====== Cafe Latte attack ======
===== Description =====

The Cafe Latte attack allows you to obtain a WEP key from a client system.  Briefly, this is done by capturing an ARP packet from the client, manipulating it and then send it back to the client.  The client in turn generates packets which can be captured by [[airodump-ng]].   Subsequently, [[aircrack-ng]] can be used to determine the WEP key.

These links provide a detailed explanation of the attack plus some ways to protect yourself from it:

  * [[http://www.airtightnetworks.com/home/resources/knowledge-center/caffe-latte.html|Cafe Latte attack]]

  * [[http://www.esecurityplanet.com/trends/article.php/3716656/The-Caffe-Latte-Attack-How-It-Worksand-How-to-Block-It.htm|The Caffe Latte Attack: How It Works—and How to Block It]]

Where did the attack name come from?  The concept is that a WEP key could be obtained from an innocent client at a coffee bar in the time it takes to drink your cafe latte.


===== Usage =====

  aireplay-ng -6 -h 00:09:5B:EC:EE:F2 -b 00:13:10:30:24:9C -D rausb0

Where:
  *-6 means Cafe-Latte attack
  *-h 00:09:5B:EC:EE:F2 is our card MAC address
  *-b 00:13:10:30:24:9C is the Access Point MAC (any valid MAC should work)
  *-D disables AP detection.
  *rausb0 is the wireless interface name


===== Usage Examples =====

None at this time.


===== Usage Tips =====

None at this time.


===== Usage Troubleshooting =====

None at this time.