Wifi_Warfare Posted May 23, 2016 Share Posted May 23, 2016 Hey all, The Tetra allows us to do so many great things. We can spoof the SSID and make a Client think they are connecting to a "known" AP. The Client has the WPA2 password stored to automatically connect to its "known" AP. Why can't we spoof the SSID (and MAC if necessary) but also prompt for a passkey (WEP/WPA/WPA2 depending on the legitimate AP) and sniff the passkey that the Client sends? I have a feeling the issue has to do with hashing done at each sides of the 4-way handshake. It just seems like we should be able to MitM some of this. Appreciate anyones input and teaching my like i'm 5 If the answer is something like "we do see all the hashes, which is why you then have to brute force/dictionary them to turn to clear text", then why are we unable to "pass the hash" with Wifi. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.