Wifite
From charlesreid1
Wifite is a nice Python tool that wraps the aircrack-ng suite. It's got a nice colorful display, and lots and lots of options for doing things that you would almost always otherwise spend time scrambling to scrape together scripts to do yourself.
Most common modes:
Contents
Files
Before we get started, note that wifite is listening for handshakes or other captured information. When it finds it, it puts it into a folder called hs/ and names it AccessPointName_AA-BB-CC-DD-00-11-22-33.cap
Options
Attacking APs
Attack all APs:
$ wifite --all
Shut up shut up shut up
Sometimes you just want the program to shut up, and stop all the fancy gui stuff, and just crack some wifis. In that case, use the quiet flag:
$ wifite --all --quiet
WPA WEP and WPS
If we want to attack WPA networks only, we can use the wpa flag:
$ wifite --all --wpa
Alternatively, if we want to attack WEP networks, we can use the wep flag:
$ wifite --all --wep
There are lots of WEP attacks:
WEP: --wep Only target WEP networks. --pps PPS Set the number of packets per second to inject. --wept WEPT Sec to wait for each attack, 0 implies endless. --chopchop Use chopchop attack. --arpreplay Use arpreplay attack. --fragment Use fragmentation attack. --caffelatte Use caffe-latte attack. --p0841 Use P0842 attack. --hirte Use hirte attack. --nofakeauth Stop attack if fake authentication fails. --wepca WEPCA Start cracking when number of IVs surpass [n]. --wepsave WEPSAVE Save a copy of .cap files to this directory.
Link to more info on cafe latte attack: [1]
In contrast, there are no specific WPA attacks, and only one WPS attack (the Pixie attack):
WPS: --wps Only target WPS networks. --pixie Only use the WPS PixieDust attack
Wait Times
By default, wifite spends nearly 10 minutes on each network. Given that most networks have crappy connections, and there are typically about 50 wifi networks in any given area, that's, uh, stupid.
--wpat WPAT Time to wait for WPA attack to complete (seconds). --wpadt WPADT Time to wait between sending deauth packets (seconds).
Set the time to wait for the WPA attack to something more reasonable, like 60 seconds:
$ wifite --all --wpa --mac --wpat 60
It also waits a while to send deauth packets - but its choice is slightly more reasonable.
$ wifite --all --wpa --mac --wpat 5
MAC Address
To change the mac address on the device:
- Put the card into MANAGED mode, do not put it in monitor mode
- Add the
--macflag to wifite
To attack all WPA networks seen, and switch out the MAC address before starting, run the following:
$ ifconfig wlan0 down; iwconfig wlan0 mode managed; ifconfig wlan0 up $ wifite --all --wpa --mac --quiet
Power Levels
We can also restrict ourselves to clients whose signal strength is greater than some value (meaning, the dB of the signal strength is LESS THAN THE NEGATIVE of the number we provide). For example, a strong signal would have a signal strength of -20 dB, and a weak signal would have a signal strength of -80 dB. We might want to ignore all networks with signal strengths weaker than -60 dB, so we would get anything with a signal strength of -20 dB, -30 dB, -40 dB, -50 dB, etc. Here's the command:
$ wifite --all --power 60
On the flip side, we can also set a custom TRANSMISSION level, by specifying the power level in mW (note that this can be illegal depending on your country/region):
$ wifite --all --tx 30
Final Command
The most useful final command for wardriving/warwalking/etc:
$ wifite --all --power 60 --mac --quiet
Flags
 |
aircrack-ng a suite of tools for wireless cracking.
aircrack-ng Many Ways to Crack a Wifi: Cracking Wifi Aircrack Benchmarking: Aircrack/Benchmarking WEP Attacks with Aircrack: Aircrack/WEP Cracking WPA Attacks with Aircrack: Aircrack/WPA Cracking Aircrack Hardware: Aircrack/Packet Injection Testing Harvesting Wireless Network Information
airodump-ng Basic Usage of Airodump
Category:Security · Category:Wireless · Category:Passwords
|