Introduction
Wifite is a wireless auditing tool developed by Derv82 and maintained by kimocoder. You can find the original repository . In the latest Kali Linux, it comes pre-installed. It’s a great alternative to the more tedious to use wireless auditing tools and provides simple CLI to interact and perform wireless attacks. It has great features like 5GHz support, Pixie Dust attack, WPA/WPA2 handshake capture attack and PMKID attack as well.Basic Filters
We can launch this tool by simply typing the name of the tool. To view the help page we have a -h flag
As you can see there are various options in the help menu here. We’ll try a few of these in this article.
Let’s first see which wireless network I’m connected to currently
wifite -i wlan0
My access point is on channel 10. Let’s see what all access points are operating on the same channel
wifite -c 10
Here, you can see that monitor mode is being auto-enabled while scanning. Wifite has detected two more networks on channel 10.
Let’s try to add one more channel to the scanning list
wifite -c 10,6
Ahh, the results have increased now. Now let’s filter out only the access points with clients connected.
wifite --clients-only
You can see that wifite has detected 2 APs with clients connected.
ARP Replay Attack against WEP protocol
Now let’s say we have done whatever we wanted to with our wifi adapter and we want to change it from monitor mode to managed mode (default mode) after we stop using wifite. We can do this by:
wifite --daemon
The next filter is to find all the networks around me that are running on WEP protocol and perform a quick Replay Attack against them.
Replay attack: In this attack, the tool tries to listen for an ARP packet and sends it back to the access point. This way AP will be forced to create a new packet with new initialization vector (IV – starting variable to encrypt something). And now the tool would repeat the same process again till the time data is enough to crack the WEP key.
This can be done by:
wifite --wep
Then,
ctrl+c to stop scanning
choose target. Here, 1
As you can see that after 20 thousand plus replay packets, the tool has found the key successfully and saved it in a JSON file.
Please note that WPA implements a sequence counter to protect against replay attacks. Hence, it is recommended not to use WEP.
In part 2 we will see WPA/WPA2 handshake capture.