1 00:00:07,430 --> 00:00:09,800 - [Instructor] Operating systems and wireless supplicants, 2 00:00:09,800 --> 00:00:12,530 in many cases maintain a list 3 00:00:12,530 --> 00:00:16,250 of trusted or prefer wireless networks, right? 4 00:00:16,250 --> 00:00:20,900 This includes their SSID, clear text passwords 5 00:00:20,900 --> 00:00:24,320 or WAP passwords or WPA passwords 6 00:00:24,320 --> 00:00:27,610 and also other information that is actually needed 7 00:00:27,610 --> 00:00:29,860 to connect to those preferred wireless networks, right? 8 00:00:29,860 --> 00:00:32,550 So these preferred networks are automatically 9 00:00:32,550 --> 00:00:36,900 connected whenever they see that they're available, right? 10 00:00:36,900 --> 00:00:41,480 For example, Windows and Mac, and, you know, MAC OSX 11 00:00:41,480 --> 00:00:46,130 and your iPhone, or your Android device, continuously search 12 00:00:46,130 --> 00:00:49,870 for wireless networks that are actually in that list, right? 13 00:00:49,870 --> 00:00:53,060 That's why sometimes you just walk to a hotel, right, 14 00:00:53,060 --> 00:00:55,440 or to a coffee shop that you always go to 15 00:00:55,440 --> 00:00:57,970 and automatically connect to the wireless network 16 00:00:57,970 --> 00:00:59,290 without you actually knowing 17 00:00:59,290 --> 00:01:02,900 if actually wifi is enabled in your device. 18 00:01:02,900 --> 00:01:04,190 So basically the idea is 19 00:01:04,190 --> 00:01:05,917 that you can create a stronger signal 20 00:01:05,917 --> 00:01:08,240 for currently associated networks 21 00:01:08,240 --> 00:01:11,160 or just impersonate an SSID, right, 22 00:01:11,160 --> 00:01:14,240 So an access point and a client will actually connect 23 00:01:14,240 --> 00:01:15,470 to you automatically, right? 24 00:01:15,470 --> 00:01:17,230 So if the client is actually 25 00:01:17,230 --> 00:01:19,000 already connected to the network 26 00:01:19,000 --> 00:01:22,420 then you can perform a de-authentication attack 27 00:01:22,420 --> 00:01:25,690 and then cause the client to de-authenticate 28 00:01:25,690 --> 00:01:28,783 from the network and then connect to you, right? 29 00:01:28,783 --> 00:01:31,760 And of course, if the client is actually not connected, 30 00:01:31,760 --> 00:01:32,910 let's say, I don't know 31 00:01:32,910 --> 00:01:35,640 is just walking by, or just sitting, 32 00:01:35,640 --> 00:01:36,610 you know at a coffee shop. 33 00:01:36,610 --> 00:01:38,320 But you know, they don't have a free wifi 34 00:01:38,320 --> 00:01:40,160 but you impersonate, I don't know 35 00:01:40,160 --> 00:01:44,050 let's say Starbucks's wifi, or any other type of, 36 00:01:44,050 --> 00:01:46,120 you know free wifi out there, 37 00:01:46,120 --> 00:01:49,270 then potentially that client can actually connect to you. 38 00:01:49,270 --> 00:01:52,030 You give 'em internet access and you can actually 39 00:01:52,890 --> 00:01:54,390 eavesdrop into their conversation 40 00:01:54,390 --> 00:01:56,260 or perform any other type of attack. 41 00:01:56,260 --> 00:02:00,066 You're gonna learn how to do this using several tools 42 00:02:00,066 --> 00:02:03,200 and different methodologies later in this course