MTeams is studying this new Kracks Exploit for WPA2

See https://www.infopackets.com/news/10205/new-wi-fi-crack-can-intercept-your-data-what-you-need-know

For a how to search

How to use Krack Vulnerability CVE 2017-13082 I Kali Linux 2017.2

Musket Teams

Appreciate the link to additional information.

My view is that, while this is a problem, I feel it's been over-hyped. Rogue/evil twin access points are more dangerous.

I feel it's been over-hyped
Yeah I said the same thing in stack exchange Information Security site. KRACK vulnerability was overhyped but not because WPA/WPA2 had this weakness. It is because it was spotted after 14 years when WPA/WPA2 was accepted as a standard by IEEE without checking this "key sent twice condition".

This vulnerability has a very small attack vector so KRACK is not going to be widely used by pentesters. However, a social engineering attack may use this exploit. An attacker can easily redirect the victim's http traffic to his fake "router firmware update" webpage and can ask the victim to enter Pre-shared key to initialize the fake router update so everyone should update their firmware.

KRACK vulnerability is already discussed in CCS 2017 conference (https://www.sigsac.org/ccs/CCS2017/papers.html) but the author didn't release the attacking script until the world is patched. But i think people are still making KRACK tools on github.

Agreed, _defalt. As the researcher mentioned on his site, the problem is in the WPA/WPA2 protocol...a replay issue. I can certainly see the effectiveness of the social engineering attack you described.

I've been watching github & other places for KRACK tools as well. Might even take a crack (pun intended :) ) at writing such a tool myself.

I wonder if KRACK could be used for bandwidth leeching?

It would work like a side tap to the connection of the authenticated WPA2 client.

1) Use KRACK to get a MITM position.
2) Inject packets with requests.
3) Intercept responses.

Someone could eventually even wrap those tasks to look like a 127.0.0.1 socks proxy or vpn for anonymous browsing or file transfers.

I wonder if KRACK could be used for bandwidth leeching?

It would work like a side tap to the connection of the authenticated WPA2 client.

1) Use KRACK to get a MITM position.
2) Inject packets with requests.
3) Intercept responses.

Someone could eventually even wrap those tasks to look like a 127.0.0.1 socks proxy or vpn for anonymous browsing or file transfers.
1)KRACK itself requires MITM to work.
2)In WPA2/CCMP you can't tamper with the data because they are authenticated using CBC-MAC.
3)Interception is possible once you decipher the traffic by initiating KRACK.

can someone please help me with krack, just the basic i rly want to get into it but i havent found any real tutorials

Best place to start is the krackattacks.com website. There's a link to scripts written by the researcher who discovered the vuln.

Here are some links to what may be work in progress.

https://github.com/DavidBurkett/KRACK-Attack

https://github.com/omaidf/KRACK-toolkit


Other info of interest

https://www.kali.org/news/kali-on-krack/


Musket Teams

Thanks for the other links, mmusket33