Home 0P3N Blog Aireplay Vs Mdk3: Wireless Deauthentication
Ready to Start Your Career?
Create Free Account
Invoron 'norovni's profile image
By: Invoron 'norovni'
March 16, 2017

Aireplay Vs Mdk3: Wireless Deauthentication

By: Invoron 'norovni'
March 16, 2017
Invoron 'norovni's profile image
By: Invoron 'norovni'
March 16, 2017
code-1084923_1280I am pretty sure anyone who has ever tried to hack wireless network should have come across aireplay-ng (one among aircrack-ng suite), very few may have heard about mdk3.Similar to aireplay-ng , mdk3 can be used to Jam a wireless network exploiting IEEE 802.11 protocol weakness. In this article lets talk on how to use them and jump to some conclusions.1. Aireplay-ngsyntax : aireplay-ng <options> <replay interface>Sample Example: aireplay-ng --deauth n -a <MAC of AP> -e <ESSID of AP> -c <Client MAC> <Monitor Interface>aireplay-ng --deauth 5 -a 00:11:22:33:44:55 -e HackThis -c 1c:65:9d:9e:02:07 wlan0monHere :
  • --deauth = <For Attack Mode> In this case for de-authentication ; equivalent to -0
  • n = <Number Of Attack Packets> Here 5 is selected. Sends 5 de-authentication packets.
  • -a = <BSSID or MAC of Access Point> Here lets just say 00:11:22:33:44:55 is the MAC of AP.
  • -e = <ESSID of MAC > Optional ; Lets just say WiFi name is "HackThis".
  • -c = <MAC of Client connected> Optional ; Works better if you indicate a client with the command.
  • Monitor Interface =  The Interface that you set to monitor mode using airmon-ng ; check status with "iwconfig"
Aireplay-ng works perfect , The de-authetication is quick , you can choose how long to de-authenticate ( 0 for infinity ). But sending one de-authentication packets doesn't work in most of the cases.Aireplay simply won't work for some AP and Client, since it only sends a de-authentication packet, unlike mdk3. This could lead to failure.lets see what mdk3's got.2. Mdk3 mdk3 which is a software using the osdep library from the aircrack-ng project can do the same thing, but with higher certainty. mdk3 sends both de-authentication as well as de-association packets which make it better at its job.And mdk3 has lots of options too, good for advanced users.Syntax : mdk3 <interface> <test_mode> [test_options]Sample Example : mdk3 <monitor interface > d b <blacklist> -c <channel>mdk3 wlan0mon d b blacklist.txt -c 6Here:
  • Monitor Interface =  The Interface that you set to monitor mode using airmon-ng; check status with "iwconfig"
  • d = <Deauthentication / Disassociation Amok Mode> Kicks out everybody found from AP.
  • b = <Test Mode> Becon Flood Mode; Sends beacon frames to show fake APs at clients.
  • blacklist.txt = A file with BSSID of Target network ; simply create it with "echo 00:11:22:33:44:55 > blacklist.txt"
  • c = <Channel> Specify which channel is the AP on. It switches to the specified channel if the interface is on the other channel. (aireplay-ng gives an error if the channel is mismatched)
mdk3 is good, I personally feel mdk3 is better then aireplay-ng, though its de-authentication is slow. But as far as I have tested it on different networks, I have been able to get handshakes easier with mdk3 then aireplay-ng.Here's a video which will show you all of it:Do comment here and share your thoughts.Happy Hunting-Invoron
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry