hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
All above requests are implemented in hcxdumptool:
user defined scanlist:
-C <digit>     : comma separated scanlist (1,3,5,7...)
not supported channels are skipped
(BTW: wlandump-ng shows you the last working channel, while it tests the driver for the next channel. It will rest on this channel untill all other channels are tested).

Blacklist:
-B <file>      : blacklist (do not deauthenticate clients from this hosts - format: xxxxxxxxxx)
Attack stops if we retrieved an M2 (but we can't stop the retry attempts from APs and clients).

"Maybe you should enable issues feature to your repository?"
Not yet, because hcxtools are under heavy development

And keep in mind hcxtools are designed to work in a closed system (requirements):
Linux (recommended Arch)
Raspberry Pi (Recommended: A+ = very low power consumption or B+)

and tested drivers:
USB ID 148f:7601 Ralink Technology, Corp. MT7601U Wireless Adapter
USB ID 148f:3070 Ralink Technology, Corp. RT2870/RT3070 Wireless Adapter
USB ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter
USB ID 0bda:8187 Realtek Semiconductor Corp. RTL8187 Wireless Adapter
USB ID 0bda:8189 Realtek Semiconductor Corp. RTL8187B Wireless 802.11g 54Mbps Network Adapter
USB ID 0cf3:9271 Qualcomm Atheros Communications AR9271 802.11n
PCIe RTL8821AE 802.11ac PCIe Wireless Network Adapter

All other combinations of hardware and OS are untested. It may work or it may not work. If it doesn't work, try to adapt it - I'll help if I can.
But feature requests that will slow down this compilation (ARCH & RASPBERRY & tested WiFi dongle) will be ignored on the git branch. I've seen too much OS- (latest was K*A*L*I), driver- or hardware related issues to take care about that.

If you're at home, it should take only a few minutes to retrieve a complete networklist from the neighbourhood (wlanrcascan) and another few minutes to put them into the BPF or the blacklist. You can use different lists for different operation areas. This are my command lines:

mobile or first operation in a new area:
hcxdumptool -i $WLANDEV -o $ARCHIVNAME.pcap -B blacklistown1 -c 1 -t 5 -D

stationary or operation in an allready discovered area:
hcxdumptool -i $WLANDEV -o $ARCHIVNAME.pcap -B blacklistown2 -c 1 -t 15

mobile means not longer then 65 seconds on the same place (13 channels x 5 seconds)
retrieve as many new PSKs/PMKs, identities, usernames, M2s as possible to find weakness in protocol or user behavior.

stationary means the raspberry is running for at least more than one day (usually a week or longer)
because we are on the longterm hunt for PSKs/PMKs and the matching M2 found in wlan traffic from the neighbourhood. That takes time!
Reply


Messages In This Thread
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - by ZerBea - 02-06-2018, 12:23 PM
wlandump-ng vs hcxdumptool - by hulley - 02-10-2018, 10:26 PM