Does the new method work out of the box with Cali?
#1
So there's a new method using hexdumptool, does it work out of the box with The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) and will it work on windows?

Does it still require your WiFi adapter to be put into monitor mode?
Reply
#2
It depend on the WiFi adapter and the driver. If the driver support monitor mode and full packet injection, it will work out of the box, running Linux systems.

Preferred distribution is Arch Linux, but others should work, too. Many distributions develop hcxdumptool via their packet system:
https://www.archlinux.org/packages/commu...xdumptool/
https://packages.debian.org/sid/hcxdumptool
https://packages.ubuntu.com/de/eoan/hcxdumptool
https://pkg.The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali).org/pkg/hcxdumptool
https://archlinuxarm.org/packages/aarch64/hcxdumptool
https://archlinuxarm.org/packages/armv7h/hcxdumptool
https://archlinuxarm.org/packages/armv6h/hcxdumptool
https://archlinuxarm.org/packages/arm/hcxdumptool


BTW:
hcxdumptool has a new option to test the driver: --check driver. Here we run several tests to determine that driver support all(!) required system calls to run the attacks.
No need to run third party tools to put device into monitor mode. hcxdumptool will do this.

It does not work on Windows. Native Windows drivers doesn't support monitor mode and packet injection.
Reply
#3
(08-15-2019, 01:28 PM)ZerBea Wrote: It depend on the WiFi adapter and the driver. If the driver support monitor mode and full packet injection, it will work out of the box, running Linux systems.

Preferred distribution is Arch Linux, but others should work, too. Many distributions develop hcxdumptool via their packet system:
https://www.archlinux.org/packages/commu...xdumptool/
https://packages.debian.org/sid/hcxdumptool
https://packages.ubuntu.com/de/eoan/hcxdumptool
https://pkg.The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)).org/pkg/hcxdumptool
https://archlinuxarm.org/packages/aarch64/hcxdumptool
https://archlinuxarm.org/packages/armv7h/hcxdumptool
https://archlinuxarm.org/packages/armv6h/hcxdumptool
https://archlinuxarm.org/packages/arm/hcxdumptool


BTW:
hcxdumptool has a new option to test the driver: --check driver. Here we run several tests to determine that driver support all(!) required system calls to run the attacks.
No need to run third party tools to put device into monitor mode. hcxdumptool will do this.

It does not work on Windows. Native Windows drivers dosn't support monitor mode and packet injection.

Wireshark manages monitor mode i think?

Also there's wlanhelper?
Reply
#4
Of course, Wireshark is able to capture packets in monitor mode:
https://wiki.wireshark.org/CaptureSetup/WLAN
but it will put them into monitor mode, running libpcap:
https://wiki.wireshark.org/CaptureSetup/...nitor_mode

hcxdumptool will put the device into monitor mode running ioctl() system calls. No third party tool needed.

iw use ioctl() system calls (like hcxdumptool does it) and libnl (Netlink).

iwconfig is deprecated and should not be used any longer.
https://dougvitale.wordpress.com/2011/12...lacements/

airmon-ng runs iw internally.


But keep in mind:
Nearly everything depend on the driver and its capabilites. Also many, many drivers doesn't support monitor mode and full packet injection:
https://wikidevi.com/wiki/Main_Page

Some examples:
It is possible that a version of a driver works nearly perfect:
rtl8812au v5.2.20
https://github.com/aircrack-ng/rtl8812au/issues/376
while newer versions (5.3.4) failed to run monitor mode and/or packet injection:
https://github.com/aircrack-ng/rtl8812au...-520844406

Also it is a long way to make a driver (nearly) perfect:
https://github.com/openwrt/mt76/issues/2...-500999516

But you can't be sure, that this (nearly) perfect driver will work in future times, if a new issue occured:
https://bugzilla.kernel.org/show_bug.cgi?id=202541
https://bugzilla.kernel.org/show_bug.cgi?id=202243
until it will be finally fixed.
Reply
#5
Are you saying that libpcap is secret and nobody else has worked out how to code monitor mode for windows, no open source?
Reply
#6
(08-15-2019, 05:30 PM)Ar76 Wrote: Are you saying that libpcap is secret and nobody else has worked out how to code monitor mode for windows, no open source?
Libpcap is extra overhead and requires additional resources. When you're using a wifi device with 32mb of memory, every bit counts. 

You should really do some google searches before posting on this forum.
Reply
#7
@ Ar76
No, libpcap is open source. You can get every information here:
https://github.com/the-tcpdump-group/libpcap

Additionally you need a driver. This driver must support monitor mode and full packet injection! You can find information how to code it here:
https://github.com/microsoft/Windows-dri...k/wlan/WDI

How to capture traffic can be read here:
https://wiki.wireshark.org/CaptureSetup/WLAN

I suggest to read the part starting at "WinPcap"

Supported adapters can be found here:
https://secwiki.org/w/Npcap/WiFi_adapters

And again:
To perform an active attack vector the driver must support full packet injection, too!
Reply