Practical & Improved Wifi MITM with MANA

In 2014, we released the mana rogue AP toolkit at DEF CON 22. This fixed KARMA attacks which no longer worked against modern devices, added new capabilities such as KARMA against some EAP networks and provided an easy to use toolkit for conducting MitM attacks once associated.

Since then, several changes in wifi client devices, including MAC randomisation, significant use of the 5GHz spectrum and an increased variety of configurations has made these attacks harder to conduct. Just firing up a vanilla script gets fewer credentials than it used to.

To address this mana will be re-released in this talk with several significant improvements to make it easier to conduct rogue AP MitM attacks against modern devices and networks.

After years of using mana in many security assessments, we've realised rogue AP'ing and MitM'ing is no simple affair. This extended talk will provide an overview of mana, the new capabilities and features, and walk attendees through three scenarios and their nuances:

Intercepting corporate credentials at association (PEAP/EAP-GTC) Targeting one or more devices for MitM & collecting credentials "Snoopy" style geolocation & randomised MAC deanonymization. As a bonus, you'll be able to download a training environment to practise all of this without requiring any wifi hardware (or breaking any laws).


singe, CTO @ SensePost

singe has been hacking for 14 years, the last 8 of them at SensePost. He is the primary author of mana-toolkit and has developed wifi hacking training for places like BlackHat.


Detailed Presentation:

(Source: DEF CON 26)
E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

RSAC Meetup Banner

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)