Learn the basic working of Wi-Fi and its types with various types of attacks on it.

Basic Working of WiFi

Radio Signals: WiFi works by transmitting data over radio waves. Devices communicate in the WiFi network by sending and receiving radio signals.

Access Points (APs) act as the central hub for WiFi connections. They receive data from connected devices and transmit it to other devices on the network.

Network Identification: WiFi networks are identified by their Service Set IDentifier (SSID) which in simple terms is the network name.

Authentication and Encryption: When a device connects to a WiFi network, it undergoes an authentication process to verify its identity. WiFi protocols such as WPA2 or WPA3 are used to secure data transmissions over the network.

Types of WiFi

802.11 b/g/n: These are older WiFi standards operating primarily in the 2.4 GHz frequency band. They offer relatively slower speeds compared to newer standards.

802.11 ac: Also known as WiFi 5, this standard operates in both the 2.4 GHz and 5 GHz bands, providing faster speeds and improved performance compared to older standards.

802.11 ax: Also referred to as WiFi 6, this is the latest WiFi standard offering even higher speeds, lower latency, and improved efficiency, especially in high-density environments.

Types of WiFi Attacks

Eavesdropping (Passive Attacks): Attackers can intercept WiFi signals to capture sensitive information such as passwords or financial data without actively engaging with the network.

Man-in-the-Middle (MITM) Attacks: In this type of attack, the attacker intercepts communication between two parties, potentially altering or eavesdropping on the data being transmitted.

Brute Force Attacks: Attackers attempt to crack WiFi passwords by systematically trying all possible combinations until they find the correct one.

Evil Twin Attacks: Attackers set up rogue access points with the same SSID as a legitimate network, tricking users into connecting to it and potentially exposing their data.

Denial of Service (DoS) Attacks: Attackers flood a WiFi network with an overwhelming amount of traffic, causing it to become unavailable to legitimate users.

WPS Vulnerabilities: WiFi Protected Setup (WPS) is a feature that simplifies the process of connecting devices to a WiFi network, but it can also introduce security vulnerabilities if not properly configured, allowing attackers to gain unauthorized access.

Connect the wireless adapter

We enable monitor mode in the adapter in the adapter.

Perform Wi-Fi fingerprinting

Wifite

we swtich to sudo user and start wifite and scan the wifi network the around the area

So we can see it shows all the available networks and how many clients are connected to it.

Create an Access point with any Wi-Fi encryption standard and start testing the security of that connection using any Wi-Fi security testing tools, which should include (Aircrack-Ng, Wifite, not limited). Try to capture the 4-way handshake using these methods.

So our target here Target so we will be attacking this network and it's using the wpa-p

So it 1 deauthenticate the clients in that is connected to target network try to capture the handshake.

It saves it as a pcap file and try to crack the password using the specified wordlist and we can see the key after cracking the i.e 12345678.

So we try analyze the wireshark pcap that is saved along with this we can see that the 4 hand shake was captured.

Also you have to create your dictionary file for cracking the passwords.

To generate a wordlist, we can use the crunch command.

crunch 8 12 012345678abcdefghijklmnopqrstuvwxyz -o wordlist.txt

Use Rouge AP (WifiPhisher) to create an Evil twin, perform a basic phishing attack using this rouge AP, and document the difference between the two attacks you have performed.

We have install WifiPhisher. sudo apt install WifiPhisher

When run WifiPhisher we have to select which wifi fake have to create.

We have to select what phishing we have to perform i have select auth login

So with help of WifiPhisher we created fake Amrita wifi and we will try to connect ot it.

So as soon as the andriod device is connected it shows in the screen.

And in the andriod device we are getting web page asking for password.

And we enter the password in the website it reflected back when we close the tool.

Learn the protocol level working of WPA3 and how it differs from WPA2.

WiFi Protected Access 3 (WPA3) is the security protocol for WiFi networks succeeding WPA2. It enhances the security features and addresses some of the security vulnerabilities provided by WPA2.

Key Establishment and Authentication WPA3 introduced a handshake protocol called Simultaneous Authentication of Equals (SAE), which is based on DragonFly Key Exchange Protocol. This mitigated the vulnerabilities present in WPA2's four way handshake, hence making the WPA3 resistant to offline dictionary attacks and password guessing attacks.

Encryption WPA3 introduced support for Galois Counter Mode (GCMP). This offers similar security to Chaining Message Authentication Code Protocol (CCMP) but is more efficient in terms of processing power, which can improve battery life of the devices.

Protection against Brute Force Attacks WPA3 incorporated stronger protections against brute force attacks through the use of hash to group feature in the DragonFly handshake protocol. This made it significantly harder for attackers to guess the passphrase by making repeated brute force attempts.

Forward Secrecy WPA3 offers perfect forward secrecy ensuring that even if an attacker were to compromise the network's security key in the future, they would not be able to decrypt past data transmitted in the network.