The Hirte attack
The Hirte attack extends the Caffe Latte attack in the sense that it also allows the use of any IP packets and not only of gratuitous ARP packets received from the client.
By bit-flipping these packets, we generate the ARP requests to send back to the client and then perform the attack. Another difference with Caffe Latte is that Hirte also uses packet fragmentation to send ARP requests to the client.
More technical details about this attack can be found on the Aircrack-ng Wiki at http://www.aircrack-ng.org/doku.php?id=hirte.
In practice, launching the Hirte attack is almost identical to launching the Caffe Latte attack; the only difference is the use of the -N option, specific for this attack, instead of the -L option:
airbase-ng -c 1 -e Target_Network -F hirte -N -W 1 mon0
For those who prefer using a graphical, automated tool, both the Caffe Latte and Hirte attacks can be performed with Fern WiFi Cracker, which we have already covered in Chapter 4, WEP Cracking.
These attacks...
