Skip to content
Snippets Groups Projects
Select Git revision
  • master default
1 result
Compare
user avatar
Working python for initiator
Maxime Puys authored
7317f66f
History
user avatar 7317f66f
History
Name Last commit Last update
resources
wireguard-attacker
wireguard-client1
wireguard-client2
wireguard-server
.gitignore
README.md
Vagrantfile
README.md

Project logo

Wireguard Attack

Status Gitlab Issues GitHub Pull Requests License

This repository is a POC demonstrating the compromission of a Wireguard connection allowing to discover identity of a user.

📝 Table of Contents

🧐 About

This repo contain a python script to conduct an attack on a Wireguard connection. The server is running inside a docker on a Debian Bookworm amd64 virtual machine. All other VM are running on the same image.

We are using Vagrant along with Virtualbox to setup the experiment. We will create 4 VM (server, client1, client 2, MitM attacker).

wireguard-{server,client1,client2,attacker} directories will be "mounted" respectively on each VM so content of repository is available inside VM.

🏁 Getting Started

Here is what is needed to operate the attack.

Prerequisites

You need to have VirtualBox installed on your machine along with Hashicorp Vagrant.

sudo apt install virtualbox vagrant

Installing

A step by step series of examples that tell you how to get a development env running.

Say what the step will be

git clone https://gitlab.limos.fr/borlonjo/wireguard-attack.git
cd wireguard-attack

Now you can start VM using vagrant

vagrant up

End with an example of getting some data out of the system or using it for a little demo.

🎈 Usage

To connect to VM using ssh, you can issue:

vagrant ssh <vm_name>

To execute the script you need to connect to wireguard-attacker VM:

vagrant ssh wireguard-attacker
cd /srv/wireguard-attacker
source .venv/bin/activate
./attack

To initiate Wireguard connection, you need to connect to wireguard-clientN VM:

vagrant ssh wireguard-client1

To start Wireguard connection (as root):

wg-quick up wg0

To stop Wireguard connection (as root):

wg-quick down wg0

Sniff using Wireshark (optional)

To start sniffing using Wireshark, you need to start dumpcap on attacker VM and pipe data to your wireshark installation. In order to do so you need to retrieve vagrant ssh configuration :

vagrant ssh-config

[...]

Host wireguard-attacker
  HostName 127.0.0.1
  User vagrant
  Port 2202
  UserKnownHostsFile /dev/null
  StrictHostKeyChecking no
  PasswordAuthentication no
  IdentityFile /home/user/wireguard-attack/.vagrant/machines/wireguard-attacker/virtualbox/private_key
  IdentitiesOnly yes
  LogLevel FATAL
  PubkeyAcceptedKeyTypes +ssh-rsa
  HostKeyAlgorithms +ssh-rsa

You need IdentityFile value and Port value of wireguard-attacker host to use these in this command :

ssh -o StrictHostKeyChecking=no -i <IdentityFile>  vagrant@localhost -p <Port> sudo dumpcap -i eth1 -w - | wireshark -k -i -

For MacOS users, you may need to replace wireshark by the full path of your installed binary.