1$FreeBSD: head/tools/tools/net80211/wesside/README 161030 2006-08-07 00:05:04Z sam $
| 1$FreeBSD: head/tools/tools/net80211/wesside/README 161047 2006-08-07 17:08:05Z keramida $
|
2
3This is an implementation of the frag attack described in:
4http://tapir.cs.ucl.ac.uk/bittau-wep.pdf
5It will only work with Atheros. It could be made to work with other cards, but
6it is more difficult.
7
8wesside's features:
9===================
10* Channel hops, finds a WEP wifi, finds a MAC to spoof if necessary and
11 associates.
12* Waits for a packet. Uses fragmentation to recover some keystream.
13* Discovers the network's IP using the linear keystream expansion technique in
14 order to decrypt an ARP packet.
15* Generates traffic on the network for weak IV attack:
16 - Either by flooding with ARP requests.
17 - Or, by contacting someone on the Internet [udps] and telling it to flood.
18* Uses aircrack periodically to attempt to crack the WEP key. The supplied
19 aircrack is modified to work with wesside.
| 2
3This is an implementation of the frag attack described in:
4http://tapir.cs.ucl.ac.uk/bittau-wep.pdf
5It will only work with Atheros. It could be made to work with other cards, but
6it is more difficult.
7
8wesside's features:
9===================
10* Channel hops, finds a WEP wifi, finds a MAC to spoof if necessary and
11 associates.
12* Waits for a packet. Uses fragmentation to recover some keystream.
13* Discovers the network's IP using the linear keystream expansion technique in
14 order to decrypt an ARP packet.
15* Generates traffic on the network for weak IV attack:
16 - Either by flooding with ARP requests.
17 - Or, by contacting someone on the Internet [udps] and telling it to flood.
18* Uses aircrack periodically to attempt to crack the WEP key. The supplied
19 aircrack is modified to work with wesside.
|
20* Binds to a tap interface to allow TX. RX works if a dictionary is being buil
21t
22 [dics] and a packt with a known IV traverses the network.
| 20* Binds to a tap interface to allow TX. RX works if a dictionary is being built
21 [dics] and a packet with a known IV traverses the network.
|
23
24Examples:
25=========
26For the skiddies:
27./wesside
28
29To cause the Internet to flood:
30[Internet box]~$ ./udps 500
31./wesside -s ip_of_internet_box
32
33To build a dictionary:
| 22
23Examples:
24=========
25For the skiddies:
26./wesside
27
28To cause the Internet to flood:
29[Internet box]~$ ./udps 500
30./wesside -s ip_of_internet_box
31
32To build a dictionary:
|
34[Internet box]~# ./dicts source_ip_of_box 100
| 33[Internet box]~# ./dics source_ip_of_box 100
|
35./wesside -s ip_of_internet_box
36Use tap3 as if it were the wifi.
| 34./wesside -s ip_of_internet_box
35Use tap3 as if it were the wifi.
|