XVI. Protected Management Frames

EAPHammer supports rogue AP attacks using Protected Management Frames (PMF). This can be useful in situations where you need to enable or require PMF to create an RFC compliant AP (such as with WPA3 and OWE), or in situations where you want to use PMF to prevent a Wireless Intrusion Prevention System (WIPS) from using deauthentication frames to contain your attack.

To require stations to use PMF when connecting to your rogue AP, use the --pmf require flag as shown in the following example (default for access points that use OWE):

./eaphammer -i wlan0 --auth wpa-eap --essid yayPMF --creds --pmf require

To create a rogue AP that supports PMF, but does not require it, use the --pmf enable flag (default for OWE Transition Mode):

./eaphammer -i wlan0 --auth wpa-eap --essid certifiedEthicalSnacker --creds --pmf enable

To explicitly disable PMF (default behavior for all authentication types except OWE and OWE Transition), use the --pmf disable flag:

./eaphammer -i wlan0 --auth wpa-eap --essid certifiedEthicalSnacker --creds --pmf disable

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

XVI. Protected Management Frames

EAPHammer Wiki

Home

Setup Guide

I. Kali Setup Instructions

II. Parrot OS (Security)

III. Ubuntu

IV. Other Distros

Usage Guide

I. x.509 Certificate Generation

II. Stealing RADIUS Credentials Using EAPHammer

III. Stealing AD Credentials Using Hostile Portal Attacks

IV. Indirect Wireless Pivots

V. Performing Captive Portal Attacks

VI. Attacking 802.11n Networks

VII. Hardware Modes

VIII. Attacking WPA EAP and WPA2 EAP Networks

IX. EAPHammer User Database

X. ESSID Cloaking

XI. Using Karma

XII. PMKID Attacks Against WPA PSK and WPA2 PSK Networks

XIII. Password Spraying

XIV. Cert Wizard

XV. Attacking Opportunistic Wireless Encryption

XVI. Protected Management Frames

XVII. ESSID Stripping Attacks

XVIII. Advanced Granular Controls

Acknowledgements

Clone this wiki locally