Fake AP (confusing a little) !
I am testing some methods with which I can perform a MITM attack in my wireless network. My question will be very simple to answer for some of you but not for me. Something is still not very clear to me.
My real AP has to use WEP key ENCRYPTION
So my question is whether I can create a fake AP identical to the real AP (using same channel and SSID) but without using any encryption as the real AP uses, would it be then possible to deauthenticate lets say a user (my laptop) that is currently connected to the real AP using aireplay and to get that user to connect to my fake AP without the fake AP using any encryption?
Is there any chance to get the user to connect to my fake ap with the above configuration?
However I 've tested many other methods for example having encryption on the real AP but it won't work. The user will never connect to my un-encrypted fake ap never even if the fake ap is close to the client.
I hope that someone could clear some things to me. I will appreciate it because honestly I have asked many friends and what I was told was that you could create an identical fake AP (same channel, same SSID) but without using encryption from a real encrypted AP and users will connect just like that, of course being aware that deauthentication process should be also carried before anything else.
With wifi open network AP's the whole thing works perfectly but what method has to be used on the fake AP when real AP use encryption? How the user can be disconnected from the real AP that uses encryption and then to be connected on the fake AP which is identical to the real AP (ie same channel, same SSID) but without using encryption at all on the fake AP.
I hope you understand and I am really sorry that I couldn't explain it better!
checkout airbase-ng, especially the "-P" command, check out aircrack-ng homepage
I came across -P before and again this has nothing to do on what I am asking for. Please I need to know if someone else has tested the above methods so we can speak over that a little!
if you create a fake ap which is identical to the the real ap, i.e same mac, same channel, same essid but no encryption and then deauthenticate the user, they won't automatically connect to your network.
and even if they did try to connect manually it would say "this is an unencrypted network" etc etc thus arousing suspicion
thats why i mentioned airbase-ng -P in the first place, in theory you could deauthenticate a client and they should be able to connect.... the project map for aircrack-ng for release 1.0 shows that some work is needed on airbase-ng so hence may not work as exactly as you want.