0

Is there a working open-source implementation of a WiFi channel-based man-in-the-middle attack out there?

I have been looking for it for a while and what I found so far was this python package which is in python2 and I don't think it works. I tried contacting the author but he probably stopped maintaining it.

Then I thought I could try it by myself. I chose python3-scapy as a tool to help me do it. And (just today) I was partially successful in creating two channels on my laptop using two WiFi network adapters where I can accept packets on one channel and forward them on the other channel. But there is still a long way to go.

P.S. My aim is to reproduce the KRACK attack on WPA2.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Aven Desta
  • 101
  • 3
  • 1
    "channel" has a few different meanings - I edited to provide clarity – schroeder Mar 12 '20 at 11:47
  • *My aim is to reproduce the KRACK attack on WPA2.* - Sorry, the ship has sailed on that one. On wireless networks I manage, well over 99% of clients connecting are versions of code that either never were vulnerable or were patched already. KRACK is a non-issue in the wild...you can see [my two and a half year old answer](https://security.stackexchange.com/a/171755/24467) for more detail on why this has pretty much always been the case. There are far too many other MitM attacks that have a much higher chance of success to make developing one for KRACK useful. – YLearn Mar 12 '20 at 23:03
  • @YLearn thank you that helped. But my aim is not to attack anyone or similar. I just wanted to implement it just to see what its like and to learn more about WiFi attacks. And of course I will try it on a deliberately vulnerable device So if it was a 10 years old attack I would still want to implement it. but find it unbelievable that there are no scripts written for the attack, it has been 2 years after all. – Aven Desta Mar 13 '20 at 04:28
  • 1
    @Babydesta, the reason there are no scripts for it is because as I point out in my other answer KRACK is only an academic footnote. There was never a wide enough attack vector to make it useful in the wild in any way and as such was never implemented by anyone in the black hat world. It is also not a serious security vulnerability that needs to be tested for by those in the white hat world. While it was an interesting discovery, there really is no reason to pursue it for any practical purpose. If you are learning about WiFi attacks, move on to something else as KRACK was never an attack. – YLearn Mar 13 '20 at 19:13

0 Answers0