If you try to run a fake authentication attack against a WEP network using shared authentication, you will receive an error from Aireplay. Shared key authentication, requires that the station and AP both have the same WEP key in order to authenticate. # Interactive packet replay attack with the forge ARP packet # Forging ARP packet with the xor packet from chop chop attack If it is running shared key authentication, the only way to execute this attack is to use a previously captured PRGA XOR handshake.
On WPA/WPA2 networks, the client needs to reauthenticate as it reconnects to the network, allowing us to capture the 4-way handshake. Replaying theses ARP packets will help us force the access point to generate a large number of weak initialization vectors. During the reconnection stage, there is a high probability that an ARP packet will be sent to the AP. Deauthentication attackĪfter a client is deauthenticated, it will reconnect to the wireless network.
By collecting enough of these IVs, aircrack-ng can then be used to crack the WEP key. This, in turn, causes the AP to repeat the ARP packet with a new IV. The attack listens for an ARP packet and then retransmits it back to the access point.
Do not attempt to perform a fake authentication attack for a specific MAC address if the client is still active on the AP. In this case, you will need to obtain a valid MAC address by observing traffic using Airodump-ng and impersonate it once the client goes offline. The AP will only accept connections from specific MAC addresses. If fake authentication is never successful, then MAC address filtering may be in use. Note that the fake authentication attack does not generate ARP packets so don’t try to use this attack to capture ARP files.
This attack is useful in scenarios where there are no associated clients and you need to fake an authentication to the AP. The fake authentication attack, allows you to associate to an access point. WEP CRACKING Cracking WEP with Connected Clients THEORY Fake authentication WIFU Listing wireless access points that are within rangeĪireplay-ng is primarily used to generate or accelerate wireless traffic for the later use with Aircrack-ng to crack WEP and WPA-PSK keys.