This page contains some tools (or modifications to them) that I made at one point in time. And also tools where I helped with research or coding. I only recently started collected them, so a lot of them are not yet listed. Some of them were quickly hacked together, some of them actually have decent code... Anyway, perhaps some of them are usefull for you!

Network Tools

  • Modding WiFi drivers: these are a series of patches to the ath9k_htc firmware and driver which enable low-layer attacks against WiFi. In particular this allows for unfair channel usage, continuous jamming, reactive jamming, and a channel-based MitM attack. All using very cheap commodity USB WiFi dongles!
  • Tcpreplay patch for cooked pcaps: patch made to tcpreplay so it can replay "cooked-mode captures". In other words, network traces without Ethernet headers, and only IP/TCP headers (and further data payloads of course). This is extremely usefull when you only have access to raw sockets on IP level (e.g. on an OpenVZ VPS). [Download Patch]
  • WPA-TKIP DoS: this tool abuses TKIP MIC failures to launch a Denial-of-Service attack against clients using TKIP. For this to work, at least one client must be using TKIP! The code is available as a patch on top of aircrack-ng.
  • ApBleed: proof-of-concept to test heartbleed against wireless networks which use enterprise authentication. Generally this means a RADIUS server is used as a backend, which uses OpenSSL. Essentially, you can directly talk to a RADIUS server before authenticating. Hence you can also test for heartbleed before authenticating to the network.

Information Flow

  •  FlowFox: FlowFox is a modified Firefox browser. It uses information flow techniques to prevent sensitive information from being leaked to untrusted websites. For example, if a cookie is marked as sensitive information, FlowFox will ensure that it is only sent towards the domain that owns the cookie. Hence, in this small example, all XSS attacks are blocked.

1 comment:

  1. request for constant jamming firmware.

    I am a pentester doing some labs and for educational purposes would like to test our your constant jamming firmware.


    Best regards