Results 1 to 2 of 2

Thread: WPA Enterprise - is ARP Spoofing Possible?

  1. #1
    Just burned his ISO
    Join Date
    Feb 2011
    Posts
    4

    Default WPA Enterprise - is ARP Spoofing Possible?

    If one has legitimate access to an unsecured, WEP, or WPA PSK network, then one can use ARP spoofing (plus SSL Strip).

    Is this possible for WPA / WPA2 - Enterprise?

    I am not talking about cracking WPA but what one can do after legitimately connecting.

    Edit:

    Presumably the idea is something like this.

    With WPA PSK all clients have the same key. Therefore someone on the network can ARP spoof and intercept traffic because he has the PSK.

    But with WPA Enterprise, keys are individual. Therefore, the attacker on the network still cannot ARP Spoof because he will not have the key of the client or clients (for broadcast spoofing) of which he is trying to MITM.

    Or am I completely wrong?

    Thanks.
    Last edited by sickness; 05-04-2011 at 07:33 AM.

  2. #2
    Just burned his ISO aeronavi's Avatar
    Join Date
    Oct 2010
    Location
    Portugal
    Posts
    14

    Default Re: WPA Enterprise - is ARP Spoofing Possible?

    I think in WPA-PSK each client also has unique key (called PTK). this key is derived from PSK+2 random numbers and MAC of both computers. this always happens when a client connect to AP (this is why you need to capture the handshake to decrypt packets on monitor mode). So by your logic this wouldnt be possible to, but the fact is that it works in my experience and Im almost sure that it works in wpa-enterprise too, as i think i remember testing.
    Now you put me thinking about it, and you get me confused about "why it works?"

    I think its because the packets before reach you are sent to router first, then are reencypted and sent to your ip using the encryption your wireless card knows..

    its somethig like this i think its happening
    normal connection:
    victim->router->internet and vice versa

    arpspoofed:
    victim->router->yourpc->router->internet and vice versa

Similar Threads

  1. Ettercap DNS Spoofing Not.. Spoofing
    By oxide in forum OLD Newbie Area
    Replies: 4
    Last Post: 04-02-2009, 10:39 PM
  2. WPA enterprise network
    By Zero Tolerance in forum OLD Newbie Area
    Replies: 11
    Last Post: 01-19-2009, 07:54 AM
  3. Log into WEP Enterprise?
    By KTreece in forum OLD Newbie Area
    Replies: 6
    Last Post: 10-15-2008, 09:01 AM
  4. 4-Way handshake in WPA-Enterprise?
    By Der_Kanzler in forum OLD Wireless
    Replies: 1
    Last Post: 09-18-2008, 11:32 AM
  5. WPA 1/2 Enterprise w/Radius
    By jpb2433 in forum OLD Wireless
    Replies: 1
    Last Post: 07-27-2007, 09:33 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •