FreeRadius Wireless Pawn Edition

freeradius-wpe is a specialized package of FreeRadius designed for wireless penetration testing, known as Wireless Pawn Edition. It facilitates the interception and capture of credentials during EAP-based authentication in wireless environments. The tool is tailored for scenarios where testers need to perform rogue RADIUS server operations to harvest usernames, passwords, or OTPs from clients attempting to connect to enterprise Wi-Fi networks.

Supported EAP types include PEAP/PAP (with OTP), PEAP/MSCHAPv2, EAP-TTLS/PAP (including OTPs), EAP-TTLS/MSCHAPv1, EAP-TTLS/MSCHAPv2, and EAP-MD5. These methods cover common inner authentication protocols used in WPA2-Enterprise setups, allowing the tool to emulate legitimate RADIUS servers effectively.

Use cases involve setting up a fake access point paired with this RADIUS server to trick clients into revealing credentials. It requires dependencies like libpcap for packet capture and various libraries for cryptographic and authentication handling.

freeradius-wpe operates as a RADIUS server modified for wireless pawn edition, listening for EAP authentication requests from wireless clients. It emulates supported EAP types such as PEAP, TTLS, and MD5, handling inner authentication methods like PAP, MSCHAPv1/v2 to capture plaintext credentials or hashes during the handshake process. Configuration is checked with -C, and it runs in foreground mode (-f) for logging captured data to a specified file (-l), binding to specific IP/port (-i, -p) for targeted interception.