Owfuzz: a WiFi protocol fuzzing tool

Related tags

Miscellaneous Owfuzz
Overview

owfuzz

owfuzz: a WiFi protocol fuzzing tool using openwifi.

Openwifi is an open-source WiFi protocol stack based on SDR that is fully compatible with Linux mac80211. It's driver takes advantage of the Linux kernel's supports (mac80211, cfg80211) for WiFi high MAC, so it can provide an interface to the application layer like a common WiFi USB dongle. In The hardware part, CSMA/CA protocol and other functions of WiFi low MAC layer are implemented on FPGA. It supports monitoring and injection of arbitrary WiFi frames,The application layer software can also directly communicate with the openwifi driver/FPGA/RF underlying functions through nl80211, which provides users with great autonomous and controllable ability. Owfuzz is the first to use openwifi platform to implements a WiFi protocol fuzzing test framework, which supports the fuzzing test of all WiFi frames and the interactivity testing of WiFi protocols.

Owfuzz can also use a wireless network card that supports monitor mode and frame injection.

Architecture

Features:

  • IEEE Std 802.11 1999/2007/2012/2016/2020
  • 2.4Ghz and 5Ghz
  • Supports all WiFi devices: APs and Clients
  • Fuzzing all frames: management/control/data
  • Any state of WiFi
  • Interactivity testing
  • OPEN/WEP/WPA/WPA2/WPA3
  • Automatically generates poc log and locates the vulnerability.
  • Multichannel monitor and transmission

Usage

  • owfuzz usage:
    • example: sudo ./owfuzz -i wlan0 -m ap -c [channel] -t [target-mac] -b [ap-mac] -s [ap-mac] -T 2 -A WPA2_PSK_TKIP_AES -I [targe-ip]
    • -i [interface], Interface to use.
    • -m [ap/sta/mitm], Set the mode of fuzzer, default is ap.
    • -c [channel], Set the working channel of fuzzer, default is 1.
    • -t [mac], Target's MAC address.
    • -S [SSID], AP's SSID.
    • -A [auth type], Target's auth type: OPEN_NONE, OPEN_WEP, SHARE_WEP, WPA_PSK_TKIP, WPA_PSK_AES, WPA_PSK_TKIP_AES, WPA2_PSK_TKIP, WPA2_PSK_AES, WPA2_PSK_TKIP_AES, EAP_8021X, WPA3
    • -I [IP address], Target's IP address
    • -b [BSSID], AP's Mac address
    • -s [mac], Fuzzer's (source) Mac address.
    • -T [test type], Test type, default 1, 0: Poc test, 1: interactive test, 2: frames test, 3: interactive & frames test
    • -f [log file], Log file path
    • -h Help.

Building

  • Install dependencies (Kali/Ubuntu)
sudo apt-get install pkg-config libnl-3-dev libnl-genl-3-dev libpcap-dev
  • Compiling
make

Start in openwifi

  • Copy owfuzz and openwifi_owfuzz.sh to openwifi with password openwifi.

    scp -r owfuzz openwifi_env.sh [email protected]:~/
    
  • Login to the board from your PC (PC Ethernet should have IP 192.168.10.1) with password openwifi.

  • Install dependencies

sudo apt-get install pkg-config libnl-3-dev libnl-genl-3-dev libpcap-dev
  • Compiling
make
  • Init openwifi env
    ./openwifi_owfuzz.sh
    

Example

  • Fuzzing Client
sudo ./owfuzz -i wlan0 -m ap -c [channel] -t [sta-mac] -b [ap-mac] -s [ap-mac] -T 2 -A WPA2_PSK_TKIP_AES -I [sta-ip]
  • Fuzzing AP
sudo ./owfuzz -i wlan0 -m sta -c [channel] -t [ap-mac] -b [ap-mac] -s [sta-mac] -T 2 -A WPA3 -S [ssid-name] -I [ap-ip]
  • Interactivity fuzzing
sudo ./owfuzz -i wlan0 -m ap -c [channel] -t [sta-mac] -b [ap-mac] -s [ap-mac] -T 1 -A WPA2_PSK_AES

Discovered vulnerabilities

Please see here.

License

This project is available as open source under the terms of the GPL 3.0 Or later. However, some elements are being licensed under GPL 2-0 or later and BSD 3 license . For accurate information, please check individual files.

Issues
Owner
Alipay
Ant Group Open Source
Alipay
CollabFuzz: A Framework for Collaborative Fuzzing

Collaborative Fuzzing Design In this cooperative framework, the fuzzers collaborate using a centralized scheduler.

