Attacking the client is not about breaking encryption and compromising the wireless network by means of some weakness in the authentication protocol. When attacking a client laptop, you create your own virtual access point and use various tricks to force a client to associate with it. Once this happens, you can attack the client in a number of ways. This section includes examples that discuss how you can steal cookies and passwords or attack and compromise the client itself. Under certain circumstances, it is even possible to route through a client laptop and into the target network. When executed correctly, these attacks can be devastating to even the most secure network.
There are three approaches you can use to attack a client: the passive, the active and the indiscriminate. Each of these approaches makes use of BackTrack 3, specifically the tools Airbase and Metasploit.
Airbase is a tool that can be used to create a virtual wireless access point. Metasploit is a general hacking toolkit that I show how to use in a limited way by backing it on to Airbase. The goal here is to con your targets into connecting to a fake access point and use some network-level trickery to steal passwords, cookies and other authentication credentials.
A passive attack involves creating a fake, open (no cryptography) wireless access point called 'Free Public WiFi' and setting it up so that anyone can connect to it. This is a useful ...