|
|
@@ -24,7 +24,23 @@ To simulate an attack against a client follow the detailed instructions in `krac
|
|
|
|
|
|
**Now follow the detail instructions that the script outputs.**
|
|
|
The script assumes the client will use DHCP to get an IP.
|
|
|
-Remember to also perform extra tests using the `--tptk` and `--tptk-rand` parameters.
|
|
|
+Remember to also perform extra tests using the `--tptk` and `--tptk-rand` parameters, and using `--group` to test the group key handshake.
|
|
|
+So concretely, we recommend running the following tests:
|
|
|
+
|
|
|
+1. `./krack-test-client.py`
|
|
|
+2. `./krack-test-client.py --tptk`
|
|
|
+3. `./krack-test-client.py --tptk-rand`
|
|
|
+4. `./krack-test-client.py --group`
|
|
|
+
|
|
|
+## Correspondence to Wi-Fi Alliance tests
|
|
|
+
|
|
|
+- 4.1.1: Plaintext retransmission of EAPOL Message 3. We currently do not support this test.
|
|
|
+- 4.1.2: Immediate retransmission of EAPOL M3 in plaintext. We currently do not suppor this test.
|
|
|
+- 4.1.3: Immediate retransmission of encrypted EAPOL M3 during pairwise rekey handshake. This corresponds to `./krack-test-client.py` except that encrypted EAPOL M3 are sent periodically instead of immediately.
|
|
|
+- 4.1.5: PTK reinstallation in 4-way handshake when STA uses Temporal PTK construction (same ANonce). Execue this test using `./krack-test-client.py --tptk`.
|
|
|
+- 4.1.6: PTK reinstallation in 4-way handshake when STA uses Temporal PTK construction (random ANonce). Execue this test using `./krack-test-client.py --tptk-rand`.
|
|
|
+- 4.2.1: Group key handshake vulnerability test on STA. Execue this test using `./krack-test-client.py --group`.
|
|
|
+- 4.3.1: Reinstallation of GTK and IGTK on STA supporting WNM sleep mode. We currently do not support this test (and neither does the Wi-Fi Alliance).
|
|
|
|
|
|
# Testing Access Points: Detecting a vulnerable FT Handshake (802.11r)
|
|
|
|
Mathy Vanhoef