HOW TO HACK WIFI linux/Android
Wireless network basics
- Wireless local-area networks are based on IEEE 802.11. This is a set of standards defined by the Institute of Electrical and Electronics Engineers.
- 802.11 networks are either infrastructure networks or ad hoc networks. By default, people refer to infrastructure networks. Infrastructure networks are composed of one or more access points that coordinate the wireless traffic between the nodes and often connect the nodes to a wired network, acting as a bridge or a router.
- Each access point constitutes a network that is named a basic service set or BSS. A BSS is identified by a BSSID, usually the MAC address of the access point.
- Each access point is part of an extended service set or ESS, which is identified by an ESSID or SSID in short, usually a character string.
- A basic service set consists of one access point and several wireless clients. An extended service set is a configuration with multiple access points and roaming capabilities for the clients. An independent basic service set or IBSS is the ad hoc configuration. This configuration allows wireless clients to connect to each other directly, without an access point as a central manager.
- Access points broadcast a signal regularly to make the network known to clients. They relay traffic from one wireless client to another. Access points may determine which clients may connect, and when clients do, they are said to be associated with the access point. To obtain access to an access point, both the BSSID and the SSID are required.
- Ad hoc networks have no access point for central coordination. Each node connects in a peer-to-peer way. This configuration is an independent basic service set or IBSS. Ad hoc networks also have an SSID.
Wireless network frames
802.11 networks use data frames, management frames, and control frames. Data frames convey the real data, and are similar to those of Ethernet. Management frames maintain both network configuration and connectivity. Control frames manage access to the ether and prevent access points and clients from interfering with each other in the ether. Some information on management frames will be helpful to better understand what programs for reconnaissance do.
- Beacon frames are used primarily in reconnaissance. They advertise the existence and basic configuration of the network. Each frame contains the BSSID, the SSID, and some information on basic authentication and encryption. Clients use the flow of beacon frames to monitor the signal strength of their access point.
- Probe request frames are almost the same as the beacon frames. A probe request frame is sent from a client when it wants to connect to a wireless network. It contains information about the requested network.
- Probe response frames are sent to clients to answer probe request frames. One response frame answers each request frame, and it contains information on the capabilities and configurations of the network. Useful for reconnaissance.
- Authentication request frames are sent by clients when they want to connect to a network. Authentication precedes association in infrastructure networks. Either open authentication or shared key authentication is possible. After serious flaws were found in shared key authentication, most networks switched to open authentication, combined with a stronger authentication method applied after the association phase.
- Authentication response frames are sent to clients to answer authentication request frames. There is one answer to each request, and it contains either status information or a challenge related to shared key authentication.
- Association request frames are sent by clients to associate with the network. An association request frame contains much of the same information as the probe request contains, and it must have the SSID. This can be used to obtain the SSID when a network is configured to hide the SSID in beacon frames.
- Association response frames are sent to clients to answer an association request frame. They contain a bit of network information and indicate whether the association was successful.
- Deauthentication and disassociation frames are sent to a node to notify that an authentication or an association has failed and must be established anew.
Top 15 Prominent Wireless Hacking Tools to watch out for in 2018 linux
There was a time when people relied on broadband and mobile data packs for connecting to the internet. With the influx of IOT in our day to day life, the use of WiFi has increased many folds. Every house has almost five to six devices which require internet to work efficiently. Homes have now become more digitally connected with heavy usage of smart TV’s, smart Ac’s, smartphones, laptops, smart alarms etc. Three components related to WiFi have also gone to the next level along with all other advancements:
- WiFi protocols: We are well aware that the use of WEP has depreciated due to security weaknesses. The protocol stack has developed over time from being highly insecure to the highest level of security possible.
- Hardware technology: Both the endpoints that use the WiFi and the WiFi router have become advanced. Routers used to come with a single antenna having a small signal range. Now the routers have a bigger range, better signal strength and multiple antennas pointed in multiple directions so as to kill the blind spots.
