poser
commented
10 years ago Because this is not an auditing tool, and because our goal is not (currently) to teach people how WPA sniffing works, a better long-term approach would be to avoid the visible distraction of explicitly deauthenticating devices, and instead just include an active/passive toggle of some sort. When enabled, we would then execute the aireplay-ng deauth command:
- once, targeting each each in-scope device for which we have not already captured eapol packets; and
- once, targeting each new in-scope device, as it appears in the data table.
The typical workflow, then, would involve choosing whether or not to remain fully passive before switching from meta-data collection to targeted sniffing of sensitive data (which happens as soon as a specific AP is selected). Currently, the deauth widgets are active before the demo is started and after we've selected a target AP. If/when we implement this design, we should:
- disable these widgets until the demo is started, but
- enable them once it is started (and before a specific AP is selected)
- keep them enabled after a target AP has been selected (disabling and re-enabling could be used, in the short-term, to re-attempt deauthentication).
And, in terms of the widgets themselves, I would propose:
- Creating a new "box" between the "Network Interface" box and the "Sniff..." box
- Labeling it "Passively or actively"
- Moving the deauth widgets into that box
- Dropping the checkbox and making the passive sniffing option our first (default) choice in the dropdown, which would then contain:
- "Passively"
- "Actively using wlanX"
- "Actively using wlanY"
double-green-vole
For now, let's go with the "trigger" approach. So, we should:
I think the "active/passive toggle state" approach (see below) is less distracting, but...this way has the advantage of allowing users to "try again" if they fail to capture all necessary eapol packets.