Automated Wifi De-authentication attack

A Wi-Fi deauthentication attack is a type of denial-of-service attack that targets communication between a user and a Wi-Fi wireless access point.

Wikipedia

As you can see, this type of attack is pretty powerful and difficult  to detect who is attacking. There are some tools for this attack like “aircrack-ng”(You can check the commands here).

So, basically the concept is the attacker broadcasts a wifi management “De-authentication” frame to victim’s to tell deauthenticate. It is like, “Hey client! can you please deauthenticate and authenticate”.  Then the client will reconnect to AP(Access Point). These type of frames are supposed to send by valid “AP” to its clients, but the attacker can mimic these frames and broadcasts in the network.

Interestingly, the victim’s laptop/device could not differentiate between attacker and valid AP. Here, the attacker creates “De-authentication” packet/frame with source MAC address of valid AP’s MAC address. So, every device thinks, the management frame came from valid AP.

The attacker not just send the frame once, but sends continuously. Things get pretty bad, now the clients continuously trying to reconnect. In this way, the clients never connect to its valid AP until the attacker stops sending the “deauth” frames.

I automated these steps with Python. I used “scapy” module to send “deauth” frames.

You can check my github repo

https://github.com/veerendra2/wifi-deauth-attack

Want to try this script? run bellow commands. (Know, what you are doing!)

Required Tools
  1. aircrack-ng (sudo apt-get install aircrack-ng)
  2. scapy (Python Module:sudo apt-get install python-scapy)
Download and run the script

sudo wget -O deauth.py https://goo.gl/5gGHbE && sudo python deauth.py

When you run the command, you should see like bellow.

1.jpg

When you start the script, it will create “mon0” interface(A monitoring virtual interface used to send our deauth frames) and observes the wifi signals. After few seconds, it will display near APs and its MAC addresses. Choose one to broadcasts the “deauth” frames to that network which results network outage for connected clients to that AP.

If you press “0”, the script will send deauth frames to every network(I used multi-threading here :-P)


So, how to avoid this attack?

Simple, use “802.1w” supported routers. Know more about 802.1w and read cisco document here

NOTE: Inorder to work deauthentication attack successful, you should near to the target network. The deauth packets should reach the connected devices of the target network(s)

Just check my repo, you can run the script in some other ways also. Dependency problem in your machine? use my docker image to kick the environment quickly.

Thanks,

Veerendra.K

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s