Awesome
awesome-wifi-security
A collection of (not-so, yet) awesome resources related to 802.11 security, tools and other things
Table of Contents
TKIP Security
Practical attacks against WEP and WPA (2008)
An Improved Attack on TKIP (2009)
Cryptanalysis of IEEE 802.11i TKIP
Enhanced TKIP Michael Attacks (2010)
Plaintext Recovery Attacks Against WPA/TKIP (2013)
Practical verification of WPA-TKIP vulnerabilities (2013)
On the security of RC4 in TLS (USENIX, 2013)
All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS (USENIX, 2015)
A Security Analysis of the WPA-TKIP and TLS Security Protocols (PhD Thesis, 2016)
Predicting and Abusing WPA2/802.11 Group Keys (2016)
WiFi Protected Setup (WPS)
Papers
Brute forcing Wi-Fi Protected Setup (2011)
An Investigation into the Wi-Fi Protected Setup PIN of the Linksys WRT160N v2 (2012)
Offline bruteforce attack on wifi protected setup (Pixie dust attack, 2014)
Tools
Pixiewps: An offline WPS bruteforce utility
Reaver-wps-fork-t6x: community edition of Reaver (which includes the Pixie Dust attack)
Bully: new implementation of the WPS brute force attack, written in C.
Online Cracking Services for PSK
-
Crackq: online distributed GPU-accelerated password cracker designed to help penetration testers and network auditors identify weak passwords
WPA3
Dragonblood: A Security Analysis of WPA3’s SAE Handshake (2019)
WPA-Enterprise
Eduroam
MITM Attack Model against eduroam (2013)
A Practical Investigation of Identity Theft Vulnerabilities in Eduroam (2015)
Server Certificate Practices in Eduroam (2015): Best practice document
Evil Twin Vulnerabilities in Wi-Fi Networks (Bachelor Thesis, 2016)
Authentication protocols that DO support hashed passwords (FreeRADIUS mailing list)
EAP-PWD: Extensible Authentication Protocol (EAP) Authentication Using Only a Password
Attacks
KARMA
Attacking automatic Wireless network selection (2005)
Why do Wi-Fi Clientes disclose their PNL for Free Still Today? (2015)
Instant KARMA might still gets you (2015)
Evil Twin
Evil Twin vulnerabilities in Wi-Fi networks (Master Thesis, 2016)
Wireless Routers
Scrutinizing WPA2 Password Generating Algorithms in Wireless Routers (WOOT, 2015) Keyspace List for WPA on Default Routers
Rogue AP
Documentation
Manna from heaven: Improving the state of rogue AP attacks (2015):
Tools
hostapd-mana: hostapd with the attacks described in Defcon 22, and with the ability to rogue EAP access points.
Privacy
Tracking
Tracking unmodified smartphones using Wi-Fi monitors (2012)
Show me your SSIDs; I will show who you are (2012)
Signals from the Crowd: Uncovering Social Relationships through Smartphone Probe (2013, SIGCOM)
I know who you will meet this evening! Linking wireless devices using Wi-Fi probe requests (2012)
Is Your Android Device Telling the World Where You've Been? (2014)
How talkative is your mobile device?: an experimental study of Wi-Fi probe requests (2015)
MAC Adress Randomization
A Study of MAC Address Randomization in Mobile Devices and When it Fails (2017)