![]() So, for WPA2 networks, FaceNiff is most likely exploiting "Hole 196". An attacker would have to know the security password, however. The app works even on networks protected by WPA and WPA2 encryption schemes by using a technique known as ARP spoofing to redirect local traffic through the attacker's device. The packets are now effectively cleartext to Eve.Īccording to an article at The Register, it would seem that ARP poisoning is indeed involved. ![]() ![]() AP decrypts the packets, re-encrypts them with Eve's PTK (since they're addressed to her), and re-broadcasts them. ![]() (Packets must still go to the AP because it is the "hub".) Clients send packets encrypted with their private keys (PTKs) to the AP, but addressed to Eve.Clients register Eve's MAC address as their new gateway.Eve uses the Group Temporal Key (GTK) to inject ARP packets into the network, with the network's gateway IP paired to her MAC address.TL DR: FaceNiff probably exploits WPA's "Hole 192" and uses ARP poisoning to set up a Man-in-the-Middle attack.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |