•  
  •  
 

Abstract

Currently used wireless communication technologies suffer security weaknesses that can be exploited allowing to eavesdrop or to spoof network communication. In this paper, we present a practical tool that can automate the attack on wireless security. The developed package called wifimitm provides functionality for the automation of MitM attacks in the wireless environment. The package combines several existing tools and attack strategies to bypass the wireless security mechanisms, such as WEP, WPA, and WPS. The presented tool can be integrated into a solution for automated penetration testing. Also, a popularization of the fact that such attacks can be easily automated should raise public awareness about the state of wireless security.

References

Callegati, F., Cerroni, W., & Ramilli, M. (2009, Jan). Man-in-the-middle attack to the HTTPS protocol. Security Privacy, IEEE, 78–81. doi: 10.1109/MSP.2009.12

Cisco Systems, Inc. (2013). Catalyst 6500 release 12.2sx software configuration guide. Retrieved on January 29, 2018, from http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book.html

Deal, R., & Cisco Systems, I. (2006). The complete cisco vpn configuration guide. Cisco Press. Retrieved on January 30, 2018, from https://books.google.cz/books?id=ms-8AAAACAAJ

Droms, R. (1997, March). Dynamic Host Configuration Protocol (RFC No. 2131). Internet Engineering Task Force. RFC 2131 (DRAFT STANDARD). Retrieved on January 30, 2018, from http://www.ietf.org/rfc/rfc2131.txt

Fluhrer, S., Mantin, I., & Shamir, A. (2001). Weaknesses in the key scheduling algorithm of RC4. In S. Vaudenay & A. Youssef (Eds.), Selected areas in cryptography (pp. 124). Springer Berlin Heidelberg. Retrieved on January 30, 2018, from http://dx.doi.org/10.1007/3-540-45537-X_1 doi: 10.1007/3-540-45537-X_1

Godber, A., & Dasgupta, P. (2003). Countering rogues in wireless networks. In Proceedings of the international conference on parallel processing workshops (Vol. 2003-January, pp. 425–431). Institute of Electrical and Electronics Engineers Inc. doi: 10.1109/ICPPW.2003.1240398

Halsall, F. (2005). Computer networking and the internet. Addison-Wesley. Retrieved on January 22, 2016, from https://books.google.cz/books?id=QadX5XErZ9IC

Heffner, C. (2011). Cracking WPA in 10 hours or less – /dev/ttys0. Retrieved on April 4, 2016, from http://www.devttys0.com/2011/12/cracking-wpa-in-10-hours-or-less/ IEEE-SA. (2012, March).

IEEE standard for information technology — telecommunications and information exchange between systems local and metropolitan area networks — specific requirements part 11: Wireless LAN medium access control (MAC) and physical layer (PHY) specifications. IEEE Std 802.11-2012 (Revision of IEEE Std 802.11-2007), 1–2793. doi: 10.1109/IEEESTD.2012.6178212

Kent, S., & Seo, K. (2005, December). Security Architecture for the Internet Protocol (RFC No. 4301). Internet Engineering Task Force. RFC 4301 (PROPOSED STANDARD). Retrieved on January 30, 2018, from https://www.ietf.org/rfc/rfc4301.txt

Klinec, D., & Svítok, M. (2016a). UPC UBEE EVW3226 WPA2 password reverse engineering, rev 3. Retrieved on January 30, 2018, from https://deadcode.me/blog/2016/07/01/UPC-UBEE-EVW3226-WPA2-Reversing.html

Klinec, D., & Svítok, M. (2016b). Wardriving Bratislava 10/2016. Retrieved on January 30, 2018, from https://deadcode.me/blog/2016/11/05/Wardriving-Bratislava-10-2016.html

Kumkar, V., Tiwari, A., Tiwari, P., Gupta, A., & Shrawne, S. (2012). Vulnerabilities of wireless security protocols (WEP and WPA2). International Journal of Advanced Research in Computer Engineering & Technology (IJARCET), 1 (2), 34–38. Retrieved on January 30, 2018, from http://ijarcet.org/wp-content/uploads/IJARCET-VOL-1-ISSUE-2-34-38.pdf

Liu, Y., Jin, Z., & Wang, Y. (2010, Sept). Survey on security scheme and attacking methods of WPA/WPA2. In 2010 6th international conference on wireless communications networking and mobile computing (wicom) (pp. 1–4). doi: 10.1109/WICOM.2010.5601275

Plummer, D. (1982, November). Ethernet Address Resolution Protocol: Or Converting Network Protocol Addresses to 48.bit Ethernet Address for Transmission on Ethernet Hardware (RFC No. 826). Internet Engineering Task Force. RFC 826 (INTERNET STANDARD). Retrieved on January 30, 2018, from http://www.ietf.org/rfc/rfc826.txt

Pluskal, J., Matoušek, P., Ryšavý, O., Kmeť, M., Veselý, V., Karpíšek, F., & Vymlátil, M. (2015). Netfox detective: A tool for advanced network forensics analysis. In Proceedings of security and protection of information (spi) 2015 (pp. 147–163). Brno University of Defence. Retrieved on January 30, 2018, from http://www.fit.vutbr.cz/research/view pub.php?id=10863

Prowell, S., Kraus, R., & Borkin, M. (2010). Chapter 6 - man-in-the-middle. In S. Prowell, R. Kraus, & M. Borkin (Eds.), Seven deadliest network attacks (pp. 101–120). Boston: Syngress. Retrieved on January 30, 2018, from http://www.sciencedirect.com/science/article/pii/B9781597495493000067 doi: http://dx.doi.org/10.1016/B978-1-59749-549-3.00006-7

Robyns, P. (2014). Wireless network privacy (Master's thesis, Hasselt University, Hasselt). Retrieved on January 30, 2018, from http://hdl.handle.net/1942/17516

Song, D. (2001, Dec). dsniff. Retrieved on January 27, 2018, from http://www.monkey.org/~dugsong/dsniff/

Tews, E., Weinmann, R.-P., & Pyshkin, A. (2007). Breaking 104 bit WEP in less than 60 seconds. In S. Kim, M. Yung, & H.-W. Lee (Eds.), Information security applications (pp. 188–202). Springer Berlin Heidelberg. Retrieved on January 30, 2018, from http://dx.doi.org/10.1007/978-3-540-77535-5_14 doi: 10.1007/978-3-540-77535-5_14

Thomas, O. (2017). Windows server 2016 inside out. Pearson Education. Retrieved on January 30, 2018, from https://books.google.cz/books?id=rLfDDgAAQBAJ

Vanhoef, M., & Piessens, F. (2017). Key reinstallation attacks: Forcing nonce reuse in WPA2. In Proceedings of the 24th acm conference on computer and communications security (ccs). ACM.

Vondráček, M. (2016). Automation of MitM attack on WiFi networks (Bachelor's thesis, Brno University of Technology, Faculty of Information Technology). Retrieved on January 30, 2018, from http://www.fit.vutbr.cz/study/DP/BP.php?id=18596

Vondráček, M., Pluskal, J., & Ryšavý, O. (2018). Automation of MitM attack on Wi-Fi networks. In P. Matoušek & M. Schmiedecker (Eds.), Digital forensics and cyber crime (pp. 207–220). Cham: Springer International Publishing.

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.