Plugins 2500/2501 and 16800/16801 are deprecated
#71
Thank you for the assistance.

I'm really sorry if this is a dumb question, I'm a newbie in The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) and I've just been following tutorials on YouTube, so regarding installion of libpcap, I can't figure out the installation, because it is not in github, all I know is cloning and it looks like that's not what I need to do. I'm really sorry.
Reply
#72
hcxdumptool and hcxtools ar part of  K A L I
and they can be installed via its package manager
If you want to install the tools outside of your package manager you must install the dependencies, too.

Unfortunately I can't insert the links here, bacause the robot will destroy them (K A L I is replaced by The-Distribution-Which-Does-Not-Handle-OpenCL-Well).
Reply
#73
Thank you devs. I fortunately fixed this problem with the help of google. I unfortunately encountered another problem. regarding this command

hcxdumptool -i interface -o dumpfile.pcapng --active_beacon --enable_status=15

i fixed the issure where -o must be replaced with -w, but an error shows "unrecognized option --active_beacon"
Reply
#74
You followed an outdated tutorial.
Since hcxdumptool v6.3.0 nearly everything has changed.
That include the options, too. As a result, your command line doesn't work.
To get an overview about all options, please take a look at
$ hcxdumptool -h

The expanded help will show an example you can start with
$ hcxdumptool --help
Reply
#75
Before you start hcxdumptool make sure that all services that take access to the device are stopped (as mentioned in --help).
Reply
#76
Thank you so much devs. I have run the commands needed and I noticed there is a line saying

BPF is unset! ...

How can I enable this? Thank you
Reply
#77
hcxdumptool use the Berkeley Packet Filter (BPF) to select a target or to protect own devices. Its entire attack behavior can be controlled via this BPF.

If the filter is not applied, hcxdumptool will attack everything in range merciless.
You'll see this warning:
Code:
BPF is unset! Make sure hcxdumptool is running in a 100% controlled environment!

A (very) simple BPF code is explained in -h):
Code:
--bpfc=<filter>: compile Berkeley Packet Filter (BPF) and exit
                  $ hcxdumptool --bpfc="wlan addr3 112233445566" > filter.bpf
                  see man pcap-filter
--bpf=<file>   : input Berkeley Packet Filter (BPF) code (maximum 4096 instructions) in tcpdump decimal numbers format
                  see --help for more information
and --help
Code:
Berkeley Packet Filter:
-----------------------
tcpdump decimal numper format:
example: tcpdump high level compiler:
  $ tcpdump -s 65535 -y IEEE802_11_RADIO wlan addr3 112233445566 -ddd > filter.bpf
  see man pcap-filter
example: bpf_asm low level compiler
  $ bpf_asm filter.asm | tr ',' '\n' > filter.bpf
  see https://www.kernel.org/doc/html/latest/networking/filter.html
example: bpfc low level compiler:
  $ bpfc -f tcpdump -i filter.asm > filter.bpf
  see man bpfc
tcpdump C style format:
example: tcpdump high level compiler:
  $ tcpdump -s 65535 -y IEEE802_11_RADIO wlan addr3 112233445566 -dd > filter.bpf
  see man pcap-filter
example: bpfc low level compiler:
  $ bpfc -f C -i filter.asm > filter.bpf
  see man bpfc

there are several ways to build a BPF:
hcxdumptool's build in high level language compiler
tcpdump's build in high level language compiler
bpfc low level language compiler

To build a BPF, it is mandatory to understand 802.11 protocol (mac frame addr1, addr2 and addr3):
https://en.wikipedia.org/wiki/802.11_Frame_Types
Reply
#78
Thanks a lot devs 🙇
Reply
#79
This AP will be attacked
Code:
bpfc="wlan addr3 112233445566" > attack.bpf

This AP will be protected
Code:
bpfc="not wlan addr3 112233445566" > protect.bpf

This is only basic example.
Reply
#80
The filter technique is similar (the same) to tshark, Wireshark, dumpcap or tcpdump.
That applies to the dump file format (pcapng) too.
Reply