique password selection technique, which often gives positive results.

Here are the most popular and best Wi-Fi hacking software. If you do not understand some terms (“handshake”, “monitor mode”, etc.), then read “” - a lot will become clear.

Switching to monitor mode

If there is a need to install a Wi-Fi audit program on another distribution, for example, on Linux Mint or Ubuntu, then installation instructions for some of them can be found on the Kali.Tools website.

Hacking Wi-Fi on Windows

To be able to hack Wi-Fi in Windows, you need a wireless card that supports monitor mode, and its driver must support this mode. This support is not available for Wi-Fi adapter drivers in Windows. Therefore, it is not possible to capture a handshake on Windows.

There are a few exceptions - high-priced commercial products that include wireless card drivers that support monitor mode. Like Linux, only some hardware is supported.

Although almost all programs for auditing Wi-Fi networks are made for Linux and only work there, some of them are cross-platform. For example, to brute force using graphics cards on Windows, you can use Hashcat, which works great on this operating system.

In general, of course, it is recommended to use Linux for testing wireless networks, especially specialized distributions such as Kali Linux and BlackArch.

Hacking Wi-Fi in Kali Linux

All of the programs listed work on Linux. As already mentioned, some only work on Linux. It is especially convenient to use distributions for penetration testing, since these programs are already installed in them and are updated as new versions are released along with other packages.

The most popular such system is.

Most of the documentation has been prepared for it, including the book “” in Russian.

Programs for quick Wi-Fi hacking

Some resources report programs for “fast” or “instant” Wi-Fi password cracking. Typically these are .exe files for Windows. They are used to defraud gullible users of money or to spread viruses.

Hacking Wi-Fi takes time and knowledge. The programs used for auditing are based on the knowledge of many wireless network security researchers, which requires open exchange of information, so most of these programs are free, i.e. they are free and open source.

Quick hacking of any Wi-Fi network (or devices of a certain manufacturer) is impossible in principle. Especially in Windows, which does not provide monitor mode for drivers. Auditing wireless networks requires certain hardware, as well as appropriate software - usually several programs, since Wi-Fi protection is reliable, and hacking wireless networks is carried out in several stages.

How to Use Wi-Fi Hacking Software

General information about the types and directions of attacks, as well as examples of launching tools can be found at the following links:

  • Article " "
  • Kali Linux Tools
  • Book " ".

This instruction is intended to familiarize wireless network owners with effective Wi-Fi hacking techniques so that they can ensure the protection and security of their personal home network. It is not recommended to use the instructions described below to use someone else's Wi-Fi, although they allow you to do this “incognito”.

That is, it is not possible for ordinary users of Wi-Fi networks to determine the real IP of the hacker, which means the identity of the hacker remains unknown. The real IP of the “freeloader” can only be recognized by a person who has legislative power, using which he can gain access to information from the provider). Thus, whether or not to use the following guide: “How to hack WiFi?” for selfish purposes lies entirely on the conscience of the user himself.

Basic techniques for hacking Wi-Fi

Developments in the field of protecting information networks are advancing by leaps and bounds, but hacking technologies are always a couple of steps ahead of them.
Considering the ubiquity of wireless networks, today among owners of laptops and mobile gadgets the question is especially relevant: “How to hack someone else’s Wi-Fi?” Fortunately, there are many methods for solving it, so everyone has the opportunity to choose the most preferable one for themselves.

It will take a little effort to master them and then the malicious smile will no longer leave the face of such a user, because he can always (where there is Wi-Fi) stay in touch for free and download whatever he wants from the Internet for free.

Students are especially interested in such hacking skills. After all, with the money saved, it is more expedient to please the growing body with a couple of milkshakes than to pay a stipend for the services of the provider.
If a person has a computer with a WiFi module, then free access to the network can be provided without spending a lot of time.

The easiest way to connect is to detect an unsecured network:

  1. Through the “Control Panel”, enter the “Network and Internet” tab;
  2. Go to “Network Connection Center”;
  3. Next, open the “Network Connection” tab;
  4. A list of networks will appear from which you should select one that is not password protected and connect to it.

