How to hack Wi-Fi for better security

Free (or almost free) Wi-Fi penetration testing tools can help you spot potential Wi-Fi security vulnerabilities and figure out ways to protect against them.

hack your own wi fi neon wi fi keyboard hacker
Ralph Gaithe / Soifer / Getty Images

One way to bolster your understanding of Wi-Fi security is to do some hacking yourself. That doesn’t mean you should infiltrate a company’s network or snoop on a neighbor’s setup. Rather, ethical hacking and legitimate Wi-Fi penetration testing – done in cooperation with the network owner – can help you learn more about the strengths and limitations of wireless security. Understanding potential Wi-Fi vulnerabilities can help you to better protect the networks you manage and ensure safer connections when you access other wireless networks.

Start with a Wi-Fi stumbler

General purpose Wi-Fi stumblers are the simplest tools to add to your pen testing kit. Though typically passive tools, they serve an important purpose. They allow you to see nearby access points (AP) and their details, such as signal level, security/encryption type, and media access control (MAC) address.

Using a stumbler, you might find networks using weak security protocols, such as WEP or the original version of WPA. Or, walking through a property with a stumbler might reveal rogue APs set up by employees or others that could be opening your network to attack. Even if there are APs set with hidden or non-broadcasted service set identifiers (SSID), some stumblers can quickly reveal them.

One example of a stumbler is Vistumbler, an open source Windows application that displays basic AP details, including the exact authentication and encryption methods, and can reveal the SSID and signal level. It also displays graphs of signal levels and channel usage. It's highly customizable and offers flexible configuration options. Vistumbler supports AP names to help distinguish them, which also helps to detect rogue access points. It supports GPS logging and live tracking within the application using Google Earth.

If you don’t want to lug around a laptop and have a mobile device, consider using the AirPort Utility on your iOS device or a download an app on your Android

wifi analyzer farproc

WiFi Analyzer is an Android app that shows nearby wireless channels.

One mobile option is Wifi Analyzer, a free Android app you can use for finding access points on your Android-based smartphone or tablet. It lists the basic details for access points on the 2.4-GHz band and on supported devices on the 5-GHz band as well.

You can export the access point list (in XML format) by sending it to email or another app or take a snapshot of the screens. It also features graphs showing signals by channel, history and usage rating, and it has a signal meter feature to help find access points. (If a free stumbling app doesn’t cut it, check out our review of more robust commercial options)

Wi-Fi sniffers and airwave monitors

Wi-Fi sniffers go further than stumblers. Instead of just grabbing network details, sniffers capture and show and/or analyze the raw packets sent over the airwaves. Captured traffic can be imported into other tools, such as an encryption cracker. Some sniffers also include the functionality to do some analysis or cracking. In addition, some sniffers look for and report only on certain network traffic, such as those designed to reveal passwords sent in clear-text.

CommView for WiFi is a popular commercial Wi-Fi sniffer and analyzer that offers a 30-day limited trial. It has a stumbler feature to show network details, plus channel utilization stats and graphs. It can track IP connections and records any VoIP sessions. The tool also lets you capture and see the raw packets.

commview CommView for WiFi

CommView for WiFi is a wireless sniffer available for trying out through a 30-day limited trial.

If you’re connected to a Wi-Fi network, you can input its PSK passphrase so the decrypted packets will be shown. You can also set rules to filter the data you see and set alarms to track rogue devices. Other cool features include a traffic generator to do some spoofing; node reassociation to manually kick off clients; and TCP reconstruction to better view the captured data (text or photos).

Kismet is an open source Wi-Fi stumbler, packet sniffer, and intrusion-detection system that can run on Windows (with WSL framework), Mac OS X, Linux, and BSD. It shows the access point details, including the SSID of "hidden" networks. It can also capture the raw wireless packets, which you can then import into Wireshark, TCPdump, and other tools. In Windows, Kismet only works with CACE AirPcap wireless adapters due to the limitation of Windows drivers. It does, however, support a variety of wireless adapters in Mac OS X and Linux.

To continue reading this article register now

SD-WAN buyers guide: Key questions to ask vendors (and yourself)