Once a key stream is known, a new message can be constructed by taking the new plain text and XORing it with the known key stream to create a new, forged cipher text. Again, since the 802.11 standard does not require the IV to change with every packet, each device must accept reused IVs.
For example, let's say we know the plain text and cipher text for a particular message. We could use this information to derive the key stream (Figure 3.5)
Figure 3.5. Deriving a key stream.
Using the key stream, we could take our own plain text and use the key stream to forge a new cipher text. This packet could then be injected into the network and decrypted by the target machine as a valid WEP packet (Figure 3.6).
Figure 3.6. Forging a new cipher text.