hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Hi hulley.
Do you get pcaperrors?

status should look like this:
$ wlandump-ng -i wlp36s0f3u4u5 -o test.cap -c 1 -t 5 -R -B -s
start capturing on channel 1 using mac_ap 00bb3a8991e5 (stop with ctrl+c)...
14:41:24   3 xxxxxxxxxxxx --> ffffffffffff beacon: networkname1          
14:41:34   5 xxxxxxxxxxxx --> ffffffffffff beacon: networkname2  
14:41:39   6 xxxxxxxxxxxx --> ffffffffffff beacon: networkname3      
14:42:05  11 xxxxxxxxxxxx --> ffffffffffff beacon: networkname4          
Channel:   1, received packets: 137, pcaperrors: 0

If you get pcaperrors, there are more services that must be killed.


Well, seems to be a ***The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)*** driver issue (continuosly disconnecting from wifi)
Post in ***The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)*** forum:
(Realtek RTL8192cu) still the problem continues. I am using another usb wireless adapter (Ralink RT3072). no freezing on connection, no interruption in data flow, no breaks. Only the signal looks low.
Reply
(01-06-2018, 03:57 PM)ZerBea Wrote: Hi hulley.
Do you get pcaperrors?

status should look like this:
$ wlandump-ng -i wlp36s0f3u4u5 -o test.cap -c 1 -t 5 -R -B -s
start capturing on channel 1 using mac_ap 00bb3a8991e5 (stop with ctrl+c)...
14:41:24   3 xxxxxxxxxxxx --> ffffffffffff beacon: networkname1          
14:41:34   5 xxxxxxxxxxxx --> ffffffffffff beacon: networkname2  
14:41:39   6 xxxxxxxxxxxx --> ffffffffffff beacon: networkname3      
14:42:05  11 xxxxxxxxxxxx --> ffffffffffff beacon: networkname4          
Channel:   1, received packets: 137, pcaperrors: 0

If you get pcaperrors, there are more services that must be killed.


Well, seems to be a ***The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))*** driver issue (continuosly disconnecting from wifi)
Post in ***The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))*** forum:
(Realtek RTL8192cu) still the problem continues. I am using another usb wireless adapter (Ralink RT3072). no freezing on connection, no interruption in data flow, no breaks. Only the signal looks low.

Hi ZerBea!

I had tested the command. No I don't get pcaperrors, infact I never get one. channels change now with the shorter time (-t 5) but it stop at randomly channels. I been researching AWUS036NHR-Driver and its bad news, It seems there is no fixed.

Thanks for your help!
Reply
Hi hulley.
Right now, the driver situation is a big disaster. Many of the drivers are buggy, "not present" (rtl8812au) or doesn't support monitor mode (r8188eu). And there is no improvement foreseeable!
To make matters worse, latest chipsets requires exact this "ugly" drivers.
So it's possible that you buy a WiFi-adapter xxx rev A (with a working chipset/driver) and a xxx rev B (same case, but newer -not working- chipset/driver).
Reply
hcxtools moved to v 4.0.2:

- renamed wlandump-rs to hcxdumptool
+get rid of wiringPiDev, libgcrypt and libpcap dependency)

- removed wlancapinfo -> replaced by hcxpcaptool
+get rid of libpcap dependency
+added full pcapng support
+use of wildcards instead of -i option
+full support of big endian files and big endian machines

$ hcxpcaptool -h
hcxpcaptool 4.0.2 (C) 2018 ZeroBeat
usage:
hcxpcaptool <options>
hcxpcaptool <options> [input.pcap] [input.pcap] ...
hcxpcaptool <options> *.cap
hcxpcaptool <options> *.*

options:
-h : show this help
-v : show version


example:
$ hcxpcaptool *.*
start reading from wpa.cap
file type............: pcap 2.4
network type.....: DLT_IEEE802_11 (105)
endianess.........: little endian
packets inside...: 9
read errors.......: flawless
warning............: use of wpaclean detected
Reply
Building on macOS now fails with error:


Code:
Undefined symbols for architecture x86_64:
  "_strdupa", referenced from:
      _main in hcxpcaptool-996a55.o
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [build] Error 1
Reply
Thanks for reporting this issue.
Should now be fixed with latest update. Please test.
Reply
fixed
Reply
Hi ee10.
That's fine.
Is zlib part of the SDK? ‎I want to integrate support for gzip compressed pcap/pcapng files using zlib.
Reply
update on hcxpcaptool:
added support for gzip compressed cap/pcap/pcapng files.
new dependency: zlib!

$ hcxpcaptool -h
hcxpcaptool 4.0.2 (C) 2018 ZeroBeat
usage:
hcxpcaptool <options>
hcxpcaptool <options> [input.pcap] [input.pcap] ...
hcxpcaptool <options> *.cap
hcxpcaptool <options> *.*

options:
-E <file> : output wordlist (autohex enabled) to use as input wordlist for cracker
-I <file> : output identitylist
         : needs to be sorted unique
-P <file> : output possible WPA/WPA2 plainmasterkey list
-T <file> : output management traffic information list
         : european date : timestamp : mac_sta : mac_ap : essid
-A <file> : output nonce information list
         : european date : timestamp : mac_sta : mac_ap : message : replaycount : nonce
-S <file> : output EAPOL information list
         : european date : timestamp : mac_sta : mac_ap : message : replaycount : eapol_len : eapol
-H <file> : output dump raw packets in hex
-h        : show this help
-v        : show version

bitmask for message:
0001 M1
0010 M2
0100 M3
1000 M4


example:
$ hcxpcaptool test.pcap.gz
decompressing test.pcap.gz to /tmp/test.pcap.gz.tmp
start reading from /tmp/test.pcap.gz.tmp
summary:                                        
--------
file name..............: test.pcap.gz.tmp
file type..............: pcap 2.4
network type...........: DLT_IEEE802_11 (105)
endianess..............: little endian
read errors............: flawless
packets inside.........: 44572
skippedpackets.........: 0
probe requests.........: 3405
probe responses........: 5917
association requests...: 1534
reassociation requests.: 1322
EAPOL packets..........: 30593
EAP packets............: 1731
found..................: EAP type ID
found..................: EAP-TLS Authentication
found..................: EAP-Cisco Wireless Authentication
found..................: EAP-SIM (GSM Subscriber Modules) Authentication
found..................: EAP-TTLS Authentication
found..................: UMTS Authentication and Key Agreement (EAP-AKA)
found..................: PEAP Authentication
Reply
thank you for the continued development
Reply