Hi & rt73 rtl8187b bt4 wpa-handshake issues
Hi, i'm new to post, though have often used this immensely helpful forum, for tutorials etc. thank you all.
I recently installed bt4 pre-final. I have an internal rtl8187b usb chip, and an external rt73 usb. i can apparently do everything with these, enabling monitor mode etc. when I use airodump and aireplay it all seems to work. I can detect my AP and client. with power at 98 - 104, which i assume is good. however however many time I deAuth the client airodump never pops up the 'wpa-handshake captured' notification. I'm unsure if the DeAuth works. Airodump shows massively increased traffic with the rtl8187b and no change with the rt73 yet the client remains associated. I have tried bt4 as is. and with the enhanced rt73 driver, though I don't know if this is necessary. I've had the same issue with bt4 in Virtual box on Ubuntu and a full installation version.
I've successfully been able to use bt3 with the same hardware and the enhanced driver, though different AP, different client, different country(not that that should matter).
I've followed various tutorials down to the letter, yet no handshake.
does anyone know if this is an issue with bt4, my hardware, the AP, client, or am I being a complete idiot and doing something stupid. I've done my best to exhaust the other threads and google.
any help would be very appreciated. thanks again for all the howto's and tutorials (particularly exploitz). they have been a real education.
you need what is known as a 4-way handshake, and there's two ways to obtain it, either get the client to manually re-associate to the AP and capture on the same channel as the AP.. or use tkiptun-ng to deauth the client (if the router is in WPA-TKIP, it will work slightly better).
thanks for your reply.
the network is WPA-TKIP, i've been using the -0 option on aireplay-ng. I'm not familiar with tkiptun-ng, however am aware that its part of the aircrack bunch, so i'll try that. incidentally using aircrack in Mint (bacsically ubuntu) i've found that network traffic goes up using both my wireless cards with aireplay-ng. though no handshake, possibly as a result of lost packts? although the signal strength seems fine, I do seem to lose a significant no of packets during an attack. so maybe that is why.
again, thanks for your reply.
will post if i figure out what's going wrong, if i fix it, or if tkiptun-ng works out.
It looks like it should support the rt73 and rtl8187b (my understanding is that the rtl8187b uses the rtl8187 driver with onlya small modification). from the look of the --help page it doesn't wrtite out a dump file, so should be used in conjunction with airodump in the place more or less of aireplay? i'll play around and see what others have written.
The handshake confirmation is sent on the operational channel, if your card isnt set to a channel ie. channel 11, ie. airmon-ng wlan0 11,
the device will boot up in a channel hopping mode, making it hardwork to record the handshake.
also using airodump-ng without specifing a channel (--channel 11) will make the device hop channels.
So if the operational channel of the ap is on channel 11, we would use that command, in both calling the device with airmon, and when using airodump, below are examples.
airmon-ng start wlan0 11
airodump-ng --channel 11 -w handshake wlan0
Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.
Yes I've been doing that. specifying the access point, with --bssid and the channel -c, and -w for the dump file, for airodump-ng. also trying a mixture of options for aireplay, from just the channel (it is the sole AP on its channel) to the channel and mac of AP and client. I have also used both my wireless cards, either individually with both programs (ie just the rtl8187b, or just the rt73) and one for each. all seems to work very compatibly. the only notable difference being that the power in airodump fluctuates when using one card, however maintains when using two. presumably this is as a result of the interaction of aireplay.
anyway, one thing which seems different to bt3 is that when monitor mode is enabled on my wireless cards they represent four interfaces, wlan0, wlan2, mon0, mon1. I don't know why its wlan2 instead of wlan1... in this scenario I have been using mon0 and mon1 as interfaces. Is this right? I assume that that is the purpose of these IF's. most tutorials typically site the IF as being wlan0 or rausb0. but this is in bt3 or bt2. is this a new feature of the aircrack suite?
anyway, thank for your replies. any help will be very welcome. I am beginning to think that there may be a fault else-where. If the client's signal is particularly weak would this be a problem for capturing the handshake? as this is often the case.
thanks.
ps I haven't tried specifying the channel using airmon-ng just airodump and aireplay, so i'll try that, although I don't think that channel hopping is the problem.
i have the same problem, i have a usb wlan adapter with the RTL8187B chipset, it works fine and all but i can't get the handshake to. What i think that is the problem: It can not inject packets. Does anyone know if it is?
p.s I am using backtrack 4
p.s.s excuse me for my bad english, xD
Posting Permissions
