User Tools

Site Tools


Cafe Latte attack


The Cafe Latte attack allows you to obtain a WEP key from a client system. Briefly, this is done by capturing an ARP packet from the client, manipulating it and then send it back to the client. The client in turn generates packets which can be captured by airodump-ng. Subsequently, aircrack-ng can be used to determine the WEP key.

These links provide a detailed explanation of the attack plus some ways to protect yourself from it:

Where did the attack name come from? The concept is that a WEP key could be obtained from an innocent client at a coffee bar in the time it takes to drink your cafe latte.


aireplay-ng -6 -h 00:09:5B:EC:EE:F2 -b 00:13:10:30:24:9C -D rausb0


  • -6 means Cafe-Latte attack
  • -h 00:09:5B:EC:EE:F2 is our card MAC address
  • -b 00:13:10:30:24:9C is the Access Point MAC (any valid MAC should work)
  • -D disables AP detection.
  • rausb0 is the wireless interface name

Usage Examples

None at this time.

Usage Tips

None at this time.

Usage Troubleshooting

None at this time.

cafe-latte.txt · Last modified: 2010/11/21 15:52 by sleek