owfuzz: a WiFi protocol fuzzing tool using openwifi.

Overview

owfuzz

owfuzz: a WiFi protocol fuzzing tool using openwifi.

Openwifi is an open-source WiFi protocol stack based on SDR that is fully compatible with Linux mac80211. It's driver takes advantage of the Linux kernel's supports (mac80211, cfg80211) for WiFi high MAC, so it can provide an interface to the application layer like a common WiFi USB dongle. In The hardware part, CSMA/CA protocol and other functions of WiFi low MAC layer are implemented on FPGA. It supports monitoring and injection of arbitrary WiFi frames,The application layer software can also directly communicate with the openwifi driver/FPGA/RF underlying functions through nl80211, which provides users with great autonomous and controllable ability. Owfuzz is the first to use openwifi platform to implements a WiFi protocol fuzzing test framework, which supports the fuzzing test of all WiFi frames and the interactivity testing of WiFi protocols.

Owfuzz can also use a wireless network card that supports monitor mode and frame injection.

Architecture

Features:

  • IEEE Std 802.11 1999/2007/2012/2016
  • 2.4Ghz and 5Ghz
  • Supports all WiFi devices: APs and Cliets
  • Fuzzing all frames: management/control/data
  • Any state of WiFi
  • Interactivity testing
  • OPEN/WEP/WPA/WPA2/WPA3
  • Automatically generates poc log and locates the vulnerability.

Usage

  • owfuzz usage:
    • example: sudo ./owfuzz -i wlan0 -m ap -c [channel] -t [target-mac] -b [ap-mac] -s [ap-mac] -T 2 -A WPA2_PSK_TKIP_AES -I [targe-ip]
    • -i [interface], Interface to use.
    • -m [ap/sta], Set the mode of fuzzer, default is ap.
    • -c [channel], Set the working channel of fuzzer, default is 1.
    • -t [mac], Target's MAC address.
    • -S [SSID], AP's SSID.
    • -A [auth type], Target's auth type: OPEN_NONE, OPEN_WEP, SHARE_WEP, WPA_PSK_TKIP, WPA_PSK_AES, WPA_PSK_TKIP_AES, WPA2_PSK_TKIP, WPA2_PSK_AES, WPA2_PSK_TKIP_AES, EAP_8021X, WPA3
    • -I [IP address], Target's IP address
    • -b [BSSID], AP's Mac address
    • -s [mac], Fuzzer's (source) Mac address.
    • -T [test type], Test type, default 1, 0: Poc test, 1: interactive test, 2: frames test, 3: interactive & frames test
    • -f [log file], Log file path
    • -h Help.

Building

  • Build dependencies (Kali/Ubuntu)
sudo apt-get install pkg-config libnl-3-dev libnl-genl-3-dev libpcap-dev
  • Compiling
make

Example

  • Fuzzing Client
sudo ./owfuzz -i wlan0 -m ap -c [channel] -t [sta-mac] -b [ap-mac] -s [ap-mac] -T 2 -A WPA2_PSK_TKIP_AES -I [sta-ip]
  • Fuzzing AP
sudo ./owfuzz -i wlan0 -m sta -c [channel] -t [ap-mac] -b [ap-mac] -s [sta-mac] -T 2 -A WPA3 -S [ssid-name] -I [ap-ip]
  • Interactivity fuzzing
sudo ./owfuzz -i wlan0 -m ap -c [channel] -t [sta-mac] -b [ap-mac] -s [ap-mac] -T 1 -A WPA2_PSK_TKIP_AES

Discovered vulnerabilities

License

This project is available as open source under the terms of the GPL 3.0 Or later. However, some elements are being licensed under GPL 2-0 or later and BSD 3 license . For accurate information, please check individual files.

Issues
Owner
Alipay
Ant Group Open Source
Alipay
Wifi hacking tool using ESP8266 ( Evil-Twin method )

ZiFi Wifi hacking tool using ESP8266 ( Evil-Twin method ) FEATURES : [+] Deauth [+] Evil-Twin [+] User Interface TESTED ON : Nodemcu Probably will wor

Z4N 37 Aug 3, 2022
Fuzzing test lab

NYCU-Software-Testing-2021-Lab8 Fuzzing test lab 這是簡單的 bmp format 灰階轉換程式,裡面好像有隱藏的弱點會讓程式出問題,麻煩你用模糊測試找到問題,並幫我修復他。 繳交:學號.zip 內容: poc : 會造成問題的輸入 bmp_lib.c

Yuan 7 May 5, 2021
Winpcap-based network packet capture tool, support TLS (part), UDP, ICMP, TCP, ARP, DNS and other protocol analysis, interface reference wireshark.