- Wireless attacks: Public WiFi, free WiFi and personal hotspots on the go have increased the wireless playgrounds that the attackers can target. Attackers can hack into the network and can monitor the traffic in that network or crack the password and use your network for free. Just check the wireless networks that the laptop catches and you can see an example right there!
Before we start digging deep into wireless hacking, let’s get a few things straight:
Hacking/attacking unauthorized wireless networks is illegal. The article does not encourage the use of the aforementioned tools for the criminal purpose. These tools are to be used only for educational purpose and to try on your own devices or network. Things are not going to be straightforward; wireless hacking is not as easy as shown in hacking movies.
What is wireless hacking?
The increase in WiFi usage has led to increased wireless attacks. Any attack on wireless networks or access points which provides substantial information is referred to as wireless hacking. This information can be in the form of WiFi passwords, admin portal access, authentication attacks etc. To understand wireless hacking, one of the most important things to understand are the protocols involved in wireless networks. Attacks are mostly made on the internal steps of the protocol stack. IEEE 802.11 specifies the standards for wireless networks; let us discuss some algorithms that are used in WiFi networks:
- WEP (Wired Equivalent Privacy): WEP uses a 40-bit key and a 24-bit initialization vector. It uses RC4 for confidentiality and CRC 32 for integrity. Since the initialization vector is of 24 bits, there is a high probability that the same key will be repeated after every 5000 packets. WEP is a depreciated algorithm due to the various vulnerabilities identified and the fact that it can be cracked very easily.
- WPA and WPA2: WPA was introduced as a temporary solution for the devices that did not support WPA2. WPA has now been broken and depreciated. The WPA2 is considered to be the most secure to date. The tools discussed further in the article will also cover details on how to attack WPA and WPA2 but the success of an attack depends on the time and the computing power.
- WEP cracking technique: WEP uses a 40-bit key which is 8 characters long. Once enough data packets are captured, breaking this key should not take more than a few minutes.
- WPA/WPA2 cracking technique: Our devices have wireless passwords stored so that we do not enter the password on the same device again and again. The attackers take advantage of this by forcefully de-authenticating all the devices on the network. The devices will try to auto-connect to the access point by completing the 4-way handshake. This handshake is recorded and has the hashed password. The hashed password can be brute forced by using a rainbow table.
- WPS cracking: This technology uses an 8 digit pin to connect to the wireless router. Brute forcing the 8 digit pin will give access to the router. Various tools use various optimization techniques to increase the speed of this attack and crack the key in a couple of hours.
Tools used for cracking Wireless Password and Network Troubleshooting
Aircrack-ng is one of the most popular suites of tools that can be used to monitor, attack, test and crack WiFi networks. It is compatible with Windows, Linux, OS X and is a command line tool. It can be used for attacking and cracking WPA and WEP. The attaching mechanism is simple. It monitors and collects packets, once enough packets are captured; it tries to recover the password. Here is a tutorial on how to get started on this tool https://www.aircrack-ng.org/doku.php?id=getting_started
A few things to ponder upon before you start. You need a wireless card that can inject packets in the network or you won’t be able to crack. The tool can be downloaded at https://www.aircrack-ng.org/
AirSnort is free WiFi hacking software that captures the packets and tries to decrypt the keys. The monitoring is done in promiscuous mode and records enough packets to reliably decrypt the key. It is a simple tool and supports both Windows and Linux platforms. Further development and maintenance of this tool has been discontinued but the older version can be downloaded at https://sourceforge.net/p/airsnort/wiki/Home/
Kismet is a free software written in C++ that can be used to sniff TCP, UDP, DHCP and ARP packets. It is a passive tool and does not interact with the network. It has the ability to find hidden networks and is used in wardriving kind of activities. The captured packets can be exported to WireShark and can be further analyzed. It is available for Linux, Windows and a few other platforms. You can download the software from https://www.kismetwireless.net/
4. Cain and Abel
Cain & Abel is one of the most popular tools that is used for password cracking. The tool is able to sniff the network, crack encrypted passwords using various password cracking techniques and perform cryptanalysis attacks. It can also discover wireless keys by analyzing the wireless protocols. The tool can be downloaded at http://www.oxid.it/cain.html
