Skip to content
Tanner1638 edited this page May 19, 2017 · 3 revisions

Project: Network Ninja

This wiki page is a work-in-progress

Introduction

What it is

NOTE This applies only to the currently released version!

Basically it’s a device which performs a deauth attack. You select the clients you want to disconnect from their network and start the attack. As long as the attack is running, the selected devices are unable to connect to their network. Other attacks also have been implemented, such as beacon or probe request flooding.

How it works

The 802.11 Wi-Fi protocol contains a so called deauthentication frame. It is used to disconnect clients safely from a wireless network.

Because these management packets are unencrypted, you just need the mac address of the Wi-Fi router and of the client device which you want to disconnect from the network. You don’t need to be in the network or know the password, it’s enough to be in its range.

What do I use to run this?

This project is currently being carried out using the NodeMCU ESP8266 Development Board. The ESP8266 is a cheap micro controller with built-in Wi-Fi. It contains a powerful 160 MHz processor and it can be programmed using Arduino.

You can BUY THE ESP8266 for under $5 or so (under $2 from China!)

Side note: The product linked above is the product I have purchased my self and there were absolutely no problems receiving the package in both condition and timely manner

How to protect against Deauth Attack

With 802.11w-2009 Wi-Fi got an update to encrypt management frames. So make sure your router is up to date and has management frame protection enabled. But note that your client device needs to support it too, both ends need to have it enabled!

The only problem is that most devices don’t use it. I tested it with different Wi-Fi networks and devices, it worked every time! It seems that even newer devices which support frame protection don’t use it by default.

disconnect from the network. You don’t need to be in the network or know the password, it’s enough to be in its range.

Disclaimer

Use it only for testing purposes on your own devices! I don't take any responsibility for what you do with this program.

Please check the legal regulations in your country before using it. It is not a frequency jammer as claimed falsely by many people. Its attack, how it works and how to protect against it is described above. It uses valid Wi-Fi frames described in the official 802.11 standard and doesn't block or disrupt any other communications or frequencies.

Any redistributing, advertising or selling of this project as "jammer" without clearly stating it as a pentesting device for testing purposes only, is prohibited!

My intention with this project is for proof of concept ideas. This attack shows how vulnerable the 802.11 Wi-Fi standard is and that it has to be fixed.

Installation [I will add in how to install this after v1.2.0 release]

The only thing you will need is a computer and an ESP8266.

FAQ

Could it auto-deauth all APs in the range?

Yes, but I have not implement this 'feature' for ethical and legal reasons.

Can it sniff handshakes?

The ESP8266 has a promiscuous mode in which you can sniff packets, but handshake packets are dropped and there is no other way to get them with the functions provided by the SDK. Maybe someone will find a way around this barrier in the future.

Sources and additional links

deauth attack: https://en.wikipedia.org/wiki/Wi-Fi_deauthentication_attack

deauth frame: https://mrncciew.com/2014/10/11/802-11-mgmt-deauth-disassociation-frames/

ESP8266:

https://de.wikipedia.org/wiki/ESP8266 https://espressif.com/en/products/hardware/esp8266ex/overview packet injection with ESP8266:

http://hackaday.com/2016/01/14/inject-packets-with-an-esp8266/ http://bbs.espressif.com/viewtopic.php?f=7&t=1357&p=10205&hilit=Wi-Fi_pkt_freedom#p10205 https://github.com/pulkin/esp8266-injection-example 802.11w-2009: https://en.wikipedia.org/wiki/IEEE_802.11w-2009

Wi-Fi_send_pkt_freedom function limitations: http://esp32.com/viewtopic.php?f=13&t=586&p=2648&hilit=Wi-Fi_send_pkt_freedom#p2648