WarDriving and Wireless Penetration Testing

WarDriving and Wireless Penetration Testing

1st Edition - November 8, 2006

Write a review

  • Authors: Chris Hurley, Russ Rogers, Frank Thornton, Brian Baker
  • eBook ISBN: 9780080520773

Purchase options

Purchase options
DRM-free (EPub, Mobi, PDF)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order


Wireless networking has become standard in many business and government networks. This book is the first book that focuses on the methods used by professionals to perform WarDriving and wireless pentration testing.Unlike other wireless networking and security books that have been published in recent years, this book is geared primarily to those individuals that are tasked with performing penetration testing on wireless networks. This book continues in the successful vein of books for penetration testers such as Google Hacking for Penetration Testers and Penetration Tester’s Open Source Toolkit. Additionally, the methods discussed will prove invaluable for network administrators tasked with securing wireless networks. By understanding the methods used by penetration testers and attackers in general, these administrators can better define the strategies needed to secure their networks.

Key Features

* According to a study by the Strategis Group more than one third of the words population will own a wireless device by the end of 2008.

* The authors have performed hundreds of wireless penetration tests, modeling their attack methods after those used by real world attackers.

* Unlike other wireless books, this is geared specifically for those individuals that perform security assessments and penetration tests on wireless networks.


The target audience for this book is information security professionals who are required to perform WarDriving and wireless penetration testing as part of their duties as well as hobbyists that are interested in learning the tactics used by professional penetration testers when WarDriving and performing wireless penetration tests. Additionally, both business and home users that are concerned about the security of their wireless networks will find a wealth of knowledge in how to secure their networks.

Table of Contents

  • Acknowledgments

    Technical Editor and Lead Author

    Technical Editor and Contributing Author

    Contributing Authors

    Foreword Contributor


    Foreword v 1.0

    Chapter 1: Introduction to WarDriving and Penetration Testing



    The Origins of WarDriving

    Tools of the Trade or “What Do I Need?”

    Putting It All Together

    Penetration Testing

    Tools for Penetration Testing

    Conclusion and What to Expect From this Book

    Solutions Fast Track

    Chapter 2: Understanding Antennas and Antenna Theory


    Terminology and Jargon

    Differences Between Antenna Types

    Other RF Devices


    Solutions Fast Track

    Chapter 3: WarDriving With Handheld Devices and Direction Finding


    WarDriving with a Sharp Zaurus

    WarDriving with MiniStumbler

    Direction Finding with a Handheld Device


    Solutions Fast Track

    Chapter 4: WarDriving and Penetration Testing with Windows


    WarDriving with NetStumbler

    Running NetStumbler

    Wireless Penetration Testing with Windows


    Solutions Fast Track

    Chapter 5: WarDriving and Penetration Testing with Linux


    Preparing Your System to WarDrive

    WarDriving with Linux and Kismet

    Wireless Penetration Testing Using Linux


    Solutions Fast Track

    Chapter 6: WarDriving and Wireless Penetration Testing with OS X


    WarDriving with KisMAC

    Penetration Testing with OS X

    Other OS X Tools for WarDriving and WLAN Testing


    Solutions Fast Track

    Chapter 7: Wireless Penetration Testing Using a Bootable Linux Distribution


    Core Technologies

    Open Source Tools

    Case Study

    Further Information

    Solutions Fast Track

    Chapter 8: Mapping WarDrives


    Using the Global Positioning System Daemon with Kismet

    Configuring Kismet for Mapping

    Mapping WarDrives with GPSMAP


    Solutions Fast Track

    Mapping WarDrives with GPSMap

    Chapter 9: Using Man-in-the-Middle Attacks to Your Advantage


    Hardware for the Attack—Antennas, Amps, WiFi Cards

    Identify and Compromise the Target Access Point

    The MITM Attack Laptop Configuration

    Clone the Target Access Point and Begin the Attack


    Solutions Fast Track

    Chapter 10: Using Custom Firmware for Wireless Penetration Testing

    Choices for Modifying the Firmware on a Wireless Access Point

    Installing OpenWRT on a Linksys WRT54G

    Configuring and Understanding the OpenWRT Network Interfaces

    Installing and Managing Software Packages for OpenWRT

    Enumeration and Scanning from the WRT54G

    Installation and Configuration of a Kismet Drone

    Installing Aircrack to Crack a WEP Key


    Solutions Fast Track

    Chapter 11: Wireless Video Testing


    Wireless Video Technologies

    Tools for Detection


    Solutions Fast Track

    Appendix A: Solutions Fast Track

    Appendix B: Device Driver Auditing


Product details

  • No. of pages: 446
  • Language: English
  • Copyright: © Syngress 2007
  • Published: November 8, 2006
  • Imprint: Syngress
  • eBook ISBN: 9780080520773

About the Authors

Chris Hurley

Chris Hurley is a Senior Penetration Tester in the Washington, DC area. He has more than 10 years of experience performing penetration testing, vulnerability assessments, and general INFOSEC grunt work. He is the founder of the WorldWide WarDrive, a four-year project to assess the security posture of wireless networks deployed throughout the world. Chris was also the original organizer of the DEF CON WarDriving contest. He is the lead author of WarDriving: Drive, Detect, Defend (Syngress Publishing, ISBN: 19318360305). He has contributed to several other Syngress publications, including Penetration Tester's Open Source Toolkit (ISBN: 1-5974490210), Stealing the Network: How to Own an Identity (ISBN: 1597490067), InfoSec Career Hacking (ISBN: 1597490113), and OS X for Hackers at Heart (ISBN: 1597490407). He has a BS from Angelo State University in Computer Science and a whole bunch of certifications to make himself feel important.

Affiliations and Expertise

Senior Penetration Tester, Washington, DC, USA

Russ Rogers

Russ Rogers (CISSP, CISM, IAM, IEM, Hon. Sc.D.), author of the popular "Hacking a Terror Network: The Silent Threat of Covert Channels" (Syngress, ISBN: 978-1-928994-98-5), co-author of multiple books, including the best-selling "Stealing the Network: How to Own a Continent" (Syngress, ISBN: 978-1-931836-05-0) and "Network Security Evaluation Using the NSA IEM" (Syngress, ISBN: 978-1-59749-035-1), and former editor-in-chief of The Security Journal, is currently a penetration tester for a federal agency and the co-founder and chief executive officer of Peak Security, Inc., a veteran-owned small business based in Colorado Springs, CO. Russ has been involved in information technology since 1980 and has spent the past 20 years working as both an IT and InfoSec consultant. Russ has worked with the U.S. Air Force (USAF), National Security Agency (NSA), Defense Information Systems Agency (DISA), and other federal agencies. He is a globally renowned security expert, speaker, and author who has presented at conferences around the world in Amsterdam, Tokyo, Singapore, São Paulo, Abu Dhabi, and cities all over the United States. Russ has an honorary doctorate of science in information technology from the University of Advancing Technology, a master's degree in computer systems management from the University of Maryland, a bachelor of science degree in computer information systems from the University of Maryland, and an associate's degree in applied communications technology from the Community College of the Air Force. He is a member of ISSA and (ISC)2® (CISSP). Russ also teaches at and fills the role of professor of network security for the University of Advancing Technology (www.uat.edu).

Affiliations and Expertise

Penetration Tester for a Federal Agency and Co-founder/Chief Executive Officer, Peak Security, Inc.

Frank Thornton

Frank Thornton runs his own technology consulting firm, Blackthorn Systems, which specializes in information security and wireless networks. His specialties include wireless network architecture, design, and implementation, as well as network troubleshooting and optimization. An interest in amateur radio helped him bridge the gap between computers and wireless networks. Having learned at a young age which end of the soldering iron was hot, he has even been known to repair hardware on occasion.

In addition to his computer and wireless interests, Frank was a law enforcement officer for many years. As a detective and forensics expert he has investigated approximately one hundred homicides and thousands of other crime scenes. Combining both professional interests, he was a member of the workgroup that established ANSI Standard "ANSI/NIST-CSL 1-1993 Data Format for the Interchange of Fingerprint Information."

Affiliations and Expertise

Owner, Blackthorn Systems, New Hampshire, USA

Brian Baker

Ratings and Reviews

Write a review

There are currently no reviews for "WarDriving and Wireless Penetration Testing"