korek_chopchop
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
korek_chopchop [2007/05/24 23:57] – added alternate attack methods darkaudax | korek_chopchop [2007/12/20 17:59] – add unauthenticated chopchop example darkaudax | ||
---|---|---|---|
Line 19: | Line 19: | ||
Although it is not shown, you may use any of the other [[aireplay-ng]] filters. | Although it is not shown, you may use any of the other [[aireplay-ng]] filters. | ||
+ | |||
+ | If the " | ||
===== Usage Examples ===== | ===== Usage Examples ===== | ||
+ | |||
==== Example with sample output ==== | ==== Example with sample output ==== | ||
+ | |||
+ | This is an example an authenticated chopchop attack. | ||
| | ||
Line 118: | Line 123: | ||
| | ||
- | Success! | + | Success! |
+ | |||
+ | |||
+ | ==== Chopchop Without Authentication ==== | ||
+ | |||
+ | This is an example of chopchop attack without authentication. | ||
+ | |||
+ | This only works with a very limited number Access Points (AP). For APs which are vulnerable, they will only send a deauthentication packet if the source packet was valid. | ||
+ | |||
+ | | ||
+ | |||
+ | Where: | ||
+ | *-4 means the chopchop attack | ||
+ | * -b 00: | ||
+ | *ath0 is the wireless interface name | ||
==== Generating an ARP packet ==== | ==== Generating an ARP packet ==== | ||
Line 154: | Line 174: | ||
* You were looking to decrypt a packet to/from a specific client and you would wait for a packet to/from that client MAC address. | * You were looking to decrypt a packet to/from a specific client and you would wait for a packet to/from that client MAC address. | ||
* You may want to purposely pick a short packet. | * You may want to purposely pick a short packet. | ||
+ | |||
Line 161: | Line 182: | ||
Also see the general aireplay-ng troubleshooting ideas: [[aireplay-ng# | Also see the general aireplay-ng troubleshooting ideas: [[aireplay-ng# | ||
- | Although not a direct troubleshooting tip for the chopchop attack, if you are unable to get the attack to work, there are some alternate attacks you should consider: | + | Although not a direct troubleshooting tip for the chopchop attack, if you are unable to get the attack to work, there are some alternate attacks you should consider: |
* [[fragmentation|Fragmentation Attack]]: This is an alternate technique to obtain PRGA for building packets for subsequent injection. | * [[fragmentation|Fragmentation Attack]]: This is an alternate technique to obtain PRGA for building packets for subsequent injection. |
korek_chopchop.txt · Last modified: 2009/06/02 19:24 by mister_x