Jump to content

How to MitM a router to capture WPA2


Recommended Posts

Hey all,

The Tetra allows us to do so many great things. We can spoof the SSID and make a Client think they are connecting to a "known" AP. The Client has the WPA2 password stored to automatically connect to its "known" AP.

Why can't we spoof the SSID (and MAC if necessary) but also prompt for a passkey (WEP/WPA/WPA2 depending on the legitimate AP) and sniff the passkey that the Client sends?

I have a feeling the issue has to do with hashing done at each sides of the 4-way handshake. It just seems like we should be able to MitM some of this.

 

Appreciate anyones input and teaching my like i'm 5

 

If the answer is something like "we do see all the hashes, which is why you then have to brute force/dictionary them to turn to clear text", then why are we unable to "pass the hash" with Wifi.

Link to post
Share on other sites

Thats not how wifi ascociation works. Google "wifi 4-way handshake" and research that. You will find that what you are asking for is not possible, for the exact same reason you are asking about it... it would not be secure.

further if a device is connected to a known AP for example  called "HunneyBunny" and is set to use WPA2, it will not connect to an AP broadcasting "HunneyBunny" wich is set as OPN. It will fail after the first negotiation.

Link to post
Share on other sites
  • 7 months later...
On 24/05/2016 at 9:12 PM, Smarty said:

Thats not how wifi ascociation works. Google "wifi 4-way handshake" and research that. You will find that what you are asking for is not possible, for the exact same reason you are asking about it... it would not be secure.

further if a device is connected to a known AP for example  called "HunneyBunny" and is set to use WPA2, it will not connect to an AP broadcasting "HunneyBunny" wich is set as OPN. It will fail after the first negotiation.

Hi Smarty. Sorry, super newb question here but given what you just said...how does any device connect to our rogue generated APs? Does this mean the pineapple is good only for OPN networks? Thanks. 

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...