+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: User Contributions (https://hashcat.net/forum/forum-25.html)
+--- Thread: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats (/thread-6661.html)
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 09-02-2023
From hcxdumptool changelog:
Code:
06.05.2023
==========
hcxdumptool: added option to save GPS information to pcapng dumpfile
--nmea_pcapng : write GPS information to pcapng dump fileThere are standard and non-standard (e.g. Kismet GPS data) message formats. Nearly all GPS receivers output NMEA data. The NMEA standard is formatted in lines of data called sentences. Each sentence contains various bits of data organized in comma delimited format (i.e. data separated by commas).
https://en.wikipedia.org/wiki/NMEA_0183
https://www.tronico.fi/OH6NT/docs/NMEA0183.pdf
NME0183 GPRMC, GPGGA and GPWPL sentences are directly stored to a PCPNG CUSTOM BLOCK:
https://github.com/ZerBea/hcxdumptool/blob/db8af473686fd70c1d3b3d7571a2ed96dd7a9f01/hcxdumptool.c#L995C1-L995C30
hcxpcapngtool detect the presence of NMEA 0183 (recorded by hcxdumptool) and store it either as NMEA 0183 or as CSV (both formats are very common and widely used):
Code:
--nmea=<file> : output GPS data in NMEA 0183 format
format: NMEA 0183 $GPGGA, $GPRMC, $GPWPL
to convert it to gpx, use GPSBabel:
gpsbabel -i nmea -f hcxdumptool.nmea -o gpx,gpxver=1.1 -F hcxdumptool.gpx
to display the track, open file.gpx with viking
--csv=<file> : output ACCESS POINT information in CSV format
delimiter: tabulator (0x08)
columns:
YYYY-MM-DD HH:MM:SS MAC_AP ESSID ENC_TYPE CIPHER AKM COUNTRY_INFO CHANNEL RSSI GPS(DM.m) GPS(D.d) GPSFIX SATCOUNT HDOP ALTITUDE UNIT
to convert it to other formats, use bash tools or scripting languages
GPS FIX:
0 = fix not available or invalid
1 = fix valid (GPS SPS mode)
2 = fix valid (differential GPS SPS Mode)
3 = not supported
4 = not supported
5 = not supported
6 = fix valid (Dead Reckoning Mode)There is no plan to add an additional format, because the entire information is available in NMEA 0183 fields or CSV fields.
Conversion to whatever you want can be done by simple bash commands or tools like
gpsbabel
https://www.gpsbabel.org/
or online converters
https://duckduckgo.com/?q=nmea+0183+gps+converter&t=ffab&ia=web
Viking will show this e.g. by GPS babel converted data on a map:
https://github.com/viking-gps/viking
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 09-02-2023
NMEA 0183 is well documented and there are various "how-to" in www, e.g.:
https://wiki.openstreetmap.org/wiki/Converting/NMEA_to_GPX
Am example is here:
https://github.com/ZerBea/hcxdumptool/issues/157
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - dork4541 - 09-04-2023
Thanks! This should be enough to get started on some scripts to convert to the format I need.
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 09-04-2023
Glad to read this.
Pre-process data at runtime (to a non standard format) take a lot of CPU cycles.
And there are a lot of them:
https://www.gpsbabel.org/capabilities.html
hcxdumptool use and deliver this standard formats:
radiotap (interface information - taken from the interface)
https://www.radiotap.org/
80211 MAC (frames - taken from the traffic)
https://en.wikipedia.org/wiki/802.11_Frame_Types
NMEA 0183 (GPS - taken from the GPS receiver)
https://en.wikipedia.org/wiki/NMEA_0183
pcapng (storage)
https://pcapng.com
and hcxpcapngtool convert them to formats, hashcat and JtR understand.
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - v71221 - 10-13-2023
Hi, ZerBea! Could you kindly provide examples of launching the hcxdumptool (ver6.3.1) for different attack vectors, particularly for clients-only attack (ap-less).
I found previous examples, but in the newest hcxdumptool the options have been changed.
https://hashcat.net/forum/thread-9639-post-50750.html#pid50750
https://hashcat.net/forum/thread-6661-post-52103.html#pid52103
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 10-13-2023
Code:
$ sudo hcxdumptool -i INTERFACENAME --rds=1 --attemptapmax=0 -t 120See hcxdumptool --help for more information.
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - v71221 - 10-22-2023
Code:
sudo hcxdumptool -i wlan0 -w dump.pcapng --attemptapmax=0 --attemptclientmax=0Sorry for the question, but will the above options run hcxdumptool (ver6.3.1) as a passive dumper?
If not, please correct me.
Yes, I read the help, but sometimes what is obvious to the Author isn't always obvious to others.
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - ZerBea - 10-22-2023
No, beacause hcxdumptool still transmit its own BEACON.
This must be disabled, too:
Code:
$ sudo hcxdumptool -i wlan0 -w dump.pcapng --attemptapmax=0 --attemptclientmax=0 --disable_beaconor on latest git head (>= 6.3.1-65-ge3c196e) additional option:
Code:
$ sudo hcxdumptool -i wlan0 -w dump.pcapng --attemptapmax=0 --attemptclientmax=0 --beacontx=0To monitor outgoing packets run tshark in parallel on the same interface:
Code:
$ tshark -i wlan0 -Y "radiotap.present.dbm_antsignal == 0"or run WireShark in parallel on the same interface and apply display filter:
Code:
radiotap.present.dbm_antsignal == 0