Ant Group's Owfuzz Uses the Openwifi Platform to Automate Fuzzing for Wi-Fi Security Analysis

Alibaba affiliate Ant Group, formerly known as Alipay, has released an open source protocol fuzzing tool for Wi-Fi systems and building on the Openwifi project: Owfuzz.

Released two years ago, IDLab's Openwifi is a fully open source full-stack Wi-Fi design built to offer compatibility with the Linux mac80211 wireless device framework. Created under the Orchestration and Reconfigurable Control Architecture (ORCA) project, Openwifi turns software-defined radios into drop-in replacements for existing Wi-Fi hardware — and, as Ant Group has demonstrated, unlocks new potential.

"Owfuzz is the first [project] to use [the] Openwifi platform to implement a Wi-Fi protocol fuzzing test framework," the company explains of its release, "which supports the fuzzing test of all Wi-Fi frames and the interactivity testing of Wi-Fi protocols."

Compatible with 2.4GHz and 5GHz networks and able to work with target devices whether they're access points or clients, owfuzz promises impressive flexibility — including support for any Wi-Fi state, WEP/WPA/WPA2/WPA3 or open security, and fuzzing of all management, control, and data frames.

If an issue is discovered, the software automatically generates a proof-of-concept log and locates the source of the vulnerability. Thus far, however, Ant Group has not publicly documented any vulnerabilities it has discovered with the tool — if, indeed, it has discovered any.

Those interested in trying the tool out can find it on GitHub under the GNU General Public License 3 or later, with some elements licensed separately as GPL 2 or BSD 3. If you don't have an Openwifi system, the company indicates the tool also supports fixed-function wireless network cards with monitor mode and frame injection capabilities.