LinuxCommandLibrary

besside-ng

Capture WPA handshakes without client deauthentication

SYNOPSIS

besside-ng [options] <interface>

PARAMETERS

-b
    Target a specific BSSID (AP MAC address).

-a
    Target a specific station MAC address.

-c
    Lock on a specific channel.

-E
    Write EAPOL (WPA handshakes) and IVs (WEP) to the specified pcap file.

-R
    Use a random MAC address for the interface.

-W
    Target WPA networks only, ignore WEP networks.

-K
    Kill any existing WEP cracking process (useful when focusing on WPA).

-N
    Do not attempt WEP cracking. Only capture IVs and WPA handshakes.

-p
    Specify the power level in dBm (requires card support).

-s
    Wait for seconds on each AP before moving to the next (default: 5 seconds).

-v
    Enable verbose output.

-q
    Enable quiet output.

-h
    Display the help message.

DESCRIPTION

besside-ng is a powerful tool within the Aircrack-ng suite designed for automated wireless network security auditing, specifically for WEP and WPA/WPA2 PSK networks. It works by passively sniffing wireless traffic, collecting initialization vectors (IVs) for WEP cracking, and WPA/WPA2 4-way handshakes. Its primary advantage is its automation; once started, it attempts to capture data from all reachable access points and associated clients, saving collected handshakes and IVs.

For WEP, it can automatically crack the key once enough IVs are gathered. For WPA/WPA2, it captures handshakes which can then be cracked offline using tools like aircrack-ng with a wordlist. It's often referred to as a "set it and forget it" tool due to its autonomous operation and focus on efficiency by prioritizing active networks.

CAVEATS

Requires a wireless adapter capable of monitor mode and packet injection. Legal implications: Using besside-ng on networks you do not own or have explicit permission to test is illegal in most jurisdictions. Performance depends on network activity: WEP cracking relies on IVs, WPA on handshakes; both require active traffic or client associations. WEP cracking can be slow or impossible on inactive networks. WPA cracking requires a dictionary attack on the captured handshake, which can be computationally intensive and may not succeed without a strong wordlist. May be detected by network intrusion detection systems.

PREREQUISITES

A wireless adapter that supports monitor mode and packet injection is essential. Before running besside-ng, the wireless interface typically needs to be put into monitor mode using airmon-ng (e.g., airmon-ng start wlan0).

OUTPUT FILES

besside-ng often creates output files (e.g., besside.cap by default or specified by -E) containing captured IVs and WPA handshakes. These pcap files are crucial for offline cracking with aircrack-ng using a dictionary or brute-force attack.

TARGETING BEHAVIOR

While besside-ng can operate broadly across all visible networks, it can also be directed to specific BSSIDs or channels for focused attacks. Without specific targeting, it will cycle through channels and target all discovered compatible access points.

HISTORY

besside-ng is part of the Aircrack-ng suite, a comprehensive set of tools for auditing wireless networks. It emerged as a more automated and user-friendly alternative for WEP and WPA/WPA2 cracking compared to running individual tools like airodump-ng and aireplay-ng manually. Its design aims to simplify the process of capturing necessary data (IVs for WEP, EAPOL handshakes for WPA) by passively monitoring and interacting with networks, making it a "set it and forget it" solution. Its development has focused on improving efficiency and automation within the Aircrack-ng project.

SEE ALSO

Copied to clipboard