VUSec 59 Jul 6, 2022
The artifact associated with our ISSTA 2021 paper "Seed Selection for Successful Fuzzing"

Seed Selection for Successful Fuzzing The artifact associated with our ISSTA 2021 paper "Seed Selection for Successful Fuzzing". While our primary art

HexHive 28 Jul 21, 2022
USENIX 2021 - Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types

Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types Nyx is fast full-VM snapshot fuzzer for type-2 hypervisors. It's built upon kAFL

Chair for Sys­tems Se­cu­ri­ty 156 Jul 18, 2022
BSOD: Binary-only Scalable fuzzing Of device Drivers

bsod-kernel-fuzzing This repository contains the implementations described in "BSOD: Binary-only Scalable fuzzing Of device Drivers". The paper and th

Fabian Toepfer 131 Aug 5, 2022
StochFuzz - Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting

StochFuzz: A New Solution for Binary-only Fuzzing StochFuzz is a (probabilistically) sound and cost-effective fuzzing technique for stripped binaries.

Zhuo Zhang 161 Aug 9, 2022
OSS-Fuzz - continuous fuzzing for open source software.

OSS-Fuzz: Continuous Fuzzing for Open Source Software Fuzz testing is a well-known technique for uncovering programming errors in software. Many of th

Google 7.6k Jul 31, 2022
TAFuzzer: Effective and Efficient Targeted Fuzzing framework for Smart Contract Vulnerability Detection (CCS2022a Under Review).

TAFuzzer An effective and efficient targeted fuzzing framework for smart contract vulnerability detection. Requirements TAFuzzer is supported on Linux

null 2 Feb 7, 2022
This is customized version of Seagull tool to support MD5 Hash calculation for Diameter Protocol(Digest-HA1 AVP)

This is customized version of Seagull tool to support MD5 Hash calculation for Diameter Protocol(Digest-HA1 AVP)

null 1 Nov 18, 2021
Web Server based on the Raspberry Pico using an ESP8266 with AT firmware for WiFi

PicoWebServer This program runs on a Raspberry Pico RP2040 to provide a web server when connected to an Espressif ESP8266. This allows the Pico to be

null 46 Jul 19, 2022
Control Heidelberg Wallbox Energy Control over WiFi using ESP8266 and configure your own local load management

< scroll down for English version and additional information > wbec WLAN-Anbindung der Heidelberg WallBox Energy Control über ESP8266 Die Heidelberg W

null 75 Jul 30, 2022
JJY timecode emitter using ESP32 and WiFi/NTP

ビルドの方法 README.rstをみてください あと、接続先APの設定は src/main.cpp の中を見てください 使い方 デフォルトではGPIO 22番に40kHzのタイムコードが、GPIO 23番に60kHzのタイムコードが出ます。 以下のように抵抗を介して混合し、電線を電波時計のまわりに

null 12 Dec 21, 2021
ESP based wifi adapter for Celestron telescopes

CelestronESPWifi ESP8266 based wifi adapter for Celestron telescopes The official Celestron Skyportal WiFi module is €190~. (aka SkyQ Link, aka Skylin

null 7 Jun 25, 2022
Linux Driver for USB WiFi Adapters that are based on the RTL8811AU and RTL8821AU Chipsets

Click for USB WiFi Adapter Information for Linux 8821au ( 8821au.ko ) ?? Linux Driver for USB WiFi Adapters that are based on the RTL8811AU and RTL882

Nick 110 Aug 3, 2022
Linux Driver for USB WiFi Adapters that are based on the RTL8812BU and RTL8822BU Chipsets

Click for USB WiFi Adapter Information for Linux 88x2bu ( 88x2bu.ko ) ?? Linux Driver for USB WiFi Adapters that are based on the RTL8812BU and RTL882

Nick 237 Aug 4, 2022
Simple WPA-PSK default password candidates generator for mobile broadband WIFI routers, based on IMEI

IMEIgen Simple WPA-PSK default password candidates generator for mobile broadband WIFI routers, based on IMEI. Background In their conquest for more u

Alex Stanev 8 May 21, 2022
Updated Vindriktning with Wifi Connectivity, Motion sensor, Temperature and Humidity

Vindriktning-plus Updated Vindriktning with Wifi Connectivity, Motion sensor, Temperature and Humidity Inspired & parts of the code are used from: htt

Glittering Dealer 3 Apr 18, 2022
ESP32 and ESP8266 Arduino wifi template

ESP wifi template ESP32 and ESP8266 Arduino wifi template Features Popular WiFI AP mode WiFI STA mode ETH mode DNS server for AP mode Async DDNS clien

Tien Huy Huynh 5 Jun 20, 2022
Linux Driver for USB WiFi Adapters that are based on the RTL8812AU Chipset - v5.13.6

Click for USB WiFi Adapter Information for Linux A FAQ is available at the end of this document. Problem reports go in Issues. Problem reports should

Nick 165 Aug 8, 2022
An easy to build CO2 Monitor/Meter with Android and iOS App for real time visualization and charting of air data, data logger, a variety of communication options (BLE, WIFI, MQTT, ESP-Now) and many supported sensors.

CO2-Gadget An easy to build CO2 Monitor/Meter with cell phone App for real time visualization and charting of air data, datalogger, a variety of commu

Mariete 22 Aug 5, 2022