How to Use Aircrack for Wifi Security? Practical Implementation with Code

How to Use Aircrack for Wifi Security? Practical Implementation with Code

In this day when everything is connected to some kind of network, nothing is safe. It is said that anything that is linked to some sort of network is vulnerable to hacking. The worst part is that some cracking software is easy to obtain, and AirCrack-ng only made it easier.

One of the most famous operating systems in the world is Kali Linux. After installing Kali Linux or other operating systems for hackers like Parrot OS, BlackArch, etc, it comes with a bunch of powerful cracking tools for everyone to use. Even if you are using a Windows system, that cracking software also has a Windows edition and a simple step-by-step guide on how to use it. 

Aircrack is one of the cracking tools that are available for all operating systems; you can even use this on your Android or iPhone system. Why not check out what this tool is, what you can do with it, and how you can use it? 

What is Aircrack

Before I explain what kind of tool Aircrack is, you should know two things: what a packet sniffer is and what a packet injector is. 

Packet sniffer

A packet sniffer, packet analyzer, or network analyzer, whatever you want to call it, is a tool or piece of hardware that can interfere with or log traffic from a computer network or any kind of network. When we are talking about a network, you can imagine it as a stream of data, and with a packet sniffer, you can interfere with that stream. 

Whatever you are doing with a packet sniffer is known as “packet capture”. If you are a little bit familiar with networking (which you should be if you want to get into the world of cracking and hacking), then you should know what I mean by “packet”.

A packet is simply a unit of data in a network stream. A packet sniffer is capable of not only capturing and analyzing the packet but also decoding and reading the data in it. 

Packet Injector

Just by hearing the name “packet injector”, we can understand that it is something that injects something into a packet. A packet injector inserts a packet into a stream of data packets in a network and fools the system into thinking it is just another data packet. 

This impostor data stream can now hamper the flow of data and create lots of unnecessary interference in that network. 

Ok, enough of those boring terms; let’s get back to the real deal and why you are here. Aircrack or Aircrack-ng is a tool that is packet sniffer, it can analyze the 802.11 wireless networks, i.e. WiFi, and analyze the data stream flowing through the data stream. 

No matter the operating system—Windows, Linux, macOS, FreeBSD, or even Android and iPhone you can use Aircrack with ease. 

How to Hack a Wifi?

You need to follow five steps to crack an 802.11 networking system successfully. 

  1. Promiscuous Mode: You should know by now that you need a Wifi adapter to perform such kinds of operations, you cannot perform wireless cracking with only your laptop. The first step would be to set your adapter into Promiscuous Mode to capture all sorts of packets that include packets you might not aim for. 
  2.  Information Gathering: Information or data is the key to all sorts of cracking. Hacking or cracking is nothing but a game of data. So, your first target will be collecting info like Mac Address, channel number, what client the device is connected to, etc. 
  3. Place your bait: Now you want to relocate your target from their desired client to your desired client. It’s time to capture a four-way handshake, what is it? This is a protocol for establishing a standard IEEE-802.11 wireless system using WLANs. All we have to do is acquire the Mac address for both our target and the client to which our target is connected. Now, you can perform multiple targets like Man in the middle, Mac-Spoofing, etc. 
  4. We got’em: Finally, we have captured the four-way handshake now and this is not like you have just pressed some keys and it’s done. Capturing a four-way handshake is a lengthy process and you have to be patient about it.   
  5. Brute Force: Finally, we will do something called a Brute Force Attack. In simple words, sending too much data make the network overwhelmed by it. Usually, in larger-scale operations, Brute force is done by multiple devices. If you are to perform this operation with only one device then make sure your device got enough clock speed otherwise it will be forever to perform one properly. 

Technologies Behind Securing a WiFi Connection

You have to encrypt your data properly if you want to secure a WiFi system. There are a lot of well-known protocols to protect your WiFi data from outside interference. Let us talk about some of those protocols!

Wired Equivalent Privacy (WEP)

This protocol was the first security in WiFi technology, so you can easily say it is outdated and easily cracked. So, to make wireless technology more secure, we must adopt some new and secure protocols. Now we will talk about the recent security protocols that are used in all WiFi systems. 

Wi-Fi Protected Access(WPA)

WPA is a more recent and secure technology, and there are two variants of WPA. One is the pre-shared key or WPA-PSK and another is the Temporal Key Integrity Protocol or WPA-TKIP. Both of these protocols are somewhat safe, but the Pre-shared key, or PSK, is more secure and widely appreciated.  

I think if you have stayed in any sort of hotel, then you have an idea about how a hotel keycard works. Think of WPA-TKIP as the same sort of technology, if someone else had that keycard, then that person could also easily access that system. 

