Setting up a scenario where you are duplicating an existing and
expected SSID is called an
Evil Twin attack
. The evil twin is the
SSID your system is advertising, since the intention is to collect
information from unsuspecting users.
Wireless Honeypot
Honeypots are generally used to sit and collect information. Honeypots on a network
have commonly been used to collect attack traffic. This can help to gather informa‐
tion about previously unknown attacks. This is one way new malware can be collec‐
ted. When it comes to WiFi networks, though, we can use a honeypot to collect
information from the client. This can be tricky if clients are expecting to use different
encryption mechanisms. Fortunately, Kali can help us with that.
wifi-honey
starts up four monitor threads to take care of the possibilities for encryp‐
tion: none, WEP, WPA1 and WPA2. It also starts up an additional thread to run
airodump-ng
. This can be used to capture the initial stages of a four-way handshake
that can be used later with a tool like coWPAtty to crack the preshared key. To run
wifi-honey
, you have to provide the SSID you want to use, the channel to be active on,
and the wireless interface you want to use. You can see an example of running
wifi-
honey
in
Example 7-15
.
Example 7-15. Running wifi-honey
root@savagewood:/# wifi-honey FreeWiFi
6
wlan0
Found
3
processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of
time
, you may want to run
'airmon-ng check kill'
PID Name
426
NetworkManager
584
wpa_supplicant
586
dhclient
PHY Interface Driver Chipset
phy0 wlan0 rt2800usb Ralink Technology, Corp. RT5372
(
mac80211 monitor mode vif enabled
