Blog: SANS Penetration Testing: Category - wireless

Blog: SANS Penetration Testing:

Wireless Tips, Tricks and Resources

[Editor's Note: We're continuing our series on useful tips and tricks for different kinds of pen testing, based on the SANS Pen Test Poster. In this installment, Mr. Larry "Hax0r the Matrix" Pesce covers some great tips, ideas, and resources for wireless penetration tests. Great stuff!

Earlier in this series, we covered:

John Strand's tips on network penetration testing
Steve Sims' tips on exploit development
Josh Wright's tips on mobiledevice penetration


Mobile Device Tips, Tricks and Resources

By Josh Wright

[In this third installation of tips originally included in the Ultimate SANS Pen Test Poster, we'll turn to Josh Wright's tips for mobile device penetration testing. Josh shares some really useful insights here, as well as recommendations for tools (software and hardware) and resources for keeping current. Nice stuff!

Click these links for the first two articles in this series:
John Strand's tips on network penetration testing
Steve Sims' tips on exploit development

Methodology Tips


Special Request: Wireless Client Sniffing with Scapy

[Editor comment: Dude! A Scapy article by Josh Wright that can help us stay in scope and follow rules of engagement in a pen test? What's not to like? :) --Ed.]

By Joshua Wright, InGuardians

I participate on the Scapy mailing list, helping out with questions where I am able. Recently, I saw a question that piqued my interest:
"What I'm looking to do is identify the MAC addresses of client devices without actually sniffing any packets containing actual data relating to website content, email content etc. [...] Are there any packets I could look at that would contain the MAC of client devices but not contain any online usage data as outlined?"

If we want to investigate the presence of wireless client devices but want to avoid capturing any data frames, we can focus on management frames. WiFi networks use management frames to establish a connection to