The name CoWPAtty itself has WPA in uppercase and rest in small letters. It is a Linux based tool that can perform attacks in the pre-shared keys for WPA networks. The tool has a command line interface and is able to perform dictionary attacks on the wireless networks using a wordlist file. The execution is slow due to the usage of SHA 1 with a seed of SSID but you can still give it a try. The tool can be downloaded at https://sourceforge.net/p/cowpatty/wiki/Home/
OmniPeek is a packet sniffer and a protocol analyzer tool. Developed by Savvis organization, It is available only for the Windows platform. The tool has a lot to offer if you have the understanding of the protocols. The captured packets can be stored in the SQL database which can be further analyzed and decoded if required. The features can be enhanced by using API plugins. Some 40+ API’s are readily available for the tool. You may also extend the tool capabilities by visiting the MyPeek community portal if you wish. The tool is commercially available and can be downloaded at https://www.savvius.com/product/omnipeek/
As the name suggests the tool is able to hijack the air i.e. wireless. The tool is able to receive and inject raw packets in the wireless network. It can be used by the developers to tweak the packets and inject it to develop the solution or by wireless hackers. A wireless hacker is able to perform denial of service attacks by flooding the network with dirty injected packets. You can get a taste of this tool at https://sourceforge.net/p/airjack/wiki/Home/
SSID mentioned in capital letters in the name itself suggests the features of this tool. It is a wireless scanner tool which supports both Windows and OS X. The tool was available as an open source software but not any longer. The tool is able to get information from wireless cards and helps you to choose the best channel available with maximum strength. The signal strength is available in graphical format plotted along time. Various versions of the tool are available and you can choose as per your requirement (you would need to hunt it though). The tool can be downloaded at https://www.metageek.com/products/inssider/
WepAttack can be used to crack 802.11 WEP Keys using a dictionary-based approach. The tool can capture the network dump file received from pcap or libpcap etc. The tool is open source and supports the Linux platform. One thing to be noted here is that the attack is active and not passive in nature. The tool will just test the dictionary words to get the working key. A key requirement is a working LAN card, the remaining requirements can be found at http://wepattack.sourceforge.net/
Reaver uses brute force techniques against WiFi protected setup registrar PINs to get WPA/WPA2 passphrases. One of the best things about this tool is the response time. You can get the passphrase in plaintext within just a couple of hours. If you are using kali, the reaver package is pre-bundled.
11. Fern Wifi Cracker
Fern WiFi Cracker is a python based tool that can be used for WEP/WPA/WPA2 cracking, session hijacking, ARP request replays and performing brute force attacks. It is able to save the key in the database on a successful attack. It supports automatic access point attacking feature and has an internal MITM engine as well. This too is also pre-bundled in kali.
In case you are interested to find out open WiFi networks, this windows tool can help you get this done. You can find rogue access points, network mis-configurations, poor connectivity areas etc., during wardriving and warwalking kind of activities. The tool is an old veteran and is not updated in a long time so you may face some compatibility issues. This tool interacts actively with the identified networks to gather as much information as possible and hence can be easily detected. Both NetStumbler and a trimmed down version called miniStumbler can be downloaded at http://www.netstumbler.com/downloads/
Wireshark is one of the most common network analyzers that are available in the market. It uses the packets captured by WinPcap and libpcap and lets you check the traffic that is flowing through your network. It is available for Linux, Mac, and Windows and is a GUI based tool. The tool captures and presents micro-level details of the packets captured. If you know what you are searching for, you may find this tool very helpful. Since the number of packets captured can be huge, the tool has the option for filtering the packets based on protocol type, strings etc. You can get this at https://www.wireshark.org/download.html
Cloudcracker is a cloud-based solution for cracking the passwords of various utilities. The tool uses dictionary based attacks to crack the passwords. The size of the dictionary ranges up to 10 digits. Just upload the handshake file along with a few other details and you are all set.
