Time for action – enumerating wireless security profiles
We will assume that the wireless client has a network Wireless Lab configured on it and it actively sends Probe Requests for this network, when it is not connected to any access point. In order to find the security configuration of this network, we will need to create multiple access points. For our discussion, we will assume that the client profile is either—an open network, WEP protected, WPA-PSK or WPA2-PSK. This would mean we would have to create four access points. To do this we will first create four virtual interfaces—mon0 to mon3 using the
airmon-ng start wlan0command multiple times:
You could view all these newly created interfaces using the
ifconfig –acommand:
Now we will create the Open AP on mon0:
Let's create the WEP-protected AP on mon1:
The WPA-PSK AP will be on mon2:
WPA2-PSK AP will be on mon3:
We can run
airodump-ngon the same channel to ensure all the four access points are up and running as shown:
Now let's switch the...
