how to listen ssid's saved on mobile devices and spoof this ssids?

[oCiscoo]

Hey guys,

I need to do an event and demonstrate some wifi weaknesses. I thought and I know that this module exists but I didn't find it, to listen to the wifi networks saved in the mobile devices and propagate them.

Anyone can help me?

[dark_pyrro]

Not exactly sure what you're after, but you could possibly do that with a WiFi Pineapple. However, I guess you're looking for something else other than the Pineapple since you're not posting in that section of the forums.

[0phoi5]

Aircrack can do what you require.

Example;

airmon-ng check kill
airmon-ng start wlan0
airodump-ng wlan0mon

Under the second section in the output, where the last column is 'Probe', you can see Station MAC addresses and the Probe is the name of Wi-Fi access points they are attempting to reach out for.
For example, in the following image, the device with MAC BC:D1:1F:0A:6D:AE is attempting to reach out to a Wi-Fi access point with the ESSID of "JioFi2_D0A281".

 

You could then create an 'Evil Twin' using Aircrack, with the same ESSID and no password, and hope that the device connects to it. Get close and boost the signal strength.
Note that this will only work if the Probed-for ESSID is passwordless. If it has a password assigned (most will, of course), then your Evil Twin will need to have the same password. Looking out for something like 'McDonald's WiFi', 'BT Open' or 'Public' Probes may suggest an easily spoofed AP that is likely passwordless.

If you need to create an Evil Twin with the same ESSID and password as the target's Probe's are looking for, you will need to find the Access Point, capture and crack it's password. Something like https://www.wigle.net/ may give you information on where a Wi-Fi AP is located, if it's name is unique enough. You can then go there, capture, crack and then re-locate the target device and set up an AP with the same ESSID and password.