UDP plaintext injection example

[gcarmix]

Hi, I'm trying to reproduce your tests, I'm working with the USB Live and the TL-WN722N, I've tried the simple examples with ping and it seems to work correctly. However in the documentation I can't find any reference to how to reproduce the UDP plaintext injection example. In my test setup I've got a target PC running ubuntu connected to an AP protected by WPA2. On the ubuntu target machine I have a listening UDP socket (made with command "nc -lu 4444") . I want to achieve the result of sending UDP packets with plaintext(for example sending the string "test") in it from attacker machine to target machine without actually having the WPA2 password of AP.

Is it possible using fragattack.py?

[vanhoefm]

What exactly do you mean by "UDP plaintext injection example"? I don't remember implementing or performing UDP-based tests against devices. If you want to use the vulnerabilities to inject UDP packets, you would have to modify the code, or implement a custom proof-of-concept script.

[gcarmix]

I was referring to the option "--udp" in fragattack.py, I thought that through that option it would be possible to inject an udp packet, more or less the same of what you have done in the video with the kankun.py script.

[vanhoefm]

Ah that was a more experimental option. It should send a UDP packet to a random port, but it hasn't been tested a lot. You can modify the code in https://github.com/vanhoefm/fragattacks/blob/master/research/fraginternals.py#L121 to change the content of the packet being sent.

[gcarmix]

Thanks a lot for your directions, I got the point. I think we can close this issue