As I got the script working with my card, I noticed that it was quite effective at throwing a lot of trash onto the 802.11 spectrum. You could quickly fill up a Netstumbler, Kismet or Airodump screen with random stuff. However, if the purpose was to make it appear as if the area was filled with access points
Prerequisites
* A card working with the MadWifi drivers. There are some specific commands (wlanconfig) that will need to be changed if you are going to hack this for other cards/drivers.
* A card that supports Master or AP mode. This allows it to function or appear as an access point to wireless clients.
* The Time::HiRes Perl module. [OPTIONAL] This is available from CPAN and allows you to specify sleep times in sub-second increments. Not needed if you are happy with whole second delays.
* The Getopt::Long Perl module. This is available from CPAN and is required for processing of command line arguments passed to airraid.
* macchanger. This is a very handy little utility. It is available here or from various other places. There are many binaries already compiled. It is required to effectively change the MAC address of the wireless card.
* Linux or some form of *nix. Of course.
* Root (superuser) access. I don’t know this for a fact but I suspect you need to be root to manipulate some of the ifconfig and iwconfig commands.
goto /pentest/wireless/airraid-0.1/
make some modifications to groupfile-example.dat and put some of AP details in following manner
bssid,essid,WEP y/n,channel
for example I entered
00:21:29:68:16:C2,thunderbolt,Y,11
00:39:67:12:33:W2,UTStarcom,Y,11
00:98:G3:VV:23:55,netgear,Y,6
00:56:F5:JP:23:44,beetel,Y,4
22:66:g6:78:34:11,Ubiquiti,Y,7
34:77:88:1V:H8,S0,wifi0wn,Y,2
00:1E:40:14:F6:D4,PRAVEEN,Y,11
save and close it
nano airraid.pl
edit my @words= put these strings in end.its random generation of ESSID’s.
my @words = ( “Access Point”, “tsunami”, “host”, “airport”, “linksys”, “Netgear”, “Cisco”, “Wireless”, “2wire”, “intel”, “WLAN” , “thunderbolt” , “UTStarcom” , “beetel” , “Ubiquiti”, “wifi0wn” , “PRAVEEN”);
bt~#airraid.pl –interface ath0
This is about as simple as you can go. This will generate fully random (wireless) MAC addresses, no WEP (open), full power, use a random assortment of the built-in default ESSIDs, sleep for the default (0.6 sec) between generations, and use all available channels. The MACs will, in all likelihood, almost never be repeated so any scanners will see a nearly infinite number of APs if they watch long enough.For testing it I monitored using another wireless interface.
bt~#airodump rausb0
(Check that all the FakeAP is having encryption type OPN)
bt~#airodump rausb0
(Check that all the FakeAP is having encryption type OPN)
bt~#airraid.pl –interface ath0 –power 20 –wep 1
This one creates a bit more variety on the airwaves. This will generate fully random (wireless) MAC addresses, randomly assign WEP keys to all of the APs, vary power between 0 mW and 20 mw (or the max of the card), use a random assortment of the built-in default ESSIDs and use all available channels. Similar to the example above, this will create a nearly infinite number of APs.For testing it use
bt~#airodump-ng rausb0
(Check all the FakeAP’s now showing encryption type as WEP)
bt~#airraid.pl –interface ath0 –power 20 –gf groupfile-example.dat
My personal favorite. This will vary power between 0 mW and 20 mw (or the max of the card) but pull all other information from the groupfile called groupfile-example.dat which contains all the information necessary to create n bogus APs. This will cycle through these n APs in random order, sending out beacons.
bt~#airodump-ng rausb0
(Check that FakeAP is throwing Becons randomly & acting as Real AP like.)
All Your Wireless Belongs To Us 