1 $FreeBSD: src/tools/tools/net80211/wesside/README,v 1.2 2006/08/07 17:08:05 keramida Exp $
3 This is an implementation of the frag attack described in:
4 http://tapir.cs.ucl.ac.uk/bittau-wep.pdf
5 It will only work with Atheros. It could be made to work with other cards, but
10 * Channel hops, finds a WEP wifi, finds a MAC to spoof if necessary and
12 * Waits for a packet. Uses fragmentation to recover some keystream.
13 * Discovers the network's IP using the linear keystream expansion technique in
14 order to decrypt an ARP packet.
15 * Generates traffic on the network for weak IV attack:
16 - Either by flooding with ARP requests.
17 - Or, by contacting someone on the Internet [udps] and telling it to flood.
18 * Uses aircrack periodically to attempt to crack the WEP key. The supplied
19 aircrack is modified to work with wesside.
20 * Binds to a tap interface to allow TX. RX works if a dictionary is being built
21 [dics] and a packet with a known IV traverses the network.
28 To cause the Internet to flood:
29 [Internet box]~$ ./udps 500
30 ./wesside -s ip_of_internet_box
32 To build a dictionary:
33 [Internet box]~# ./dics source_ip_of_box 100
34 ./wesside -s ip_of_internet_box
35 Use tap3 as if it were the wifi.