[stryngs42]

It is worth noting that you do not need to have "control" of the access point in question for this tool to work.

The only thing you need are credentials of the network if it is not an Open Access Point. If you have the credentials you then pop those into airtun-ng and now you'll have a NIC you can sniff on and inject to the network in question at the Monitor Mode level.

No arp-spoofing, DNS poisoning, etc, just straight up good old fashioned Layer 2 hacking and there is nothing the Access Point can do to stop you sans an IDS/IPS.

So yes, you could absolutely do what you described and deauth and hope they join your network, but no need in most cases.

As well the real beauty is that NCSI probing happens every single time the the computer connects to wifi, if edgeDressing catches the probe sequence and wins the race that computer's browser is opening. Broadbrush deauthing and poof, now you have a whole bunch of computers all opening up random pages. Not good.