Brussels / 4 & 5 February 2017


Simulation of MITM in PEAP with hostap

application of EAP state machines from hostap for MITM simulation

It's a talk about MITM in Tunneled Authentication Protocols and its consequent implementation with a help of hostap project. The research is not original and you may find a deeper overview in the paper: Pieter Robyns, Bram Bonné, Peter Quax, Wim Lamotte, Exploiting WPA2-enterprise vendor implementation weaknesses through challenge response oracles, July 2014.

There is a lot of information about hijacking internet connection. The most trivial case is unencrypted (open) wireless connection. But it is still possible if the network is protected with WPA/WPA2-Enteprise.

Three days work was sufficient to modify the behaviour of MSCHAPv2 and a bit of PEAP methods in EAP state machine within hostap. In the end, proof-of-concept simulation demonstrates the attack flow.

It is reasonable, since this code base is widely spread and up-to-date, what's even more important. Hence, it is a very good sandbox for EAP attacks.


Photo of Siarhei Siniak Siarhei Siniak