hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Let me also explain "AP-less" in that content:

AP-less means that a client responds to an anonce from us. That will happen if a client tries to connect to us.
Either
if there is no AP in range of the client and he choose us (case 1)
or
if we are in range of AP and client and the client tries to conncet to the AP for the for time and chooses us first (case 2)
(a reason, why we must be fast - faster than an AP)
or
if we disconnect an established connection between an AP and his client and the client choose us for the next connect (case3) attempt

In both cases is the result a M2 from a client which is 100% valid and crackable wit nonce-error-corrections=0. It may be an unauthorized M2
But in case 2 and case 3 an AP-less handshake by hcxdumptool is 100% valid, 100% authorized and 100% crackable!

A wireshark dump will show this:
authentication (from client)
authentication (from AP)
association (case 2) or reassociation (case 3) request (from client)
association (case 2) or reassociation (case 3) response (from AP)
M1 from hcxdumptool
M1 from AP
M2 from client in response to M1 from hcxdumptool
M2 from client in response to M1 from AP
M3 from AP
M4 from client

or, if we are too slow (because of beautiful status output):
M1 from AP
M1 from hcxdumptool (we must send M1 before client ack M1 from AP)
M2 from client in response to M1 from AP
M2 from client in response to M1 from hcxdumptool
M3 from AP
M4 from client
Reply


Messages In This Thread
wlandump-ng vs hcxdumptool - by hulley - 02-10-2018, 10:26 PM
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - by ZerBea - 05-22-2018, 12:00 PM