hostapd-mana icon indicating copy to clipboard operation
hostapd-mana copied to clipboard
verified publisher icon sensepost

Hardware updates ?

Open ZZ0R0 opened this issue 9 months ago • 7 comments

Hello, i'm searching for the best adapter to use for this framework,

i currently have these :

  • ALFA AWUS036AXML => MediaTek MT7921AUN
  • TP-Link TL-WN722N v2/v3 => Realtek RTL8188EUS

but i didn't manged to get them working, i just used the simple hostadp config template enabling basic mana options

  • enable_mana=1
  • mana_loud=1

what i was expecting after running my hostapd was seeing my devices connecting to the hotspot after he recieved the probe requests, but it didn't

i saw the probe requests but my anrdoid phone didn't connected

how can i diagnose if it is a hardware or software problem ?

thank you in advance

in cas this is hardware related, what is the best chipset supporting this framwork today in 2025 ?

ZZ0R0 avatar Mar 16 '25 07:03 ZZ0R0

To rule out a range of issues - try connect to a new open network of any name and see if it connects then. Your device may be probing for PSK or EAP networks not open ones.

singe avatar Mar 17 '25 13:03 singe

First of all, thank you for your reply,

So what i understand is that i need to forcefully add a password or any kind of security ?

Does this version of hostapd implements fake security mechanisms to trick the device into thinking it have the good password even if it doesn't ?

ZZ0R0 avatar Mar 19 '25 00:03 ZZ0R0

I’m a little confused by the question - you can advertise PSK networks but you don’t know the password so at best all you can do is capture a half handshake to crack.

You can advertise EAP networks and depending on the type could capture hashes to crack.

But there’s no way to have a device automatically connect to a network for which there’s a password you don’t know beforehand.

singe avatar Mar 19 '25 04:03 singe

So it seems i absolutely miss understood the working of this repo, i thought the whole advantage of mana attacks was to mimick some random AP and so tricking the device into connecting to it and using it as it's access point

ZZ0R0 avatar Mar 19 '25 17:03 ZZ0R0

Is that true ? can it only mimicks the APs of which it knows the password ? So finally what is the point of mana attacks other than simply broadcasting (indeed answering to probe requests) for multiples SSIDs ?

ZZ0R0 avatar Mar 20 '25 05:03 ZZ0R0

That’s what it does - answer probe requests and: If it’s an open network the device will connect. If it’s a WPA/2 network it will capture a handshake for cracking. If it’s one of several EAPs that use passwords it will provide the plaintext password or a hash for cracking. If it’s EAP TLS you can get the device to connect if the client doesn’t have strict cert validation. If it’s PEAP you can relay authentication with the real network with wpa_sycophant and get the victim to connect to you and get your device connected to the real network.

singe avatar Mar 20 '25 11:03 singe

Ok, excuse that was the subtility that i didn't understood well in your first answer, i can make the device connect using probe request but if i connect to empty password hostapd-mana i need that the device has been connected earlier to a passwordless network

also is it possible to broadcast a ssidless passwordless network so that whatever is the probe request if the device has allready connected to an empty password network it will connect to it regardless of the ssid (which will be empty) ?

ZZ0R0 avatar Mar 21 '25 07:03 ZZ0R0