Normally, WiFi-Adapters are used to connect to the WiFi, as the name is already indicating. But there are some of them that can be used to scan whole networks. To do that we have to change the mode to enable monitoring. This short post is a step-by-step guide on how to activate exactly this mode of a WiFi adapter. Everything shown here is for educational purposes. Big note here: All the tools shown in this post should only be applied to networks you own or you have explicit permission. Everything else is illegal!

In the end, I'll show you a tool that lets you disconnect people from any WiFi-Network without the need to connect to the target network. Note: Only do that in networks you own or you have explicit permission to attack.

My Setup

  • Kali Linux (released 2022.3) on a virtual machine.
  • WiFi adapter: Dual-band Wireless-AC1300 USB 3.0 Wi-Fi Adapter by ASUS.

What's a Shebang?

With that being said, let's get started by creating a new file. Open up the terminal and create a new bash file. Open this file with your favorite code editor.

touch mode-switcher.sh
code mode-switcher.sh

At the top of every bash script, you have to add the so-called shebang. The Shebang consists of a character sequence that starts with a hash sign followed by an exclamation mark (#!). It's commonly used in script files to define an interpreter that executes commands written in the file.

To get the shebang for our bash file, we have to write the following into the terminal:

which $SHELL

This gives you the path to the bash interpreter. So the first line of our bash script is now:

#!/usr/bin/zsh or something else depending on what "which $SHELL" printed out

Whole Script with Explanation

Below you find the whole script that automatically switches your WiFi adapter between managed (just the normal mode) and monitor mode. The explanation follows afterward.

Bash Script

#!/usr/bin/zsh

iwconfig # 1
sleep 2 # 2

echo "Enter the name of your WiFi adapter: " # 3
read wifi_adapter_name # 4

echo "Enter the desired mode: "
read mode

sudo ifconfig $wifi_adapter_name down # 5
sleep 2

sudo iwconfig $wifi_adapter_name mode $mode # 6
sleep 2

sudo ifconfig $wifi_adapter_name up # 7
sleep 2

iwconfig $wifi_adapter_name # 8

Explanation

  1. iwconfig gives you the name of your WiFi adapter and the current mode. The name is displayed on the left side and the mode on the right side. It also lists other network interfaces, but these are not relevant for us in this tutorial.
  2. sleep 2: Wait for 2 seconds.
  3. echo "…": Prints whatever you put in to the terminal. Similar to the print function in Python.
  4. read variable_name: With read, you can get inputs from the user via the terminal and store them into the variable declared after the read keyword.
  5. sudo ifconfig $wifi_adapter_name down: This deactivates your WiFi adapter. With $variable_name you can get the value of a variable in bash. The sudo keyword makes sure that we have administrator rights.
  6. sudo iwconfig $wifi_adapter_name mode $mode: With this line, we can change the mode of the WiFi adapter.
  7. sudo ifconfig $wifi_adapter_name up: This reactivates the WiFi adapter.
  8. iwconfig $wifi_adapter_name: This shows you only the name and the mode of the WiFi adapter. All other network interfaces are hidden.

Let's prank our friends

From this moment on, you know how to write basic bash scripts and how to switch your WiFi adapter to monitor mode. We can now look at a simple and funny way of using this mode.

So before we can disconnect people from the internet, we first have to get some information about the target network. For that, there exists a nice command line tool called aircrack-ng. This tool comes already preinstalled with Kali Linux.

To scan your environment for networks, use the command airodump-ng followed by the name of your WiFi adapter. Make sure you don't forget the sudo.

sudo airodump-ng wlan0

To stop this program, simply hit Ctrl-C. This shortcut applies to all programs running in the terminal.

I'm not going to explain what each column means. On the internet, you find tons of posts that explain to you what all the information means, e.g. https://www.aircrack-ng.org/doku.php?id=airodump-ng.

The next step is to choose one network and find all connected devices. This can be achieved with the following command:

sudo airodump-ng wlan0 --bssid [routers BSSID here] --channel [routers channel here]

The channel is abbreviated with CH.

Now we can apply the so-called deauthentication attack to disconnect devices from the target network.

sudo aireplay-ng --deauth 0 -c [DEVICES MAC ADDRESS] -a [ROUTERS MAC ADDRESS] wlan0
  • The 0 represents an infinite amount of deauthentication attacks. If you want to only run 10 deauthentication attacks, you'll change this to 10.
  • -c is the client, what you’re attacking.
  • -a is the router, so the router the victim is connected to.
  • wlan0 is the name of the WiFi adapter in monitor mode.

That's it! I hope you enjoyed this little journey! See you in the next post 👋🏻