Product Details
Automatizace útoku MitM na WiFi sítích
Created: 2016
Pluskal Jan, Ing., Ph.D. (DIFS FIT BUT)
Ryšavý Ondřej, doc. Ing., Ph.D. (DIFS FIT BUT)
Matoušek Petr, doc. Ing., Ph.D., M.A. (DIFS FIT BUT)
Wi-Fi Machine-in-the-Middle, wifimitm, wifimitmcli, MitM, wifiphisher, upc_keys, Aircrack-ng suite, Automated Man-In-The-Middle attack, MITMf
Security mechanisms of wireless technologies often suffer weaknesses that can be exploited to perform Man-in-the-Middle attacks, allowing to eavesdrop or to spoof network communication. This project focuses on possibilities of automation of these types of attacks using already available tools for specific tasks. Outputs of this research are the wifimitm Python package and the wifimitmcli CLI tool, both implemented in Python. The package provides functionality for automation of MitM attacks and can be used by other software. The wifimitmcli tool is an example of such software that can automatically perform multiple MitM attack scenarios without any intervention from an investigator.
The described software is available online as an open source GitHub repository under MIT license. The repository has been awarded by GitHub Star from 12 users so far. There were 2 unique cloners of the repository in last two weeks despite that the authors do not actively develop this project at the moment. Project's website recorded 56 users from 20 countries.
This research is intended to be used for automated penetration testing and to ease forensic investigation. Finally, a popularization of the fact that such severe attacks can be successfully automated should be used to raise the public awareness about the information security. The research was published as a bachelor's thesis and the main author later received dean's award and rector's award. A paper presenting the progress of this research was accepted by Excel@FIT student conference. The submitted paper received the award of an expert panel, the award of NXP Semiconductors company and the award of a professional public. The results of this research were also accepted as a paper for the 9th EAI International Conference on Digital Forensics & Cyber Crime.
Bachelor's thesis contains information about 16 experiments. The Excel@FIT paper presents experiments concerning attack's performance impact. The ICDF2C paper describes experiments concerning various network configurations and devices with 125 results. The last paper also shows 7 results of controlled public experiments carried out at the BUT, FIT.
BUT OPEN SOURCE LICENCE
Version 1.
Copyright (c) 2017, Brno University of Technology, Antonínská 548/1, 601 90, Czech Republic
---------------------------------------------------------------------------------------------------------------------------------------------------
IF YOU DO NOT POSESS A VALID LICENCE, YOU ARE NOT AUTHORISED TO INSTAL, COPY OR OTHERWISE USE THE SOTWARE.
Definitions:
Anyone who uses Software becomes User. User shall abide by this licence agreement.
BRNO UNIVERSITY OF TECHNOLOGY GRANTS TO USER A LICENCE TO USE SOFTWARE ON THE FOLLOWING TERMS AND CONDITIONS:
User may use Software for any purpose, commercial or non-commercial, without a need to pay any licence fee.
User shall accompany copies of Software or work based on software in object or executable form with:
User is not responsible for enforcing terms of this agreement by third parties.
Final provisions:
The IT4Innovations Centre of Excellence (ED1.1.00/02.0070)