Targeted Active PMKID Sniff workflow
The following documentation describes a method of traffic sniffing where WPA handshakes are provoked from client and AP by means of deauthentication attack. Unlike the a general active PMKID sniff, this workflow utilizes a pre-scanned list of access points to ensure only the target devices are disrupted.
- Build list of target access points
-
scanap
- Display list of available access points
-
list -a
- Select a target access points from the list. Multiple access points may be specified
select -a 0,1
- Verify access points 0 and 1 have been selected with list
-
list -a
- Execute a targeted active PMKID sniff
sniffpmkid -d -l
You will see notification text indicating when a beacon from a target access point is received and that a deauthentication attack is being executed.
Note: Channels are cycled one channel every second when using the -l switch. There is no need to manually set/update the channel before/during the sniff.