Feature Request: Return "Success"

[kaiseranton]

Hey, my idea is, that when i start the AP, everyone's credentials get accepted. Maybe we can also add the captive portal or the user is just in my network. The point is, i can get the credentials AND the user wont see directly that there is something wrong. Like now, he see directly: "huh my username and password is not longer valid?"

PS: Thanks for your awesome script! Works perfectly on my debian 9 :)

[s0lst1c3]

Hi @kaiseranton,

It sounds like what you're describing is patching hostapd to always return "Success" at the end of the authentication process. That's definitely something that's on the horizon in terms of upcoming features, but isn't implemented yet. Both hostapd-wpe and hostapd-mana support this behavior though, so if you really need this functionality I'd check them out.

Keep in mind though that this technique is only possible when the client and server agree on an EAP method that does not support mutual authentication. At this time, the majority of the supplicants that you'll run into in the wild will want to use MSCHAPv2, which requires that the server authenticate itself to the client at the end of the authentication process (therefore preventing this technique from succeeding).

Regardless, I'll turn this into a formal feature request.