|Developer(s)||José Ignacio Sánchez Martín|
|Stable release||0.1.5 / July 18, 2005|
|License||GPL (free software)|
Weplab is a tool designed to teach how the Wired Equivalent Privacy (WEP) wireless encryption protocol works, explain the security vulnerabilities in the protocol, and demonstrate attacks that can be used to compromise a WEP protected wireless network. Weplab is designed not only to crack WEP keys but to analyze the wireless security of a network from an educational point of view. The author has attempted to make the source code as clear as possible, instead of implementing optimizations that would obfuscate it.
Weplab tries to break the WEP key using several known attacks:
- attempting to brute force the key
- loading a list of words or passphrases and trying each one in plain or MD5 form. Weplab relies on John the Ripper to generate the word list.
- using the FMS attack, but with some differences. Unlike traditional implementations of the FMS attack, Weplab tests all initialization vectors to determine whether they are weak, and it attacks both the first and the second bytes. More recent versions of Weplab also include the newer Korek's attacks; with these attacks it is possible to crack a 64-bit key after collecting only 100,000 packets, or crack a 128-bit key after collecting 300,000 packets.