Find Hidden SSID Using Python and Kali Linux

Posted by Suraj Singh on July 20, 2017 · 4 mins read
hii readers,

Today, I am Going To Show You How To Find Hidden Wireless SSID Using Python in Kali Linux?
But First, If You are a New Visitor in my blog then, i will suggest you to take a look our blog index.

So, Let's Start Our Tutorial With Some Basic Knowledge Of Hidden SSID.

Normally, all access points send out their SSIDs and Other Information in the Beacon
frames. This Beacon Frames allows clients in the network range to discover them easily. Hidden SSID is a special configuration where the access point does not broadcast its SSID in the Beacon frames. Why? because with the help of these settings. only previous clients which know the SSID of the access point can connect to it. In simple way this special configuration hides access point network from new clients who don't know about real SSID.
But the interesting fact is this, this configuration does not provide good security. So,
Basically, to bypass this security here, in this tutorial, we will try to capture MAC address of Hidden access points and after that with the help of access point MAC Address, we will use a very simple trick to get real SSID from previous connected client.

Now Let's start our tutorial but first make sure your wireless card supports monitor mode. if yes, then enable your wireless card monitor mode.

and yes! you can also use Wireshark for this process. click here for tutorial with wireshark

Setup 1.

              Enable Wireless Card Interface Monitor Mode. more info

From This Terminal You Just need to remind monitor mode interface name.

for example:

Setup 2. 

Now, We Need To Capture Beacon Frames and for this you can Download My Custom Python Script that is created For Capturing Beacon Frames. Click here

and run this Script using Terminal:

           sudo python mon0


As you can see in above screen shot, Captured Packet Output Without SSID is a hidden access point beacon frame. So, You Just need to note Packet BSSID for future Procedure.

Note: For Future Procedure You Need To Run Separate Terminal For Each Separate Command/Script. 

Setup 3.

Now, We need another script, that can capture other various management frames for retrieving real SSID of Access point By tricking its current authenticated clients and for this process, you can again download my another custom script from here

Now, Open New Terminal and Type:

sudo python mon0

Setup 4.

To Send De-authentication, We will Use Aireplay-ng Tool.

         aireplay-ng -0 5 -a mac_address interface_name

The -0 option is for choosing a Deauthentication attack, and 5 is the number of Deauthentication packets to send. Finally, -a specifies the MAC address of the access point you want to target.

Setup 5. 

Keep Your Eyes On Script Terminal

Boom! as you can see in above screen shot. we got it.  Our Script has successfully captured Prob-Request And Prob-Answer Packet that contains real SSID and here, our real SSID is Thisisme.


click here for tutorial with wireshark