Wireless Hacking Tools
Figure 2 shows a screenshot of Wireshark. Each different color indicates a different protocol identified. When the user selects a packet, the details of that packet are displayed below.
The sniffing programs work well for information that is sent in the clear. For encrypted information, an encryption key cracker is necessary. For 802.11, WPA2 is the latest wireless encryption standard that has not been broken yet. WPA and WEP are two previous encryption schemes with many tools available that will crack their encryption keys. AirSnort  is a well known for WEP and AirCrack  is an attack tools for WPA.
Ettercap  and dsniff  are two popular man in the middle attack tools. They both provide sniffing capabilities similar to Wireshark, but go beyond that with the ability to modify the data in transmission. Again these are available for many platforms. Ettercap even has a tutorial on how to write your own plugin.
Tools such as Hotspotter , APsniff , APhunter , and KNSGEM  will scan for wireless AP beacon signals. Although they are not necessarily attack tools, they can be used to find the wireless APs. KNSGEM will
even place the APs on a Google Earth map. Attackers will then setup their 諾Evil Twin諾 AP near these legitimate ones. HermesAP  and OpenAP  are two Linux based tools that allow the user to setup phony APs. OpenWRT  and HyperWRT  are two open source projects that replace the factory firmware for Linksys's popular WRT line of APs. Attackers can use these distributions to create fake APs.
Table 1 - Summary of confidentiality attack tools
Type of Attack
Brute force WEP cracker
Packet sniffers with traffic analysis. These also include tools to break encryption.
Discovers WLANs by listening for beacon signals transmitted from APs.
Ettercap, dsniff, and Wireshark
Hotspotter, APsniff, APhunter, and KNSGEM
HermesAP and OpenAP
Used to setup an rogue AP
OpenWRT and HyperWRT
Replacement firmware so APs can be
programmed to execute creation
Back to Table of Contents
3.0 Integrity Attacks
The idea of an integrity attack is to alter the data while in transmission. Remember the integrity of the data means that it has not been altered in any way. This includes data deletion or addition, frame deletion or addition, or replay
4 of 12
12/19/2007 5:16 PM