You can use mdk3. There is a option to either brute force or use a .txt file against a essid.
like this....
mdk3 <interface> p -f /root/essid.txt
how to "decloaked" hidden ESSID.
Hi, I have try to configure my WIFI AP to enable the ESSID not been broadcast so when i using my wifi adaptor to scan the available WIFI AP, i just can saw my this AP(enable ESSID not been broadcast) BSSID(MAC address) so how to "Decloaked" This hidden ESSID from my wifi adaptor, i have try using BT3 inside the software kismet to scan, ya i have see only this AP BSSID cannot see this AP ESSID, is it kismet can "decloaked" hidden ESSID? i also have try to use airodump-ng -w cap eth0 to capture the signal, i only can see that AP BSSID than the ESSID only show length 9. I using airmagnet but this software dont have driver for my wifi adaptor. What tools can be use to detect the hidden ESSID and "decloaked" the ESSID. Thank you.
You can use mdk3. There is a option to either brute force or use a .txt file against a essid.
like this....
mdk3 <interface> p -f /root/essid.txt
Another option would be to simply lock down either airodump-ng or kismet to the channel the AP is broadcasting on. When a client connects to the AP the ESSID is transmitted in clear-text and will be intercepted by the program, providing a strong enough signal.
-Monkeys are like nature's humans.
you can see in this video
http://forums.remote-exploit.org/sho...t=12588&page=3
I've demonstrated doing this, also read thoughts & comments from other members. I do not know how long it takes for it to reveal its ESSID, but as far as Im aware as soon as the other client tries to make a connetion, (handshake) it reveals it, so no matter how long you have airodump running for, it won't dump it.
Enjoy the video
Unless a client connects to the AP that is.Originally Posted by samsung
-Monkeys are like nature's humans.
when a clients try to associate with AP automatically the airodump windows will change the hidden ESSID to the showed on or use wireshark to capture the frame on monitor interface then you would be easily able to get the hidden ESSID.while monitoring the network the essid length 9 indicates that the length of ESSID is 9 chars long.
1. Fire up airodump-ng, lock to the channel that has the network AP you are interested in.
2. Note the BSSID of the AP and the MAC of a connected client.
3. Use aireplay-ng to force a deauth. Since Association and Re-Association packets contain the SSID whether hidden or not, when the client reconnects, your airodump-ng session should capture the SSID and report that in your session window.
Basic syntax is:
aireplay-ng -0 3 -a $BSSID -c $CLIENTMAC $INTERFACE
Posting Permissions