15. CommView for WiFi
CommView for WiFi is a packet analyzer software. It is GUI based and can monitor wireless 802.11 a/b/g/n networks. Packets are captured and information like strength, access points, network connections can be identified. If you just want to analyze the traffic on your machine, you can prefer a non-wireless CommView edition. The software can be downloaded at https://www.tamos.com/download/main/ca.php
There are many wireless hacking tools available in the market, 15 of which we have discussed in this article. It is to be noted that the tools are discussed in random order and not in any form of priority or superiority over the other. The tools discussed here are not only designed for wireless hackers but are also used by WiFi admins and programmers working on WiFi based projects alike. These tools can either be used for monitoring the network or cracking the keys to getting access. You may need to use multiple tools to get the desired output as none of the tools would fulfil all the requirements. As a wireless hacker or security professional, you should have some of these tools in your arsenal readily available for quick analysis. Some of the tools perform brute force to crack the keys, make sure that you have an updated master key dump or make a customized list from your experience. A WiFi hacker will always have a customized list prepared by collecting various lists. The hacking program will only be as good as the wordlist itself. You now have enough knowledge about WiFi hacking software to start your journey towards becoming a wireless password hacker.
Looking for how to hack WiFi password OR WiFi hacking software?
Well, a security researcher has revealed a new WiFi hacking technique that makes it easier for hackers to crack WiFi passwords of most modern routers.
Discovered by the lead developer of the popular password-cracking tool Hashcat, Jens ‘Atom’ Steube, the new WiFi hack works explicitly against WPA/WPA2 wireless network protocols with Pairwise Master Key Identifier (PMKID)-based roaming features enabled.
The attack to compromise the WPA/WPA2 enabled WiFi networks was accidentally discovered by Steube while he was analyzing the newly-launched WPA3 security standard.
This new WiFi hacking method could potentially allow attackers to recover the Pre-shared Key (PSK) login passwords, allowing them to hack into your Wi-Fi network and eavesdrop on the Internet communications.
How to Hack WiFi Password Using PMKID
According to the researcher, the previously known WiFi hacking methods require attackers to wait for someone to log into a network and capture a full 4-way authentication handshake of EAPOL, which is a network port authentication protocol.
Whereas, the new attack no longer requires another user to be on the target network to capture credentials. Instead, it is performed on the RSN IE (Robust Security Network Information Element) using a single EAPOL (Extensible Authentication Protocol over LAN) frame after requesting it from the access point.
Robust Security Network is a protocol for establishing secure communications over an 802.11 wireless network and has PMKID, the key needed to establish a connection between a client and an access point, as one of its capabilities.
Step 1 — An attacker can use a tool, like hcxdumptool (v4.2.0 or higher), to request the PMKID from the targeted access point and dump the received frame to a file.
$ ./hcxdumptool -o test.pcapng -i wlp39s0f3u4u5 –enable_status
Step 2 — Using the hcxpcaptool tool, the output (in pcapng format) of the frame can then be converted into a hash format accepted by Hashcat.
$ ./hcxpcaptool -z test.16800 test.pcapng
Step 3 — Use Hashcat (v4.2.0 or higher) password cracking tool to obtain the WPA PSK (Pre-Shared Key) password, and Bingo!
$ ./hashcat -m 16800 test.16800 -a 3 -w 3 ‘?l?l?l?l?l?lt!’
That’s the password of the target wireless network, cracking which may take time depending on its length and complexity.
“At this time, we do not know for which vendors or for how many routers this technique will work, but we think it will work against all 802.11i/p/q/r networks with roaming functions enabled (most modern routers),” Steube said.
Since the new WiFi hack only works against networks with roaming functions enabled and requires attackers to brute force the password, users are recommended to protect their WiFi network with a secure password that’s difficult to crack.
This WiFi hack also does not work against next-generation wireless security protocol WPA3, since the new protocol is “much harder to attack because of its modern key establishment protocol called “Simultaneous Authentication of Equals” (SAE).”
