MTeams has been working with RogueAP setups and WPA Phishing for over five years starting with techdynamics wpa phishing programs.
Any client that has a WPA key already loaded into the wifi management software for a specific ESSID cannot associate to a Open RogueAP of the same name unless the client removes the WPA key from the setup.
To defeat this when WPA Phishing, Mteams' Pwnstar9.0 version help files which is designed for WPA Phishing suggest you enter a ESSID that looks the same to the human eye BUT is not the same to the computer. One way to do this is to add five to eight spaces and then a period to the ESSID hence:
"HOMEWIFI" would be "HOMEWIFI five spaces and a period ."
If you just use spaces some software management software ignores the spaces unless the spaces are between characters.
If you add too many spaces you can get strange effects in both client and RogueAP software.
Next DDOS the targetAP and hope the client tries to associate to the RogueAP of almost the same name.
The type of DDOS may require a separate wifi device. The only DDOS that allows the device supporting the RogueAP to also perform the DDOS is mdk3 d Deauthentication / Dissassociation Amoke Mode
If you use mdk3 g or aireplay-ng -0 you need to separate the RogueAP channel at least three or more channel numbers from the targetAP and you will require a separate wifi device or you will end up DDOSing the RogueAP due to the proximity of the wifi devices.
Do not use mdk3 t Probe as it can crash airodump-ng and scanners
Association: If you use a name similar to the targetAP, the name is different to the computer, the clients' computer then associates easily as the system is open. But the client must choose to do so.
However when the client associates and tries and call up a https address this normally sets off a certificate warning.
To beat that MTeams wrote a HTTPS trap feature into Pwnstar9.0. When the client requests a https address the web page is passed on without a certificate warning. When the client request a http address the fake webpage is expressed on the clients' screen.
As soxrok2212 notes this is not so straight forward as it appears. Only a new client which has yet to input a WPA key into the wifi management software will associate easily and even then there are problems. In the end there is a high degree of social engineering skill required to make this work. MTeams has had equal success with just leavng a rogueAP running and walking away. The next morning we find all sorts of passwords to include WPA keys loaded in the RogueAP
Musket Teams
