Automa utomation tion of of Mit MitM M Attac Attack k on on - - PowerPoint PPT Presentation

Author: Martin Vondráček Supervisor:

• Ing. Jan Pluskal

Foreign supervisor: Dr Johann A. Briffa

Automa utomation tion of

• f Mit

MitM M Attac Attack k on

• n WiFi

iFi Netw Networ

• rks

ks

Brno University of Technology University of Malta

) ) ) ) ) ) ) ) )

wifimitm

Available Tools for Specific Phases

• f the MitM Attack on Wireless Networks
• Accessing wireless network
• airmon-ng, airodump-ng, aircrack-ng,

aireplay-ng, wifite, upc_keys, wifiphisher, Reaver Open Source, wpaclean, netctl

• Tampering network topology
• Framework for Man-In-The-Middle attacks,

Scapy, dsniff, arpspoof, Yersinia

• Capturing network traffic
• Dumpcap

2017-04-22 Automation of MitM Attack on WiFi Networks 2/13

Wi-Fi Machine-in-the-Middle

• Python package wifimitm
• Attack data for repetitive attacks
• Captured traffic

2017-04-22 Automation of MitM Attack on WiFi Networks 3/13

Wi-Fi Machine-in-the-Middle

• Python package wifimitm
• Attack data for repetitive attacks
• Captured traffic
• CLI tool wifimitmcli

2017-04-22 Automation of MitM Attack on WiFi Networks 3/13

Wi-Fi Machine-in-the-Middle

• Python package wifimitm
• Attack data for repetitive attacks
• Captured traffic
• CLI tool wifimitmcli
• Installation scripts
• Requirements check
• Python package setup
• Documentation, man page

2017-04-22 Automation of MitM Attack on WiFi Networks 3/13

Accessing wireless network

2017-04-22 Automation of MitM Attack on WiFi Networks 4/13

STA wifimitm Internet AP Scan Crack Connect Impersonate (phishing)

Accessing wireless network

2017-04-22 Automation of MitM Attack on WiFi Networks 4/13

Scan Crack Connect Impersonate (phishing) STA wifimitm Internet AP

Tampering network topology

2017-04-22 Automation of MitM Attack on WiFi Networks 5/13

STA wifimitm Internet AP

Tampering network topology stop

STA wifimitm Internet AP

Tampering network topology

2017-04-22 Automation of MitM Attack on WiFi Networks 5/13

Tampering network topology stop

Capturing network traffic

2017-04-22 Automation of MitM Attack on WiFi Networks 6/13

Capturing network traffic stop

STA wifimitm Internet AP

Capturing network traffic

2017-04-22 6/13

STA wifimitm Internet AP

Capturing network traffic stop

Automation of MitM Attack on WiFi Networks

Performance testing

• 1 STA and 1 AP connected to the Internet
• The performance impact is not critical.
• Users of the network had no suspicion.
• 8 STAs and 1 AP connected to the Internet
• The performance impact is more severe.
• Despite the performance impact, users had no

suspicion.

2017-04-22 7/13 Automation of MitM Attack on WiFi Networks

AP R1 STA 1 wifimitm Internet

1 ms 10 ms 100 ms 1000 ms 10000 ms 200 400

RTT STA1–R1

usual communication MitM

STA 1 Internet R1 STA 2 STA 3 STA 4 STA 5 STA 6 STA 7 STA 8 AP wifimitm

1 ms 10 ms 100 ms 1000 ms 10000 ms 200 400

RTT STA1–R1

usual communication MitM

Penetration tester Automate WLAN test .

Utilization

2017-04-22 Automation of MitM Attack on WiFi Networks 12/13

Penetration tester Automate WLAN test Demonstrate danger of MitM .

Utilization

2017-04-22 Automation of MitM Attack on WiFi Networks 12/13

Utilization

2017-04-22 Automation of MitM Attack on WiFi Networks 12/13

Penetration tester Automate WLAN test Demonstrate danger of MitM Developer Develop using wifimitm .

Penetration tester Automate WLAN test Demonstrate danger of MitM Developer Forensic researcher Develop using wifimitm Capture traffic .

Utilization

2017-04-22 Automation of MitM Attack on WiFi Networks 12/13

Conc Conclusion lusion

2017-04-22 Automation of MitM Attack on WiFi Networks 13/13

• Research published as bachelor’s thesis and software product

in NES@FIT research group in May 2016.

• Author received dean’s award and rector’s award in 2016.
• Wi-Fi Machine-in-the-Middle (open-source)
• Penetration testing, forensic investigation