If you encounter difficulties in detecting an unpassword-protected network, it is recommended to install the “Free Zone” program. She will make the connection herself. In addition to the fact that the utility is automatically able to quickly find and connect to unprotected Wi-Fi, it contains a rather large database of saved passwords for wireless networks, which is regularly updated by application users. Thus, the more people use it, the more likely it is to connect to one of the wireless networks within the attacker's radius.
If such a simple method turns out to be powerless, then you can use the selection method.

Often, router owners set access codes that are easy to remember, for example, consisting of seven or eight identical numbers or symbols, or simply enter “12345678” or “QWERTY”, for example, the most popular wifi passwords in Russia and the world. Obviously, such passwords can be easily guessed even manually, and special applications can cope with them in a matter of minutes.

Also, many users liked the method “Phishing”. The method is based on the hacker’s manipulations, forcing the owner of the Wi-Fi network to give out the name and password.
Hackers widely use the “Interception” method, in which a request is sent to connect to the router from a smartphone or laptop. The router and the hacker’s mobile gadget exchange data (the “Handshake” process), which contains an encrypted password.

To decrypt the received code, special applications or services are used.

Brute force programs for automatic password selection

Brute force is a technology for selecting access codes automatically by a program.

Experienced users write such applications themselves. They specifically hack the target network, mailer, resource, etc. Also, many hackers use ready-made utilities. For example, “Proxy Grabber” automatically displays information about connecting to servers.

The attacker receives a file with all the data, which is then used in the brute force application. A library with combinations of names and passwords is also built into the application (libraries are common on hacker forums and are constantly being updated). The utility automatically changes the proxy, so the web server cannot identify the attack, and therefore the hacker.

Brute force analyzes about one or two hundred streams at a time. The higher this number, the faster Wi-Fi hacking will be carried out. However, the number is limited by the power of the PC. On low-power computers, it is necessary to run no more than 100 combination checks simultaneously; therefore, with such values, the procedure can take a long time (sometimes it takes several days).

The most popular applications for brute:

  • Appnimi Password Unlocker.

Resolving the password using the device PIN code

To unravel the password to a Wi-Fi network protected by WPA/WPA2, you will need:

  • PC with Wi-Fi adapter (almost all laptops and netbooks already have built-in modules);
  • USB flash drive of at least 2 Gb;
  • Utility "" for Windows.

It is recommended to perform basic operations in the Linux environment, although it is also possible to carry out your plans using the Windows OS, but in Linux everything is much simpler. It is necessary to format the USB flash drive and save the “WiFi Slax” package on it.

Wifi-Slax is launched directly from external media, just expand the contents of the “boot” directory and click on “Wifislax Boot Installer”. Next, specify the s parameter and click “Enter.” Then start the PC from the created flash drive and perform the following sequential steps:

  1. Specify loading with the SMP kernel and wifislax with KDE with adjustments;
  2. Wait;
  3. After the download is complete, it is recommended to change the MAC of the laptop by executing “ifconfig wlan0 down” in the console;
  4. Now open the Macchanger application;
  5. Click “Change MAC”;
  6. Exit the utility and execute “ifconfig wlan0 up;” in the console.
  7. Open the utility “minidwep-gtk”;
  8. Click “Scan”;
  9. Wait;
  10. If the points found support WPS technology, then they will be the easiest and fastest to hack.
  11. Beginner hackers are recommended to hack points with active WPS and only after gaining experience move on to complex tasks. Select the point and click “Reaver”;
  12. Click “ok”;
  13. Wait;
  14. The utility will show the password;
  15. If the attack was unsuccessful due to WPS blocking, then the package recorded on the USB drive contains tools to bypass it;
  16. If no points with WPS are found, then it is very easy to guess the password when at least one PC or mobile gadget is already connected to the network. Waiting for someone (the victim) to connect to Wi-Fi. You should select it and click “Attack”;
  17. The wireless module built into the laptop will generate interference and the “victim” will be disconnected from Wi-Fi;
  18. Of course, the victim will predictably try to connect again, and in this case a “Handshake” of the victim’s device with the router will occur, exchanging data that is easily intercepted. Captured information is saved as files;
  19. Next, you should write the files to the laptop’s memory and restart;
  20. Launch Windows on a laptop;
  21. The copied files contain an encrypted Wi-Fi access code. To view it, you will need to install the “Elcomsoft Wireless Security Auditor” utility;
  22. Click import data – TCPDUMP;
  23. After that, click on “Ctrl” with one finger and, without releasing it, click on the button with the English letter “I”;
  24. Specify copied files;
  25. Click “Run...”;
  26. Wait;
  27. Ready.

