Jump to content

how to listen ssid's saved on mobile devices and spoof this ssids?


Recommended Posts

Hey guys,

I need to do an event and demonstrate some wifi weaknesses. I thought and I know that this module exists but I didn't find it, to listen to the wifi networks saved in the mobile devices and propagate them.

Anyone can help me?

Link to comment
Share on other sites

Aircrack can do what you require.


airmon-ng check kill
airmon-ng start wlan0
airodump-ng wlan0mon

Under the second section in the output, where the last column is 'Probe', you can see Station MAC addresses and the Probe is the name of Wi-Fi access points they are attempting to reach out for.
For example, in the following image, the device with MAC BC:D1:1F:0A:6D:AE is attempting to reach out to a Wi-Fi access point with the ESSID of "JioFi2_D0A281".



You could then create an 'Evil Twin' using Aircrack, with the same ESSID and no password, and hope that the device connects to it. Get close and boost the signal strength.
Note that this will only work if the Probed-for ESSID is passwordless. If it has a password assigned (most will, of course), then your Evil Twin will need to have the same password. Looking out for something like 'McDonald's WiFi', 'BT Open' or 'Public' Probes may suggest an easily spoofed AP that is likely passwordless.

If you need to create an Evil Twin with the same ESSID and password as the target's Probe's are looking for, you will need to find the Access Point, capture and crack it's password. Something like https://www.wigle.net/ may give you information on where a Wi-Fi AP is located, if it's name is unique enough. You can then go there, capture, crack and then re-locate the target device and set up an AP with the same ESSID and password.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...