Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Security of managed WPA wireless access points.

Started by digitalchameleon , Mar 13 2012 12:52 PM

Please log in to reply

3 replies to this topic

#1 digitalchameleon

Will I break 10 posts?

Members
9 posts

Country:
Gender:Male

Posted 13 March 2012 - 12:52 PM

Airodump output:

 ENC  CIPHER AUTH ESSID
OPN              XYZ-open    
WPA2 CCMP   MGT  XYZ-authorized

Logging onto XYZ-open directs you to a webpage asking for a username and password, which I'm assuming will then allow you access to XYZ-authorized. Can anybody provide information about how this happens exactly? I've been searching google and aircrack forums with no luck. Is this AP vulnerable to WPA handshake capture? Can the webpage passwords be sniffed form the XYZ-open network?

Edited by digitalchameleon, 13 March 2012 - 12:54 PM.

Back to top

#2 nyphonejacks

Dangerous free thinker

Members
779 posts

Gender:Male
Location:718

Posted 13 March 2012 - 02:45 PM

Airodump output:
 ENC  CIPHER AUTH ESSID
OPN              XYZ-open    
WPA2 CCMP   MGT  XYZ-authorized
Logging onto XYZ-open directs you to a webpage asking for a username and password, which I'm assuming will then allow you access to XYZ-authorized. Can anybody provide information about how this happens exactly? I've been searching google and aircrack forums with no luck. Is this AP vulnerable to WPA handshake capture? Can the webpage passwords be sniffed form the XYZ-open network?

sounds like the open one is a guest network behind a walled garden... traffic between the open and WPA networks would be isolated, and logging into the open network would not provide you with credentials for logging into the WPA protected network..

Back to top

#3 digitalchameleon

Will I break 10 posts?

Members
9 posts

Country:
Gender:Male

Posted 13 March 2012 - 02:55 PM

The only page I can get through XYZ-open says:

Access XYZ internet.
Username:_____________
Password:_____________

All packets seem to end up here, with this http server. I have seen clients access XYZ-open shortly before their MAC address appears associated with XYZ-authorized.

Back to top

#4 systems_glitch

Dangerous free thinker

Moderating Team
1,461 posts

Gender:Male

Posted 18 March 2012 - 11:19 AM

It's likely a newer Cisco/Linksys wireless router. They do indeed provide a walled garden for allowing visitors to your house/business/whatever to access the Internet but not the machines on the secure portion of the network. From what I've seen, the "visitor" side is just running a gateway auth service and has no bearing on who can associate with the "secure" side.

I do a similar thing with m0n0wall/pfSense -- my wireless router (a little ALIX board running m0n0wall) runs with no encryption but requires gateway auth login before a machine can connect to anything. The access point's WAN interface is connected to a switch on the untrusted interface of my pfSense box. You can only route to the public Internet through the untrusted interface, but if you need to access something on my internal LAN, you can connect to an OpenVPN daemon on the pfSense untrusted interface using a pre-shared key and tunnel into the trusted LAN network.