- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
Here are some Wi-Fi hacking techniques and the tools — nearly all free — you can use for penetration testing. These tools will help you uncover rogue access points, weak Wi-Fi passwords, and spot other weaknesses and security holes before someone else does. (See How to hack a parking meter.)
Stumbling and Sniffing
You can use Wi-Fi stumblers to detect nearby access points and their details, like the signal level, security type and media access control address. You might find access points set with weak Wired Equivalent Privacy security, which can be easily cracked, or possibly rogue access points setup by employees or others that could be opening your network up to attack. If there are access points set with a hidden or non-broadcasted SSID (network name), Wi-Fi stumblers can quickly reveal it.
You can use wireless sniffers to capture raw network packets sent over the air. You could import the captured traffic into other tools, such as to crack encryption. Or if you're connected to the network (or if it's not encrypted), you could manually look for email and website passwords sent in clear-text.
Here are a few Wi-Fi stumblers and sniffers:
Vistumbler is an open source Windows application that displays the basic access point details, including the exact authentication and encryption methods, and can even speak the SSID and RSSI. It also displays graphs of signal levels. It's highly customizable and offers flexible configuration options. It supports access point names to help distinguish them, also helping to detect rogue access points. It also supports GPS logging and live tracking within the application using Google Earth.
Kismet is an open source Wi-Fi stumbler, packet sniffer, and intrusion-detection system that can run on Windows, Mac OS X, Linux, and BSD. It shows the access point details, including the SSID of "hidden" networks. It can also capture the raw wireless packets, which you can then import into Wireshark, TCPdump, and other tools. In Windows, Kismet only works with CACE AirPcap wireless adapters due to the limitation of Windows drivers. It does, however, support a variety of wireless adapters in Mac OS X and Linux.
Wifi Analyzer is a free Android app you can use for finding access points on your Android-based smartphone or tablet. It lists the basic details for access points on the 2.4-GHz band, and on supported devices on the 5-GHz band as well. You can export the access point list (in XML format) by sending it to email or another app or take snapshot of the screens. It also features graphs showing signals by channel, history, and usage rating and also has a signal meter feature to help find access points.
WEP Key and WPA/WPA2-Personal Cracking
There are many tools out there that can crack Wi-Fi encryption, either taking advantage of WEP weaknesses or using brute-force dictionary-based attacks on WPA/WPA2-Personal (PSK). Thus you should never use WEP security.