hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Hi recombinant.

Does stanev's wpa-sec site support the PMKID derived from the recent PMKID attack, or is it only going to show networks that have the handshake captured?
-> wpa-sec is working on that feature (PMKID). But you can do a feature request here:

Is there any possible way for me to derive a similar list of networks and which information (PMK/Handshake/PMKID) is available for retrieving the PSK from hcxdumptool's pcapng output?
-> run hcxpcaptool -o hashlist.hccapx -z hashlist.16800 test.pcapng
-> take a look into the hashlist.16800. MAC_AP, MAC_STA and ESSID are inside.
-> run wlanhcxinfo -i hashlist.hccapx -a -e

For better understanding:
hcxdumptool is the dumper. For further going analysis use hcxtools (for example wlanhcxinfo to get informations about the handshakes inside a hccapx file or wlanhcx2ssid to stip handshakes you like to work on).

Finally, does hcxdumptool truly need to scan through channels other than 1, 6, and 11? I thought every other channel had overlap with those three.
-> use the -c option (-c 1,6,11) - overlapping only works if you are close to the access point.

I'm also used to using wpaclean to slim down the file to the absolute minimum available.
-> do not clean your cap files! There is absolutely no need to clean hcxdumptool pcapng files.
and from wpa-sec (https://wpa-sec.stanev.org/?):
"Note: please do not use any additional tools to strip or modify the capture files, since they can mangle handshakes and lead to uncrackable results."

Is there a way to do that with hcxtools?
-> yes, but it isn't recommended!
$ hcxpcaptool -o hashes.hccapx test.pcapng
$ wlanhcx2cap -i hashes.hccapx -o cleaned

hcxdumptool seems to not discriminate.
-> it is not the task of hcxdumptool (but you can use a filter list) - use hcxtools for that purpose

Also, unfortunately, the WPA upload feature for multiple pcaps will put in duplicate entries to wpa-sec instead of consolidating them all into the minimum necessary information.
-> no,  ‎that is so wanted by wpa-sec (reuse PBKDF2 and PMK cracking is activated internal there, to speed up cracking process). wpa-sec will make sure that the best handshake will be used.

Perhaps that can be changed in a future version to minimize data transfer to the internet?
-> Why? hcxtools are able to handle gz compressed pcapng files. wpa-sec accepts this, because hcxtools running inside. Use gzip to compress the cap. So there is absolutely no need to clean the files.

Messages In This Thread
wlandump-ng vs hcxdumptool - by hulley - 02-10-2018, 10:26 PM
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - by ZerBea - 08-14-2018, 11:45 PM