Evil Twin EAP-TLS

Tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

• Angalia mpango wa usajili!
• Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
• Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.

EAP-TLS ni chaguo la kawaida “salama” kwa WPA2/3-Enterprise, lakini kasoro mbili za vitendo zinaonekana mara kwa mara wakati wa tathmini:

• Unauthenticated identity leakage: outer EAP-Response/Identity inatumwa katika cleartext kabla ya kujengwa TLS tunnel yoyote, hivyo majina ya watumiaji halisi ya domain mara nyingi huvujwa juu ya hewa.
• Broken client server-validation: ikiwa supplicant haithibitishi kwa ukali satifiketi ya server ya RADIUS (au inaruhusu watumiaji kubofya kupitia warnings), rogue AP yenye self-signed cert bado inaweza ku-onboard wahasiriwa – hicho kinabadilisha mutual TLS kuwa one-way TLS.

Unauthenticated EAP identity leakage / username enumeration

EAP inaendesha kubadilishana utambulisho kabla ya TLS kuanza. Ikiwa client inatumia jina la mtumiaji halisi la domain kama outer identity, yeyote katika RF range anaweza kukusanya bila kuthibitisha.

Passive harvest workflow

# 1) Park on the right channel/BSSID
airodump-ng -i $IFACE -c $CHAN --bssid $BSSID

# 2) Decode EAP frames and extract identities
# Trigger a client connection (e.g., your phone) to see the leak
tshark -i "$IFACE" -Y eap -V | grep "Identity: *[a-z]\|*[A-Z]\|*[0-9]"

Athari: ukusanyaji wa haraka wa username bila uthibitisho → huongeza password spraying, phishing, na account correlation. Mbaya zaidi wakati usernames zinafanana na email addresses.

Faragha ya TLS 1.3 dhidi ya mbinu za downgrade

TLS 1.3 inasimba client certs na metadata nyingi za handshake, hivyo wakati supplicant kwa kweli anapnegotiate TLS 1.3, Evil Twin haiwezi kwa njia ya passive kujifunza cheti/utambulisho wa mteja. Mijumuisho mingi ya enterprise bado inaruhusu TLS 1.2 kwa ajili ya compatibility; RFC 9190 inaonya kuwa rogue AP inaweza kutoa tu TLS 1.2 static-RSA suites ili kulazimisha fallback na kurudisha kuonyesha outer identity (au hata cheti la mteja) wazi kwenye EAP-TLS.

Offensive playbook (downgrade to leak ID):

• Jenga hostapd-wpe kwa kuwezesha tu ciphers za TLS 1.2 static-RSA na kuzima TLS 1.3 katika openssl_ciphersuite / ssl_ctx_flags.
• Tangaza SSID ya shirika; mteja anapoanzisha TLS 1.3, jibu kwa TLS alert na anzisha upya handshake ili peer arudi kujaribu na TLS 1.2, ukaonyesha utambulisho wake halisi kabla ya uthibitisho wa cheti kufanikiwa.
• Unganisha hili na force_authorized=1 katika hostapd-wpe ili 4-way handshake ikamilike hata kama client-auth itashindwa, ikikupa trafiki ya ngazi ya DHCP/DNS kwa ajili ya phishing au portal.

Mabadiliko ya kinga (nini cha kutazama wakati wa tathmini):

• hostapd/wpa_supplicant 2.10 iliongeza msaada wa server na peer kwa TLS 1.3 lakini inasafirisha hiyo imezimwa kwa chaguo-msingi; kuiwezesha kwenye clients kwa phase1="tls_disable_tlsv1_3=0" kunaondoa dirisha la downgrade.

Mambo halisi ya TLS 1.3 katika 2024–2025

• FreeRADIUS 3.0.23+ inakubali EAP-TLS 1.3, lakini clients bado huvunjika (Windows 11 haina EAP-TLS 1.3 session resumption, msaada wa Android unatofautiana), hivyo uwekaji mwingi unaweka tls_max_version = "1.2" kwa ajili ya stabliity.
• Windows 11 inawezesha EAP-TLS 1.3 kwa default (22H2+), lakini kushindwa kwa resumptions na stacks za RADIUS zenye matatizo mara nyingi hulazimisha fallback kwa TLS 1.2.
• Ubadilishaji wa ufunguo wa RSA kwa TLS 1.2 unapitiwa na wakati; OpenSSL 3.x inaondoa static-RSA suites kwa security level ≥2, hivyo rogue wa TLS 1.2 static-RSA anahitaji OpenSSL 1.1.1 na @SECLEVEL=0 au toleo la zamani.

Uendeshaji wa toleo kwa vitendo wakati wa shughuli

• Force TLS 1.2 on the rogue (to leak identities):

# hostapd-wpe.conf
ssl_ctx_flags=0
openssl_ciphers=RSA+AES:@SECLEVEL=0   # requires OpenSSL 1.1.1
disable_tlsv1_3=1

• Chunguza kutokuwa na uvumilivu kwa TLS kwa client: endesha rogues wawili – mmoja akitangaza TLS 1.3-tu (disable_tlsv1=1, disable_tlsv1_1=1, disable_tlsv1_2=1) na mwingine TLS 1.2-tu. Clients wanaojiunga tu na BSS ya 1.2 wanaweza kudowngrade.
• Angalia fallback katika captures: tumia filter ya Wireshark tls.handshake.version==0x0303 baada ya ClientHello ya awali yenye supported_versions ikijumuisha 0x0304; waathiriwa wanaorudia 0x0303 wanaendelea ku-leak outer ID zao tena.

Evil Twin kupitia ukaguzi wa server uliovunjika (“mTLS?”)

Rogue APs zinazotangaza SSID ya shirika zinaweza kuwasilisha cheti chochote. Ikiwa client:

• haithibitishi server cert, au
• inauliza mtumiaji na kuruhusu kupitisha CAs zisizoaminika/cheti zilizojisaini, basi EAP-TLS haendelei kuwa mutual. hostapd/hostapd-wpe iliyorekebishwa ambayo inaruka uthibitisho wa cheti cha mteja (mfano, SSL_set_verify(..., 0)) inatosha kuanzisha Evil Twin.

Kumbusho fupi kuhusu infra ya rogue

Kwenye Kali ya hivi karibuni, kompaili hostapd-wpe ukitumia hostapd-2.6 (from https://w1.fi/releases/) na usakinishe kwanza legacy OpenSSL headers:

apt-get install libssl1.0-dev
# patch hostapd-wpe to set verify_peer=0 in SSL_set_verify to accept any client cert

Makosa ya misconfig ya Windows supplicant (GUI/GPO)

Marekebisho muhimu kutoka kwenye profile ya Windows EAP-TLS:

• Verify the server’s identity by validating the certificate
• Imechaguliwa → mnyororo lazima uaminike; haijawekwa → any self-signed cert is accepted.
• Connect to these servers
• Tupu → any cert from a trusted CA is accepted; set CN/SAN list to pin expected RADIUS names.
• Don’t prompt user to authorise new servers or trusted certification authorities
• Imechaguliwa → users cannot click through; haijawekwa → user can trust an untrusted CA/cert and join the rogue AP.

Matokeo yaliyobainika:

• Strict validation + no prompts → rogue cert rejected; Windows logs an event and TLS fails (good detection signal).
• Validation + user prompt → user acceptance = successful Evil Twin association.
• No validation → silent Evil Twin association with any cert.

Marejeo

• EAP-TLS: The most secure option? (NCC Group)
• EAP-TLS wireless infrastructure (Versprite hostapd bypass)
• RFC 4282 - Network Access Identifier
• Microsoft ServerValidationParameters (WLAN profile)
• RFC 9190 – EAP-TLS 1.3
• hostapd/wpa_supplicant 2.10 release notes (TLS 1.3 EAP-TLS support)
• FreeRADIUS TLS 1.3 support thread (Nov 2024)
• Windows 11 enabling TLS 1.3 for EAP (SecurityBoulevard, Jan 2024)
• draft-ietf-tls-deprecate-obsolete-kex

Tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

• Angalia mpango wa usajili!
• Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
• Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.