Scribd
Upload
20 views5 pages

Report

Uploaded by

Abdul Rehman Sherazi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
20 views5 pages

Report

Uploaded by

Abdul Rehman Sherazi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

WiFiSniffing Assignment Report

02 December 2024

Team Members GC08


Zeeshan Ali
Sazeda Akter Rimi
Abdul Rehman Sherazi

Overview: Here details described steps and methodologies used to complete the WiFiSniffing
assignment. This consisted of two stages:

 Cracking the WPA2 password of the access point "SafestWiFi."


 Eavesdropping on the connected client’s communication to determine the web resources being
accessed.

Both stages were completed successfully during the class and packets successfully captured with the
findings, along with their implications and countermeasures, are described below.

Stage 0: Cracking WPA2

1. Setting Up Our Environment:

 We used a bootable USB drive running Live Kali Linux by enabling direct boot from the USB.
 We borrowed Alpha WIFI dongle from SBA Research center with necessary drivers.
Complete Procedure stage0

After confirm the environment setup we start our process and run the commands into terminal for the step
by step processing. The first we run the command “ip addr” to check the Wi-Fi alpha adopter is
connected with the Linux setup and then “iwconfig” We run the command “iw dev” see all the connected
Wi-Fi interfaces cards. I used the command”Uuname-a” to check the kali version.

In the start our WIFI adopter was in managed mode so we have to change it into monitor mood and then
we activated monitor mode by using the command “sudo airmon-ng start wlan0” command. We
confirm that the monitor mood is started by the command “sudo airmon-ng”. Then again run the
command “iwconfig” to check the adopter monitor mood confirmation.

From here I start the scanning available Wi-Fi devices. We run command “ sudo airodump-ng
wlan0mon” show all the detected access points. This gives me all available access points their channel
number signal strength and MAC address. After getting the Mac address and channel number of
“safestWiFi” which we have to crack. I run the command”sudo airodump-ng –w wifihack1 –c 1 --bssid
C0:4A:00:38:EC:AF wlan0mon” to try the access and getting a handshake.

Then we Sent deauthentication packets to the connected client to force reconnection by open a new
terminal window and rum the command “sudo aireplay-ng --deauth 0 –a C0:4A:00:38:EC:AF
wlan0mon” this deauthenticates all clients on the specified access point and start getting packets to if the
network open a access point in mean time and the handshake between that access point established. When
the client tries to reconnect to access point then we get the handshake capture.

Capturing the Handshake:


After some seconds we got our handshake tag in aurodump mood terminal. Then I used to list my all files
and here I have my wifiahck1 file containing all the packets of WiFi encrypted key data. After that I run
the command “wireshark Wifihack1.cap” and run that file in wireshrark and analyze all the packets.
Alongside this I stop my alpha dopter and changed its setting back to managed mode with the command
“sudo airmon-ng stop wlan0mon. in wireshark I apply the filter “eapol” to get that handshake specific
packet and in that I further I found the 804 auth sub setting which contains key data in encrypted form and
length of that.

Password Crack

Now we have file containing capture packets and I open “wordlists” and in start it ask confirmation to
configure rockyou.txt for using the brute force attack to crack the password from the packets capture file.
When that successfully imports done. Then I run the command in the terminal “ aircrack-ng
wifihack1.cap –w /usr/share/wordlist/rockyou.txt” it started running the possible combination and
then after some time I got my password which was “ [Shamrock]” on 2474 keys tested and got the
correct one.
Stage 1: Eavesdropping on Client Communication
1. Now we have the Wi-Fi password, we’ll use it to decrypt the network traffic.
2. To analyze the decrypted traffic to find out what websites the connected client is visiting.

We open the .cap file using Wireshark. We decrypted the capture using the recently discovered password.
This decryption process was done in Wireshark by navigating to Edit -> Preferences -> Protocols ->
IEEE 802.11 -> Edit decryption keys, and then we edit the password derived from stage0 and save the
settings. Now I have all the traffic packets as detailed on the Wireshark. I Filtered for HTTP traffic in
Wireshark using the following filter: http.request. And we get the data, here is it:
Here I can see the client accessing the link /watch?v=dQw4w9wgXcQ when I search this link
on the Google it’s the related to YouTube Video which is client searching.

We able to find the specific URL search because the client is using the HTTP protocol for the
transformation with our network traffic monitoring. As we know the HTTP requests are not
encrypted more securely that helps us to analyze the link which the client trying to access.

As the client accessed the website using the HTTP protocol, which allowed us to view the full
URL of the website because the connection is unencrypted and the data is sent in plaintext.

But being an operator we have to implement HTTPS protocol and also SSL certification for the
safe internet access.

You might also like