-
Notifications
You must be signed in to change notification settings - Fork 315
X. ESSID Cloaking
Gabriel Ryan edited this page Sep 12, 2019
·
2 revisions
EAPHammer supports the creation of hidden wireless networks. Just add one of the following three flags to whatever attack you're performing:
- --cloaking full - Send empty string as ESSID in beacons and ignore broadcast probes.
- --cloaking zeroes - Replace all characters in ESSID with ASCII 0 in becaons and ignore broadcast probes.
- --cloaking none - Do not use ESSID cloaking (default). For example, to add full ESSID cloaking to a Hostile Portal attack:
./eaphammer -i wlan0 \
-e TotallyLegit \
-c 1 --auth open \
--hostile-portal \
--cloaking full
There are a couple of reason why you might want to use ESSID cloaking:
- The network you are targeting uses ESSID cloaking (although in a lot of cases you'll get better results without cloaking your rogue access point. Try it without cloaking first).
- You are performing a Karma attack.
-
- XIV.1 - Interactive Mode
-
XIV.2 - Creating Certificates
--cert-wizard create -
XIV.3 - Importing Certificates and Keys
--cert-wizard import - XIV.4 - Listing Previously Imported or Created Certificates
--cert-wizard list - XIV.5 - Regenerating Diffie Hellman (DH) Parameters
--cert-wizard dh - XIV.6 - Overriding EAPHammer's Static Configuration