09-29-2018, 02:30 PM
(09-27-2018, 09:39 AM)ZerBea Wrote: hcxdumptool update:
added GPSD support (stored as comment in pcapng file)
--use_gpsd : use GPSD to retrieve position
add latitude, longitude and altitude to every pcapng frame
device must be supported by GPSD:
http://www.catb.org/gpsd/hardware.html
(tested using: AktivePilot JENTRO BT-GPS-8)
1. run GPSD
2. run hcxdumptool with option --use_gpsd
3. terminate hcxdumptool
4. retrieve GPS information from capture file with (order is changeable):
$ tshark -r filename.pcapng -Y frame.comment -T fields -E header=y -e frame.number -e frame.time -e wlan.sa -e frame.comment
Output should look like this
1 Sep 27, 2018 00:22:59.081914000 CEST xx:xx:xx:x:xx:xx lat:xx.xxxxxx,lon:y.yyyyyy,alt:z.z
2 Sep 27, 2018 00:22:59.343230000 CEST xx:xx:xx:x:xx:xx lat:xx.xxxxxx,lon:y.yyyyyy,alt:z.z
3 ...
just to make sure i will explain what what app-less mean and what client-less mean. (if i am wrong correct me)
client less mean, that the router aka AP it self send a PKMID to whoever is trying to connect to it which is a eapol packet , so even if there is no client attached to the AP , u "as an attacker/pen test" aka hcxdumptool will try itself to connect to the ap to see if it send a pkmid. if it does it will show pkmid found.
again , u will receive the pkmid ONLY when the ap is near by and vulnerable(by sending the pkmid)
ap-less mean, if a phone/pc/device do a probe request and in his prob request (broadcast request) there is a name hcxdumptool will create an fake AP with the same ESSID so when the device see that AP it will try to connect to it, hcxdumptool then catch the handshake and close/turning off that fake AP .