Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2024-11-25 00:38:24 -05:00
Code Issues Projects Releases Wiki Activity

fragattack: minor tweaks to README and tool output

Browse Source
This commit is contained in:
Mathy Vanhoef 2020-11-12 11:49:03 +04:00
parent 25066d096d
commit d10941c8bc
3 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
research/README.md
View File

@ -24,20 +24,24 @@ the paper also briefly discusses the applicability of the attacks against WEP.
- Tool will automatically quit after a test completed or timed out.
- Tool detects if the 4-way handshake is looping or if there is not replly to a rekey request (`--rekey-req`).
- Tool detects if the 4-way handshake is looping or if there is no reply to a rekey request (`--rekey-req`).
- When using an external DHCP server, the tool will now send rekey EAPOL frames with as destination address
the AP (instead of the DHCP server).
- When using an external DHCP server, the tool will now always send EAPOL frames with as destination address
the AP (instead of the DHCP server). This is important in mixed key and cache attack tests when using an
external DHCP server.
- When acting as a client, the tool will send EAPOL Rekey Request with a Replay Counter of one instead of zero.
- When testing an AP using `--rekey-req` the tool will now send EAPOL Rekey Request with a Replay Counter of
one instead of zero.
- Debug output now shows the correct (group) key when encrypting broadcast/multicast frames. This does not
influence any test results, it only changes the output of the test tool.
- Clarified that all commands can test both clients and APs unless noted otherwise.
- Clarified that all commands in this README can test both clients and APs unless noted otherwise.
- Clarified the description of cache attacks, Broadcast fragment, and A-MSDU EAPOL attack tests in this README.
- Clarified that it's important to test both the 2.4 and 5 GHz band in this README.
**Version 1.1 (20 October 2020)**:
- Fixed a bug where the command `ping I,E,D` would send a normal encrypted ping request. It now sends an
@ -592,7 +596,8 @@ these alternative mixed key attack tests. Some remarks:
driver. These routers perform the rekey handshake in plaintext, and the client can actively request a rekey handshake.
- `ping I,E,F,AE --rekey-early-install`: A low number of clients (incorrectly) install the key too early during
a pairwise session rekey. To reliably test these clients, add the `--rekey-early-install` parameter.
a pairwise session rekey. To reliably test these clients, add the `--rekey-early-install` parameter. This test
is not meaningfull against APs.
Finally, in case the test `ping-frag-sep` doesn't succeed, you should try the following mixed key attack test:

4
research/fragattack.py
View File

@ -165,7 +165,7 @@ def args2msdu(args):
return None
if __name__ == "__main__":
parser = argparse.ArgumentParser(description=f"Test for fragmentation vulnerabilities (v{FRAGVERSION} - {FRAGDATE}).")
parser = argparse.ArgumentParser(description=f"Test for fragmentation vulnerabilities (version {FRAGVERSION}).")
parser.add_argument('iface', help="Interface to use for the tests.")
parser.add_argument('testname', help="Name or identifier of the test to run.")
parser.add_argument('actions', nargs='?', help="Optional textual descriptions of actions")
@ -240,7 +240,7 @@ if __name__ == "__main__":
change_log_level(-options.debug)
# Now start the tests --- TODO: Inject Deauths before connecting with client...
log(STATUS, f"This is fragattack version {FRAGVERSION} - {FRAGDATE}.")
log(STATUS, f"This is fragattack version {FRAGVERSION}.")
if options.ap:
daemon = Authenticator(options)
else:

3
research/fraginternals.py
View File

@ -12,7 +12,6 @@ from scapy.contrib.wpa_eapol import WPA_key
from scapy.arch.common import get_if_raw_hwaddr
FRAGVERSION = "1.2"
FRAGDATE = "27 October 2020"
# ----------------------------------- Utility Commands -----------------------------------
@ -631,7 +630,7 @@ class Station():
if not self.test.requires_manual_check():
log(ERROR, ">>> Test timed out! Retry to be sure, or manually check result.")
else:
log(STATUS, "Closing down. Remember to manually check whether test succeeded or not.")
log(STATUS, "Closing down. Remember to manually check whether the test succeeded or not.")
self.stop_test()
# ----------------------------------- Client and AP Daemons -----------------------------------