Hi,
I was told there is a plugin for FreeRadius that can be used to retrieve the username/password of the EAP request. Is this true?
No...?
There's http://www.willhackforsushi.com/FreeRADIUS_WPE.html, but it's not a complete solution in itself...
Uh, what a lame thing. It will only work on the assumption that the user does not check the server certificate, which really bad practice. The rest is a setup of FreeRADIUS which is designed to be compatible with as many EAP types as possible; so as not to disturb the end user experience. It also can't figure out if the user entered his real credentials or had a typo/intentionally put in something different. The "patch" is a few sample clients, nothing more. A nice exercise, for sure, but calling this "Pwnage Edition" is somewhat exaggerated. As I read the headline, I expected more bang for the buck :-) Greetings, Stefan Winter