If you're on a corporate network, an attacker *cannot* transparently MITM you. They can decrypt sent packets but they're *dropped*.
Show this thread
So, yeah. The wpa_supplicant bug only lets you *impersonate* an AP. It does *NOT* let you MITM it or passively decrypt. This is important.
-
-
-
And if you're on the Internet / public WiFi, you've got plenty more attack scenarios to worry about.
Show this thread
End of conversation
New conversation -
-
-
Are you sure? Which version of wpa_supplicant are you talking about? Seems like MITM worked in the demo-video.
-
The demo video isn't a MITM of the AP, it's a total takeover with direct routing out to the internet. Note how he ran a script for that.
- Show replies
New conversation -
-
-
Technically you could, if you have the passphrase for the actual network. But then you'd be able o impersonate the APw/o this exploit
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.