hcxtools - solution for capturing wlan traffic and conversion to hashcat formats
Hi kiara,
Your question has been answered: https://forum.hashkiller.co.uk/topic-vie...214#189214
Reply
(09-29-2018, 02:48 PM)freeroute Wrote: Hi kiara,
Your question has been answered: https://forum.hashkiller.co.uk/topic-vie...214#189214

sweet.
Reply
With the latest update of hcxtools, hcxpcaptool is able to detect a GPS track from hcxpdumptool and convert this track to GPX format (for example accepted by Viking and GPSBabel):
$ hcxpcaptool -h
-g <file> : output GPS file
           format = GPX (accepted for example by Viking and GPSBabel)

We store a track point for every single frame in the comment field of the frame.
-g will convert this to GPX format.

I (hcxdumptool) did it that way, because every filter option of Wireshark tools will work on the pcapng file.
That means you can use a wireshark filter to write
- all beacons and/or
- all EAPOL frames and/or
- all proberequests and/or
- all src addresses and/or
- all host addresses and/or
- what ever you want....
to a new pcapng file.

Then run hcxpcaptool -g option on that file to retrieve a GPS track (in GPX format).


@freeroute
Good answer,  ‎I could not answer it better.
Reply
(09-29-2018, 06:27 PM)ZerBea Wrote: With the latest update of hcxtools, hcxpcaptool is able to detect a GPS track from hcxpcaptool and convert this track to GPX format (for example accepted by Viking and GPSBabel):
$ hcxpcaptool -h
-g <file> : output GPS file
           format = GPX (accepted for example by Viking and GPSBabel)

We store a track point for every single frame in the comment field of the frame.
-g will convert this to GPS format.

I (hcxdumptool) did it that way, because every filter option of Wireshark tools will work on the pcapng file.
That means you can use a wireshark filter to write
- all beacons and/or
- all EAPOL frames and/or
- all proberequests and/or
- all src addresses and/or
- all host addresses and/or
- what ever you want....
to a new pcapng file.

Then run hcxpcaptool -g option on that file to retrieve a gps track (in GPX format).


@freeroute
Good answer,  ‎I could not answer it better.

ZerBea your tools are awesome! For this new GPS capability is there a specific hardware dongle or Pi Hat you are using for GPS tagging?
Reply
hcxdumptool retrieve the GPS data from GPSD in json format. So every device mentioned here as working, should work:
http://www.catb.org/gpsd/hardware.html
For my tests I run an "AktivePilot JENTRO BT-GPS-8".

More informations about Viking here:
https://wiki.openstreetmap.org/wiki/Viking
https://sourceforge.net/projects/viking/
https://www.archlinux.org/packages/commu...64/viking/

More informations about GPSBabel here:
https://www.gpsbabel.org/
https://www.archlinux.org/packages/commu.../gpsbabel/
Reply
(10-02-2018, 08:13 PM)ZerBea Wrote: hcxdumptool retrieve the GPS data from GPSD in json format. So every device mentioned here as working, should work:
http://www.catb.org/gpsd/hardware.html
For my tests I run an "AktivePilot JENTRO BT-GPS-8".

More informations about Viking here:
https://wiki.openstreetmap.org/wiki/Viking
https://sourceforge.net/projects/viking/
https://www.archlinux.org/packages/commu...64/viking/

More informations about GPSBabel here:
https://www.gpsbabel.org/
https://www.archlinux.org/packages/commu.../gpsbabel/

Excellent! I learn something new from you every time you post. Thank You!
Reply
According to hashcat, hcxdumptool and hcxtools moved to v5.1.0

hcxdumptool:
several on big endian fixes (reported to run on OpenWRT)
improved channel sitching (detect driver capabilities and skip unsuported channels)
new options:
-C : show available channels and quit
--poweroff : once hcxdumptool finished, power off system

$ hcxdumptool -I
wlan interfaces:
74da380645e7 wlp39s0f3u4u4 (8812au)
7cdd908c166a wlp3s0f0u1 (rt2800usb)
f81a67077d0e wlp39s0f3u4u3 (ath9k_htc)
00e62d05131a wlp39s0f3u4u2 (mt7601u)