How to hack wifi using android
Short Bytes: Hacking WiFi networks is an important part of learning the subtleties of ethical hacking and penetration testing. This also gives rise to the need for some quality WiFi hacking apps for Android to test your network security. Few notable tools are Zanti, WPS Connect, aircrack-ng, etc.
Are WiFi networks really secure? Why would someone need a WiFi hacking tool?
It goes without saying that no device or network is completely secure. The white hat security researchers, as well as notorious hackers, keep on making continuous efforts to find a flaw in networks and take control of your devices. Your home or office WiFi network isn’t any exception. Compared to wired networks, WiFi networks pose an extra security challenge as their signals are accessible by the public. Different security features like WPA2 can encrypt traffic, but there are techniques that have the power to tamper your security. So, it’s necessary to keep using different tools and methods to ensure your WiFi security. You can also read these tips to secure your home WiFi routerand take care of the hacking attempts.
Apart from Android, are there hacking tools for Windows, Linux, macOS, and iOS as well?
Before introducing you to the world of WiFi hacker apps for Android, let me tell you that such tools do exist for other platforms as well. You can also choose a dedicated operating system for ethical hacking. Take a look:
Disclaimer: The WiFi hacking Android apps mentioned ahead in this list are for educational purposes only and one is expected to use them for testing their own security. Hacking or attempting to crack someone else’s WiFi security without permission is a criminal offense. So, use these tools responsibly.
2017’s Top 12 WiFi Hacking Apps For Android
Note: It’s a continuously updated list. I’ll be adding more tools to this list in future.
For testing network security and making sure that you’ve got tools to protect yourself–you need a real WiFi hacking app for Android. Apart from letting you learn the nuances of WiFi hacking, such an app will make sure that you’ve got yourself covered. Popular security tool aircrack-ng is one such tool, which has been ported to Android by many Android developers and security enthusiasts. Running aircrack-ng on Android isn’t much of an issue, but the difficult part is having a WiFi chipset that supports monitor mode.
2. WPA WPS Tester
WPA WPS Tester Android app is one of the most popular WiFi password hacker tools, which was developed with an intention to scan the WiFi networks for vulnerabilities. This notorious hacking app is known for its ability to breaking the security. This app tests the connection to Access Points with WPS PIN, which are calculated using various algorithms like Zhao, Blink, Asus, Arris, etc. This app needs Android 4.0 and up for running.
3. Kali Linux Nethunter
Almost all of you must be knowing about Kali Linux, the best operating system for ethical hacking purposes. From their makers, Offensive Security, the Kali Linux Nethunter is the first open source Android penetration testing platform. Using this hacking Android app, you need to launch Kali’s Wifite tool to go ahead with the process. Nethunter’s configuration interface lets you take care of the complex configuration files. Its custom kernel, which supports 802.11 wireless injection, makes Kali Nethunter a must have Android hacking tool.
Zanti, from the house of Zimperium, is a widely popular hacking app that allows the security managers to analyze the risk levels in a network. This easy to use mobile penetration toolkit can be used for WiFi network assessment and penetration. Its WiFi scanner shows the access points with known default key configuration in green. You can also use the app to kill connections to prevent the target to access any website or server. By mirroring such methods used by cyber attackers, you can identify the holes in your network and make amends.
Reaver for Android, also called short RfA, is a WiFi password hacker app that’s a simple-to-use Reaver-GUI for Android smartphones. Shipping with the monitor-mode support that can be activated and deactivated anytime, Reaver detects WPS-enabled wireless routers on its own. With its GUI, all the Reaver settings are available. This WiFi hacking app launches a brute force attack against WPS registrar PINs and recovers the WPA/WPA2 passphrases. Tested on a wide variety of devices, Reaver is able to get the target AP’s plain text WPA/WPA2 passphrase in 2-5 hours. Last but not the least, Reaver for Android also supports external scripts.
6. Penetrate Pro
Penetrate Pro is a simple tool that has the potential to take care of your WiFi analysis needs. It requires rooting to work and scanning the WiFi networks available around. It works with different kinds of routers and calculates WEP/WPA keys.
