09-20-2022, 08:12 PM
(09-20-2022, 05:40 PM)ZerBea Wrote: Yes, because it is mandatory that hcxdumptool has full access to the hardware.
From help menu:
Code:do not set monitor mode by third party tools (iwconfig, iw, airmon-ng)
do not run hcxdumptool on logical (NETLINK) interfaces (monx, wlanxmon, prismx, ...) created by airmon-ng and iw
do not run hcxdumptool on virtual machines or emulators
do not run hcxdumptool in combination with tools (channel hopper), that take access to the interface (except: tshark,
Got it, thanks for the explanation.
(09-20-2022, 05:40 PM)ZerBea Wrote: Yes, because hcxdumptool is able to set up to 1024 rogue APs at the same time
Code:$ sudo hcxdumptool -i INTERFACE -c 1 --disable_ap_attacks --disable_deauthentication --essidlist=essidlist.txt --active_beacon --stop_client_m2_attacks=1000 -o dump.pcapng --enable_status=31
Please notice:
Due to MAC randomization (every modern CLIENT is doing this) it is not possible to filter unwanted CLIENTs and hcxdumptool respond to every CLIENT that request an AUTHENTICATION!
Thanks for this. I did notice a flaw when running this command though. hcxdumptool sets up the rogue APs from the essidlist.txt file as expected, but when you say that it responds to every client authentication, it responds to EVERY client authentication from EVERY AP, not just the ones setup by hcxdumptool itself.
The issue is this:
It would be simple to do a --filterlist_ap=hcxdumptool_rogue_AP_MAC.txt with --filtermode=2, but since hcxdumptool randomizes the MAC I have no way of specifying the correct MAC to filter. In the hcxdumptool man page it specifies that "--mac_ap" should be used to set a specific MAC, but in the latest version on Github when I add "--mac_ap=AAAAAAAAAAAA" it results in
Code:
hcxdumptool: unrecognized option '--map_ap'