List of 802.11 Modules¶
wifi_info¶
Presentation¶
wifi_info gets informations on a given WiFi interface. It can also show the different capabilities of the interface (SHOW_CAPABILITIES parameter).
Compatible devices¶
Input parameters¶
Name |
Default value |
Possible values |
Description |
|---|---|---|---|
INTERFACE |
wlan0 |
wlanX |
Interface to analyse |
SHOW_CAPABILITIES |
yes |
yes|no |
Indicates if the capabilities of the interface should be displayed |
Output parameters¶
Name |
Possible values |
Description |
|---|---|---|
INTERFACE |
wlanX |
Analysed interface |
ADDRESS |
<MAC address> |
MAC address of the interface |
MODE |
<WiFi interface mode> |
Current mode of the interface |
CHANNEL |
<integer> |
Current channel of the interface |
Usage¶
To get complete information about an interface, use the following command:
$ mirage wifi_info INTERFACE=wlp2s0
[INFO] Module wifi_info loaded !
┌───────────┬───────────────────┬─────────┬─────────┐
│ Interface │ MAC Address │ Mode │ Channel │
├───────────┼───────────────────┼─────────┼─────────┤
│ wlp2s0 │ F8:28:19:9A:30:39 │ Monitor │ 1 │
└───────────┴───────────────────┴─────────┴─────────┘
[INFO] Mirage process terminated !
wifi_scan¶
Presentation¶
wifi_scan scans for WiFi access points and stations. It allows to configure the execution time (TIME parameter), along with the fact to scan either stations, access points or both (STATIONS and ACCESS_POINTS parameters).
Compatible devices¶
Input parameters¶
Name |
Default value |
Possible values |
Description |
|---|---|---|---|
INTERFACE |
wlan0 |
wlanX |
Interface to use |
TIME |
14 |
<integer> |
Execution time |
STATIONS |
yes |
<boolean> |
Scan for stations |
ACCESS_POINTS |
yes |
<boolean> |
Scan for access points |
Output parameters¶
If no devices are found, no output parameters are generated.
If only one device is found, the following output parameters are generated:
if the device is an Access Point:
Name
Possible values
Description
AP_ADDRESS
<MAC address>
MAC address of the access point
AP_SSID
<SSID>
SSID of the access point
AP_CHANNELS
<integer list>
Channels of the access point
if the device is a Station:
Name
Possible values
Description
TARGET
<MAC address>
MAC address of the station
CHANNELS
<integer list>
Channels of the station
If multiple devices have been identified, the same output parameters are generated, but are suffixed by the number of the device :
Name |
Possible values |
Description |
|---|---|---|
AP_ADDRESS1 |
<MAC address> |
MAC address of the 1st access point |
AP_SSID1 |
<SSID> |
SSID of the 1st access point |
AP_CHANNELS1 |
<integer list> |
Channels of the 1st access point |
STATION_ADDRESS1 |
<MAC address> |
MAC address of the 1st station |
STATION_CHANNELS1 |
<integer list> |
Channels of the 1st station |
AP_ADDRESS2 |
<MAC address> |
MAC address of the 2nd access point |
AP_SSID2 |
<SSID> |
SSID of the 2nd access point |
AP_CHANNELS2 |
<integer list> |
Channels of the 2nd access point |
STATION_ADDRESS2 |
<MAC address> |
MAC address of the 2nd station |
STATION_CHANNELS2 |
<integer list> |
Channels of the 2nd station |
... |
... |
... |
Usage¶
To scan for both stations and access points, you can use the following command:
$ mirage wifi_scan
[INFO] Module wifi_scan loaded !