Note: WPS is an encryption technology vulnerability. The connection is made using a PIN code. For example, a PIN can contain eight characters, that is, after going through about a hundred million PIN code options, hacking a Wi-Fi network will be successfully completed. The disadvantage of the technology is that it is possible to divide the PIN into a couple of parts. As a result, it is necessary to analyze parts of a maximum of four characters, and this reduces the number of options by several orders of magnitude (up to 10 thousand).

We use phishing

Many users liked the method – “Phishing”. The method is based on the hacker’s manipulations, forcing the owner of the Wi-Fi network to give out the name and password.

Basically, the “hook” is thrown through an email message or a social network, but in the case of Wi-Fi, the “victim” will begin to suspect something is wrong. Therefore, the hacker builds a different trick, for example, he organizes a duplicate network with an identical name (the name of the victim’s Wi-Fi and the one created by the hacker are the same). As a result, when the unlucky user connects to a fake Wi-Fi, he specifies a password. The owner of the fake network easily reads the entered access code and disables it. Then, in normal mode, it connects to Wi-Fi, because it already knows the password.

The technique is easy to implement, however, hackers are lazy and have made hacking even easier by developing a special application “Wifiphisher”.

The following steps must be followed:

  1. Install the WiFi Fisher program on your PC (it is freely available on the Internet);
  2. Disconnect users from Wi-Fi;
  3. Wait until the program switches the victim’s router to access point mode and makes a duplicate network with the same name;
  4. Next, the utility will perform some additional auto-tuning;
  5. Then the application will display a fake window on the victim’s PC or device, which will ask you to update the software;
  6. The victim will specify a password to update the software;
  7. Since the owner of the fake menu is a hacker, the password entered by the victim will be displayed on the monitor of his PC;
  8. It is done.

Many convenient programs have been created with extensive databases of logins and passwords for Wi-Fi networks around the world. These utilities collect Wi-Fi access codes entered by users and continually update them.
The utilities are simple and have intuitive menus. Often the user only needs to activate the Wi-Fi search and select an available network.

The most popular programs are:

Not very popular, but no less effective, include the “Wi-fi map” and “Swift WiFi” programs. They clearly show the user Wi-Fi points on the map and automatically connect to the nearest point.

Some users have high hopes for ensuring the security of their network by filtering by MAC address, however, in practice, even a novice hacker bypasses such protection faster than the owner of the router logs into the device’s web configurator with administrator rights.
The procedure for changing the MAC of a wireless adapter in Linux takes only a few seconds, for example, with the “ifconfig wlan0 down” command. Also, the Macchanger utility allows you to automatically assign random MACs, as a result, even a technically advanced network owner will be confused. And if the victim uses a white list, then the Airodump-ng application helps determine the loyal address. The utility displays allowed MACs in the “STATION” column.

Note: You can also identify a valid MAS using Brute force, which was already mentioned at the beginning of this article.

The mdk3 application can also select MAC in brute force mode. The main advantage of the utility is the ability to detect MAC even in the absence of devices connected to the wireless router. For example, you can use the command: mdk3 wlan0 f -t 20:25:64:16:58:8C -m 00:12:34.

Protecting your WiFi network from hacking

The more layers of protection you provide, the longer and more difficult the procedure for hacking your network will be, and a novice hacker may even abandon the idea altogether. Therefore, it is recommended to use all the recommendations described below without missing any.

