Create the dozens of WiFi networks that aren't actually there using beacon frames!
Watch Beacon Command - Deauther V3 Tutorial on YouTube.
What are Beacon Frames?
Beacon frames are small packets sent out by the access point (i.e. your router) to advertise its network to other WiFi devices in the area. They contain information like the network name and security (Open, WPA2, WPA3,...).
Through these packets, client devices learn about available WiFi networks in the area. That is how your phone knows about the networks you see in the WiFi settings menu. This discovery process is also called passive scanning. Learn more about active and passive scanning in our post about WiFi Probe Requests.
With the beacon command of the Deauther V3 we can send out a lot of these beacon frames and advertise networks with custom names, without actually having to create real networks. We can also detect devices that are trying to connect to our fake networks.
Can beacons be evil?
WiFi beacon frames are mostly harmless, but some devices can react unexpectedly to certain SSIDs:
It's also possible to advertise common network names and monitor the connection attempts. This way you can potentially uncover where a device has been. We explained this in more detail in our post about WiFi Probe Requests.
How to use the command
Get an overview of the command structure and available arguments by typing
You can see that all arguments besides the first are in square brackets, meaning they are optional.
Below the structure of the command, you'll find a list of all the available arguments, a small explanation, and their default value (if they're optional).
||A list of network names you want to advertise.|
||The sender MAC address / MAC of the imaginary access point.|
||The receiver MAC address. Use this to advertise only to a specified device. Leave it blank to broadcast your advertisement to all devices in range.|
||Create the appearance of a
||Advertise on a specific channel.|
||The packet rate at which the frames are being sent. 10 frames/s is typical. Increase it to raise the chances of your network being picked up.|
||Monitor your fake network for connection attempts.|
||Save all probe requests that are detected while the attack is running.|
||How long until the attack stops.|
Running the command
After running the command, you'll see the parameters and a list of network names (SSIDs) and their corresponding sender MAC address (BSSID).
Now your network should show up as an available network.
Sometimes it can take a minute or so before devices pick up your new network, especially in areas with a lot of access points around.
You can boost the discovery process by changing to a channel that is less busy or by increasing the packet rate.
When you try to connect to your fake network, you'll notice that it will always fail. This is because the beacon frames are advertising a network that is not real. There is nothing to connect to.
If you want to see those connection attempts enable monitor mode:
You can not read the password that the user entered to join your network, but you can see the MAC address as well as the signal strength.