WiFuzz: Detecting and Exploiting Logical Flaws in the Wi-Fi Cryptographic Handshake
This repository contains proof-of-concepts of selected attacks mentioned in my Black Hat 2017 talk. The talk was based on the paper Discovering logical vulnerabilities in the Wi-Fi handshake using model-based testing. The testing framework explained during the talk, and in the paper, is also public.
Table of Content
- OpenBSD: Client Man-in-the-Middle (view demo)
- OpenBSD: Access Point Denial-of-Service (view demo)
- Windows 7: Targeted DoS against hotspot (view demo)
- Windows 10: Insider DoS against hotspot
- Broadcom, Windows 10, Aerohive: Impossible TKIP Countermeasures Insider DoS
This work is based on the paper "Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based Testing" which was co-authored with Domien Schepers and Frank Piessens.