DEAUTH_CLIENT
DEAUTH_CLIENT Attempt to deauthenticate WiFi clients by sending spoofed
deauthentication and disassociation packets
When to use it
Use DEAUTH_CLIENT as part of an engagement when attempting to redirect
clients to a Pineapple access point or to force a reassociation when
harvesting WPA handshakes.
Syntax
DEAUTH_CLIENT [bssid] [target] [channel]
bssid required
BSSID (MAC address) of the access point the client is connected
to, in the standard aa:bb:cc:dd:ee:ff format.
target required
MAC address of target client (or FF:FF:FF:FF:FF:FF for all
clients) in the standard aa:bb:cc:dd:ee:ff format.
channel required
WiFi channel to send disconnect packets on.
Results
DEAUTH_CLIENT returns immediately. In the background, the PineAP system will transmit the disassociation and deauthentication packets.
Examples
DEAUTH_CLIENT 00:AA:BB:CC:DD:EE 00:DE:AD:BE:EF:44 6
Limitations
DEAUTH_CLIENT can be used on 2.4GHz channels, and on 5GHz channels which are not DFS channels. DFS channels have stronger regulatory requirements which prohibit transmission. The WiFi standard requires that all networks on 6GHz utilize WPA3 features, such as Protected Management Frames, which prevent injected deauthentication packets on 6GHz networks.
Networks which utilize Protected Management Frames (PMF) or the 802.11w standard will not be susceptible to injected disconnection packets. All networks utilizing WPA3 also enable Protected Management Frames.
Some clients ignore disconnection attempts deliberately regardless of the network type or channel.
Be sure to only trigger client deauthentication against networks that are in the scope of your engagement!
Deauthenticating clients from networks which aren’t yours and which you haven’t been given permission to test isn’t only a jerk move, it may be illegal in some jurisdictions. Know the laws of your region!