Wireless Hacking Tools


Know basic wireless LAN hacking tools

There is no shortage of wireless tools for the attacker or the ethical hacker performing a security assessment or a pen test. Over time, tools come and go as technologies change and vulnerabilities are fixed. Therefore, it is important to understand what the tools do and where they fit in the methodology of a security assessment. Just listing all the available tools could easily fill a Chapter; therefore, some of the more well-known tools are discussed here:

  • NetStumbler This Windows-only tool is designed to locate and detect wireless LANs using 802.11b, 802.11a (XP only), and 802.11g WLAN standards. It is used for wardriving, verifying network configurations, detecting of rogue access points, and aiming directional antennas for long-haul WLAN links. A screenshot of NetStumbler can be seen in Figure 9.4. There's a trimmed down mini version designed for Windows CE called MiniStumbler.

    Figure 9.4. NetStumbler.

  • Mognet An open source Java-based wireless sniffer that was designed for handhelds but will run on other platforms as well. It performs real-time frame captures and can save and load frames in common formats, such as Ethereal, Libpcap, and TCPdump.
  • WaveStumbler Another sniffing tool that was designed for Linux. It reports basic information about access points such as channel, SSID, and MAC.
  • AiroPeek A Windows-based commercial wireless LAN analyzer designed to help security professionals deploy, secure, and troubleshoot wireless LANs. AiroPeek has the functionality to perform site surveys, security assessments, client troubleshooting, WLAN monitoring, remote WLAN analysis, and application layer protocol analysis.
  • AirSnort A Linux-based WLAN WEP cracking tool that recovers encryption keys. AirSnort operates by passively monitoring transmissions and then computing the encryption key when the program captures enough packets.
  • Kismet A useful Linux-based 802.11 wireless network detector, sniffer, and intrusion detection system. Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting masked networks, and inferring the presence of nonbeaconing networks via data traffic.
  • Void11 A wireless network penetration utility. It implements deauthentication DoS attacks against the 802.11 protocol. It can be used to speed up the WEP cracking process.
  • THC-wardrive A Linux tool for mapping wireless access points works with a GPS.
  • AirTraf A packet capture decode tool for 802.11b wireless networks. This Linux tool gathers and organizes packets and performs bandwidth calculation, as well as signal strength information on a per wireless node basis.
  • Airsnarf Airsnarf is a simple rogue wireless access point setup utility designed to demonstrate how a rogue AP can steal usernames and passwords from public wireless hotspots. Airsnarf was developed and released to demonstrate an inherent vulnerability of public 802.11b hotspotssnarfing usernames and passwords by confusing users with DNS and HTTP redirects from a competing AP.
  • Aircrack A set of tools for auditing wireless networks that includes airodump (a 802.11 packet capture program), aireplay (a 802.11 packet injection program), aircrack (a static WEP and WPA-PSK key cracker), and airdecap (a decryptor for WEP/WPA capture files). This is one of a new set of tools that can quickly crack WEP keys; it's much faster than older tools.

Review Break

Many types of tools are available for wireless networks. You need to know the names of the tools and their functions to successfully pass the CEH exam.






Wireless LAN detection



Wireless sniffer



Wireless LAN detection and sniffer



Sniffer and analyzer



WEP cracking



Sniffer and wireless detector



Wireless DoS tool



Wireless WAP mapping tool






Rogue access point



WEP cracking tool kit


As you have seen in Chapter 9, many tools are available to the hacker for attacking and scanning WLANs. One good set of tools can be found on the Auditor security collection. This bootable version of Linux contains many popular security tools. For this challenge, you will download the ISO from the Auditor website and use it to build a Linux bootable CD. To complete this exercise, you will need Internet access, a CD burner, and a blank CD.

  1. You will need to go to the Auditor site to download. The main page can be found at www.remote-exploit.org/index.php/Auditor.
  2. After starting the download, take a few minutes to look at some of the tools included in this bootable version of Linux. This page can be found at www.remote-exploit.org/index.php/Auditor_tools. Some of the wireless tools include

    • Aircrack (Modern WEP cracker)
    • Aireplay (Wireless packet injector)
    • Wep_Crack (Wep Cracker)
    • Wep_Decrypt (Decrypt dump files)
    • AirSnort (GUI based WEP cracker)
    • ChopChop (Active WEP attack)
    • DWEPCrack (WEP cracker)
    • Decrypt (Dump file decrypter)
    • WEPAttack (Dictionary attack)
    • WEPlab (Modern WEP cracker)
    • Cowpatty (WPA PSK bruteforcer)
  3. After the ISO file has downloaded, you want to use a CD burning tool, such as Nero, to make and image a disk. In Nero, this option can be found under the Recorder, Burn image option.
  4. Now, reboot your computer with the newly burned Auditor disk in the CD-ROM drive. Most CD drives are not known for their speed, so you might need to be patient.
  5. To see how easy this set of tools makes assessing wireless, open Wellenreiter. It is a wireless network discovery and auditing tool. If any wireless networks are in your vicinity, you should begin to capture traffic.
  6. Finally, if you have a Bluetooth-enabled computer, open a shell and execute BTScanner. This handy tool extracts as much information as possible from a Bluetooth device without the requirement to pair.
  7. Continue to explore the various wireless tools found on the CD. This type of configuration offers pen testers easy access to all needed tools on an easy to load distribution.

Securing Wireless Networks

Part I: Exam Preparation

The Business Aspects of Penetration Testing

The Technical Foundations of Hacking

Footprinting and Scanning

Enumeration and System Hacking

Linux and Automated Security Assessment Tools

Trojans and Backdoors

Sniffers, Session Hijacking, and Denial of Service

Web Server Hacking, Web Applications, and Database Attacks

Wireless Technologies, Security, and Attacks

IDS, Firewalls, and Honeypots

Buffer Overflows, Viruses, and Worms

Cryptographic Attacks and Defenses

Physical Security and Social Engineering

Part II: Final Review

Part III: Appendixes

Appendix A. Using the ExamGear Special Edition Software

Certified Ethical Hacker Exam Prep
Certified Ethical Hacker Exam Prep
ISBN: 0789735318
EAN: 2147483647
Year: 2007
Pages: 247
Authors: Michael Gregg

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net