Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Wireshark --- Promiscuous Mode --- WPA

  1. #11
    Senior Member ShadowMaster's Avatar
    Join Date
    Jul 2011
    Location
    /root
    Posts
    189

    Default Re: Wireshark --- Promiscuous Mode --- WPA

    Have you looked at airtun-ng? It does kinda the same thing. Also, be aware that this will only work for TKIP encryption. For CCMP no matter how long you try to decrypt you will not be able to sniff. You may end up with a huge amount of encrypted packets, but you will not be able to decrypt them, sorry. :\ But the idea *IS* cool, and I look forward to the finished product as a new tool in my arsenal against WPA-TKIP .
    World Domination is such an ugly phrase. I prefer the term World Optimization.

  2. #12
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default Re: Wireshark --- Promiscuous Mode --- WPA

    Quote Originally Posted by ShadowMaster View Post
    Have you looked at airtun-ng? It does kinda the same thing. Also, be aware that this will only work for TKIP encryption. For CCMP no matter how long you try to decrypt you will not be able to sniff. You may end up with a huge amount of encrypted packets, but you will not be able to decrypt them, sorry. :\ But the idea *IS* cool, and I look forward to the finished product as a new tool in my arsenal against WPA-TKIP .

    Nearly got it done.... about one hour more and I'll have it. Taking a break to have dinner. Then I need to figure out why is segfaulting when calling "getopt_long".... shouldn't take me too long. Other than that, everything's done. I've hijacked all the calls to "fread" and "fwrite" with my own functions that just spit frames out on the "lo" interface.

    Won't be long now.
    Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

  3. #13
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default Re: Wireshark --- Promiscuous Mode --- WPA

    Quote Originally Posted by Virchanza View Post
    Nearly got it done.... about one hour more and I'll have it. Taking a break to have dinner. Then I need to figure out why is segfaulting when calling "getopt_long".... shouldn't take me too long. Other than that, everything's done. I've hijacked all the calls to "fread" and "fwrite" with my own functions that just spit frames out on the "lo" interface.

    Won't be long now.

    Spoke too soon... I'm having trouble with the pcap file format.... I've spent too long on it today, I'll leave it til another time. I'm close though, very close.
    Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

  4. #14
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default Mission Accomplished

    Mission Accomplished. I've got it working. I'm sniffing WPA traffic on the fly in promiscuous mode using Wireshark.

    Here's how I did it:

    1) I altered the code of Airdecap to get it to read from "stdio" (standard input), and instead of getting it to write decrypted WPA frames to a file, I used my raw socket networking library to send them out directly on the loop back interface. I got that working first separately on its own.

    2) Next I altered the code of Airodump so that instead of writing the captured packets to a file, it would simply print them to "stdout" (standard output).

    Then I just piped the output of Airodump into the input of Airdecap, like this:

    Code:
    ./airodump-ng --bssid 00:01:02:03:04:05 --channel 8 -o pcap -w dummy wlan0 2> /dev/null | ./airdecap-ng -k 909be2c90072954126daf1927fa62733a5e31e103a47ce211cdcca03e1fb96d2 dummy
    Then I sent a de-authentication frame to every host on the WPA wifi network so that they'd reconnect with the 4-way handshake, and Airodump would capture this and send it on to Airdecap on-the-fly.

    Next I just opened up Wireshark and listened on the "lo" interface. Now I can see all the WPA traffic in realtime.
    Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

  5. #15
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    1

    Default Re: Mission Accomplished

    Quote Originally Posted by Virchanza View Post
    1) I altered the code of Airdecap to get it to read from "stdio" (standard input), and instead of getting it to write decrypted WPA frames to a file, I used my raw socket networking library to send them out directly on the loop back interface. I got that working first separately on its own.

    2) Next I altered the code of Airodump so that instead of writing the captured packets to a file, it would simply print them to "stdout" (standard output).
    Hi, can you help me please and give me more details where in the file to alter the code?

    Thank you much

Page 2 of 2 FirstFirst 12

Similar Threads

  1. Replies: 10
    Last Post: 01-24-2011, 01:58 AM
  2. Alfa Awus036h - and Wireshark promiscuous problem
    By MoonDoggie in forum Beginners Forum
    Replies: 3
    Last Post: 06-04-2010, 10:32 AM
  3. 4965agn and promiscuous mode in wireshark
    By walkamongus in forum Beginners Forum
    Replies: 0
    Last Post: 05-31-2010, 10:37 PM
  4. Promiscuous Mode??????????
    By imported_vvpalin in forum OLD Newbie Area
    Replies: 25
    Last Post: 05-21-2009, 11:56 PM
  5. Replies: 3
    Last Post: 03-21-2009, 04:13 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •