Wireless Attackswirelessapimpersonationeapmschapv2karmaheartbleed802.1x

hostapd-wpe

Modified hostapd for AP impersonation attacks to capture client credentials via IEEE 802.1x EAP methods. Logs authentication attempts including MSCHAPv2 challenges and responses for offline cracking.

Description

hostapd-wpe is a modified version of hostapd designed for wireless pwnage edition attacks. It impersonates legitimate access points to trick clients into authenticating and revealing credentials. The tool supports multiple EAP types including EAP-FAST/MSCHAPv2, PEAP/MSCHAPv2, EAP-TTLS/MSCHAPv2, and others, returning EAP-Success to maintain client connection belief.

Use cases include capturing WiFi credentials from enterprise networks using 802.1x, testing WPA/WPA2 enterprise security, and launching follow-on attacks once credentials are obtained. It also implements Karma-style probe responses and Heartbleed attacks against vulnerable clients.

All captured data including challenges, responses, and usernames are logged to stdout and hostapd-wpe.log, enabling offline cracking with tools like asleap.

How It Works

hostapd-wpe acts as an IEEE 802.1x Authenticator and Authentication Server impersonator. When clients connect to the fake AP, it captures EAP authentication exchanges, specifically targeting MSCHAPv2 handshakes to extract NTLM challenges and responses. It supports EAP methods 1 (EAP-FAST/MSCHAPv2), 25 (PEAP/MSCHAPv2), and TTLS variants. After capturing credentials, it sends EAP-Success to keep clients associated. Additional features include gratuitous probe responses (Karma mode) and CVE-2014-0160 Heartbleed exploitation.

Installation

bash

sudo apt install hostapd-wpe

Flags

-hshow this usage

-dshow more debug messages (-dd for even more)

-Brun daemon in the background

-eentropy file

-gglobal control interface path

-Ggroup for control interfaces

-PPID file

-Kinclude key data in debug messages

-rReturn Success where possible

-cCupid Mode (Heartbleed clients)

-kKarma Mode (Respond to all probes)

Examples

Update Kali package lists before installation

apt update

Install hostapd-wpe package

apt install hostapd-wpe

Edit AP configuration file including SSID, interface, and authentication settings

nano /etc/hostapd-wpe/hostapd-wpe.conf

Kill network-manager to prevent interface conflicts

airmon-ng check kill

Start rogue AP; captures and displays client authentication credentials to console

hostapd-wpe /etc/hostapd-wpe/hostapd-wpe.conf

Crack captured MSCHAPv2 challenge-response using dictionary attack with asleap

zcat /usr/share/wordlists/rockyou.txt.gz | asleap -C 8e:0e:9d:0b:5a:3f:f5:23 -R 34:f8:42:4d:16:c7:2d:69:cc:38:10:d4:cf:71:f7:83:37:68:d8:8a:e9:86:f2:67 -W -

Start AP in Karma mode to respond to all probe requests

hostapd-wpe -k /etc/hostapd-wpe/hostapd-wpe.conf

Updated 2026-04-16kali.org ↗