One step further for #OpenHarbors with my #tc hackery/prototype. The client/supplicant seems to now receive the #EAPoL from the remote, bridged AP fine and replies to it. Next need to get the reply back to the remote AP.
Initially wasn't sure if I could get EAPoL injected like this. But as long as the MAC address is the same as the original authenticator then it seems to work. Did a bit of skb marking via tc to drop and allow the correct frames.

So, some small progress for #OpenHarbors. Currently trying to see how far I can get with what #hostapd, #wpasupplicant and Linux in general already provide and hacks around that. With control_port=0 and some #tc rules I was able to snitch the initial #EAPOL frame from hostapd and was able to forward it to a remote host. After that I took a little "detour" to play with more hostapd options and adding debug code to see if I could somehow make hostapd to avoid EAPOL, hoping to use less tc hacks.

Do you guys like computer hacking? In a little over week we'll be debuting a new Turtles challenge. All about that EAPOL 4-way handshake you've heard so much about #wifihacking #turtles #ctf #eapol #cryptography #cracking https://supernetworks.org/wifiturtles.html

Is there any way to have #wireshark discard packets that don't have associated #eapol packets?