-
Notifications
You must be signed in to change notification settings - Fork 313
XVII. ESSID Stripping Attacks
ESSID Stripping is a technique that involves adding a non-printable UTF8 character to the access point's ESSID to avoid new security settings on Wi-Fi clients, such as Microsoft. This security configuration stores the information of the old connections and notifies if there are any changes, blocking the automatic connections and not allowing access to the network. In addition, the user's credentials could be obtained in case the computer uses client certificate or computer credentials in the domain, because for Windows is a new network.
With this attack, the AP name is the same for the client, but Windows detects the full name as a new one, as it sees the non-printable characters. Then, the client asks for the username, password, etc. when logging in. Like a new network.
The options are:
- '\r' for a new line.
- '\t' for a tab.
- '\n' for a enter, like '\r'.
- '\x20' for a space, like adding a white space after the SSID option using quotes.
An example using the --essid-stripping '\r' parameter is shown below. In this case we use '\r' because is not showed by Android and it may go unnoticed as a new line in Windows, Linux and iOS.
python3 ./eaphammer -i wlan0 --auth wpa-eap --essid wifi-AP --creds --negotiate balanced --essid-stripping '\r'-
- XIV.1 - Interactive Mode
-
XIV.2 - Creating Certificates
--cert-wizard create -
XIV.3 - Importing Certificates and Keys
--cert-wizard import - XIV.4 - Listing Previously Imported or Created Certificates
--cert-wizard list - XIV.5 - Regenerating Diffie Hellman (DH) Parameters
--cert-wizard dh - XIV.6 - Overriding EAPHammer's Static Configuration