On the other hand, WPA-PSK is somewhat similar to that edition, the only difference is that the PSK uses an AES encryption system, which makes it better at securing your device. Today, your WiFi router has all of the options, but the most common is to have WPA or WPA-2 set as the default security measure.

WiFi Protected Access Version 2 (WPA-2)

The more advanced version of WPA is the WPA-2 and it is used by almost everyone today. Even US government officials follow the same protocol to safeguard state secrets. This is the latest and best encryption technology that you should use on your wireless system to safeguard your privacy. 

What You Can Do with Aircrack-ng?

Aircrack-ng is capable of performing multiple variations of attacks on the target system, such as:

  • Monitoring: The name sounds obvious, but using this method you can capture the packets from the data stream. As they all are encrypted you can collect those data for additional processing. 
  • Attack: Remember those terms we mentioned earlier like packet injection, and how we can successfully penetrate a system? You can perform all those methods using the Aircrack-ng.
  • Testing: Before executing any attacks, you can test that network and check thoroughly on what kind of security system and protocol that network is using. 
  • Finally, this system is capable of cracking almost any protocol, including WEP, WPA, and WPA-2. 

There is a GUI (Graphical User Interface) for the program, but mostly this is a command-line-based tool that allows you to script.  

Okay, enough chit-chat; let’s get cracking. 

Installation Process

In this section, we will go over how to install Aircrack-ng in a Linux operating system, specifically a Debian-based Linux operating system. If you are using some other operating system, then visit their GitHub page; they have detailed procedures and necessary files to download. 

Install Aircrack-ng by using this command in your terminal: 

sudo apt install aircrack-ng
Code language: Bash (bash)

Using Aircrack-ng

These are the steps you have to follow if you want to use Aircrack-ng.

Step 1

There could be other apps running in your system that are interfering with your operation. So, the first step is to kill all those conflicting operations using airmon-ng. 

sudo airmon-ng check kill
Code language: Bash (bash)

Step 2

It is time to monitor your target, airmon-ng is an excellent monitoring extension tool for aircrack-ng. Use the following command.

sudo airmon-ng start wlp1s0
Code language: Bash (bash)

Wlp1s0 is your target system here, and mon will be added next to that network to show it is under your monitoring. You can ensure that change by using the next command in the terminal.

Step 3

We will type iwconfig to make sure our configuration is done. The first sign to notice is whether mon was added in the end or not and later we will find the Mode is on Monitor mode.

Step 4

Let us now see if your card is capable of running a WiFi injection. Use this command to find out about your card.

 sudo aireplay-ng --test wlp1s0mon
Code language: Bash (bash)

When you execute this command, you might find output similar to this

Preview of aireplay-ng
The image is taken from https://techofide.com/blogs/how-to-use-aircrack-ng-aircrack-ng-tutorial-practical-demonstration/

Notice there is Found 1 Ap on one line which means it got beacons from one access point. 

On another line, there should be something similar to “Mac Address – Channel ‘something’ – ‘Druid’”.  That something will be a sort of number that indicated in which channel your access point is. 

And finally, there will be a line with something% that indicates that you can perform your desired operation using that channel. 

Step 5

Now, we will use another extension from Aircrack-ng which is the Airodump-ng to capture the packet and 4-way handshake. Let’s enter the command. 

sudo airodump-ng wlp1s0mon
Code language: Bash (bash)

Other options exist for performing additional operations with Airodump-ng. For static analysis, you can use Wireshark!  

Assuming you are connected to that network, you should see the mac address in the upper left corner. The structure will be “WPA Handshake: Mac Address”. If you don’t get the four-way handshake, the top right corner will be blank. 

Step 6

Now, we will deauthenticate the client from its desired server. For this step we need two Mac addresses, one is the server to which our client is connected and the Mac address of the access point ( we already knew this from airodump-ng). And use the following command structure. 

<strong>aireplay</strong>-ng --deauth 0 -a [Access Point Mac address] -c [Client's Mac address] wlp1s0mon
Code language: Bash (bash)

Step 7

Finally, it is time for cracking. For this, we will perform a brute-force attack with some common passwords. We will need a text file that has a bunch of common password lists. You can get one here, or if you are using Kali or Parrot then you can find a list in the /usr/share/wordlist directory. Your command should follow the following structure. 

sudo aircrack-ng -w [dictionary file directory] -b [Access Point Mac Address] psk*.cap
Code language: Bash (bash)

You may receive an error from time to time; if this occurs, you must deauthenticate the client again and repeat the steps. When you are successful at capturing, you will find the success text on your screen. 


So there you have it; you now know how to use aircrack to crack WiFi security. Please keep in mind that this content is for educational purposes only and you should not be doing any harm using this tool. You should be careful about using any of these cracking tools. 

Sharing is caring

Did you like what S.M. SHAFAKATUL ISLAM wrote? Thank them for their work by sharing it on social media.


No comments so far