Targeted Active PMKID Sniff workflow

The following documentation describes a method of traffic sniffing where WPA handshakes are provoked from client and AP by means of deauthentication attack. Unlike the a general active PMKID sniff, this workflow utilizes a pre-scanned list of access points to ensure only the target devices are disrupted.

Build list of target access points

scanap

Display list of available access points

list -a

Select a target access points from the list. Multiple access points may be specified

select -a 0,1

Verify access points 0 and 1 have been selected with list

list -a

Execute a targeted active PMKID sniff

sniffpmkid -d -l

You will see notification text indicating when a beacon from a target access point is received and that a deauthentication attack is being executed.

Note: Channels are cycled one channel every second when using the -l switch. There is no need to manually set/update the channel before/during the sniff.

References

Home
About
FAQ
Marauder Versions
Troubleshooting
Getting Started
- Arduino IDE Setup
- DIY Platforms
  - ESP32 Marauder Kit
  - Flipper Zero
- Installing Firmware
  - Installing Firmware via OTA
  - Installing Firmware From Source
Update Firmware
Hardware
Status Bar
Commandline
Marauder Settings
Applications
Thanks
Countdown Page
How to make biscuits and sausage gravy

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Targeted Active PMKID Sniff workflow

Targeted Active PMKID Sniff workflow

References

Clone this wiki locally