πŸ“•
Blog
  • 🐞Vulnerabilities & Techniques
    • Web Vulnerabilities
      • Open Redirect
      • HTTP Parameter Pollution (HPP)
      • Host Header Injection (HHI)
      • XSS
      • HTML-Injection
      • clickjacking
      • S3
      • EXternal Xml Entity (XXE)
      • XSS prevention | CSP
      • DOM-XSS
      • SQL Injection | SQLI
      • Response Manipulation Technique & How Burp Suite Works
    • API Vulnerabilities
      • Mass Assignment Vulnerability
  • 🚩CTF
    • ASCWG
  • ✍️Writeups
    • Read Writeups
      • REST API WriteUps
      • Web Vulnerabilities WriteUps
    • Technical Writeups
      • Reset Password Poisoning Via Host Header Injection Lead to (ATO)
      • OTP/2FA Bypasses
        • OTP bypasses
  • 😈TryHackMe
    • THM Advent of Cyber 3 (2021) NoSQL WriteUp
  • πŸ”±Web-CyberTalents
    • CyberTalents-Web-Easy
    • CyberTalents-Web-Medium
    • CyberTalents-Web-Hard
  • πŸ–‡οΈPentesting & Bug Hunting Tips
    • ATO Via Host Header Injection
    • OTP Bypass
    • OutLook Plugin Pentest Guide
  • πŸ’»Port-Swigger Labs
    • XML external entity (XXE) injection
    • DOM-XSS
      • DOM XSS in the document.write sink using source location.search
      • Lab: DOM XSS in document.write sink using source location.search inside a select element
      • Lab: DOM XSS in innerHTML sink using source location.search
      • Lab: DOM XSS in jQuery anchor href attribute sink using location.search source
      • Lab: Reflected DOM XSS
      • Lab: Stored DOM XSS
    • SQL injection
      • Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
      • Lab: SQL injection vulnerability allowing login bypass
      • Lab: SQL injection UNION attack, determining the number of columns returned by the query
      • Lab: SQL injection UNION attack, finding a column containing text
      • Lab: SQL injection UNION attack, retrieving data from other tables
      • Lab: SQL injection UNION attack, retrieving multiple values in a single column
      • Lab: SQL injection attack, querying the database type and version on Oracle
      • Lab: SQL injection attack, querying the database type and version on MySQL and Microsoft
      • Lab: SQL injection attack, listing the database contents on non-Oracle databases
  • πŸ›œWireless Networks Penetration Testing
  • βš”οΈWi-Fi Attacks
    • πŸ•ΈοΈNetwork Scanning attack
    • 🌊DOS / Flooding
      • 1️⃣DoS - Frame Flooding (Deauth, EAPOL, Beacons)
      • 2️⃣DoS- Exploiting Countermeasures (MIC failure)
    • Jamming Attacks (Ω‡Ψ¬Ω…Ψ§Ψͺ Ψ§Ω„Ψͺشويش)
    • Probe Requests Attack
    • Handshake Attacks
      • Dictionary Attack
      • Clientless Attack
      • KRACK Attack
      • Downgrad Attack
    • Rouge AP Attack
  • Lab Notes
  • RFID and NFC
  • Bluetooth
  • ZigBee
  • Google Map Test
Powered by GitBook
On this page
  1. Wi-Fi Attacks

Rouge AP Attack

A Rogue AP (Access Point) attack is a security threat where an unauthorized wireless access point is deployed within a network infrastructure without explicit authorization from the network administrator. This rogue AP mimics a legitimate AP and can deceive client devices into connecting to it instead of the authorized network. Here’s an overview of how a Rogue AP attack works and its implications:

How Rogue AP Attacks Work:

  1. Deployment:

    • An attacker sets up a rogue AP within the vicinity of a targeted network. This rogue AP typically broadcasts the same Service Set Identifier (SSID) as the legitimate APs in the area.

    • The SSID is the name of the WiFi network that client devices see and connect to.

  2. Deception of Client Devices:

    • Client devices, such as laptops, smartphones, or IoT devices, may automatically connect to the rogue AP if its signal strength is stronger than that of the legitimate APs.

    • Alternatively, the attacker may use social engineering techniques (like broadcasting a familiar or enticing SSID) to entice users to connect to the rogue AP.

  3. MitM Attacks:

    • Once connected, the rogue AP can intercept and monitor traffic passing between client devices and the internet. This enables the attacker to eavesdrop on sensitive data, capture login credentials, or inject malicious content into web traffic.

    • The attacker can also launch Man-in-the-Middle (MitM) attacks by relaying communications between the client and the legitimate network, allowing them to manipulate or modify data packets.

  4. Implications:

    • Data Interception: The rogue AP can intercept unencrypted data transmitted between client devices and the internet.

    • Credential Theft: Attackers can capture login credentials for various services, including usernames and passwords.

    • Malware Distribution: Malicious content can be injected into web traffic flowing through the rogue AP, potentially infecting connected devices with malware.

  5. Detection and Prevention:

    • Wireless Intrusion Detection Systems (IDS): Deploying IDS that monitor the airwaves for unauthorized or rogue APs can help detect and alert administrators to the presence of rogue devices.

    • Network Segmentation: Segmenting the network and enforcing strict access controls can limit the impact of rogue APs by restricting unauthorized access to sensitive resources.

    • Continuous Monitoring: Regularly scanning for new and unauthorized devices connected to the network can help identify rogue APs before they cause harm.

In summary, Rogue AP attacks pose significant security risks by exploiting the trust relationship between client devices and WiFi networks. Implementing robust security measures and educating users about the dangers of connecting to unknown networks are essential steps to mitigate the risks associated with Rogue AP attacks.

PreviousDowngrad AttackNextLab Notes

Last updated 10 months ago

βš”οΈ