Winpcap-based network packet capture tool, support TLS (part), UDP, ICMP, TCP, ARP, DNS and other protocol analysis, interface reference wireshark.

null 38 Aug 5, 2022
(Test assignment) Transfer files over the network using a homegrown UDP protocol

Требования Linux x86_64 gcc >= 4.9 (C++11) Сборка $ make Запуск $ make run -j5 -j5 позволяет серверу и четырём клиентам запуститься одновременно. В

Alexander Batischev 2 Dec 18, 2021
A WiFi mapping companion app for Valetudo

Valeronoi (Valetudo + Voronoi) is a companion for Valetudo for generating WiFi signal strength maps. It visualizes them using a Voronoi diag

Christian F. Coors 169 Jul 30, 2022
Tuya IoTOS Embeded SDK WiFi & BLE for BK7231T

Tuya IoTOS Embedded Wi-Fi and BLE SDK for BK7231T 中文版 | English Overview Developed independently by Tuya Smart, Tuya IoTOS is the world's only IoT ope

Tuya 34 Jul 31, 2022
WiFi-enabled soil moisture sensor

w-parasite w-parasite is an open source, WiFi-enabled soil moisture sensor for house plants. This repo contains all the hardware design files (schemat

null 126 Jul 31, 2022
T-Watch 2020 v1 compatible firmware providing WiFi and BLE testing tools (and also, a watch :D)

ESP-IDF template app This is a template application to be used with Espressif IoT Development Framework. Please check ESP-IDF docs for getting started

Damien Cauquil 39 Jul 31, 2022
Netstick client for Nintendo 3DS -- turn your portable console into a Linux compatible WiFi gamepad!

Netstick turns your 3DS into a wifi enabled gamepad! Control any linux-based device (such as a Raspberry Pi running Retropie) using your 3DS!

null 32 May 6, 2022
WiFi/MQTT Code For the ThingPulse ESPGateway

ESP32-Paxcounter with ThingPulse ESPGateway This project lets you run the ESP32-Paxcounter project on the ThingPulse ESPGateway. The ESPGateway has tw

Daniel Eichhorn 5 Dec 18, 2021
ESP8266 WiFi Connection manager with fallback web configuration portal

ESP8266 WiFi Connection manager with fallback web configuration portal

null 5.3k Aug 7, 2022
Wifi MQTT Data Logging via an esp8266 for the Ikea VINDRIKTNING PM2.5 air quality sensor

MQTT connectivity for the Ikea VINDRIKTNING This repository contains an ESP8266 firmware, which adds MQTT to the Ikea VINDRIKTNING PM2.5 air quality s

Sören Beye 865 Aug 5, 2022
A simple and easy WiFi-enabled ESP8266-powered WSPR and FT8 beacon which uses NTP + DS3231 RTC for timing.

Easy-Digital-Beacons-v1 A simple and easy WiFi-enabled ESP8266-powered WSPR and FT8 beacon which uses NTP + DS3231 RTC for timing. The whole design is

Dhiru Kholia 26 Aug 1, 2022
ESP8266 powered Xilinx Virtual Cable - Xilinx WiFi JTAG!

Xilinx Virtual Cable Server for ESP8266 Overview ESP8266 implementation of XVC (Xilinx Virtual Cable) protocol based on xvcd

Dhiru Kholia 6 Jul 18, 2022
OtterCastAmp is an open-source WiFi Speaker amplifier, based on a Sochip S3 SoC. Powered by any USB PD adapter for up to 100W of music.

OtterCastAmp is an open-source WiFi Speaker amplifier, based on a Sochip S3 SoC. Powered by any USB PD adapter for up to 100W of music.

Ottercast 249 Aug 7, 2022
ESP 32 webserver to serve a static page for wifi settings

ESP32 Settings WebServer This is a ESP32 Firmware developed in PlatformIO which consists in a HTTP server for serve static files and provides an API f

Mateus Mello de Oliveira 2 Oct 29, 2021
Update ESP32 firmware over WiFi from a web server

esp32-firmware-update Update ESP32 firmware over WiFi from Github This includes a python script which generates the update json file based on the firm

Felix Biego 9 Jun 28, 2022
RPI Pico WIFI via ESP-01S, LWESP, FreeRTOS, and MQTT example

RPIPicoRTOSMQTT RPI Pico WIFI via ESP-01S, LWESP, FreeRTOS, and MQTT example Demo code for RPI Pico using ESP-01S for wifi connection over uart. With

Dr Jon Durrant 2 Dec 2, 2021
This project was made with a NodeMCU ESP8266 WiFi module, Raspberry Pi4, humidity sensor, flame sensor, luminosity sensor, RGB LED, active buzzer.

Smart.House.IoT.Project This project was made with a NodeMCU ESP8266 WiFi module, Raspberry Pi4, Temp and Humidity sensor, Flame sensor, Photoresistor

Hermassi Nadir 0 Jun 22, 2022