How to know HIDDEN WI-FI NAME AND BYPASS FILTERING BY MAC

How to know HIDDEN WI-FI NAME AND BYPASS FILTERING BY MAC

How to know HIDDEN WI-FI NAME AND BYPASS FILTERING BY MAC
How to know HIDDEN WI-FI NAME AND BYPASS FILTERING BY MAC

To perform a high-quality penetration test of wireless access points, you need to purchase a pair of USB Wi-Fi adapters with suitable chips and modify them.  Connect directional external antennas for wardriving instead of the standard ones and increase the transmitter power by increasing the txpower value.

The hidden name of the wireless network and the filtering of clients by MAC addresses are weak in preventing hacking.  The SSID and suitable addresses from the “white list” are easy to find out by simply waiting for the next handshake or immediately performing a deauthorization attack.  We will talk about how to find out the name of the hidden WiFi network and how to bypass MAC filtering in this article.

How to find the name of a hidden WiFi network

The wireless network name (SSID or ESSID) is sometimes hidden to protect it.  Indeed, this is how neophytes are cut off and the flow of those wishing to connect to the AP is noticeably reduced: if the target is not visible, many do not attack it.  However, finding out the SSID is quite simple: this information is constantly broadcast on the air.

Each client indicates in the handshake the network name (SSID), its digital identifier (BSSID, usually the same as the MAC AP) and its MAC address.  Therefore, a deauthorization attack is successfully used to find out the SSID of hidden networks.  If we manage to intercept the handshake when a legal client connects to the selected access point, then we will immediately find out its name.  It is enough to write a simple command and wait.

airodump-ng wlan1

It is assumed that your wardriving adapter is defined as wlan1, its power has already been increased, and it itself is switched to monitor mode.  If not yet, then just knock it down (ifconfig wlan1 down), and airodump-ng will put it into monitor mode by itself.

It will take indefinitely for a handshake, so let’s speed up the process.  Let’s open a second terminal window and send a broadcast deauthorization command in it. Forcing all clients of the selected AP to reconnect and shout its SSID for the whole air.

aireplay-ng -0 5 -a D8: FE: E3: XX: XX: XX wlan1

With this command, we sent five deauth packets to all clients of the access point with the MAC address D8: FE: E3:. And so on (I hide part of the address, as usual, enjoying paranoia).  The result was not long in coming.

Almost immediately, the name of the network appeared in the main window of airodump-ng.  While it was hidden, its length was displayed instead of a name (in this example, six characters).

How to bypass filtering by M AC-address

Additionally, admins create white lists of wireless devices, allowing only devices with specific MAC addresses to connect.  In MAC filtering mode, the access point will refuse authorization to third-party devices, even if the correct password is received from them.

However, something else is important to us: if the client device has connected to the selected access point. Then it is guaranteed to be in its “white list”.  All that remains is to kick it away from the target AP and assign that (openly broadcast) MAC address to your Wi-Fi adapter.  In order to have time to connect instead of a trusted device. It is better to run the deauthorization command in parallel in another terminal window and send them from the second dongle.  This is how it looks in stages on the AP from the example above.


Raise the power of the adapter, mask its MAC address and put it into monitor mode.

We listen to the broadcast:

airodump-ng wlan1
The table will display the access points and the MAC addresses of the clients connected to them. (see the STATION column opposite the required AP).

We assign this MAC address to one of our dongles:

macchanger –mac = 64: DB: 43: XX: XX: XX wlan1
From the second adapter helmet deauthorization packages:

aireplay-ng -0 5 -a D8: FE: E3: XX: XX: XX wlan1
We connect with the first adapter as soon as the real client is cut off from the AP.

That’s all.  Now you know how to find out the SSID of the hidden network and find out the client’s MAC addresses.

Henceforth, WE WISH TO ANNOUNCE THAT OUR SERVICES ARE NOT AVAILABLE TO PEOPLE FROM NIGERIA AND INDIA. THESE ARE USELESS TIME WASTERS AND THIEVES TRYING TO BEG OR SCAM US OF OUR PRODUCTS. OUR SERVICES ARE NOT FREE AND PAYMENT IS UPFRONT

A LOT OF FOOLS FROM NIGERIA AND INDIA. on the off chance that YOU DON’T TRUST TO USE OUR SERVICES, DON’T CONTACT US AS WE HAVE NO FREE SERVICE

WE DO NOT RESPOND TO TIME WASTERS, COME READY TO BUY. KINDLY CONTACT US VIA THE LINKS BELOW:

EMAIL: [email protected]Click Here

ICQ: @MTH2021 Click HERE

WHATSAPP: +19789070788 Click HERE

TELEGRAM: @MTH2021​ Click HERE

Leave a Reply