802.11 Attacks
Project Objectives
In this individual project, you will study the 802.11 link-layer protocol and attacks that (mis)use the protocol.
Example Attacks
- Forced De-authentication
- One objective of this attack is to capture WPA/WPA2 handshakes by forcing clients to re-authenticate
- https://www.aircrack-ng.org/doku.php?id=deauthentication
- https://null-byte.wonderhowto.com/how-to/hack-wi-fi-cracking-wpa2-psk-passwords-using-aircrack-ng-0148366/
- RTS/CTS Control Frame Attack
- Send unsolicited Clear To Send (CTS) messages. All other clients will back off, assuming that the original RTS message was sent by a node that happens to outside of their range, but was still within range of the access point.
- http://freakquency.hubbert.org/2010/12/rtscts-and-you.html
- http://matej.sustr.sk/publ/articles/cts-dos/cts-dos.en.html
- Evil Twin Attack
- A second access point with the same SSID as the good access point - Probably too complicated for weeks remaining in semester...
- https://null-byte.wonderhowto.com/how-to/hack-wi-fi-creating-evil-twin-wireless-access-point-eavesdrop-data-0147919/
- Wi-Fi Pineapple Router - https://www.wifipineapple.com/
- And other attacks - Email links to add to this list!
- A somewhat dated, but still valuable, list is here: https://www.aircrack-ng.org/doku.php?id=links
Requirements - Pick an Attack
Pick an existing 802.11 attack that is well known, described in the literature, has runnable proof of concept code, and involves the attacker transmitting (injecting) some frames. (A passive listening-only attack is not sufficient). Carefully study what the attack allows a malicious user to do, and how it works at the protocol level.
Deliverables:
- Chapter 1: Introduction - This 1-2 page section provides a high-level overview of the attack.
Requirements - Run an Attack
Run your selected attack using existing code (developed by someone else).
Deliverables:
- Wireshark .pcapng file capturing the attack in action. Filter out irrelevant packets from your original capture (e.g. hosts that were not attackers or victims)
- Chapter 2: Attack Details - This 4-5 page section (w/Wireshark screenshots or other figures) describes how the attack works at the link layer
- Chapter 3: Existing Attack - This 1-2 page section provides instructions on running the existing attack code and a description of what network configuration is necessary to demonstrate the attack.
Requirements - Implement an Attack
Implement the attack in your favorite programming language!
Deliverables:
- Attack code
- Chapter 4: Custom Attack - This 1 page section provides instructions on running your custom attack program.
Requirements - Implement an Attack Detector
Carefully consider what your attack looks like to a third party observer on the network. Implement a detector for the attack in your favorite programming language. You do not have to write a plugin for an Intrusion Detection System, but that is the idea of this section.
Deliverables:
- Detector code
- Chapter 4: Custom Attack Detector - This 1 page section provides instructions on running your custom attack detector program.
Requirements - Demonstration
In-class demonstration.
Grading
This is an individual project. The grading breakdown is:
- Attack overview and selection - 10%
- Attack execution with existing code - 10%
- Custom attack implementation - 50%
- Custom attack detector implementation - 30%
Grading of these items is partially accomplished through the in-class demonstration.
Submission
Submit all files to the Canvas CMS site.