Real Time cookie capture from WEP encrypted wireless network, without association

[PipeDevil]

Hi everybody!


Recently I've tried to use wifiZoo in conjunction with airtun-ng, to capture cookies from my own WEP encrypted network without connection(association) procedure to an access point. I use BackTrack 4 Final installed on VMachine and wifi usb dongle with RT73 chipset;

I've performed the whole process, begining from key derivation

Here is the sequence of steps:


Step 1: I derived a WEP key using an aircrack-ng suite(from MY access point, I have the permission

Step 2: Then, I put my wireless card(WUSB54GC) in monitor mode on specific channel(11) using command:

airmon-ng start rausb0 11

Step 3: Creation of tunnel interface using airtun-ng. Bring tunnel interface up:

airtun-ng -a <--ommited---> -w <--ommited---> rausb0

# created tap interface at0
# WEP encryption specified. Sending and receiving frames through ath0.
# FromDS bit set in all frames.

ifconfig at0 up

Step 4: Editing wifizoo.py script to provide correct "interface where to listen" option(at0)

Step 5: ./wifizoo.py -i at0


# <--ommited--->
#
#
# using interface at0
# launching web interface..
#
#
# <--ommited--->
#
# Waiting...

When I open the Web Interface of WifiZoo and check whether any cookie has been captured i see nothing neither cookie nor SSID list

What is the issue?

Does anybody engaged with wifizoo? Please share the experience

[jimmyd]

Hi everybody!


Recently I've tried to use wifiZoo in conjunction with airtun-ng, to capture cookies from my own WEP encrypted network without connection(association) procedure to an access point. I use BackTrack 4 Final installed on VMachine and wifi usb dongle with RT73 chipset;

This is known as sidejacking. I have done it successfully using Wireshark instead of wifizoo. One step that might be an issue is that you don't load use the command "modprobe tun" to load the tunneling module.

[PipeDevil]

This is known as sidejacking. I have done it successfully using Wireshark instead of wifizoo. One step that might be an issue is that you don't load use the command "modprobe tun" to load the tunneling module.

Airtun-ng <> Wireshark pair works with no-problem )

But what is the issue with WifiZoo?

[CKing]

if you really want to use wifizoo try dumping the traffic with airodump, decrypting the packets with airdecap-ng -l (the lack of wireless headers is what i suspect is causing problems but ive never used airtun so i dont know for sure) the other advantage of using airdecap-ng is the ability to decrypt wpa traffic, the main disadvantage is that it wont decrypt on the fly.