Home > Features > WiFi Attacks

WiFi Attacks

These tools are for authorized security testing only. Always obtain written permission before testing networks you do not own. Unauthorized use of these tools may violate local laws and regulations.

Biscuit includes several WiFi attack modes for security research and penetration testing. All attack tools are found under WiFi Tools > Attacks tab in the app.


Deauth Attack

Send deauthentication frames to disconnect clients from access points. This disrupts network connectivity and can force clients to reconnect, which is useful for capturing WPA handshakes during the reconnection process.

How to Use

  1. Run a scan first – Use Scan AP or Scan Stations to discover targets. Select your targets by tapping on them in the scan results.
  2. Navigate to WiFi Tools > Attacks tab > Deauth Attack.
  3. Choose a target mode:
    • Basic – Deauthenticates all clients connected to the selected access point(s). Requires at least one selected AP.
    • Targeted – Deauthenticates only specific selected stations (individual client devices). Requires at least one selected station.
  4. Optional: Enable EAPOL capture – Toggle “Capture EAPOL” to simultaneously capture WPA handshakes while running the deauth. As clients reconnect, their handshake frames are captured automatically. This option works on 2.4GHz networks and requires a dual-chip device (Pro or Ultra).
  5. Optional: Enable SD card storage – On Biscuit Ultra with an SD card, save captured EAPOL data directly to the card.
  6. Tap Start to begin the attack.
  7. Tap Stop when done. If EAPOL capture was enabled and handshakes were collected, you are prompted to save or share the capture.

Real-Time Stats

  • Packets – Total deauthentication packets sent
  • Targets – Number of APs or stations being targeted
  • PMKIDs – Number of PMKIDs captured (shown when EAPOL capture is enabled)

Mesh Mode

If you have BiscuitNode mesh devices connected, the deauth attack can be distributed across multiple nodes for wider coverage. When connected nodes are detected, the attack automatically uses mesh mode.


Beacon Spam

Flood the area with fake WiFi network names. Nearby devices scanning for WiFi will see their network lists fill up with fake entries.

How to Use

  1. Navigate to WiFi Tools > Attacks tab > Beacon Spam.
  2. Choose a spam mode:
    • Random – Generates random SSID names continuously. No setup required.
    • Custom – Broadcast your own custom list of SSIDs. Enter one SSID per line in the text field.
    • AP List – Clone SSIDs from your most recent AP scan. Requires at least one selected AP from a prior scan.
    • Funny – Broadcast humorous and novelty network names from a built-in list.
  3. Tap Start to begin broadcasting.

Real-Time Stats

  • Packets – Total beacon frames transmitted
  • Mode – The active spam mode
  • Rate – Approximate beacons per second being broadcast

RickRoll

A fun variant of beacon spam that broadcasts Rick Astley themed network names. Nearby devices scanning for WiFi will see lyrics and references appear in their network lists.

How to Use

  1. Navigate to WiFi Tools > Attacks tab > RickRoll.
  2. Tap Start to begin broadcasting.
  3. Tap Stop when the joke has run its course.

No configuration is needed – the SSID list is built in.


Probe Attack

Flood the air with probe request frames from fake client devices. This makes networks appear active with many connected devices and can overwhelm network monitoring tools.

How to Use

  1. Navigate to WiFi Tools > Attacks tab > Probe Attack.
  2. Tap Start to begin flooding probe requests.

Real-Time Stats

  • Packets – Total probe request frames transmitted

Tips

  • This attack generates a high volume of fake client traffic, which can confuse wireless intrusion detection systems and network monitoring dashboards.

Bad Message Attack

Send malformed WiFi management frames to targeted stations. This can cause client devices to disconnect, behave unexpectedly, or enter error states.

How to Use

  1. Run a station scan first – Use Scan Stations to discover clients. Select your target stations by tapping on them.
  2. Navigate to WiFi Tools > Attacks tab > Bad Message.
  3. The attack targets your selected stations. At least one station must be selected.
  4. Tap Start to begin sending malformed frames.

Notes

  • This attack is available in targeted mode only – you must select specific stations before starting.
  • Effects vary by device and firmware. Some devices handle malformed frames gracefully while others may disconnect or require reconnection.

Sleep Attack

Inject power management frames to confuse client and AP associations. This exploits the WiFi power-save mechanism to disrupt connectivity.

How to Use

  1. Run a station scan first – Use Scan Stations to discover clients. Select your target stations by tapping on them.
  2. Navigate to WiFi Tools > Attacks tab > Sleep Attack.
  3. The attack targets your selected stations. At least one station must be selected.
  4. Tap Start to begin injecting sleep frames.

Notes

  • This attack is available in targeted mode only – you must select specific stations before starting.
  • The sleep attack can cause intermittent connectivity issues for targeted devices without fully disconnecting them, making it harder for the user to diagnose the problem.