WiFuzz: Detecting and Exploiting Logical Flaws in the Wi-Fi Cryptographic Handshake
This repository contains proof-of-concepts of selected attacks mentioned in my Black Hat 2017 talk.
Table of Content
- OpenBSD: Client Man-in-the-Middle (view demo)
- OpenBSD: Access Point Denial-of-Service (view demo)
- Windows 7: Targeted DoS against hotspot (view demo)
- Windows 10: Insider DoS against hotspot
- Broadcom, Windows 10, Aerohive: Impossible TKIP Countermeasures Insider DoS
Acknowledgements
This work is based on the paper "Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based Testing" which was co-authored with Domien Schepers and Frank Piessens.