Disconnect devices from WiFi networks. Deauthentication Attack using aireplay-ng

Thijs Boelman — Sun, 27 Feb 2022 04:24:37 +0000

Hello! In this post I will explain to you how to deauthenticate any device from a WiFi network without beeing connected to the network itself!
Beware, this is illegal without permission, and it can be detected.

What you should know:

Target Device MUST be connected to a WiFi network.
The target device might switch to another WiFi network that's saved. Or use mobile data.
You need a WiFi adapter that supports monitor mode. (I am using the Alfa AWUS036ACH)

Data you need to perform the attack:

The router its BSSID.
The target device its MAC Address.

(Will be explained how to get this data.)

How it's done:

First you need to make sure that your adapter is in monitor mode (so it can start receiving packets around you.)
You can check the mode of your adapter with $ iwconfig

If it's not in monitor mode yet you need to follow these steps:

Disable your adapter $ ifconfig wlan1 down
Change mode to monitor mode $ iwconfig wlan1 mode monitor
Enable the adapter $ ifconfig wlan1 up

Now that your adapter is in monitor mode, it can receive all WiFi packets sent all around you from different devices. (Even if you are not connected to the network, or if you don't have the password of the network.)

What we need to do now, is intercept those packets. To intercept those packets we are using a packet sniffer called airodump-ng.
This will allow us to collect data from nearby WiFi connections (such as the BSSID, Channel, Encryption method) and even devices connected to the networks.

To use airodump-ng we can run the following command, and the given interface [wlan1] will start collecting data.
$ airodump-ng wlan1

When you see the networks listed. You can use this information as a filter to collect data of a specific network.
Now you can specify the bssid and channel of the network.
$ airodump-ng --bssid [NETWORK_BSSID] --channel [NETWORK_CHANNEL] wlan1

Optionally you can use --write [filename] in the command. This way you save the collected packets in a file, which you could analyze further with wireshark.

Now we can see the devices connected to the network. (Listed under STATION)
Once you have the MAC Address of the target device, and the BSSID of the router. You have enough information to start the deauthentication attack.

To start the deauthentication attack you can use the following command:
$ aireplay-ng --deauth 0 -a [ROUTER_BSSID] -c [TARGET_MAC_ADDRESS] wlan1

--deauth 0 means that you will send infinite deauthentication packets. It stops sending packets whenever you stop the program from executing. (CTRL + C)
(NOTE: airodump-ng should be running with the bssid & channel specified simultaneously with aireplay-ng! )

DEV Community: Thijs Boelman

Disconnect devices from WiFi networks. Deauthentication Attack using aireplay-ng

What you should know:

Data you need to perform the attack:

How it's done: