KRACK Detector is a tool to detect and prevent KRACK attacks in your network

The KRACK attack works by exploiting a 4-way handshake of the WPA2 protocol that’s used to establish a key for encrypting traffic.

“When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. nonce) and receive packet number (i.e. replay counter) are reset to their initial value,” explained Vanhoef. “Essentially, to guarantee security, a key should only be installed and used once. Unfortunately, we found this is not guaranteed by the WPA2 protocol. By manipulating cryptographic handshakes, we can abuse this weakness in practice.”

The attacker just needs to trick a victim into re-installing an already-in-use key, which is achieved by manipulating and replaying cryptographic handshake messages.

How to discover if your network is vulnerable to KRACK attack?

KRACK Detector is a script written in Python Language that can detect possible KRACK attacks against client devices on your network. It uses Python 2 for backward compatibility with older operating systems.

“KRACK Detector is a Python script to detect possible KRACK attacks against client devices on your network. The script is meant to be run on the Access Point rather than the client devices. It listens on the Wi-Fi interface and waits for duplicate message 3 of the 4-way handshake. It then disconnects the suspected device, preventing it from sending any further sensitive data to the Access Point.” states the description of the tool.

Network administrators have to run the script on the Access Point rather than the client devices, it listens on the Wi-Fi interface and waits for duplicate message 3 of the 4-way handshake. Once it detects a device sending the handshake message it then disconnects it in order to prevent it from sending any further sensitive data to the Access Point.

The presence of message 3 of the 4-way handshake is a necessary condition for the Krack attack, however, it might be retransmitted even if no attack is ongoing.

“In such a case the client device will be disconnected from the Wi-Fi network. Some client devices will take some time to re-authenticate themselves, losing the Wi-Fi connection for a few seconds.” reported the Kitploit.com.

No external Python packages are required, network administrators have to run the script as root and pass the Wi-Fi interface as a single argument.

Administrators need to use the actual Wi-Fi interface and not any bridge interface it connects to.

python krack_detect.py wlan0

python krack_detect.py -n wlan0