DEV Community

Thijs Boelman
Thijs Boelman

Posted on

Disconnect devices from WiFi networks. Deauthentication Attack using aireplay-ng

Hello! In this post I will explain to you how to deauthenticate any device from a WiFi network without beeing connected to the network itself!
Beware, this is illegal without permission, and it can be detected.

What you should know:

  • Target Device MUST be connected to a WiFi network.
  • The target device might switch to another WiFi network that's saved. Or use mobile data.
  • You need a WiFi adapter that supports monitor mode. (I am using the Alfa AWUS036ACH)

Data you need to perform the attack:

  • The router its BSSID.
  • The target device its MAC Address.

(Will be explained how to get this data.)

How it's done:

First you need to make sure that your adapter is in monitor mode (so it can start receiving packets around you.)
You can check the mode of your adapter with $ iwconfig

iwconfig command in managed mode

If it's not in monitor mode yet you need to follow these steps:

  • Disable your adapter $ ifconfig wlan1 down
  • Change mode to monitor mode $ iwconfig wlan1 mode monitor
  • Enable the adapter $ ifconfig wlan1 up

commands to enable monitor mode

Now that your adapter is in monitor mode, it can receive all WiFi packets sent all around you from different devices. (Even if you are not connected to the network, or if you don't have the password of the network.)

iwconfig command with monitor mode turned on

What we need to do now, is intercept those packets. To intercept those packets we are using a packet sniffer called airodump-ng.
This will allow us to collect data from nearby WiFi connections (such as the BSSID, Channel, Encryption method) and even devices connected to the networks.

To use airodump-ng we can run the following command, and the given interface [wlan1] will start collecting data.
$ airodump-ng wlan1

terminal airodump-ng wlan1

When you see the networks listed. You can use this information as a filter to collect data of a specific network.
Now you can specify the bssid and channel of the network.
$ airodump-ng --bssid [NETWORK_BSSID] --channel [NETWORK_CHANNEL] wlan1

Optionally you can use --write [filename] in the command. This way you save the collected packets in a file, which you could analyze further with wireshark.

command airodump-ng with bssid and channel specified

Now we can see the devices connected to the network. (Listed under STATION)
Once you have the MAC Address of the target device, and the BSSID of the router. You have enough information to start the deauthentication attack.

result airodump-ng with bssid and channel specified

To start the deauthentication attack you can use the following command:
$ aireplay-ng --deauth 0 -a [ROUTER_BSSID] -c [TARGET_MAC_ADDRESS] wlan1

--deauth 0 means that you will send infinite deauthentication packets. It stops sending packets whenever you stop the program from executing. (CTRL + C)
(NOTE: airodump-ng should be running with the bssid & channel specified simultaneously with aireplay-ng! )

terminal of deauthentication attack

Discussion (0)