Results 1 to 6 of 6

Thread: Enquiry about decrypt wep data packet

  1. #1
    Junior Member
    Join Date
    Jan 2009
    Posts
    59

    Default Enquiry about decrypt wep data packet

    Hi! I find the wep key and decrypt the captured data... I try to use wireshark to view it, but the content in the "data" field are just "jh83asfs@^#Hefdfjbwfns" something like that. Is it possible to view the data so I can extract useful information, for example, username and password?

    ***I am using my own network for testing***

  2. #2
    Just burned his ISO
    Join Date
    Mar 2009
    Posts
    7

    Default

    Pretty sure WEP packets are encrypted.

    And yes "Your own network"... Sure..

    Anyways, try here, old thread but maybe it'll help?

    hxxp://forums.remote-exploit.org/showthread.php?t=6520

  3. #3
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    17

    Default

    Quote Originally Posted by charlescywong View Post
    Hi! I find the wep key and decrypt the captured data... I try to use wireshark to view it, but the content in the "data" field are just "jh83asfs@^#Hefdfjbwfns" something like that. Is it possible to view the data so I can extract useful information, for example, username and password?

    ***I am using my own network for testing***
    Did you connect to the access point using the wep key you broke? If so you're going to have conduct a man in the middle attack in order to see unencrypted data. (ARP Poisoning SSL spoofing etc) In most cases sensitive data like passwords and user name's are encrypted either by your router or by the server that the target is connecting to. Make sure when you arp poison that you spoof the router and not the host youre trying to target. This way all the traffic that the target sends is passed to you first unencrypted unless of course they are using a tunneling method like ssh tunnel.

  4. #4
    Junior Member SWFu64's Avatar
    Join Date
    Jan 2010
    Posts
    97

    Default

    You could use ettercap, but wireshark will do it anyway.
    http://wiki.wireshark.org/HowToDecrypt802.11

    Airtun-ng if you want to send the decrypted data to a virtual interface.
    http://www.aircrack-ng.org/doku.php?id=airtun-ng

    Airdecap-ng if its a captured file.
    http://www.aircrack-ng.org/doku.php?id=airdecap-ng
    "I do not know with what weapons World War III will be fought, but World War IV will be fought with sticks and stones."

    Albert Einstein

  5. #5
    Junior Member
    Join Date
    Jan 2009
    Posts
    59

    Default

    Thanks! Everyone!

  6. #6

    Default

    If you have discovered the WEP key and you want to decrypt previously captured traffic, you can put that key in wireshark and it will decrypt the traffic. Go to Edit > Preferences > Protocols > IEEE 802.11 and enter the key information.

    The data will then be rendered as unencrypted.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •