I would like to know if there are tools available to identify what WPS method is actually enabled on an AP?
I would like to know also if there is a way by looking at packets to know which WPS method is enabled?
Asked
Active
Viewed 1,222 times
2 Answers
3
You can use the latest aircrack-ng suite (Aircrack-ng 1.2 RC 2) to check for WPS enabled access points. I'm assuming your wireless interface is called wlan1:
- airmon-ng start wlan1
- airodump-ng wlan1mon --wps
You can read more about it here for example. You could use the wash tool as an alternative, but I'm not sure whether it is still being updated.
Michael
- 5,393
- 2
- 32
- 57
-
Thanks. wash is indeed a little bit outdated. aircrack display wps methods but i don't know if it displays supported methods or actually enabled methods. – Othman Sep 08 '15 at 12:10
-
It should only list the enabled methods. – Michael Sep 08 '15 at 12:14
0
Nothing better than to directly have a look to the WPS tag in the AP PROBES.
Wash or airodmp-ng do that for you (but information is less complete): sudo iw wlanX scan
check this as an example output:
WPS: * Version: 1.0
* Wi-Fi Protected Setup State: 2 (Configured)
* Response Type: 3 (AP)
* UUID: ebd86104-5cb3-4a92-b43c-6547abcb2dc2
* Manufacturer: Celeno Communication, Inc.
* Model: Celeno Wireless AP 2.4G
* Model Number: CL1800
* Serial Number: 12345678
* Primary Device Type: 6-0050f204-1
* Device name: CelenoAP2.4G
* Config methods: Label, Display, Keypad
* RF Bands: 0x1
* Unknown TLV (0x1049, 6 bytes): 00 37 2a 00 01 20
This is what you can see in the probes
