Posts: 43
Threads: 11
Joined: Aug 2019
So there's a new method using hexdumptool, does it work out of the box with The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) and will it work on windows?
Does it still require your WiFi adapter to be put into monitor mode?
Posts: 1,044
Threads: 2
Joined: Jun 2017
08-15-2019, 01:28 PM
(This post was last modified: 08-15-2019, 10:57 PM by ZerBea.)
It depend on the WiFi adapter and the driver. If the driver support monitor mode and full packet injection, it will work out of the box, running Linux systems.
Preferred distribution is Arch Linux, but others should work, too. Many distributions develop hcxdumptool via their packet system:
https://www.archlinux.org/packages/commu...xdumptool/
https://packages.debian.org/sid/hcxdumptool
https://packages.ubuntu.com/de/eoan/hcxdumptool
https://pkg.The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali).org/pkg/hcxdumptool
https://archlinuxarm.org/packages/aarch64/hcxdumptool
https://archlinuxarm.org/packages/armv7h/hcxdumptool
https://archlinuxarm.org/packages/armv6h/hcxdumptool
https://archlinuxarm.org/packages/arm/hcxdumptool
BTW:
hcxdumptool has a new option to test the driver: --check driver. Here we run several tests to determine that driver support all(!) required system calls to run the attacks.
No need to run third party tools to put device into monitor mode. hcxdumptool will do this.
It does not work on Windows. Native Windows drivers doesn't support monitor mode and packet injection.
Posts: 43
Threads: 11
Joined: Aug 2019
(08-15-2019, 01:28 PM)ZerBea Wrote: It depend on the WiFi adapter and the driver. If the driver support monitor mode and full packet injection, it will work out of the box, running Linux systems.
Preferred distribution is Arch Linux, but others should work, too. Many distributions develop hcxdumptool via their packet system:
https://www.archlinux.org/packages/commu...xdumptool/
https://packages.debian.org/sid/hcxdumptool
https://packages.ubuntu.com/de/eoan/hcxdumptool
https://pkg.The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)).org/pkg/hcxdumptool
https://archlinuxarm.org/packages/aarch64/hcxdumptool
https://archlinuxarm.org/packages/armv7h/hcxdumptool
https://archlinuxarm.org/packages/armv6h/hcxdumptool
https://archlinuxarm.org/packages/arm/hcxdumptool
BTW:
hcxdumptool has a new option to test the driver: --check driver. Here we run several tests to determine that driver support all(!) required system calls to run the attacks.
No need to run third party tools to put device into monitor mode. hcxdumptool will do this.
It does not work on Windows. Native Windows drivers dosn't support monitor mode and packet injection.
Wireshark manages monitor mode i think?
Also there's wlanhelper?
Posts: 1,044
Threads: 2
Joined: Jun 2017
08-15-2019, 02:05 PM
(This post was last modified: 08-15-2019, 02:37 PM by ZerBea.)
Of course, Wireshark is able to capture packets in monitor mode:
https://wiki.wireshark.org/CaptureSetup/WLAN
but it will put them into monitor mode, running libpcap:
https://wiki.wireshark.org/CaptureSetup/...nitor_mode
hcxdumptool will put the device into monitor mode running ioctl() system calls. No third party tool needed.
iw use ioctl() system calls (like hcxdumptool does it) and libnl (Netlink).
iwconfig is deprecated and should not be used any longer.
https://dougvitale.wordpress.com/2011/12...lacements/
airmon-ng runs iw internally.
But keep in mind:
Nearly everything depend on the driver and its capabilites. Also many, many drivers doesn't support monitor mode and full packet injection:
https://wikidevi.com/wiki/Main_Page
Some examples:
It is possible that a version of a driver works nearly perfect:
rtl8812au v5.2.20
https://github.com/aircrack-ng/rtl8812au/issues/376
while newer versions (5.3.4) failed to run monitor mode and/or packet injection:
https://github.com/aircrack-ng/rtl8812au...-520844406
Also it is a long way to make a driver (nearly) perfect:
https://github.com/openwrt/mt76/issues/2...-500999516
But you can't be sure, that this (nearly) perfect driver will work in future times, if a new issue occured:
https://bugzilla.kernel.org/show_bug.cgi?id=202541
https://bugzilla.kernel.org/show_bug.cgi?id=202243
until it will be finally fixed.
Posts: 43
Threads: 11
Joined: Aug 2019
Are you saying that libpcap is secret and nobody else has worked out how to code monitor mode for windows, no open source?
Posts: 379
Threads: 0
Joined: Nov 2017
(08-15-2019, 05:30 PM)Ar76 Wrote: Are you saying that libpcap is secret and nobody else has worked out how to code monitor mode for windows, no open source?
Libpcap is extra overhead and requires additional resources. When you're using a wifi device with 32mb of memory, every bit counts.
You should really do some google searches before posting on this forum.
Posts: 1,044
Threads: 2
Joined: Jun 2017
08-15-2019, 10:52 PM
(This post was last modified: 08-15-2019, 11:27 PM by ZerBea.)
@ Ar76
No, libpcap is open source. You can get every information here:
https://github.com/the-tcpdump-group/libpcap
Additionally you need a driver. This driver must support monitor mode and full packet injection! You can find information how to code it here:
https://github.com/microsoft/Windows-dri...k/wlan/WDI
How to capture traffic can be read here:
https://wiki.wireshark.org/CaptureSetup/WLAN
I suggest to read the part starting at "WinPcap"
Supported adapters can be found here:
https://secwiki.org/w/Npcap/WiFi_adapters
And again:
To perform an active attack vector the driver must support full packet injection, too!