SANS Penetration Testing: Category - wireless

SANS Penetration Testing:

My Juiced Up WiFi Pineapple Configurator Script

By Chris Crowley

I recently acquired a WiFi Pineapple Mark V to replace my Mark IV, and I've got a config script to help folks simplify the config and use of this amazing product.

For those of you unfamiliar with the WiFi Pineapple, it is a wireless attack platform in a box, excellent for penetration testers. It collects a variety of tools into a pen test specific device, a convenient single portable appliance for all kinds of wonderful Wifi hacks. The ability to impersonate a specific access point (AP) is present, as well as abusing client preferred network lists using Karma. You can do funny things like rick rolling, or nasty delivery of a meterpreterer with every page that the user browses to. There are configurable options to exclude specific devices from testing (a black list), or provide a list of devices that are within scope (a white list, which is a much safer way to ensure you don't end up attacking a bunch of nearby

...

Wireless Tips, Tricks and Resources

[Editor's Note: We're continuing our series on useful tips and tricks for different kinds of pen testing, based on the SANS Pen Test Poster. In this installment, Mr. Larry "Hax0r the Matrix" Pesce covers some great tips, ideas, and resources for wireless penetration tests. Great stuff!

Earlier in this series, we covered:

John Strand's tips on network penetration testing
Steve Sims' tips on exploit development
Josh Wright's tips on mobiledevice penetration

...

Mobile Device Tips, Tricks and Resources

By Josh Wright

[In this third installation of tips originally included in the Ultimate SANS Pen Test Poster, we'll turn to Josh Wright's tips for mobile device penetration testing. Josh shares some really useful insights here, as well as recommendations for tools (software and hardware) and resources for keeping current. Nice stuff!

Click these links for the first two articles in this series:
John Strand's tips on network penetration testing
Steve Sims' tips on exploit development
--Ed.]

Methodology Tips



...

Special Request: Wireless Client Sniffing with Scapy

[Editor comment: Dude! A Scapy article by Josh Wright that can help us stay in scope and follow rules of engagement in a pen test? What's not to like? :) --Ed.]

By Joshua Wright, InGuardians


I participate on the Scapy mailing list, helping out with questions where I am able. Recently, I saw a question that piqued my interest:
"What I'm looking to do is identify the MAC addresses of client devices without actually sniffing any packets containing actual data relating to website content, email content etc. [...] Are there any packets I could look at that would contain the MAC of client devices but not contain any online usage data as outlined?"

If we want to investigate the presence of wireless client devices but want to avoid capturing any data frames, we can focus on management frames. WiFi networks use management frames to establish a connection to

...