View Issue Details

IDProjectCategoryView StatusLast Update
0006577Kali LinuxQueued Tool Additionpublic2021-08-10 15:22
ReporterMister_X Assigned Tosbrun  
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Fixed in Version2021.3 
Summary0006577: WPA Sycophant - Evil client portion of EAP relay attack
Description
  • [Name] - wpa_sycophant
  • [Version] - 1.0
  • [Homepage] - https://github.com/sensepost/wpa_sycophant
  • [Download] - https://github.com/sensepost/wpa_sycophant/releases/tag/v1.0
  • [Author] - Cablethief, Sensepost
  • [Licence] - https://github.com/sensepost/wpa_sycophant/blob/v1.0/README
  • [Description] - Evil client portion of EAP relay attack
  • [Dependencies] - hostapd-mana openssl
  • [Similar tools] - hostapd-mana
  • [How to install] -
    cd wpa_supplicant
    make
    make install

    Rename wpa_supplicant to wpa_sycophant (AFAIK, no need for any other binary)

    Download https://raw.githubusercontent.com/sensepost/wpa_sycophant/master/wpa_sycophant.sh and replace it in the package (it fixes the cleanup), guessing in /usr/local/sbin

  • [How to use] -
    Create configuration file:
    network={
    ssid="TestingEAP"

    The SSID you would like to relay and authenticate against.

    scan_ssid=1
    key_mgmt=WPA-EAP

    Do not modify

    identity=""
    anonymous_identity=""
    password=""

    This initialises the variables for me.

    -------------

    eap=PEAP
    phase1="crypto_binding=0 peaplabel=0"
    phase2="auth=MSCHAPV2"

    Dont want to connect back to ourselves,

    so add your rogue BSSID here.

    bssid_blacklist=00:14:22:01:23:45
    }

    Run: wpa_sycophant.sh -c wpa_sycophant_example.conf -i wlan0

Activities

g0tmi1k

g0tmi1k

2020-09-01 21:36

administrator   ~0013363

@kali-team, please could this be packaged up.

sbrun

sbrun

2021-08-10 15:22

manager   ~0014987

version 1.0+git20210103-0kali2 is in kali-rolling

Issue History

Date Modified Username Field Change
2020-07-16 01:12 Mister_X New Issue
2020-09-01 21:36 g0tmi1k Status new => acknowledged
2020-09-01 21:36 g0tmi1k Category New Tool Requests => Queued Tool Addition
2020-09-01 21:36 g0tmi1k Product Version 2020.2 =>
2020-09-01 21:36 g0tmi1k Note Added: 0013363
2020-12-01 11:13 g0tmi1k Summary WPA Sycophant => WPA Sycophant - Evil client portion of EAP relay attack
2021-07-13 08:54 sbrun Assigned To => sbrun
2021-07-13 08:54 sbrun Status acknowledged => assigned
2021-08-10 15:22 sbrun Status assigned => resolved
2021-08-10 15:22 sbrun Resolution open => fixed
2021-08-10 15:22 sbrun Fixed in Version => 2021.3
2021-08-10 15:22 sbrun Note Added: 0014987