Clean up CAP and Convert to HCCAPX for use with Hashcat
#7
(09-11-2017, 11:21 PM)CellToolz Wrote:     No.  Tine                  Source            Destination         Protocol      Length       Info

    1  0.000000        Actionte_29:79:75     Broadcast                802.11        261       Beacon frame, SN=2579,  FN=0,  Flags= ........ , BI=100, SSID=NAMEofWIFI
    2 141.783428     Actionte_29:79:75     Apple_59:67:41      EAPOL         155       Key (Message 1 of 4)
    3 141.810056     Apple_59:67:41        Actionte_29:79:75   EAPOL         155       Key (Message 2 of 4)
    4 141.822340     Actionte_29:79:75     Apple_59:67:41      EAPOL         213       Key (Message 3 of 4)
    5 141.825929     Apple_59:67:41        Actionte_29:79:75   EAPOL         133       Key (Message 4 of 4)

This looks exactly as it should and I've never had problems... the beacon is included and all 4 parts of the handshake are included in chronological order, and they are all part of the same handshake. Not sure exactly what unit the timestamps are measured in (seconds, milliseconds... probably seconds) but in this example, they all come within 141.x which is typically a good indicator. If some were 138 and others were 143, I would toss them and find another handshake. Optionally, you can keep a probe response in the cap for further dissection if you desire (AP info in WPS frames, etc.) Not cleaning may end up in having extra handshakes and it will kill speeds greatly. Obviously it may be hard for beginners, but cleaning manually has by far made the process go much smoother. I usually ask people for uncleaned caps in fear that they will butcher them with other tools (wpaclean, etc) but if people are willing to learn how to do it properly, then I, and many others, won't have a problem. The HCCAPX format catches a good amount of issues, but not all of them.


Messages In This Thread
RE: Clean up CAP and Convert to HCCAPX for use with Hashcat - by soxrok2212 - 09-13-2017, 08:37 PM