hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
hcxdumptool / hcxpcaptool: added detection of SAE authentication.

$ hcxpcaptool -V sae_simple_psk.pcapng
start reading from sae_simple_psk.pcapng
summary:                                        
file name....................: sae_simple_psk.pcapng
file type....................: pcapng 1.0
network type.................: DLT_IEEE802_11_RADIO (127)
endianess....................: little endian
read errors..................: flawless
packets inside...............: 30
skipped packets..............: 0
packets with FCS.............: 0
beacons......................: 2
probe responses..............: 1
association requests.........: 1
association responses........: 1
authentications (SAE)........: 4
deauthentications............: 3
action packets...............: 1
EAPOL packets................: 4
best handshakes..............: 1 (ap-less: 0)


Read more about SAE authentication here:
http://www.mathyvanhoef.com/2018/03/wpa3...tails.html

Get example cap from here:
https://github.com/vanhoefm/wifi-example-captures
or here:
https://www.cloudshark.org/captures/3638626f4551

A good explanation (basic protocol and fundamentals) is here (page 22 - 25):
https://www.cwnp.com/covers/2014-09-SAE-at-CWNP.PDF

And a nice video that explains Diffie-Hellman keyexchange is here:
http://www.youtube.com/watch?v=3QnD2c4Xovk
Reply


Messages In This Thread
wlandump-ng vs hcxdumptool - by hulley - 02-10-2018, 10:26 PM
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - by ZerBea - 06-27-2018, 03:52 PM