On the Fly WEP data sniffing using scapy

[Cryptid]

i have been playing around with scapy for quite sometime now... works great for sniffing wireless traffic without even associating to any AP, but i havent figured out how to sniff on data protected by WEP.

i dont want to use airtun-ng i was hoping there is a way scapy handles the data after providing it with the wep key. i have seen a variable that holds the wepkey in the configuration file of scapy "conf.wepkey" and i have read some where about the use of unwep() function which needs pycrypto lib so was wondering if these could help me sniff and decode wireless wep traffic in real time,, if anyone knows how to accomplish this please help me out.

[level]

I pulled this from the scapy list some time ago. Never tried it but it may be what you're looking for.

> what is the correct way to decrypt a wep key using Dot11.unwep()

I'm not sure what you mean by "decrypt a wep key".
You cannot use Scapy to find out an unknown key (at least not easily).
But if you supply the correct key yourself, you can decrypt the packets.

I think the easiest way is to use the toEthernet() method on
Dot11PacketLists. This uses unwep() internally (after some filtering)
and returns the results as Ethernet frames:

>>> enc=rdpcap("weplab-64bit-AA-managed.pcap")
>>> enc.show()
>>> enc[0]
>>> conf.wepkey="AA\x00\x00\x00"
>>> dec=Dot11PacketList(enc).toEthernet()
>>> dec.show()
>>> dec[0]

[Cryptid]

I pulled this from the scapy list some time ago. Never tried it but it may be what you're looking for.

this isnt on the fly we are reading a .pcap file which is already present in the disk... i came across this example before making a post on the forum.. i need packets to be sniffed and decoded in real time,, any help with that?

[imported_wyze]

How about pasting the cod you have tried thus far... or are you looking for someone to write this for you?

[Cryptid]

How about pasting the cod you have tried thus far... or are you looking for someone to write this for you?

Code:

conf.iface='mon0'
conf.wepkey='\x19\xdd\x32\x72\x7c'
pkt=sniff(count=0, prn=lambda x:x.summary())
^C
pkt[321].unwep() # where pkt[321] is a packet containing Dot11WEP layer

i get an error saying

Code:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.5/site-packages/scapy/packet.py", line 162, in __getattr__
    fld,v = self.getfield_and_val(attr)
  File "/usr/lib/python2.5/site-packages/scapy/packet.py", line 158, in getfield_and_val
    return self.payload.getfield_and_val(attr)
  File "/usr/lib/python2.5/site-packages/scapy/packet.py", line 158, in getfield_and_val
    return self.payload.getfield_and_val(attr)
  File "/usr/lib/python2.5/site-packages/scapy/packet.py", line 158, in getfield_and_val
    return self.payload.getfield_and_val(attr)
  File "/usr/lib/python2.5/site-packages/scapy/packet.py", line 158, in getfield_and_val
    return self.payload.getfield_and_val(attr)
  File "/usr/lib/python2.5/site-packages/scapy/packet.py", line 158, in getfield_and_val
    return self.payload.getfield_and_val(attr)
  File "/usr/lib/python2.5/site-packages/scapy/packet.py", line 998, in getfield_and_val
    raise AttributeError(attr)
AttributeError: unwep

so i guess the write question to be asked is what is the correct syntax for using the unwep function on a packet?

[Cryptid]

well i figured it out.. scapy decrypts things automatically once the wepkey is entered in the correct format,, philippe was kind enough to point that out... but now i need to figure out a way to monitor two seperate AP with two different keys... any help with that would be greatly appreciated