Search Linux Wireless

Re: Break-it testing for wifi

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Ben,

just googled out 'wifi fuzzy testing' and found something relevant
as below
https://www.blackhat.com/presentations/bh-europe-07/Butti/Presentation/bh-eu-07-Butti.pdf

regards,
shafi

On Mon, Nov 21, 2016 at 08:10:37AM -0800, Ben Greear wrote:
> Hello!
> 
> I am thinking about adding some sort of framework to wpa_supplicant and/or the
> mac80211 stack to allow purposefully creating bad station behaviour in order to
> test robustness of APs.
> 
> Some ideas so far:
> 
> 1)  Allow supplicant to do bad state-machine transitions (start 4-way before associating, for instance).
> 
> 2)  Randomly corrupt mgt frames in driver and/or mac80211 stack and/or supplicant.
> 
> 3)  Possibly allow user to make specific corruptions.  This would probably be in supplicant
>     only, and I am not sure how this would be configured.  Maybe allow user to over-ride
>     existing IEs and add bogus ones of their own choosing.
> 
> 4)  Maybe some specific tests like putting in over-flow sized lengths of IEs.
> 
> Has anyone done anything similar they would like to share?
> 
> Johannes:  Any interest in having such a framework in upstream kernels?
> 
> Any other ideas for how to improve this feature set?
> 
> Thanks,
> Ben
> 
> -- 
> Ben Greear <greearb@xxxxxxxxxxxxxxx>
> Candela Technologies Inc  http://www.candelatech.com
> 



[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux