Figure 7-4. Using wifite to gather BSSIDs
Figure 7-4
shows the list of APs that have been identified. Once you have that list, you
need to select the APs you want to test. Once you have the SSID you want to test
against showing in the list, you press Ctrl-C to have
wifite
stop looking for networks.
You then select a device from the list or you can select all.
Example 7-3
shows
wifite
starting testing against all the APs.
Example 7-3. wifite running tests
[
+
]
select
target numbers
(
1-5
)
separated by commas, or
'all'
: all
[
+
]
5
targets selected.
[
0:08:20
]
starting wpa handshake capture on
"CasaChien"
[
0:08:09
]
sending
5
deauth to *broadcast*...
As mentioned,
wifite
uses various strategies by default. In addition to trying to cap‐
ture the handshake required by WPA, as you can see in
Example 7-3
,
wifite
will also
take a pass at running the Pixie Dust attack. You can see attempts to run that attack
against the APs that have WPS enabled in
Figure 7-5
. You will also note there that
wifite
was able to capture the WPA handshake, which it saved as a pcap file for later
analysis.
This will run for a while, attempting to trigger the vulnerabilities that exist against the
encryption and authentication mechanisms supported. Because all five targets were
selected, it will take quite a bit longer than if I were just testing one of the devices. To
run these tests,
wifite
needs to send frames that wouldn’t be part of the normal pro‐
cess. Other tools do similar things by injecting traffic into the network in order to
watch the responses from the network devices. This may be essential in trying to
gather enough traffic for analysis.
