hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Hi ZerBea

Sorry for my slow reply but I have been at work and I am learning about this stuff as I go so I am not as confident with my replies as I would like to be.

My old (I prefer the term vintage) hardware means I am restricted to hashcat v2.01
I tried your suggestion with hcxpcapngtool.
Obviously I did not re-convert to hccap(x) which is the step you noted I would not have to do and success it cracked!  Thank you.

If you enjoy a technical challenge, which it seems like you do, is there any way to convert AP-Less captures to hccap?  Obviously converting the EAPOL should be the same but there are no beacon frames with this method of capture.  Is it possible for you to add the ability to make a hccap using the EAPOL parts and perhaps grab the ESSID from the probe request and pack into a hccap?

I noticed in the help of hcxpcapngtool the following:

bitmask for message pair field:
4: ap-less attack (set to 1) - no nonce-error-corrections necessary

I was not sure how to set a bitmask to see if my request was something already available.

With the new hcxpcapngtool will you be adding the option to allow the user to define mac_ap or mac_station of the target they wish to output as a hccap a bit like the options in wlanhcx2ssid?

A hcxdumptool question if you don't mind:

Using The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) (fully updated) and AlfaNetworks AWUSO36H running in virtualbox

I occasionally (not always) receive this error when trying to use hcxdumptool.

could not create dumpfile Dump/wifidump_2020_01_08.pcapng
failed to init globals
hcxdumptool need full (monitor mode and full packet injection running all packet types) and exclusive access to the adapter
that is not the case

My wifi card is in monitor mode and I try to run hcxdumptool first before anything else, if hcxdumptool produces the error I try wifite and airodump-ng which work properly.  I use these just to check my card is in monitor mode.  (I do not run anything else on the wifi when trying to use hcxdumptool).

The following is a simple script I use to get into monitor mode.  Please could you tell me if there is there something I should add to my script to reduce the times I have trouble starting hcxdumptool?


systemctl stop network-manager.service
systemctl stop NetworkManager.service
systemctl stop wpa_supplicant.service
wpa_cli terminate wlan0
airmon-ng check kill
rfkill unblock all

ip link set wlan0 down
iw wlan0 set monitor control
ip link set wlan0 up

Thanks again ZerBea, you are a wifi God

Messages In This Thread
wlandump-ng vs hcxdumptool - by hulley - 02-10-2018, 10:26 PM
RE: hcxtools - solution for capturing wlan traffic and conversion to hashcat formats - by WPA_Catcher - 01-08-2020, 04:18 AM