Set a password to enter the router web configurator

  1. In the router’s web interface, open the “System Tools” tab.
  2. Next, enter the “Password” subsection and set a secure access code. Be sure to click “Save” when finished.
  3. Set an access code for the Wi-Fi network.
  4. Go to the “Wireless” tab and then go to the “Wireless Security” subsection. Set the encryption type to “WPA/WPA2” and use your imagination to set a complex password.
  5. Save the entered parameters and restart the router.
  6. Hide Wi-Fi name
  7. Open the “Wireless” tab again. Uncheck the “Enable SSID Broadcast” box.
  8. Click “Save”.

Determine the MAC of devices that will be allowed to connect to Wi-Fi (for example, you can see the smartphone address in the “About phone” settings section). Next, open the “Wireless MAC Filtering” subsection in the “Wireless” tab.

  1. Click “Enable” and activate the “Allow the stations specified by any enabled entries in the list to access” box.
  2. Next, click “Add New...”.
  3. Specify a MAS with an allowed status.
  4. Click “Save”.
  5. Disable QSS (WPS).
  6. Open the “WPS” tab (in some interfaces of router models it is called “QSS”). Click "Disable WPS".
  7. Restart the router.

The easiest way is to install the free “Kali Linux” application from the app store on your smartphone or tablet and run it.

Using the program does not cause problems, since most of the processes in it are automated. If it is impossible to install the above utility, it is recommended to find and install “Linux Deploy” in the market, the menu of which is also not complicated.

Despite the ease of installation of these tools, they are advanced hacking tools that even a novice hacker can understand.
Advanced users often use “WiFinspect” for hacking. It allows you to display detailed information about the operating modes of detected networks. The program is also freely distributed, but some of its functions require root.

If you have Root permissions, you can also use the powerful “Wifi Analyzer” tool. It successfully copes not only with Wi-Fi networks at a frequency of 2.4 GHz, but also 5 GHz.

Owners of Apple phones can successfully hack their neighbor's Wi-Fi by installing "Airslax" or "Aircrack-ng".

What are the dangers of using your neighbor's wifi?

Some open neighborhood networks that are not encrypted and have no protection against interception are dangerous to use.

Since every attacker who connects to such Wi-Fi is able to intercept and scan the traffic of any clients.

If the network is encrypted and protected, then the danger is reduced, but in order to use such Wi-Fi, you will have to hack it, and this is punishable under Articles 272 and 273 of the Criminal Code of the Russian Federation.

Obviously, in order to punish a hacker, you will need to find him, for example, by identifying his IP. It should be noted that for this the victim will need to make a corresponding request to the provider company. Communications companies that provide communication services for Internet access can only release information to DMV employees or people from government agencies with even greater power. It is not possible for ordinary individuals to obtain the data directly.

After identifying the burglar, he will be held accountable under Art. 272 (“Illegal access to computer information”) only if it is proven that the victim’s data has been deleted, encrypted, changed or copied.

Punishment for hacking networks

Punishment under Article 273 will follow in the case of writing applications that aim to erase (encrypt-block, change, copy) information or when using and distributing such utilities.
If the hacker used access to the global network for a long time and the victim suffered damage of more than 250,000 rubles. When paying for traffic downloaded by an attacker, the attacker will be punished under Art. 165 (Causing property damage to the owner...).

Many utilities have been developed for hacking Wi-Fi networks. Some of them may seem too simple to use, but this does not reduce their effectiveness. Applications are released for all existing platforms; below we will consider the most popular of them.

Under Windows

The most popular platform in the world has the largest number of hacking applications released.

Wificrack— Works almost completely automatically. A selection technique is used.
Steps:

  • Run “WifiCrack.exe”;
  • Mark network;
  • Click “Next”;
  • Activate the password database and click “Start”;
  • Wait;
  • Now the application directory contains the file “Good.txt”, which displays the password and login.

Kali LinuxSteps:

  • Install Kali Linux in a Vmware virtual machine;
  • Launch the program and select “Live”;
  • Wait;
  • Enter "iwconfig";
  • Write down the displayed interface name on a piece of paper;
  • Run “airmon-ng start wlan0”;
  • Then “airodump-ng mon0”;
  • Click “ctrl + c”;
  • Enter “wash -i mon0 –C”;
  • Specify Wi-Fi with WPS;
  • Enter “reaver -i mon0 -b (the name that was written earlier on a piece of paper) -a –vv”;
  • Wait;
  • The login and code will appear on the monitor.

