1
00:00:01,090 --> 00:00:08,350
So airplay and deal authentication attack sends disassociation packets to one or more wireless clients

2
00:00:08,350 --> 00:00:10,930
currently associated with an access point.

3
00:00:11,820 --> 00:00:19,590
So by performing this attack, we will transmit 128 deal authentication packets, they authenticate

4
00:00:19,590 --> 00:00:25,020
the client from the access point as well as the access point from the client.

5
00:00:25,970 --> 00:00:30,090
And the client will lose network connectivity and then re associate.

6
00:00:30,680 --> 00:00:32,000
All right, you got it.

7
00:00:32,750 --> 00:00:33,530
So let's start.

8
00:00:34,500 --> 00:00:39,440
Our fake access point is still running, so we'll start an error dump energy session.

9
00:00:45,370 --> 00:00:49,240
And as you can see in this list, my phone is associated with a fake access point.

10
00:00:51,260 --> 00:00:55,280
So we'll start an arrow dumpings session for the fake access point.

11
00:01:05,470 --> 00:01:09,370
Now perform the deal authentication attack on the right terminal.

12
00:01:11,220 --> 00:01:19,290
So the argument that I'll give with the de'ath parameter is account for the number of times to perform

13
00:01:19,290 --> 00:01:20,120
the attack.

14
00:01:20,670 --> 00:01:27,720
So each attack will consist of 64 packets from the AP to the client and 64 packets from the client to

15
00:01:27,720 --> 00:01:28,320
the AP.

16
00:01:29,730 --> 00:01:35,790
Now, if you send a large number of packets, it will be a denial of service attack against that access

17
00:01:35,790 --> 00:01:36,090
point.

18
00:01:36,940 --> 00:01:39,820
So I'm just going to give zero for the pack at No.

19
00:01:40,740 --> 00:01:43,980
And it will continue to send packets until I start the session.

20
00:01:45,120 --> 00:01:49,230
You can stop the session just by the keyboard command control, see?

21
00:01:50,350 --> 00:01:56,500
The destination address is specified with s. and the blessed with a parameter.

22
00:01:57,600 --> 00:01:59,820
So we'll copy the Mac address of the client.

23
00:02:02,100 --> 00:02:08,640
And we can tell from the data packets whether their client has been authenticated or not, if the data

24
00:02:08,640 --> 00:02:13,320
packet numbers do not increase, the client is the authentic hated.

25
00:02:15,080 --> 00:02:17,720
If the authentic attack does not work.

26
00:02:18,740 --> 00:02:20,000
There could be several reasons.

27
00:02:21,450 --> 00:02:29,060
Could be or physically too far away from the client, you need enough transmit power to reach the client.

28
00:02:29,430 --> 00:02:32,010
That might be obvious, but you never know.

29
00:02:32,460 --> 00:02:36,870
Wireless cards work with particular modes such as B.G. and.

30
00:02:37,820 --> 00:02:38,510
Etc..

31
00:02:38,840 --> 00:02:44,620
So if your card is in a different mode than the client, the client may not receive your transmissions.

32
00:02:45,350 --> 00:02:50,420
Now, clients could also reconnect too fast for you to see that they have been disconnected.

33
00:02:51,300 --> 00:02:57,870
You can always look in the packet capture for free association packet's to confirm that your attack

34
00:02:57,870 --> 00:02:58,290
worked.