Hi Ben, just googled out 'wifi fuzzy testing' and found something relevant as below https://www.blackhat.com/presentations/bh-europe-07/Butti/Presentation/bh-eu-07-Butti.pdf regards, shafi On Mon, Nov 21, 2016 at 08:10:37AM -0800, Ben Greear wrote: > Hello! > > I am thinking about adding some sort of framework to wpa_supplicant and/or the > mac80211 stack to allow purposefully creating bad station behaviour in order to > test robustness of APs. > > Some ideas so far: > > 1) Allow supplicant to do bad state-machine transitions (start 4-way before associating, for instance). > > 2) Randomly corrupt mgt frames in driver and/or mac80211 stack and/or supplicant. > > 3) Possibly allow user to make specific corruptions. This would probably be in supplicant > only, and I am not sure how this would be configured. Maybe allow user to over-ride > existing IEs and add bogus ones of their own choosing. > > 4) Maybe some specific tests like putting in over-flow sized lengths of IEs. > > Has anyone done anything similar they would like to share? > > Johannes: Any interest in having such a framework in upstream kernels? > > Any other ideas for how to improve this feature set? > > Thanks, > Ben > > -- > Ben Greear <greearb@xxxxxxxxxxxxxxx> > Candela Technologies Inc http://www.candelatech.com >