[INFO] New channel : 1
┌Access Point Found─┬──────────────────────────────────┬─────────┐
│ MAC Address │ SSID │ Channel │
├───────────────────┼──────────────────────────────────┼─────────┤
│ DC:9F:DB:F3:EF:9A │ LAN1 │ 1 │
│ DE:9F:DB:F7:B6:0A │ │ 1 │
│ 06:53:7C:94:87:47 │ Vodafone Homespot │ 1 │
│ 04:53:7C:94:87:46 │ Vodafone Hotspot │ 1 │
└───────────────────┴──────────────────────────────────┴─────────┘
[INFO] New channel : 2
┌Access Point Found─┬──────────────────────────────────┬─────────┐
│ MAC Address │ SSID │ Channel │
├───────────────────┼──────────────────────────────────┼─────────┤
│ DC:9F:DB:F3:EF:9A │ LAN1 │ 1 │
│ DE:9F:DB:F7:B6:0A │ │ 1 │
│ 06:53:7C:94:87:47 │ Vodafone Homespot │ 1 │
│ 04:53:7C:94:87:46 │ Vodafone Hotspot │ 1 │
│ E4:3E:D7:3B:AF:CD │ DonCorleone │ 2 │
└───────────────────┴──────────────────────────────────┴─────────┘
[INFO] New channel : 3
[INFO] New channel : 4
[INFO] New channel : 5
[INFO] New channel : 6
┌Access Point Found─┬──────────────────────────────────┬─────────┐
│ MAC Address │ SSID │ Channel │
├───────────────────┼──────────────────────────────────┼─────────┤
│ DC:9F:DB:F3:EF:9A │ LAN1 │ 1 │
│ DE:9F:DB:F7:B6:0A │ │ 1 │
│ 06:53:7C:94:87:47 │ Vodafone Homespot │ 1 │
│ 04:53:7C:94:87:46 │ Vodafone Hotspot │ 1 │
│ E4:3E:D7:3B:AF:CD │ DonCorleone │ 2 │
│ DC:9F:DB:F3:EE:C3 │ LAN1 │ 6 │
│ 06:18:D6:01:95:78 │ │ 6 │
└───────────────────┴──────────────────────────────────┴─────────┘
┌Stations Found─────┬─────────┐
│ MAC Address │ Channel │
├───────────────────┼─────────┤
│ 5E:F8:E1:A5:4F:2B │ 5,6 │
└───────────────────┴─────────┘
┌Stations Found─────┬─────────┐
│ MAC Address │ Channel │
├───────────────────┼─────────┤
│ 5E:F8:E1:A5:4F:2B │ 5,6 │
│ B4:74:43:6E:58:C3 │ 6 │
└───────────────────┴─────────┘
[INFO] New channel : 7
[INFO] New channel : 8
┌Stations Found─────┬─────────┐
│ MAC Address │ Channel │
├───────────────────┼─────────┤
│ 5E:F8:E1:A5:4F:2B │ 5,6 │
│ B4:74:43:6E:58:C3 │ 6 │
│ 1A:B1:37:5C:A7:7D │ 7 │
└───────────────────┴─────────┘
[INFO] New channel : 9
^C[INFO] Disabling monitor mode ...
[INFO] Mirage process terminated !
wifi_rogueap¶
Presentation¶
wifi_rogueap creates a fake WiFi access point (not connectible). You can choose the SSID of this fake AP using the SSID parameter, and you can also provide the channel and cryptographic suite to use (CHANNEL and CYPHER parameters).
Compatible devices¶
Input parameters¶
Name |
Default value |
Possible values |
Description |
|---|---|---|---|
INTERFACE |
wlan0 |
wlanX |
Interface to use |
SSID |
mirage_fakeap |
<string> |
ESSID of the fake access point |
CHANNEL |
8 |
<integer> |
Channel of the fake access point |
CYPHER |
OPN |
OPN|WPA|WPA2|WEP |
Type of the fake network |
Output parameters¶
This module doesn’t provide any output parameters.
Usage¶
To create an open Fake Access Point named “MirageFakeAP” on the channel 13, use the following command:
$ mirage wifi_rogueap INTERFACE=wlp2s0 SSID=MirageFakeAP CYPHER=OPN CHANNEL=13
[INFO] Module wifi_rogueap loaded !
[INFO] New channel : 1
[INFO] New channel : 13
[INFO] Incoming Probe Request from : B4:74:43:6E:58:C3
[INFO] Answering...
[INFO] Incoming Probe Request from : B4:74:43:6E:58:C3
[INFO] Answering...
[INFO] Incoming Probe Request from : B4:74:43:6E:58:C3
[INFO] Answering...
[INFO] Incoming Probe Request from : B4:74:43:6E:58:C3
[INFO] Answering...
[INFO] Incoming Probe Request from : B4:74:43:6E:58:C3
[INFO] Answering...
[INFO] Incoming Probe Request from : B4:74:43:6E:58:C3
[INFO] Answering...
[INFO] Incoming Probe Request from : B4:74:43:6E:58:C3
[INFO] Answering...
^C[INFO] Mirage process terminated !