Nmap for Android is a useful app to hack WiFi and taking a look into available hosts, services, packets, firewalls, etc. Nmap for Android is useful for both rooted and non-rooted Android devices. However, non-rooted users don’t get to use advanced features like SYN scan and OS fingerprinting. The developers of this WiFi hacker app have shared the already compiled binary versions of Nmap with OpenSSL support. Nmap is also available on other platforms like Windows, Linux, etc.
8. WiFi Kill
For most of the ethical hackers out there, WiFi Kill is one of the WiFi hacking apps that really work. As its name suggests, WiFi Kill is an application that lets you disable the internet connection of a device. With a simple interface, you can use WiFi Kill to get rid of the unnecessary users on the network. Its other features include showing the traffic used by a device, the network names, and grabbing the traffic of websites visited by other devices. Please note that WiFi Kill hacker app needs root access for functioning. When you fire the app, after scanning the network it shows different users connected. You can simply use the kill button to end the internet connectivity.
9. WPS Connect
WPS Connect is a popular WiFi hacking app for Android smartphones which you can install and start playing with the WiFi networks of the surroundings. Working on a rooted Android device, this application helps you disable other user’s internet connection. Its creator says that WPS Connect is primarily intended to use for verifying if your WiFi router is secure. Apart from default PINs, WPS Connect also includes algorithms like Zhao Chesung (ComputePIN) or Stefan Viehböck (easyboxPIN). Please note that this WiFi hacking app for Android works with Android 4.0 or higher.
WIBR+ was created to test the security and integrity of WiFi networks. By using Bruteforce and dictionary attacks, this app answers your “how to hack WiFi” questions. Moreover, WIBR+ app for cracking WiFi passwords also lets you use custom dictionaries. Depending upon your priority and network, you can select different options–lowercase, uppercase, numbers, and special characters–for performing the attack. Depending upon your password strength, WIBR takes time and cracks the password.
Whenever we start any discussion on how to sniff someone’s WiFi using Android devices, the mention of Netspoof, or NetwoSpoofer, comes very soon. It’s a WiFi hacker app that lets you play with websites on other people’s devices using your smartphone. Licensed under GNU GPNv3, this mobile application runs on rooted devices with ease. You can also use a custom firmware like CynogenMod to use this app. Some of the major features of this app are redirecting websites to other pages, deleting random words from websites, changing all pictures to troll face, etc.’
12. WiFi Analyzer (a prank app)
WiFi Analyzer isn’t exactly a WiFi hacker app for Android, it’s a prank app. I thought it would be a good idea to end this list of WiFi hacking apps with an app that lets you pretend as if you’ve broken into your friend’s WiFi and gained access. It has a very professional look and a WiFi scanner that detects all WiFi hotspots nearly. So, if you’re simply interested in fooling your friends, give this a try.
Other notable Android WiFi hacking apps:
Apart from the above-mentioned Android applications for penetration testing and security analysis, there exists an overabundance of other apps that you can download on your device and use. Some of such notable Android WiFi hacking tools are:
- Shark for Root
- Fing Networks Tools
- Router Keygen
- WiFi Inspect
So, did you find our list of best apps to hack WiFi network useful? Give them a try and improve ethical hacking skills.
More from Wikipedia
- 1Wireless network basics
- 2Wireless network frames
- 3Reconnaissance of wireless networks
- 4Penetration of a wireless network
- 5Reconnaissance of the local-area network
- 6Port scanning
- 6.1Open ports
- 6.2Common ports
- 6.3Specifying ports
- 6.4Specifying targets
- 6.5Specifying scan type
- 6.6Specifying scan speed
- 6.7Application identification
- 6.8Operating system identification
- 6.9Saving output
- 7Vulnerability scanning
- 8Exploitation of a vulnerability
- 9Maintaining control
- 10Prevention and Protection
- 13Crackers and society
- 14Theoretical information
- 15Practical information
- 17See also