New tool for "evil twins" wireless attacks

["noreply" <noreply () ptsecurity ru>]

Wep0ff is new tool to crack WEP-key without access to AP by mount fake 
access point attack against WEP-based wireless clients.
http://www.ptsecurity.ru/download/wepoff.tar.gz
It uses combination of fragmentation and evil twin attacks to generate 
traffic which can be used for KoreK-style WEP-key recovery.

> From readme:
This tool can be used to mount fake access point attack against WEP-based 
wireless clients.
Using Atheros wireless cards in Linux.
For details check http://www.securitylab.ru/analytics/287596.php (Russian)
Written by Sergey Gordeychik <gordey (at) ptsecurity (dot) com>
Released under a BSD Licence

This code tested patched madwifi-old drivers with athraw support, but also 
works with madwifi-ng. With madwifi-ng you need to create two virtual
interfaces: one in master mode (for fake AP) and second in monitor mode (to 
listen on).

How to Use:
1. Setup fake AP with KARMA tools or iwconfig
iwpriv ath0 mode 2
iwconfig ath0 mode master essid foo enc 1122334455 channel 7
echo 1 > /proc/sys/dev/ath0/rawdev
echo 1 > /proc/sys/dev/ath0/rawdev_type
ifconfig ath0
up ifconfig ath0raw up
2. Start this program (./wep0ff ath0raw 00:01:02:03:04:05)
3. Wait until client connect to fake access point
4. Launch airodump-ng to collect packets
5. Launch aircrack-ng to recover WEP key 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/