blob: 8957774087e741d616f6af2ec89667c1f557b873 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
. listen to all MACs (OUI) to identify target (listen_target.sh)
listen_target.sh
* List clients
* Assoc ? AP name, BSSID
* Query ? List
* Power
* Store in DB
* Localisation AP (google ?)
* Recherche AP (google ?)
* Recouper client entre sessions
* Recouper AP entre clients
* DB of matching MAC / OUI / Extensions
with Equipment / Brand / Model / Options
. listen to networks seeked by target
. if fails, deauth target to see which network it seeks (listen_target.sh)
. create our AP named as discovered AP (create_ap.sh)
. maybe create on a different channel ?
. fuzz AP / BSSID where target is connected to
. send broken packets with MAC of the target AP, can it make clients not trust it ?
. deauth target from AP it's connected to
. accept connection to our AP, offer internet. intranet ?
. mitm
. if noob, mitm ssl
. if noob, enter wifi password
|