Recently I've tried to use wifiZoo in conjunction with airtun-ng, to capture cookies from my own WEP encrypted network without connection(association) procedure to an access point. I use BackTrack 4 Final installed on VMachine and wifi usb dongle with RT73 chipset;
I've performed the whole process, begining from key derivation
Here is the sequence of steps:
Step 1: I derived a WEP key using an aircrack-ng suite(from MY access point, I have the permission
Step 2: Then, I put my wireless card(WUSB54GC) in monitor mode on specific channel(11) using command:
airmon-ng start rausb0 11
Step 3: Creation of tunnel interface using airtun-ng. Bring tunnel interface up:
airtun-ng -a <--ommited---> -w <--ommited---> rausb0
# created tap interface at0
# WEP encryption specified. Sending and receiving frames through ath0.
# FromDS bit set in all frames.
ifconfig at0 up
Step 4: Editing wifizoo.py script to provide correct "interface where to listen" option(at0)
Step 5: ./wifizoo.py -i at0
# using interface at0
# launching web interface..
When I open the Web Interface of WifiZoo and check whether any cookie has been captured i see nothing neither cookie nor SSID list
What is the issue?
Does anybody engaged with wifizoo? Please share the experience
if you really want to use wifizoo try dumping the traffic with airodump, decrypting the packets with airdecap-ng -l (the lack of wireless headers is what i suspect is causing problems but ive never used airtun so i dont know for sure) the other advantage of using airdecap-ng is the ability to decrypt wpa traffic, the main disadvantage is that it wont decrypt on the fly.