$ hcxdumptool -i wlp39s0f3u4u4 -C
available channels:
1,2,3,4,5,6,7,8,9,10,11,12,13,14,34,36,38,40,42,44,46,48,52,56,58,60,62,64,100,104,108,112,116,120,124,128,132,136,140,144,149,153,157,161,165,169

$ hcxdumptool -i wlp3s0f0u1 -C
available channels:
1,2,3,4,5,6,7,8,9,10,11,12,13,14

$ hcxdumptool -i wlp39s0f3u4u3 -C
available channels:
1,2,3,4,5,6,7,8,9,10,11,12,13,14

hcxdumptool -i wlp39s0f3u4u2 -C
available channels:
1,2,3,4,5,6,7,8,9,10,11,12,13,14



$ hcxdumptool -i wlp3s0f0u1 -c 1,6,11,34,38,9
warning: unable to set channel 34 (removed this channel from scan list)
warning: unable to set channel 38 (removed this channel from scan list)

start capturing (stop with ctrl+c)
INTERFACE:...............: wlp3s0f0u1
FILTERLIST...............: 0 entries
MAC CLIENT...............: b0febd63eba2
MAC ACCESS POINT.........: 000e22b53189 (incremented on every new client)
EAPOL TIMEOUT............: 150000
REPLAYCOUNT..............: 61585
ANONCE...................: 6c0167ce558316fa3b30bb11b36871a775d7f6c62d6876d6cbf64b5c0f076d7b
...


hcxpcaptool:
detect EAPOL RC4 KEYs
detect MESH-IDs (stored by option -I)
fixed bug in FCS on BE systems

$ hcxpcaptool -V test.pcapng
reading from test.pcapng
summary:                                        
file name....................: test.pcapng
file type....................: pcapng 1.0
file hardware information....: mips
file os information..........: Linux 4.14.82
file application information.: hcxdumptool 5.1.0
network type.................: DLT_IEEE802_11_RADIO (127)
endianess....................: big endian
read errors..................: flawless
packets inside...............: 24591
skipped packets..............: 0
packets with GPS data........: 0
packets with FCS.............: 2
WDS packets..................: 11
beacons (with ESSID inside)..: 3137
beacons (with MESH-ID inside): 17
probe requests...............: 1627
probe responses..............: 2974
association requests.........: 284
association responses........: 671
reassociation requests.......: 104
reassociation responses......: 213
authentications (OPEN SYSTEM): 8329
authentications (BROADCOM)...: 2449
authentications (SONOS)......: 65
authentications (APPLE)......: 65
authentications (NETGEAR)....: 8
authentications (CISCO)......: 1
EAPOL packets................: 3686
EAPOL PMKIDs.................: 371
EAPOL RC4 KEYs...............: 14
EAP packets..................: 2310
EAP START packets............: 1
found........................: EAP type ID
found........................: Legacy Nak
found........................: EAP-TLS Authentication
found........................: EAP-Cisco Wireless Authentication
found........................: EAP-TTLS Authentication
found........................: PEAP Authentication
best handshakes..............: 178 (ap-less: 97)
Reply
So, while everything works fine, when it comes time to run hcxpcaptool etc.. I'm repeatedly getting: "bash: hcxpcaptool: command not found". (running kali2)

Thank you in advance and thanks for the the great tools!
Reply
Looks like hcxdumptool, hcxtools (and hcxkeys) are not installed.
Do a git clone and satisfy dependencies (see README.md). Then run "make install".
Read more here:
https://github.com/ZerBea/hcxtools/issues/35

Or ask kali2 developer to add the tools to the distribution. After that you can install them in an easy way, using the packet manager of the distribution.
Read more here:
https://github.com/ZerBea/hcxtools/issues/73
Reply
Due to several bug fixes and changes hcxdumptool and hcxtools moved to v5.1.1.

Important changes:
removed....: wlanhcx2psk
replaced by: hcxpsktool

removed....: wlanhcx2cap
replaced by: hcxhash2cap
so, no more libcap dependency!

see changelogs for full details.

Arch Linux users will receive the update, soon, via Arch packaging system (pacman).
https://www.archlinux.org/packages/?sort...r=&flagged=
The same applies to Arch Linux Arm users (search for hcx):
https://archlinuxarm.org/packages
Reply