Wi-Fi deauthentication attacks using aireplay-ng
Wi-Fi deauthentication attacks allow you to disconnect any device from any network, even if you are not connected to the network. You don't even need to know the network's password.
Let's start by describing how to accomplish a Wi-Fi deauthentication attack:
- Find the MAC address of the target network's access point.
- Find the MAC address of the target client you wish to disconnect.
- Change the MAC address of your wireless interface to match the target client's MAC address.
- Send a request to the target network's access point, requesting to disconnect from the network.
- Change the MAC address of your wireless interface to match the target network's access point.
- Send a request to target client, requesting them to disconnect from the network.
This process is very cumbersome, but fortunately it can be automated using aireplay-ng, which is part of the Aircrack-ng suite.
Firstly, you need to put your wireless interface into monitor mode. I wrote how to do that here.
Secondly, you need to find the MAC address of the client you wish to deauthenticate, and the MAC address of the wireless access point it is connected to. You can achieve this using airodump-ng, which I wrote about here.
Next, you need to run
aireplay-ng in your terminal. Here is an example:
aireplay-ng --deauth 1000 -a 00:11:22:33:44:55 -c 00:AA:BB:CC:DD:EE wlan0
Let's break down the parameters:
--deauthto specify you wish to run a deauthenticate attack.
1000is the number of requests you wish to send. You can send one or multiple. In this example we are sending 1000. The larger the number, the longer the attack will last.
-a 00:11:22:33:44:55is the MAC address of the target access point.
-c 00:AA:BB:CC:DD:EEis the MAC address of the target client.
wlan0is the wireless interface you are running in monitor mode.
You may need to run the command with
sudo depending on your user privileges.
The target client will be disconnected from the target access point until your command has finished running.
This is a denial of service type attack, so please only do this against networks you own, or have explicit permission to attack! 🙏
This post was tagged: