Lecture Transcript - Packet Injection - Fragmentation Attack

The third injection

 method that we're going to talk about is the fragmentation attack. 

The fragmentation attack is very similar to the previous one,but in this attack we have to obtain

1005 hundred bytes of the EP,a pseudo random generation algorithm, because we need to order the full 1500  bytes. This attack is we need to be closer to the target network

 to successfully run this attack, but it's much quicker than the current chop

 shop attack. So again, after we obtain the PGA, we can use it to create

 to forge a new package. And then we're going to inject

 this new first package into the into the traffic to increase

 the number of images very quickly. So the concept is very simple. We're going to capture a packet, determine  it's Praga, create a forge a new packet  and then inject that packet into the air. So let's see how we can do this. Again, first thing is going to be running error dump

 against the target network. So I'm just going to change the name here

 from chop chop to fragmentation. I'm just going to call it fragment. Hit Enter and here we go. 

Error  dump is launched on our target network. Second step,  as always, is a fake authentication so that the access point doesn't ignore us  and starts communicating with us. So we do that and you will see here  we have successfully associated with this target network and

 the authentication has changed to open. So that's very good. A third step is going to be our fragmentation attack step. It's very similar to the chop shop attack. So you can see here, that's my chop shop  code that I used the chop chop command, sorry. So it's exactly the same command. Just instead of chop chop,  I'm going to say fragment. So it's airplay and you 

fragment the the target address of my target network and then the Mac address of my own network, sorry, of my own wi fi code. So I'm just going to associate myself

 again and do the fragmentation attack. So it's waiting for a packet. Now, once it capture the packet, it's  going to try to determine its pro-gay.

And here we go. We got a packet. So it's asking me, do I want to use this?I'm going to say yes, please. Now it's trying to determine the pro-gay. So that package wasn't useful.  It's just waiting for another packet  to use. 

It's asking me, do I want to use this? I'm going to say yes again. 

Again, that package wasn't useful, so we're

 just waiting for another useful packet. I'm going  to associate myself in the meanwhile and I'm going to say yes. Okay. Now, this time, this package was useful. And the key stream is saved to this file.

Okay.  Now we're just going to need to again, the same as we did in Chop Chop. We're going to use this key stream  to create. Uh, first bucket. So I'm just going to copy its name,

 and I'm going to use the same command. I'm just going to clear this for you. And I'm going to use the same command  that we use with the chop chop attack. The only difference is I'm going to remove  the Y and I'm going to put the name  of the new key stream that we captured and the name of the packet  that we're going to create. I'm going to call this fragment first packet. So we'll just going to go over the command again. It's pocket forward -0 to create an air  pocket.

Okay. We put the Target Mac address. Hey, is my own Mac address,  and then K and L are the destination  and the source IP addresses. Why is the name of the key stream file? So it's the file that we that has been  created from the previous step and thus the name of it. And then W is the file name  that's going to be created that's going to contain the first bucket and it's going to be called fragment  forest package. And it's still nice that it's been successfully returned to this file.

So again, just like the chop chop attack,we're going to inject

 this new packet into the air and this is going to be done

 using airplay energy with the miners to option the reply option there play option. Just going to paste the name of my new. First bucket. 

So we got airplane engine minus twofor the replay  or the name of my first bucket

and one zero is my wife card

 with monitor mode. Before I do this, I'm

 going to associate myself again and then I'm going to hit enter here. It's asking me,  do I want to use this bucket? I'm going to say yes. And here we go. We can see the data is flying. 

We're injecting around 400 packets per second. And once this number is large enough, we're going to be able to crack the key. I can just go here to air crack. And you? So it's going to be a crack. And you? Fragment test. Those cup. And here we go. Here we go. We can see the key. 

That's the Web. And we have 30,000 lives. So if you go back years,  probably even more, 35,000. And the numbers are increasing quickly. So that was the three methods to inject packets into the air. There is more methods for, but that's in

my opinion, the best three methods to increase the number of data  into ideal networks. This way we are able to crack  any web encrypted network.