Shulou(Shulou.com)06/01 Report--

As a tool integrated under BT5, its functions can be said to be quite rich, but the specific usage is difficult to find completely, the following is the aircrack-ng series tool parameter description I wrote according to the aircrack official website document:

Airbase-ng as a multi-target tool, by masquerading as AP*** client, because of its rich variety of features, a simple overview is difficult, here are some common features:

1. Implement caffe latte WEP***

2. Implement hirte WEP client ***

3. Capture handshake packets in WPA/WPA2 authentication

Disguised as AD-Hoc AP

5. Completely masquerading as a legitimate AP

Filter by SSID or client MAC address

7. Manipulate the packet and resend it

8. Encrypt the data packets sent and decrypt the captured data packets

The main purpose is to allow clients to connect to spoofed APs, rather than prevent them from connecting to real APs. Airbase-ng creates a tap interface when it runs, which can be used to receive decrypted or send encrypted packets.

A real client sends a probe request. In a normal network, this data frame is important for us to bind the client to our soft AP. In this case our soft AP will respond to any probe request. It is recommended to use filtering to prevent all nearby APs from being affected (ssid)

Usage:

Airbase-ng parameter interface

Parameters:

-a----Set ssid of soft AP

-i----interface from which to grab packets

-w---Use this wep key to encrypt/decrypt packets

-h MAC: Source MAC address (MAC address in the middle ***)

-f disallow: MAC address of a client is not allowed (default is allowed)

-W {0| 1}:(NO), do not set WEP flag on beacon (allowed by default)

-q: withdrawal

-v (--verbose): Display progress information

-A: ad-hoc peer mode

-Y in| out| both: packet processing

-c: channel

X: Hide SSID

-s: Mandatory authentication mode is set to share authentication

-S: Set the length of the shared key, the default is 128 bits

-L：caffe-Latte***

-N: hirte***, generates ARP request against WEP client?

-x nbbps: packets per second

-y: Do not respond to broadcast probe requests (i.e. only respond to unicast probe requests carrying SSIDs)

-z: Set WPA1 flag, 1 for WEP40, 2 for tkip 3 for WRAP 4 for CCMP 5 for wep104 (i.e. different authentication methods)

-Z: Same as-z, only for WPA2.

-V: Deception EAPOL 1 for MD5 2 for SHA1 3 for Auto

-F xxx: Place all received data frames into a file prefixed with xxx

-P: Respond to all probes requests, including special ESSID

-I: Set beacon data frame transmission interval, unit: ms

C: Beacon for ESSID enabled

Filter options:

--bssid(-b) |: Filter according to MAC of AP

--bssids files: filter by SSID in file

--client (-c) MAC: Allows clients to specify MAC addresses to connect

--clients file: lets clients connect to MAC addresses in files

--essid: Create a special SSID

--essids file: based on SSID in a file

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.