For Android

It may not be entirely convenient to use a laptop for hacking. The use of a compact Android gadget is much more invisible.

WPS ConnectSteps:

  • Once installed, launch the program and tap on the icon circled in red in the screenshot below;
  • Tap on the victim's network;
  • Tap “Show password” and the access code will be displayed.

WIFI WPS WPA TESTERSteps:

  1. Tap “Update”;
  2. A list of networks will be displayed (next to which there is a green padlock that can be hacked);
  3. Connect to the selected Wi-Fi;
  4. The access code will appear on the display.

WifiKill— If there are too many devices connected to Wi-Fi and the connection limit has been reached, then this application will help free up vacant space. Steps:

  1. Tap “Update”;
  2. Click “Grant”;
  3. Wait;
  4. A list of clients connected to Wi-Fi will appear;
  5. Select the client and tap “grab”;
  6. Next, click “kill”;
  7. Now you can safely work online.

For iPhone

Owners of Apple devices often use “Aircrack-ng”, which intercepts information and quickly cracks codes.

iPhone owners often use “iWep Lite”, which simply requires turning on and then specifying the Wi-Fi to be hacked. The utility will perform the analysis automatically and show the access code.

Today we present to your attention a set of free programs with which you can hack a WIFI network. Or check your WIFI access point for resistance to hacking.

Netstumbler

Website: www.stumbler.net

Definitely one of the most famous and best wardriving tools. The stemmer has only one task - to detect access points on the air, read the SSID and write the received information to a log file along with the coordinates, if a GPS receiver is connected to the program. After successful wardriving, information about the found APs and location data can be exported to a log file, converted using numerous converters into the KML format Google understands, and in a couple of seconds display all access points on the map using Google Maps or desktop program Google Earth.

To search for live access points Netstumbler uses active scanning techniques, i.e. not only listens to the broadcast, but also sends special frames every second. It must be said that specific LC/SNAP frames generated by the stemmer are easily recognized by modern IDS systems. In addition, active scanning will not help you find hidden access points, but the collection of information itself is not a fountain.

For example, Netstumbler can only recognize the fact that network encryption is being used, without specifying which mechanism is used. In addition, the program flatly refuses to work under Vista and is unlikely to ever want to do so. As a result, we get an excellent program if you need to scan the air for the presence of access points and record their coordinates, but only under Windows and without the hope of obtaining any other valuable information.

Vistumbler

Website: www.vistumbler.net

Well, okay, but what if the laptop/netbook has Vista or Win7? In truth, the ability to actively scan access points is in the system itself. This is done using the netsh console utility:

netsh wlan show networks mode=bssid

netsh wlan show networks mode = bssid

However, the craftsman Andrew Calcutt quickly whipped up a GUI interface in which the command output is brought into a neat form and combined with information about the location of detected APs, reading it with the current GPS coordinates.

Under niks, by the way, there are similar utilities that parse the output of the iwlist command. It's funny what Vistumbler written using the AutoIt tool to automate various actions, allowing you to develop applications even for people who have never really heard of programming. Wherein Vistumbler not only works, but works perfectly, displaying, in addition to the signal level, the vendor’s MAC address, the encryption system used, and other parameters.

Data on the location of the found points can be exported “on the fly” to KML format and their appearance on the map via Google Earth can be tracked in real time. Wardrivers will also find the function useful, with the help of which the signal level is indicated using various sound files. To be fair, it should be said that in Netstumbler It was also possible to pull off a similar trick, but only with the help of external scripts.

inSSIDer

Website:
www.metageek.net/products/insider

Upset by the fact that Netstumbler has not been developed for several years and does not work with Vista or even 64-bit XP, Charles Putney decided to write his own utility for searching for Wi-fi networks, after which he published the source code on the well-known portal The Code Project. The idea was picked up by Norman Rasmussen, after which a new version was born inSSIDer‘a, built on the Native Wi-Fi API. Insider like Netstumbler uses active scanning methods, and displays all the information found about access points in a tablet, flavoring the data with beautiful signal level graphs. The tool is very simple - nothing superfluous, but I often use it to search for Wi-Fi spots and determine the protection they use.

Kismet

Website:
www.kismetwireless.net

And this is already a full-fledged Nix application for searching wireless networks, sniffing, and even intrusion detection. Kismet radically different from Netstumbler and tools similar to it in that it uses passive scanning to determine wireless networks (without broadcasting anything). Moreover, the methods used make it possible to determine some information about clients connected to the network, as well as to find hidden (non-beaconing) networks, however, only if there is some activity in them. Kismet can automatically determine the used ranges of IP addresses, intercepting TCP, UDP, ARP and DHCP packets, dump traffic into a format for Wireshark/TCPDump, and even determine the approximate distance to the access point (working with GPS, of course, is supported).

It is noteworthy that after more than 5 years of development, the creators are about to delight us with a completely new release. In particular, at the end of May, Kismet-2009-05-RC1 was released, in which the interface was radically redesigned (ncurse is still used), configuration files were redone, new options were added for data filtering and a new warning system, CPU load was optimized, the system was improved plugins. As for the port for Windows, it exists, but it was implemented by CACE and, alas, only works with special Wi-Fi adapters Cace AirPcap.

Aircrack-ng

Website: aircrack-ng.org

Aircrack-ng- a full-fledged software package for hacking 802.11 WEP (Wired Equivalent Privacy) Encryption and WPA/WPA2-PSK keys for WiFi networks. The set itself consists of several utilities and includes airodump (a sniffer for 802.11 networks), aireplay (a tool for injecting Wi-Fi frames), aircrack (WEP cracking and WPA-PSK brute force), and airdecap (decoding intercepted WEP/WPA files). In general, cracking WEP requires a certain number of captured packets: once the required number of frames are captured, aircrack-ng will be ready to carry out a static attack on the WEP key. Now Aircrack-ng supports three methods for “recovering” the key:

  • the first method is through a PTW attack: the main advantage is the small number of intercepted packets needed to crack the WEP key. But the method only works with arp packets, and this, naturally, is a big drawback;
  • the second option is through FMS/KoreK attacks. The method includes various static influences (FMS, KoreK, Brute force) to search for a WEP key and requires more packets than in the case of a PTW attack;
  • the third option is selection using a dictionary (word list), used mainly for cracking WPA/WPA2 keys.

Full version Aircrack-ng exists only for Linux, although a “underversion” for IVND is available on the official website. The developers honestly warn that for it to work, you need to modify the DLL yourself specifically for your Wi-Fi adapter.

Technitium

Website: www.technitium.com

Surprisingly, MAC address filtering is still a fairly commonly used protection. However, she can really restrict access from random onlookers, but from wardrivers... well, let the guys play around :). In this case, only clients that are included in the list of trusted machines can connect to such APs. Bypassing such protection is as easy as shelling pears - you just need to change the MAC address of your wireless adapter to a trusted one.

A suitable MAC can be easily determined using the same Airodump utility by intercepting a couple of packets. The macchanger utility will help you change the MAC address under nicks. As for Windows, there are quite a few programs here, including paid SMAC and free Technitium. Both only require you to select a network adapter and specify the desired MAC address for it. Make sure that the address has been successfully changed (command ipconfig /all in the console) and try to establish a connection. Unfortunately, you can easily fail the first time, since an authorized client may already be connected to the network. The same Void1 program and deauthentication packages will help you evict him from there.

void11

Void11 used to deauthenticate wireless clients from an access point, or, more simply put, to force clients to disconnect from an access point. After such a disconnection, the wireless client will automatically try to connect to the access point (repeat the association). And each time you reconnect, traffic will be generated, which is needed to select the key. In addition, you can disable the client, take its MAC address and thus bypass MAC address filtering. Unfortunately, Windows tools do not allow this, but a similar trick can be easily implemented under niks using this utility:

void11_penetration –s CLIENT_MAC –B ACC_POINT MAC –D wlan0

void11 ​​_ penetration–s CLIENT_MAC –B MAC _ ACCESS_POINTS–D wlan0

Asleap

Website:
www.willhackforsushi.com/Asleap.html

If, during scanning, your installer shows the word CISCO in the Vendor (equipment manufacturer) column, it would be a good idea to remember the LEAP (Lightweight Extensible Authentication Protocol) authorization protocol, developed by Cisco. A sniffer can help check your guesses about the protocol used on the network by showing REQUEST, EAP-CISCO Wireless (LEAP) packets. The main feature of LEAP is that for authorization you need not only a password, but also a username! By default, this protocol is not supported in Windows, so you will need to install a special client to work -

Aironet Client Utilities. Is there any point in installing it? Certainly! Despite the well-thought-out nature of the protocol, vulnerabilities were discovered even in it, making it easy to guess a password using intercepted LEAP authorization packets. Joshua Wright, the developer of the utility, was the first to catch wind of this. This utility intercepts network packets when the client reconnects, and then brute force authentication passwords. The utility works natively under Linux, but on the official website there is a version of the program for Windows (though not the latest build)

WifiZoo

Once you use the utility WifiZoo, you understand how easily various information is intercepted in open Wi-Fi networks. The very task of the utility is to passively collect various information from the network. Written in Python (by the way, it is based on the Scapy program), the tool allows you to extract a lot of information useful for the wardriver from the air and present it in the form of beautiful graphs. This is not only data about access points (SSID), but also information about the clients using them (indicating sending and destination addresses), as well as (and this is the most delicious) a variety of information transmitted in clear text over the network: passwords for insecure protocols (pop3/ftp/telnet), mail traffic, http cookies and authorization data, etc.

The only drawback WifiZoo is that there is no Channel hopping mode; as a result, the program can listen to the wireless interface, but cannot jump from channel to channel. This disadvantage is more than compensated for by the pre-launched Kismet‘om. The utility carefully stores the intercepted data in the logs/ folder, indicating the data source in the file names (ssids.log, cookies.log, httpauth.log, etc.). And for greater convenience, the kit includes a GUI interface implemented in the form of a web server, which by default rises to 127.0.0.1:8000.

CommView for WiFi

Website:
www.tamos.ru/products/commwifi/

Special version of the famous Windows sniffer CommView, created to capture and analyze network packets in 802.11a/b/g/n wireless networks. The utility receives information from the wireless network adapter and immediately decodes the analyzed data, displaying it in an easy-to-digest form. If necessary, packets can be decrypted using custom keys or decoded down to the lowest level with full analysis of common protocols (more than 70 are currently supported).

Moreover, you can completely recreate a TCP session and see, for example, HTTP traffic with all requests and, accordingly, interesting information, such as authorization data. All intercepted traffic can be saved to a file for later analysis. What is especially pleasing is the flexible filter system, which allows you to discard unnecessary packets and intercept only what is needed. And customizable alerts let you notify the user about important events, such as suspicious packets, high network load, or unknown addresses. In short, it’s an excellent program for Windows, except for one thing - it’s paid.

Wireless Security Auditor

Website: www.elcomsoft.ru

Another paid, but very interesting development. Wireless Security Auditor allows you to check the reliability (yes, now it's called that! WPA/WPA2, but using modern techniques for computing using GPUs. In addition to the mode when recovery is performed using only the central processor, W.S.A. uses technology that uses graphics accelerators during the key recovery process.

Here it must be said that the program itself does not intercept traffic from the wireless network, but only dumps network messages (TCPDUMP, CommView, PSPR formats are supported), i.e. works in conjunction with a sniffer. It is important that not just any card is suitable for accelerating calculations, but only top accelerator models: NVIDIA (GeForce 8, 9, 200 and higher) or ATI (RADEON HD 3000 Series and higher). EWSA supports dictionary attacks and supports password mutation modes (for example, the word password is replaced by p@ssword, etc.)

WirelessKeyView

Website:
www.nirsoft.net/utils/wireless_key.html

I myself have more than once encountered a situation where you stupidly forget the key to your own access point. It seems that this was a line from Lermontov? Damn, or Pushkin? I do not remember. The utility helps you instantly refresh your memory WirelessKeyView, which pulls out the keys stored in the WEP/WPA system from the registry. It's nice that Click to rate this post!


2024 gtavrl.ru.