If you want to use another cypher method, you can change the CYPHER parameter:
$ mirage wifi_rogueap INTERFACE=wlp2s0 SSID=MirageFakeAP CYPHER=WPA2 CHANNEL=13
[INFO] Module wifi_rogueap loaded !
[INFO] New channel : 1
[INFO] New channel : 13
[INFO] Incoming Probe Request from : B4:74:43:6E:58:C3
[INFO] Answering...
[INFO] Incoming Probe Request from : B4:74:43:6E:58:C3
[INFO] Answering...
[INFO] Incoming Probe Request from : B4:74:43:6E:58:C3
[INFO] Answering...
[INFO] Incoming Probe Request from : B4:74:43:6E:58:C3
[INFO] Answering...
[INFO] Incoming Probe Request from : B4:74:43:6E:58:C3
[INFO] Answering...
[INFO] Incoming Probe Request from : B4:74:43:6E:58:C3
[INFO] Answering...
[INFO] Incoming Probe Request from : B4:74:43:6E:58:C3
[INFO] Answering...
^C[INFO] Mirage process terminated !
wifi_deauth¶
Presentation¶
wifi_deauth performs a Deauthentication attack on a WiFi station. It allows to configure the source of the spoofed packets (SOURCE parameter), the target (TARGET parameter), along with fine configuration for the attack, and the number of times to send the packets (COUNT parameter, 0 means send continuously).
Compatible devices¶
Input parameters¶
Name |
Default value |
Possible values |
Description |
|---|---|---|---|
INTERFACE |
wlan0 |
wlanX |
Interface to use |
SOURCE |
00:11:22:33:44:55 |
<MAC address> |
AP’s MAC address |
TARGET |
FF:FF:FF:FF:FF:FF |
<MAC address> |
Target’s MAC address |
COUNT |
0 |
<integer> |
Number of packets to send |
MODE |
both |
disassociation|deauthentication|both |
Types of packet to send during the attack |
VERBOSE |
yes |
<boolean> |
Verbose mode |
REASON |
7 |
<integer> |
Disassociation reason ID |
CHANNEL |
1 |
<integer> |
WiFi channel |
Output parameters¶
This module doesn’t provide any output parameters.
Usage¶
The following command performs a deauthentication and disassociation attack by transmitting 10 frames to FF:EE:DD:CC:BB:AA on the channel 11:
$ sudo mirage wifi_deauth SOURCE=AA:BB:CC:DD:EE:FF TARGET=FF:EE:DD:CC:BB:AA COUNT=10 VERBOSE=yes CHANNEL=11 INTERFACE=wlp2s0
[INFO] Module wifi_deauth loaded !
[INFO] New channel : 1
[INFO] Target provided: FF:EE:DD:CC:BB:AA
[INFO] New channel : 11
[INFO] Sent 0 deauthentication packets via wlp2s0
[INFO] Sent 10 deauthentication packets via wlp2s0
[INFO] Mirage process terminated !
If you want to transmit only deauthentication frame, set the MODE parameter to “deauthentication”:
$ sudo mirage wifi_deauth SOURCE=AA:BB:CC:DD:EE:FF TARGET=FF:EE:DD:CC:BB:AA COUNT=10 MODE=deauthentication VERBOSE=yes CHANNEL=11 INTERFACE=wlp2s0
[INFO] Module wifi_deauth loaded !
[INFO] New channel : 1
[INFO] Target provided: FF:EE:DD:CC:BB:AA
[INFO] New channel : 11
[INFO] Sent 0 deauthentication packets via wlp2s0
[INFO] Sent 10 deauthentication packets via wlp2s0
[INFO] Mirage process terminated !
Similarly, if you want to transmit only disassociation frames, set the MODE parameter to “disassociation”:
$ sudo mirage wifi_deauth SOURCE=AA:BB:CC:DD:EE:FF TARGET=FF:EE:DD:CC:BB:AA COUNT=10 MODE=disassociation VERBOSE=yes CHANNEL=11 INTERFACE=wlp2s0
[INFO] Module wifi_deauth loaded !
[INFO] New channel : 1
[INFO] Target provided: FF:EE:DD:CC:BB:AA
[INFO] New channel : 11
[INFO] Sent 0 deauthentication packets via wlp2s0
[INFO] Sent 10 deauthentication packets via wlp2s0
[INFO] Mirage process terminated !