blob: 8957774087e741d616f6af2ec89667c1f557b873 (plain
. listen to all MACs (OUI) to identify target (listen_target.sh)
* List clients
* Assoc ? AP name, BSSID
* Query ? List
* Store in DB
* Localisation AP (google ?)
* Recherche AP (google ?)
* Recouper client entre sessions
* Recouper AP entre clients
* DB of matching MAC / OUI / Extensions
with Equipment / Brand / Model / Options
. listen to networks seeked by target
. if fails, deauth target to see which network it seeks (listen_target.sh)
. create our AP named as discovered AP (create_ap.sh)
. maybe create on a different channel ?
. fuzz AP / BSSID where target is connected to
. send broken packets with MAC of the target AP, can it make clients not trust it ?
. deauth target from AP it's connected to
. accept connection to our AP, offer internet. intranet ?
. if noob, mitm ssl
. if noob, enter wifi password