Jump to content

reasoning behind client deauthentication implementation?


terraformer

Recommended Posts

Client deauthentication seems to work fairly well, at least on the v1.1.0 beta. However, as with most of the features of the Wifi Pineapple, I wanted to know a bit more about how the features are actually implemented.

I did a quick recon scan, found a client of my network and clicked the "Deauthenticate Client" button. The client disassociated from the network after a while as intended.

Doing a packet capture seems to indicate that the WiFi Pineapple spams out deauthentication frames with reason code 0x0001, causing a bit of a havoc as the client tries to respond to all of them and subsequently I see the client sending out the same number of disassociation requests afterwards.

My question is whether there is any reason why the pineapple needs to send out so many deauthentication frames? Usually, a single frame is sufficient. Sometimes you might want to send a few more just to account for congestion or poor signal, but the current implementation seems to be very aggressive. Just scroll through the management frames in the packet capture and you see right away that something fishy is gong on.

Suggestion: Allow the user to specify the number of deauthentication frames to send.

See screenshots for illustrations.

Link to comment
Share on other sites

On 7/1/2021 at 7:56 AM, terraformer said:

Client deauthentication seems to work fairly well, at least on the v1.1.0 beta. However, as with most of the features of the Wifi Pineapple, I wanted to know a bit more about how the features are actually implemented.

I did a quick recon scan, found a client of my network and clicked the "Deauthenticate Client" button. The client disassociated from the network after a while as intended.

Doing a packet capture seems to indicate that the WiFi Pineapple spams out deauthentication frames with reason code 0x0001, causing a bit of a havoc as the client tries to respond to all of them and subsequently I see the client sending out the same number of disassociation requests afterwards.

My question is whether there is any reason why the pineapple needs to send out so many deauthentication frames? Usually, a single frame is sufficient. Sometimes you might want to send a few more just to account for congestion or poor signal, but the current implementation seems to be very aggressive. Just scroll through the management frames in the packet capture and you see right away that something fishy is gong on.

Suggestion: Allow the user to specify the number of deauthentication frames to send.

See screenshots for illustrations.

Surely Hak5 will respond and answer your questions...

Link to comment
Share on other sites

18 hours ago, terraformer said:

I dont know. My impression is that Hak5 do not really answer technical questions in here, further supporting my impression that the WiFi Pineapple isnt really for anyone with any sort of intimate knowledge of 802.11.

I don't think that's very fair to say, the forum has tens of thousands of posts on it over many years. Just because you didn't get a reply from someone at Hak5 in your thread doesn't mean no one answers any questions. I think a lot of people seem to think we're much bigger than we really are, and thus replies can be slow.

On 7/1/2021 at 12:56 PM, terraformer said:

Doing a packet capture seems to indicate that the WiFi Pineapple spams out deauthentication frames with reason code 0x0001, causing a bit of a havoc as the client tries to respond to all of them and subsequently I see the client sending out the same number of disassociation requests afterwards.

My question is whether there is any reason why the pineapple needs to send out so many deauthentication frames? Usually, a single frame is sufficient. 

Multiple deauthentication and disassociation frames are sent to achieve the best attempt at disconnecting the STA from the AP. As you said, sometimes a single frame is sufficient but not always. Instead of targeting the "sometimes", multiple frames are sent to improve the reliability of the attack.

On 7/1/2021 at 12:56 PM, terraformer said:

Suggestion: Allow the user to specify the number of deauthentication frames to send.

I don't think that's a bad idea, I'll see about putting it into a future update.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...