WPAxFuzz: Sniffing out vulnerabilities in Wi-FI implementations
This work contributes the first to our knowledge full-featured, standalone, and extensible Wi-Fi fuzzer. The tool, made publicly available as open source, covers the messages of the Simultaneous Authentication of Equals (SAE) authentication and key exchange method as well as several other 802.11 management frames, including Beacon, Probe, Association, and others. The tool can be used to detect vulnerabilities potentially existing in wireless Access Points (AP) under the newest Wi-Fi Protected Access 3 (WPA3) certification, but some of its functionalities can also exploited against WPA2-compatible APs. Moreover, the fuzzer incorporates: (a) a dual-mode network Monitoring module that tracks in real-time the behavior of the connected to the AP stations and logs possible service or connection disruptions, and (b) an attack tool used to verify any glitch found, and automatically craft the corresponding exploit. We present preliminary results after testing the fuzzer against APs by more than a handful of well-known vendors. Adhering to a coordinated disclosure process, we are currently in the stage of reporting the discovered issues to the affected vendors.
KAMPOURAKIS Vyron;
CHATZOGLOU Efstratios;
KAMPOURAKIS Georgios;
DOLMES Apostolos;
ZAROLIAGIS Christos;
2022-10-21
MDPI AG
JRC130151
2410-387X (online),
https://www.mdpi.com/2410-387X/6/4/53,
https://publications.jrc.ec.europa.eu/repository/handle/JRC130151,
10.3390/cryptography6040053 (online),
Additional supporting files
| File name | Description | File type | |
|---|
