I've been piddling around with arp-poisoning using Ettercap-ng and Arpspoof along with Sslstrip and various Dsniff programs like urlsnarf, webspy, etc. I can succesfully perform a mitm on my open network and on my network with WEP encryption enabled, but I would like to be able to do the same on it with WPA encryption enabled. (Obviously I know the passkey cause its my network.)
I was previously under the impression that it was difficult or impossible to perform an Arp Poisoning on a WPA encrypted network due to the fact that merely knowing the passkey is not sufficient to decrypt the packets because of the WPA handshake. Then I stumbled upon this thread "http://www.backtrack-linux.org/forums/old-newbie-area/24774-ettercap-wpa.html" which claimed that performing a mitm attack on a WPA network is done exactly the same as on an unencrypted network (no handshake or passkey stuff required as long as you're connected to the AP).
Incidently, I have tried performing the attack just like on and unencrypted network (except I tried bothe Arpspoof and Ettercap-ng) but I end up DOSing both myself and my victim laptop.
So, my questions are:
1. Is the answer to this thread correct in saying that performing a MITM attack on a WPA is done the same as on an open network?
2. If question 1. is "yes", then what am I doing wrong? (I will post my commands if that is the case)
Thanks in advance!