Find Hidden Wireless SSID Using Wireshark and Kali Linux

Posted by Suraj Singh on July 20, 2017 · 5 mins read
hii readers,

Today, I am Going To Show You How To Find Hidden Wireless SSID Using Wireshark in Kali Linux?
But First, If You are a New Visitor in my blog then, i will suggest you to take a look our blog index.

So, Let's Start Our Tutorial With Some Basic Knowledge Of Hidden SSID.

Normally, all access points send out their SSIDs and Other Information in the Beacon
frames. This Beacon Frames allows clients in the network range to discover them easily. Hidden SSID is a special configuration where the access point does not broadcast its SSID in the Beacon frames. Why? because with the help of these settings. only previous clients which know the SSID of the access point can connect to it. In simple way this special configuration hides access point network from new clients who don't know about real SSID.
But the interesting fact is this, this configuration does not provide good security. So,
Basically, to bypass this security here, in this tutorial, we will try to capture MAC address of Hidden access points and after that with the help of access point MAC Address, we will use a very simple trick to get real SSID from previous connected client.

Now Let's start our tutorial but first make sure your wireless card supports monitor mode. if yes, then enable your wireless card monitor mode.

And Yes, Here Another Way Is also Available You Can Also Find Hidden SSID Using Python Custom Scripts. Click here

Setup 1.

              Enable Wireless Card Interface Monitor Mode. more info

From This Terminal You Just need to remind monitor mode interface name.

for example:

Setup 2. 

Start Wireshark With Monitor Mode Interface to start capturing wireless packets.

As You can see in above screen shot, Wireshark is capturing all packets Continuously.

Setup 3. 

Now, Type Below statement in Wireshark Filter Box:

wlan.fc.type_subtype == 0x0008

This Statement Will Filter Beacon frames from All Captured Packets.

As You Can See in left side of Wireshark Screenshot, You Have Noticed SSID=Broadcast Statement in (Info) Tab. Here SSID=Broadcast means access point sending its beacon frames without any SSID ( Hidden SSID ).

So what we are going to do? We will Take Transmitter MAC address/Source MAC Address From These Beacon Frames And Then, We Will Send De-authentication Packets To These Access Points To Break Established Connections Between Stations And Clients. After Dis-connection, normally all client will try again to identity their identities against stations by send prob-requests which contains original SSID of Access Point.

Setup 4.

To Send De-authentication, We will Use Aireplay-ng Tool.

         aireplay-ng -0 5 -a mac_address interface_name

The -0 option is for choosing a Deauthentication attack, and 5 is the number of Deauthentication packets to send. Finally, -a specifies the MAC address of the access point you want to target.

Setup 5. 

Now, Type Below statement in Wireshark Filter Box To Filter Prob-Request:

wlan.fc.type_subtype == 0x0004

As You Can See In Above Image, SSID=Thisisme is real hidden ssid. hence, you can use this method to almost all hidden SSID Access Points.


For Find Hidden SSID Using Python Custom Scripts tutorial. Click here