Practical & Improved Wifi MitM with Mana

Conference:  Defcon 26



The presentation discusses the vulnerabilities in Wi-Fi networks and the lack of consistent certificate validation methods. The speakers also introduce a docker image called Chennai-Fi that allows users to practice Wi-Fi hacking without the need for hardware.
  • Wi-Fi networks have vulnerabilities that can be exploited by attackers
  • Certificate validation methods are not consistent across different devices and operating systems
  • The Chennai-Fi docker image allows users to practice Wi-Fi hacking without hardware
  • The speakers provide anecdotal evidence of their own experiences with Wi-Fi hacking
The speakers discuss their experiences with Wi-Fi hacking, including creating a cloned version of a legitimate certificate chain and successfully connecting to a rogue access point using a certificate signed by a valid CA. They also mention the difficulty in targeting specific devices and the lack of consistent certificate validation methods across different devices and operating systems.


In 2014, we released the mana rogue AP toolkit at DEF CON 22. This fixed KARMA attacks which no longer worked against modern devices, added new capabilities such as KARMA against some EAP networks and provided an easy to use toolkit for conducting MitM attacks once associated. Since then, several changes in wifi client devices, including MAC randomisation, significant use of the 5GHz spectrum and an increased variety of configurations has made these attacks harder to conduct. Just firing up a vanilla script gets fewer credentials than it used to. To address this mana will be re-released in this talk with several significant improvements to make it easier to conduct rogue AP MitM attacks against modern devices and networks. After years of using mana in many security assessments, we've realised rogue AP'ing and MitM'ing is no simple affair. This extended talk will provide an overview of mana, the new capabilities and features, and walk attendees through three scenarios and their nuances:



Post a comment

Related work

Conference:  Defcon 31
Authors: Nick Saunders Chief Cybersecurity and Data Officer, Viasat Government, he/him/his, Mark Colaluca Vice President and Chief Information Security Officer (CISO), Viasat, he/him/his