I used ARP spoofing attack in my wireless local network recently. My router is using WPA2-PSK encryption. So while there is an end to end encyrption in my WLAN after my computer enters in the middle of victim and router with arp spoofing, how could I read packets of victim clearly from my own computer? According to my knowledge, if there is an end to end encryption, the packets cannot be read. Because, they are encrypted. What am I missing in theory?
Asked
Active
Viewed 273 times
1
-
It's not "end to end" or anything like that. It's wifi encryption. So on top of that you have normal ethernet which is not encrypted. – Aria Aug 31 '16 at 18:42
-
So do you mean WPA2 provides encryption in just user authentication, not in data, don't you? – Hasan Aug 31 '16 at 18:56
-
Hold on. Because I am inside the WLAN as a member, that is, because I have a key, I can decrypt the packets of victim while I m doing arp spoofing. Is the answer this? – Hasan Aug 31 '16 at 18:58
-
http://aruba.i.lithium.com/t5/image/serverpage/image-id/13016i17048611929FE2D2/image-size/original?v=v2&px=-1 - wifi encryption is datalink layer while arp is network layer. – Aria Aug 31 '16 at 19:11
-
You can't decrypt other packets on datalink layer. You can intercept them on network layer via arp spoofing. – Aria Aug 31 '16 at 19:13
1 Answers
1
This is very similar to another question on SE.
The simple answer is that ARP packets aren't encrypted. If they were, ARP wouldn't work in the first place.
Quoting myself from that similar question linked above:
Simply put, ARP poisoning works because ARP works. The only thing that changes is that the value of the responses sent by the attacking machine are faked. ARP replies are implicitly trusted, and because they expire, they need to be refreshed periodically. Attackers leverage this implicit trust to send fake responses. If the details of the 4WHS were needed for ARP, no one (real or attacker) would be able to communicate ARP replies.
HashHazard
- 5,105
- 1
- 17
- 29