{"id":468,"date":"2011-10-17T00:13:41","date_gmt":"2011-10-17T00:13:41","guid":{"rendered":"http:\/\/41j.com\/blog\/?p=468"},"modified":"2011-10-17T00:15:49","modified_gmt":"2011-10-17T00:15:49","slug":"securitytube-wireless-lan-security-megaprimer-notes-part-6-finding-hidden-ssids","status":"publish","type":"post","link":"https:\/\/41j.com\/blog\/2011\/10\/securitytube-wireless-lan-security-megaprimer-notes-part-6-finding-hidden-ssids\/","title":{"rendered":"SecurityTube, Wireless Lan Security Megaprimer notes: part 6 (Finding hidden SSIDs)"},"content":{"rendered":"<p>The video is <a href=\"http:\/\/www.securitytube.net\/video\/1773\">here<\/a>.<\/p>\n<p>Hidden SSID means, to turn off SSID broadcasting in the beacon frames.<\/p>\n<p>* Beacon frames have NULL in SSID (tag length is 0)<\/p>\n<p>* A security though obscurity technique.<\/p>\n<p>Set your AP not to broadcast it&#8217;s SSD, check that the SSID length is 0 in wireshark.<\/p>\n<p>While the beacon frame does not contain the SSID, Probe and association request packets do!<\/p>\n<p>Passive solution: Monitor for connections extract SSID from Probe\/association request packets.<\/p>\n<h2>Passive Method<\/h2>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\naerodump-ng mon0 # Find the access point with ESSID &lt;length: 0&gt;\r\niwconfig wlan0 channel XX #set the channel of the access point above\r\nwireshark # start a capture as usual, run it in the background\r\naerodump-ng mon0 --channel &lt;CHANNEL&gt; # fire up aerodump on the channel found above\r\n<\/pre>\n<p>Now connect a client, aerodump will automatically figure out the network name and show it.<\/p>\n<p>Also take a look at the wireshark dump and see if you can find the SSID.<\/p>\n<h2>Active Method<\/h2>\n<p>Force the network to send Probe\/Association packets. We&#8217;re going to force de-authanticate one or all clients.<br \/>\nThey will reconnect and then we can grab the SSID.<\/p>\n<p>To send deauthentication packets:<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\naireplay-ng --deauth 0 -a HIDDENAPMAC mon0\r\n<\/pre>\n<p>While your running the above command, have aerodump-ng running in another window, you should see the SSID appear here.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The video is here. Hidden SSID means, to turn off SSID broadcasting in the beacon frames. * Beacon frames have NULL in SSID (tag length is 0) * A security though obscurity technique. Set your AP not to broadcast it&#8217;s SSD, check that the SSID length is 0 in wireshark. While the beacon frame does [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[1],"tags":[14,13,12,10,11],"class_list":["post-468","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-pentest","tag-security","tag-securitytube","tag-wifi","tag-wifiprimer"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p1RRoU-7y","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/posts\/468","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/comments?post=468"}],"version-history":[{"count":2,"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/posts\/468\/revisions"}],"predecessor-version":[{"id":470,"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/posts\/468\/revisions\/470"}],"wp:attachment":[{"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/media?parent=468"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/categories?post=468"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/tags?post=468"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}