Wifi_Warfare Posted May 23, 2016 Share Posted May 23, 2016 Hey all, The Tetra allows us to do so many great things. We can spoof the SSID and make a Client think they are connecting to a "known" AP. The Client has the WPA2 password stored to automatically connect to its "known" AP. Why can't we spoof the SSID (and MAC if necessary) but also prompt for a passkey (WEP/WPA/WPA2 depending on the legitimate AP) and sniff the passkey that the Client sends? I have a feeling the issue has to do with hashing done at each sides of the 4-way handshake. It just seems like we should be able to MitM some of this. Appreciate anyones input and teaching my like i'm 5 If the answer is something like "we do see all the hashes, which is why you then have to brute force/dictionary them to turn to clear text", then why are we unable to "pass the hash" with Wifi. Quote Link to comment Share on other sites More sharing options...
Smarty Posted May 24, 2016 Share Posted May 24, 2016 Thats not how wifi ascociation works. Google "wifi 4-way handshake" and research that. You will find that what you are asking for is not possible, for the exact same reason you are asking about it... it would not be secure. further if a device is connected to a known AP for example called "HunneyBunny" and is set to use WPA2, it will not connect to an AP broadcasting "HunneyBunny" wich is set as OPN. It will fail after the first negotiation. Quote Link to comment Share on other sites More sharing options...
Wifi_Warfare Posted May 24, 2016 Author Share Posted May 24, 2016 Thanks for the reply! Quote Link to comment Share on other sites More sharing options...
MrBlack911 Posted January 9, 2017 Share Posted January 9, 2017 On 24/05/2016 at 9:12 PM, Smarty said: Thats not how wifi ascociation works. Google "wifi 4-way handshake" and research that. You will find that what you are asking for is not possible, for the exact same reason you are asking about it... it would not be secure. further if a device is connected to a known AP for example called "HunneyBunny" and is set to use WPA2, it will not connect to an AP broadcasting "HunneyBunny" wich is set as OPN. It will fail after the first negotiation. Hi Smarty. Sorry, super newb question here but given what you just said...how does any device connect to our rogue generated APs? Does this mean the pineapple is good only for OPN networks? Thanks. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.