Introduction

Injection Wizard is an application for injecting traffic into WEP-protected Wi-Fi networks, like aireplay-ng, but it's much more easy to use and it can work with worse conditions (for example, more interferences, weaker transmitted/received signals, more restricted access points, etc). The higher the traffic of the network, the earlier we will be able to crack a WEP key with tools like aircrack-ng, airsnort, dwepcrack, weplab, WEPAttack, WEPCrack, etc. However, injecting traffic is not easy because you must build or capture a frame that causes a response frame in any other station (that is, a wireless node). This application carries out automatically all the needed actions to build a frame that causes a response in other station. These actions can be summarized in the following sequence of steps:

  1. The application scans Wi-Fi networks and shows a list of WEP-protected networks, then it allows the user to select one of them.
  2. It joins the selected network and monitors that network in order to find a data frame.
  3. It tries to extract a keystream prefix from the captured frame and then it tries to extend the keystream up to 40 bytes by means of the W. A. Arbaugh's inductive chosen plaintext attack.
  4. It tries to find a host (for example, a connected computer, a network device, etc), which has an IP address belonging to a predefined range, by injecting forged ARP packets.
  5. After finding an active host, it injects ARP packets targeted at that host.

Some of the benefits of this application are easiness of use (due to its graphical interface, automatic operation, etc) and robustness (detection/management of network disconnections, repetition of failed actions, etc). Moreover, the Arbaugh's inductive attack can be performed by any Wi-Fi interface supporting injection in monitor mode, because the interface driver doesn't need any additional patch as it's usual to happen with the Bittau's fragmentation attack. Besides its higher applicability, this attack is generally more reliable than Chop-Chop attack for recovering a keystream of a given size, because it doesn't have to inject any frame larger than needed.

This application is distributed under the terms of the GNU General Public License version 2 (read the license.htm file for more details) and comes with absolutely no warranty. The author assumes no responsibility derived from the use or the distribution of this program. The copyright of this application is owned by Fernando Pablo Romero Navarro (May 2010). Injection Wizard has made use of (with convenient modifications) the following free software applications:

Software Requirements

For the client application (graphical interface):


For the server application:

Instructions

  1. Uncompress the injwiz.zip file.
  2. Copy the client directory on a system with a Java virtual machine accessible from the command path (for example, launch a shell, enter the client directory, execute the command: java -version and check the command outputs the JRE version number).
  3. Copy the server directory on a Linux box. If the client and server directories weren't copied on the same machine, you should edit the runserver.sh script (in the server directory) and replace the IP address: 127.0.0.1 with the IP address of the Linux box's network interface that is attached to the same network that the client machine (i.e. the computer that hosts the client directory).
  4. Enter the server directory and run the script: ./runserver.sh (the Python interpreter should be accessible from the command path. You can check this by running: python -V from the command line and verifying that the interpreter version is showed).
  5. On the client machine, enter the client directory and run either the script: ./runclient.sh (for Linux or Unix-like operating systems providing a shell compatible with the Bourne shell and whose path for the executable file is: /bin/sh) or runclient.bat (for Windows).

Client Configuration

Frequently Asked Questions

Contact

If you have any question, suggestion or comment, you may contact the author by means of the following e-mail address: fernpromero(at)gmail(dot)com (please, replace each parenthesis and its content with the corresponding character). If you regard this application as useful for any purpose whatsoever or you would like to contribute to improving or adding some features, you may make a donation by clicking this link: