|
|
Wireless Security
decrypting WEP/WPA on the fly while sniffing Apr 04 2010 08:55PM Robin Wood (dninja gmail com) (3 replies) Re: decrypting WEP/WPA on the fly while sniffing Apr 05 2010 05:53AM Jose Selvi (jselvi pentester es) (2 replies) RE: decrypting WEP/WPA on the fly while sniffing Apr 05 2010 07:40PM Harris, Michael C. (HarrisMC health missouri edu) (1 replies) RE: decrypting WEP/WPA on the fly while sniffing Apr 06 2010 11:38AM Ivan Davidkov (ivan davidkov gmail com) (1 replies) Re: decrypting WEP/WPA on the fly while sniffing Apr 06 2010 12:04PM Robin Wood (dninja gmail com) (1 replies) Re: decrypting WEP/WPA on the fly while sniffing Apr 06 2010 07:50PM Joshua Wright (jwright hasborg com) (1 replies) Re: decrypting WEP/WPA on the fly while sniffing Apr 06 2010 08:53PM Cedric Blancher (blancher cartel-securite fr) Re: decrypting WEP/WPA on the fly while sniffing Apr 05 2010 01:42AM Richard Farina (sidhayn gmail com) (1 replies) |
|
Privacy Statement |
Hash: SHA1
Hi Robin,
As Richard said, one of the available tools is Wireshark. In this case,
if you are trying to get access to the data that going over an encrypted
tunnel (e.g. SSL) you can do it using keys to be able to perform the
MITM attack [1]. Obviously, through this way you should have those
private keys which is not functional for this cases in where you
probably don't have access to the AP keys.
I never did before a kind of test as you noted, but at this time I have
a similar environment (talking about open/closed AP's) in where I can
practice your question.
Let's keep in contact to see my results at my end.
chr1x
[1] *
http://forums.remote-exploit.org/tutorials-guides/9011-sniffing-ssl-traf
fic-using-mitm-attack-ettercap-fragrouter-webmitm-dnsspoof.html
*
http://blogs.sun.com/beuchelt/entry/decrypting_ssl_traffic_with_wireshar
k
On 04/04/2010 03:55 p.m., Robin Wood wrote:
> Hi
> Are there any wifi sniffing tools that will decrypt different
> encrypted networks on the fly giving a pcap stream on unencrypted
> data.
>
> For example, there are 2 WEP and 1 WPA APs in the area which I have
> the keys for and there are also a couple of unencrypted APs. I want to
> sniff all the traffic, channel hopping between them, and get an
> unencrypted stream of data out onto an interface which I can then run
> tools like dsniff on.
>
> If it were a single AP then I would just associate with the correct
> key and get the data that way but with multiple and a single card I
> can't do that.
>
> Is there anything out there to do this? If not, I was thinking it
> could be done either directly in the sniffer or, to enable it to run
> with any current sniffers there could be an app that would take the
> data from the monitor mode interface and for each network decrypt it
> creating a new virtual interface for each network or maybe just
> re-merge the streams back into a new single interface.
>
> Where this could be useful is if you are auditing a company with a
> warehouse where the offices are on WPA, the warehouse is on old
> handheld devices so stuck with WEP and they are also running an open
> network for guests. This would let you get an idea of all traffic
> through a single card.
>
> Robin
>
>
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 9.0.800 / Virus Database: 271.1.1/2791 - Release Date: 04/04/10 13:32:00
>
- --
[CubilFelino Security Research Lab] - http://chr1x.sectester.net
"The computer security is an art form. It's the ultimate martial art."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJLuWTPAAoJEC7eoa2EW6vfGwcH/joxEV2jT2dw2c3KJwihY8y8
Gzl6R0BVAWHFouN6ycVGvAMjNkdPd2CjqxI6mYTYsZT+U80a3EqiLg2Uekv1c5bZ
wFcv5ZaK48flkIcZQ4K89wz+DRqTXVedBOlk4JZCOy4d9ZkGikE813+lEgBOnyJ+
XhNXcdI4mIfJ18qOG0gsZmdA2uIj2G119MKiMAFAKIN/R+x1U4OnaW4ZWa5gm8FK
L67ZNTPOJhRpQLZN/zHxBAaD2OZngluEIxw4Y/uQds1ucB51ZGbyuSt6rraOypDG
Aow9Lbe5paTIBlhXxISlVE0KmnvVa8yyAZbMaXAf+HO3MTHIuykrHH1RFXIewo8=
=xRKo
-----END PGP SIGNATURE-----
[ reply ]