Practical & Improved Wifi MitM with Mana

In 2014, we released the mana rogue AP toolkit at DEF CON 22. This fixed KARMA attacks which no longer worked against modern devices, added new capabilities such as KARMA against some EAP networks and provided an easy to use toolkit for conducting MitM attacks once associated.

Since then, several changes in wifi client devices, including MAC randomisation, significant use of the 5GHz spectrum and an increased variety of configurations has made these attacks harder to conduct. Just firing up a vanilla script gets fewer credentials than it used to.

To address this mana will be re-released in this talk with several significant improvements to make it easier to conduct rogue AP MitM attacks against modern devices and networks.

After years of using mana in many security assessments, we've realised rogue AP'ing and MitM'ing is no simple affair. This extended talk will provide an overview of mana, the new capabilities and features, and walk attendees through three scenarios and their nuances:

Intercepting corporate credentials at association (PEAP/EAP-GTC) Targeting one or more devices for MitM & collecting credentials "Snoopy" style geolocation & randomised MAC deanonymization As a bonus, you'll be able to download a training environment to practise all of this without requiring any wifi hardware (or breaking any laws).

Presented by