README
1$FreeBSD$
2
3This is an implementation of the frag attack described in:
4http://tapir.cs.ucl.ac.uk/bittau-wep.pdf
5It will only work with Atheros. It could be made to work with other cards, but
6it is more difficult.
7
8wesside's features:
9===================
10* Channel hops, finds a WEP wifi, finds a MAC to spoof if necessary and
11 associates.
12* Waits for a packet. Uses fragmentation to recover some keystream.
13* Discovers the network's IP using the linear keystream expansion technique in
14 order to decrypt an ARP packet.
15* Generates traffic on the network for weak IV attack:
16 - Either by flooding with ARP requests.
17 - Or, by contacting someone on the Internet [udps] and telling it to flood.
18* Uses aircrack periodically to attempt to crack the WEP key. The supplied
19 aircrack is modified to work with wesside.
20* Binds to a tap interface to allow TX. RX works if a dictionary is being built
21 [dics] and a packet with a known IV traverses the network.
22
23Examples:
24=========
25For the skiddies:
26./wesside
27
28To cause the Internet to flood:
29[Internet box]~$ ./udps 500
30./wesside -s ip_of_internet_box
31
32To build a dictionary:
33[Internet box]~# ./dics source_ip_of_box 100
34./wesside -s ip_of_internet_box
35Use tap3 as if it were the wifi.
36