Chapter 6. Assembling the Arsenal: Tools of the Trade
"In regard to the warrior knight, that path involves constructing all sorts of weapons and understanding the various properties of weapons. This is imperative for warriors; failure to master weaponry and comprehend the specific advantages of each weapon would seem to indicate a lack of cultivation in a member of a warrior house." —Miyamoto Musashi
It is time to move from wardriving and harmless wireless exploration to assembling a formidable arsenal of tools for proper professional penetration testing on 802.11 networks. Just as with hardware selection, a structured and logical approach to the choice of wireless security-related tools is essential. Again, as in the hardware and drivers case, we are surprised that no classification of such tools exists. Here we offer a brief classification of 802.11 attack and manipulation software based on its function and follow with a detailed description of specific tools.
All wireless penetration testing-specific tools can be split into several broad categories:
Encryption cracking tools 802.11 frame-generating tools Encrypted traffic injection tools Access points management software
Although the last category isn't strictly security related, such tools can come in handy when trying to reconfigure the remote access point via Simple Network Management Protocol (SNMP) and guessing its access credentials.
You don't need to use or have all the tools described in this chapter; just pick up those that suit your specific aims, taking into consideration the hardware at your disposal. Many tools support only a specific 802.11 client card chipset, some have to be heavily modified to run on handhelds, and some are easy-to-tweak scripts that can be educational and help you write useful programs for your own tasks. Practically all tools we review are open source; thus a developer can learn a lot about the way they function and, perhaps, get help in his or her personal advancement or initiating his or her own project.
|