Wireless Security
decrypting WEP/WPA on the fly while sniffing Apr 04 2010 08:55PM
Robin Wood (dninja gmail com)
Hi
Are there any wifi sniffing tools that will decrypt different
encrypted networks on the fly giving a pcap stream on unencrypted
data.

For example, there are 2 WEP and 1 WPA APs in the area which I have
the keys for and there are also a couple of unencrypted APs. I want to
sniff all the traffic, channel hopping between them, and get an
unencrypted stream of data out onto an interface which I can then run
tools like dsniff on.

If it were a single AP then I would just associate with the correct
key and get the data that way but with multiple and a single card I
can't do that.

Is there anything out there to do this? If not, I was thinking it
could be done either directly in the sniffer or, to enable it to run
with any current sniffers there could be an app that would take the
data from the monitor mode interface and for each network decrypt it
creating a new virtual interface for each network or maybe just
re-merge the streams back into a new single interface.

Where this could be useful is if you are auditing a company with a
warehouse where the offices are on WPA, the warehouse is on old
handheld devices so stuck with WEP and they are also running an open
network for guests. This would let you get an idea of all traffic
through a single card.

Robin

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus