mooooon Posted November 10, 2020 Author Share Posted November 10, 2020 @digininjahi mate did i say something that you didn't like ? Link to comment Share on other sites More sharing options...
digininja Posted November 11, 2020 Share Posted November 11, 2020 8 hours ago, mooooon said: Prob requests from an ap ... would that make sense ? You really need to work on your terminology, probes don't come from an AP, they come from a client. 8 hours ago, mooooon said: Aircrack doesn't provide an option for probes listening only. You can get lists of probe requests from Aircrack-ng. Link to comment Share on other sites More sharing options...
digininja Posted November 11, 2020 Share Posted November 11, 2020 I strongly recommend you go through this Wifi Primer from Security Tube, it will help you understand a lot more about how wifi works and its vulnerabilities. http://www.securitytube.net/groups?operation=view&groupId=9 Link to comment Share on other sites More sharing options...
mooooon Posted November 11, 2020 Author Share Posted November 11, 2020 14 hours ago, digininja said: You really need to work on your terminology, probes don't come from an AP, they come from a client. You can get lists of probe requests from Aircrack-ng. i know ... but how else can i see the probes from certain clients only without knowing them exactly other than monitoring the network they are on? then their probes shows. aircrack ? clients .... what parameter ... aireplay only what provides client parameter ..... aircrack just writes the data to a cap file how can i extract them for that file .? i know about the wireshark filter for probes wlan.fc.type_subtype == 4 but then after exporting specified packets .... how would i view it wouldn't it be mess ? and need some regex and stuff. 10 hours ago, digininja said: I strongly recommend you go through this Wifi Primer from Security Tube, it will help you understand a lot more about how wifi works and its vulnerabilities. http://www.securitytube.net/groups?operation=view&groupId=9 they are kinda old i wish if they were updated version them ... also i think i know the basics anyway ..... the videos are down too Quote This video does not exist. Link to comment Share on other sites More sharing options...
digininja Posted November 12, 2020 Share Posted November 12, 2020 Airodump-ng, part of the Aircrack-ng suite of tools sniffs traffic and will log what you want. If a client is using randomised MAC addressees when probing, then you won't be able to work out which are from a specific client, if they aren't then you just look for all the probes from your chosen MAC. I'll tell Vivek about the videos being down. Despite them being old, they still give a very good base for WiFi as the low level concepts don't change. Link to comment Share on other sites More sharing options...
mooooon Posted November 12, 2020 Author Share Posted November 12, 2020 3 hours ago, digininja said: they still give a very good base for WiFi as the low level concepts don't change. Tell that to wpa 3 . 3 hours ago, digininja said: Airodump-ng, part of the Aircrack-ng suite of tools sniffs traffic and will log what you want. If a client is using randomised MAC addressees when probing, then you won't be able to work out which are from a specific client, if they aren't then you just look for all the probes from your chosen MAC. But does the --bssid option work on clients? ... also thats why monitoring the network they are on would help.. as i don't need to know them or their mac and the probes are being showing there in the probes column. Link to comment Share on other sites More sharing options...
digininja Posted November 12, 2020 Share Posted November 12, 2020 2 hours ago, mooooon said: Tell that to wpa 3 . 6 hours ago, digininja said: If you understood the basics then you would understand that none of the WPA or WEP family would be affected by Karma. Link to comment Share on other sites More sharing options...
mooooon Posted November 12, 2020 Author Share Posted November 12, 2020 2 minutes ago, digininja said: that none of the WPA or WEP family would be affected by Karma. Are you sure about that ? 😉 Link to comment Share on other sites More sharing options...
digininja Posted November 12, 2020 Share Posted November 12, 2020 If the client expects the network to be encrypted and it isn't, it will try to connect, find out that WPA isn't offered, and then disconnect. You could setup a WPA version of the network, collect message two of the 4 way handshake, take that away and try to crack it, but it wouldn't be instant, and the server would not be able to authenticate itself to the client in message 4 of the handshake so the client would disconnect. For a standard Karma attack, which is to lure clients to connect to your open wifi network, the client expecting WPA or WEP will prevent the attack. Link to comment Share on other sites More sharing options...
mooooon Posted November 13, 2020 Author Share Posted November 13, 2020 22 hours ago, digininja said: If the client expects the network to be encrypted and it isn't, it will try to connect, find out that WPA isn't offered, and then disconnect hmm but why try when it can just check ? 22 hours ago, digininja said: You could setup a WPA version of the network, collect message two of the 4 way handshake, take that away and try to crack it, but it wouldn't be instant, 22 hours ago, digininja said: the client expecting WPA or WEP will prevent the attack. that's why i said Quote 3-after capturing a Good number of handshakes then start brute forcing 4- when it cracks a weak one.. broadcast it to get the victims connected as mostly you can't control the security of the networks that get saved on your phone maybe it's a friends one that have a weak pass ... i am sure that there is always a network on everyone device with a weak password.. so anyway they get auto connected after that so it can be considered a karma attack ( getting them to auto connect despite their will ) and about WEP if the network is saved you can get it to auto connect even if you don't know the password https://www.wifi-libre.com/topic-756-una-historia-de-rogue-ap-el-pdf-de-koala-traducido-al-espanol.html also what about krack ? in the demonstration video he gets the victim to auto connect to his network without knowing the password.... ,right ? Link to comment Share on other sites More sharing options...
digininja Posted November 13, 2020 Share Posted November 13, 2020 OK, obviously you know your stuff so don't really need any help, good luck with it all. Link to comment Share on other sites More sharing options...
mooooon Posted November 13, 2020 Author Share Posted November 13, 2020 18 minutes ago, digininja said: OK, obviously you know your stuff so don't really need any help, good luck with it all. ehh i was just suggesting what i saw on the web ... sorry if i was a bit rude 😞 didn't mean it. Link to comment Share on other sites More sharing options...
mooooon Posted November 13, 2020 Author Share Posted November 13, 2020 54 minutes ago, digininja said: OK, obviously you know your stuff so don't really need any help, good luck with it all. Anyway in a term of 5 months i was writing suggestions to a friend about similar ideas ... wanna check them ? ( i wish i get time/skill to achieve part of them) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.