wpa-sycophant
wpa-sycophant is a tool to relay phase 2 authentication attempts to access corporate wireless networks without cracking the password. It requires running a rogue access point to capture and relay legitimate user authentication attempts.
Description
wpa-sycophant provides a method to gain access to corporate wireless networks by relaying phase 2 authentication attempts from legitimate users. This avoids the need to crack passwords, making it an efficient technique for wireless penetration testing.
To utilize this tool, a rogue access point must be set up first. Legitimate users connecting to the rogue AP will have their authentication attempts relayed by wpa-sycophant to the target corporate network, potentially granting access without direct password compromise.
The tool is packaged for Kali Linux with dependencies including libc6, libnl-3-200, libnl-genl-3-200, and libssl3t64. It has an installed size of 867 KB.
How It Works
The tool operates by relaying phase 2 authentication attempts from clients connecting to a rogue access point. When a legitimate user associates with the rogue AP, wpa-sycophant captures the authentication credentials and forwards them to the real corporate wireless network's authentication server, exploiting the protocol to gain access without password cracking.
Installation
sudo apt install wpa-sycophantFlags
Examples
sudo wpa_sycophant -hsudo wpa_sycophant -c /etc/wpa-sycophant/wpa_sycophant_example.conf -i wlan0sudo wpa_sycophant -c custom.conf -i wlan1sudo wpa_sycophant -c /path/to/config -i mon0sudo wpa_sycophant -h | grep -i configsudo wpa_sycophant -c example.conf -i wlan0mon