rtulke / cupid Goto Github PK
View Code? Open in Web Editor NEWThis project forked from lgrangeia/cupid
Patch for hostapd and wpa_supplicant to attempt to exploit heartbleed on EAP-PEAP/TLS/TTLS connections
This project forked from lgrangeia/cupid
Patch for hostapd and wpa_supplicant to attempt to exploit heartbleed on EAP-PEAP/TLS/TTLS connections
( .-'''-..' \ _______ .' - \ <<<<<<<< );__ ,,,_) \ <<<<<<<<< ) ;C / \ <<<<<< (.-'-. )====_)_=======> wpa_supplicant-cupid <<<<< \ ''''''' ) && hostapd-cupid ; <<< .......__/ .-''' ( ) .-' ;. / / .-' . = . / _-''\_/ '. .' . / .-' ) ;\ '''. . / ; .'''' `. ' ; ( O -' .''' .' .' .-'''''` 'o-' ## Cupid 0.1 ## Author: Luis Grangeia ## [email protected] ## twitter.com/lgrangeia # INTRODUCTION Cupid is a pair of patches for hostapd-2.1 and wpa_supplicant-2.1 to exploit heartbleed on Wireless networks that use EAP Authentication methods based on TLS (specifically OpenSSL) Please see presentation slides for a simple introduction to cupid: http://www.slideshare.net/lgrangeia # COMPILATION Get wpa_supplicant-2.1 and/or hostapd-2.1, apply the respective patch and compile. I don't recommend doing a "make install" as you'll be replacing your systems binaries with non-functional copies (functional only for exploiting heartbleed). # USAGE Both patches come with a "heartbleed.conf" file that can be used to tweak behaviour. It must be present and placed on the same directory you're running the binary. Refer to the file for details. --> wpa_supplicant: Use the included test_wpasupplicant.conf and change the ssid to the network you're wanting to test heartbleed for. Fire up wireshark or tcpdump on the interface to check for TLS heartbeat requests/responses. I usually do: # airmon-ng start wlan0 and then monitor the whole thing on the mon0 interface (use filter 'EAP || SSL' for a better picture). fire up wpa_supplicant: ./wpa_supplicant -i wlan0 -dd -c ~/testconfs/test_wpasupplicant.conf Look at the output of wireshark to see if the network you're attacking is vulnerable. --> hostapd Use the included test_hostapd.conf. You may have to set up certificates and an empty eap_user file. I've included these for reference as well. Fire up wireshark as described above. Note that you need a wireless adapter supporting host AP mode. fire up hostapd: ./hostapd -d test_hostapd.conf Then try to connect to the "bleedingheart" network with your mobile device or laptop, and it will try to heartbleed it. You can put any login/password combination. To see if the patch works just install a vulnerable OpenSSL version and try to exploit your local copy of wpa_supplicant or a fresh install of hostapd. ### FUTURE WORK Please let me know if you find vulnerable devices and give me their version and if possible a packet dump of the actual attack. TODO: - Code is still very incomplete, just a PoC - Does not decrypt the heartbeat response if encrypted (not the case if pre-handshake) - Should output the heartbeat responses to a file - Test more devices/networks!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.