Wireless Security
decrypting WEP/WPA on the fly while sniffing Apr 04 2010 08:55PM
Robin Wood (dninja gmail com) (3 replies)
Re: decrypting WEP/WPA on the fly while sniffing Apr 05 2010 05:53AM
Jose Selvi (jselvi pentester es) (2 replies)
Re: decrypting WEP/WPA on the fly while sniffing Apr 06 2010 09:26AM
Robin Wood (dninja gmail com)
RE: decrypting WEP/WPA on the fly while sniffing Apr 05 2010 07:40PM
Harris, Michael C. (HarrisMC health missouri edu) (1 replies)
RE: decrypting WEP/WPA on the fly while sniffing Apr 06 2010 11:38AM
Ivan Davidkov (ivan davidkov gmail com) (1 replies)
Re: decrypting WEP/WPA on the fly while sniffing Apr 06 2010 12:04PM
Robin Wood (dninja gmail com) (1 replies)
Re: decrypting WEP/WPA on the fly while sniffing Apr 06 2010 07:50PM
Joshua Wright (jwright hasborg com) (1 replies)
Re: decrypting WEP/WPA on the fly while sniffing Apr 06 2010 08:53PM
Cedric Blancher (blancher cartel-securite fr)
Re: decrypting WEP/WPA on the fly while sniffing Apr 05 2010 04:19AM
chr1x (chr1x sectester net)
Re: decrypting WEP/WPA on the fly while sniffing Apr 05 2010 01:42AM
Richard Farina (sidhayn gmail com) (1 replies)
Robin Wood wrote:
> Hi
> Are there any wifi sniffing tools that will decrypt different
> encrypted networks on the fly giving a pcap stream on unencrypted
> data.
>
Kismet and Wireshark can both decrypt data live, Kismet only does WEP
but Wireshark can do both.
> For example, there are 2 WEP and 1 WPA APs in the area which I have
> the keys for and there are also a couple of unencrypted APs. I want to
> sniff all the traffic, channel hopping between them, and get an
> unencrypted stream of data out onto an interface which I can then run
> tools like dsniff on.
>
That is a big negative, if you are channel hopping when the WPA key
rotates you are boned until reconnection happens. I strongly suggest
dropping the requirement to perform channel hopping, wifi cards are cheap.

-Rick Farina
> If it were a single AP then I would just associate with the correct
> key and get the data that way but with multiple and a single card I
> can't do that.
>
> Is there anything out there to do this? If not, I was thinking it
> could be done either directly in the sniffer or, to enable it to run
> with any current sniffers there could be an app that would take the
> data from the monitor mode interface and for each network decrypt it
> creating a new virtual interface for each network or maybe just
> re-merge the streams back into a new single interface.
>
> Where this could be useful is if you are auditing a company with a
> warehouse where the offices are on WPA, the warehouse is on old
> handheld devices so stuck with WEP and they are also running an open
> network for guests. This would let you get an idea of all traffic
> through a single card.
>
> Robin
>
>

[ reply ]
Re: decrypting WEP/WPA on the fly while sniffing Apr 05 2010 10:25AM
Robin Wood (dninja gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus