off topic - eapol_test alternative

Brian Julin BJulin at clarku.edu
Mon Mar 12 20:56:45 CET 2018


Matt Zagrabelny <mzagrabe at d.umn.edu> wrote
> It seems eapol_test needs a shared secret with the RADIUS server. I don't
> have that.

Ah I should have read more carefully.

If you can wrest control of wpa_supplicant away from NetworkManager, and run
it in the foreground with a lot of -d's it will dump its EAPOL traffic (including
sensitive stuff).

You'd be looking for several >= 1024 RX chunks followed by one smaller one
with some messages about needing more data in between... that's sure to be
the certificate chain as it's the biggest object transferred.

Glue those chunks together (chop off 10 bytes I think at the start of each to
get rid of the EAP header) and your certs are in there.  You just have to
concatinate those, unhex it, and figure out what parts to chop off to get each
cert in the chain into some reasonable facsimili of a .DER file, I think, then
use "openssl x509" to convert it to PEM or view it.  But... the ASCII parts of
the cert will immediately be visible with a simple strings command after unhexing.

One afternoon of perl hackery and that all could be automated pretty easily...





More information about the Freeradius-Users mailing list