"Also while hcxlabgetmallpr was scanning i couldn't connect to my AP, even if i stand close to my AP and scanning laptop was in another room, behind the double wall."
[code]
That is noticed in README.md of hcxdumptool: Warning section
* hcxdumptool is able to prevent complete wlan traffic
(depend on selected options)
[code]
This (interception of EAPOL M2 frames) can be controlled via m2attempt option
--m2attempt=<digit> : reject CLIENT request after n received M2 frames
"My AP was in essid list (one name only), but scanner also attack CLIENT which was connected to another AP, that AP wasn't in the essid list. Why?"
Can only be controlled via BPF (set attack or protect BPF code)
hcxlabtool series and hcxdumptool is interactive. Both tools take every ESSID they can find in the traffic and put them together with the user defined ESSIDs into a list.
While hcxdumptool only respond to a CLIENT using the requested ESSID, hcxlabtool pr series respond 10 ESSIDs from the list at the same time.
"About --all flag, it makes huge list of the same hashes of the same AP, but with different MIC's, are any advantages of this output?"
Analysis purpose to e.g. determine how many PSKs an attacker typed to get ACCESS to a NETWORK
hcxlabgetmallpr --m2attempts=1000
A possible attacker is 1000 times asked to type a PSK (user typed password1, password2, password3.....pasword1000
hcxpcapngtool --all
We convert all 1000 (instead of the best one) to find out what he typed. This gives us information about the word list the attacker have used to get access to "our" network.
BTW:
"Looks like iphone's are very rigid. "
I'm working on it.
As all hcxtools (that include hcxdumptool, too) this tools are (interactive) analysis tools. Main purpose is to detect as fast as possible what other tools can't detect and to discover weak points.
All tools should only be used in in a 100% controlled environment(!).
If you can't control the environment it is absolutely mandatory to set the BPF.
To prevent disturbing other participants of the WiFi spectrum it is also mandatory to reduce TX power and to use directional antennas.
[code]
That is noticed in README.md of hcxdumptool: Warning section
* hcxdumptool is able to prevent complete wlan traffic
(depend on selected options)
[code]
This (interception of EAPOL M2 frames) can be controlled via m2attempt option
--m2attempt=<digit> : reject CLIENT request after n received M2 frames
"My AP was in essid list (one name only), but scanner also attack CLIENT which was connected to another AP, that AP wasn't in the essid list. Why?"
Can only be controlled via BPF (set attack or protect BPF code)
hcxlabtool series and hcxdumptool is interactive. Both tools take every ESSID they can find in the traffic and put them together with the user defined ESSIDs into a list.
While hcxdumptool only respond to a CLIENT using the requested ESSID, hcxlabtool pr series respond 10 ESSIDs from the list at the same time.
"About --all flag, it makes huge list of the same hashes of the same AP, but with different MIC's, are any advantages of this output?"
Analysis purpose to e.g. determine how many PSKs an attacker typed to get ACCESS to a NETWORK
hcxlabgetmallpr --m2attempts=1000
A possible attacker is 1000 times asked to type a PSK (user typed password1, password2, password3.....pasword1000
hcxpcapngtool --all
We convert all 1000 (instead of the best one) to find out what he typed. This gives us information about the word list the attacker have used to get access to "our" network.
BTW:
"Looks like iphone's are very rigid. "
I'm working on it.
As all hcxtools (that include hcxdumptool, too) this tools are (interactive) analysis tools. Main purpose is to detect as fast as possible what other tools can't detect and to discover weak points.
All tools should only be used in in a 100% controlled environment(!).
If you can't control the environment it is absolutely mandatory to set the BPF.
To prevent disturbing other participants of the WiFi spectrum it is also mandatory to reduce TX power and to use directional antennas.