You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Since Mac address randomization is on by default on most devices
this make the probe sniffing a bit useless
So i think it can maybe be fixed a bit
We can fingerprint devices that probe for certain ssids
like for example if it we catch a mac probing for skyplabs network
then we use that mac address to link the reset of the other probes together to know that they are coming from which device
collecting probe requests for already connected devices to nearby networks
i don't know actually how to do that but here what i noticed
when deauthing a network for a couple of SECs
and monitoring it with airodump-ng
You can actually see all the probs lined together for each device on that network even that they are using Mac randomization but it still works some how
You can try that by trying to capture a 4-way-handshake manually
There is also these two attacks that uses some form of advanced methods to break the Randomization but i wasn't able to fully understand
Sorry for the late answer, I had so little time to work on ProbeQuest during the last few months.
Thanks for the links. I will have a look as soon as I get a chance. Note that defeating MAC address randomisation was already part of ProbeQuest's roadmap as you can see in #6.
Since Mac address randomization is on by default on most devices
this make the probe sniffing a bit useless
So i think it can maybe be fixed a bit
like for example if it we catch a mac probing for skyplabs network
then we use that mac address to link the reset of the other probes together to know that they are coming from which device
i don't know actually how to do that but here what i noticed
when deauthing a network for a couple of SECs
and monitoring it with airodump-ng
You can actually see all the probs lined together for each device on that network even that they are using Mac randomization but it still works some how
You can try that by trying to capture a 4-way-handshake manually
There is also these two attacks that uses some form of advanced methods to break the Randomization but i wasn't able to fully understand
Three Years Later: A Study of MAC Address Randomization In Mobile Devices And When It Succeeds PDF
Defeating MAC Address Randomization Through Timing Attacks PDF
RESEARCHERS BREAK MAC ADDRESS RANDOMIZATION AND TRACK 100% OF TEST DEVICES
Thanks
The text was updated successfully, but these errors were encountered: