Home

Bryan "Crypt0s" Halfpap

Wireless Attack Toolkit:

Originally for Raspberry-Pi, now for All Debian-Based Operating Systems with The Right Packages**

A collection of pre-configured or automatically-configured tools that automate and ease the process of creating robust Man-in-the-middle attacks. The toolkit allows your to easily select between several attack modes and is specifically designed to be easily extendable with custom payloads, tools, and attacks.

The cornerstone of this project is the ability to inject Browser Exploitation Framework Hooks into a web browser without any warnings, alarms, or alerts to the user. We accomplish this objective through protocol manipulation which forces the target to believe that the computer running the software is the internet gateway. From there, we run a content-modifying web proxy which injects malicious data into browser sessions.

Attack Overview:

Limpet Mine Mode:
    Poisons a network with ettercap + runs MITM Attacks

Passive Wireless Mode:
    Free Wifi anyone?

Agressive Wireless Mode:
    Become every access point with hostapd-karma

Once the WAT becomes the gateway, it fires up a MITM DNS server, metasploit, BEEF, and an injection proxy server for HTTP which injects the BEEF hook. From there, you log into the beef console and start popping shell.

It's in Beta, so complain about things you want to see in it now.

Current Roadmap (Not Really Listed in any order of priority):

Add IPv6 MITM Tools a la THC/FOCA:
Parasite6
Fake_router6
redir6
SLAAC?

Bluetooth Attacks (Pending original research/release cycle)

Zigbee Attacks (Pending original research/release cycle

Frequently Asked Questions:
How do I install this?
How do I Put Cellular Internet onto this
What Hardware Should I Get?
What is Included in The Toolkit?
Why Doesn't Airdrop Work?
You Just Glued Software Together, This Isn't Original

Project Members:

**Tested on Raspian and Kali Linux VM


Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks