If you modify the ESSID, the content becomes unusable and you can't use it to recover the PlainMasterKey (PMK) on WPA1/WPA2/WPA2kv3, because the algorithm depend on the PreSharedKey (PSK) and the ESSID (used during the ASSOCIATION/REASSOCIATION):
In other words, changing the ESSID will lead to uncrackable hashes and hashcat will fail. That is the major reason why modifying an ESSID is not recommended and not allowed by tools like e.g. hcxtools.
For other purposes (not recovering WPA, WPA2, WPA2kv3) you can remove the entire BEACON frames by tshark:
Please notice that ESSIDs are present in PROBEREQUEST frames, PROBERESPONSE frames, ASSOCIATIONREQUEST frames, REASSOCIATIONREQUEST frames and some kind of ACTION frames, too.
State of the art tools will take the ESSID from this frames primary, because they (especially ASSOCIATIONREQUEST and REASSOCIATIONREQUEST frames) contain much more information than a simple BEACON.
Code:
PMK = PBKDF2(HMAC−SHA1, PSK, ESSID, 4096, 256)For other purposes (not recovering WPA, WPA2, WPA2kv3) you can remove the entire BEACON frames by tshark:
Code:
$ tshark -r old.pcapng -R '!wlan.fc.type_subtype == 0x08' -2 -F pcapng -w beacon_removed.pcapngPlease notice that ESSIDs are present in PROBEREQUEST frames, PROBERESPONSE frames, ASSOCIATIONREQUEST frames, REASSOCIATIONREQUEST frames and some kind of ACTION frames, too.
State of the art tools will take the ESSID from this frames primary, because they (especially ASSOCIATIONREQUEST and REASSOCIATIONREQUEST frames) contain much more information than a simple BEACON.