Comments on: William – WPA/WPA2 4-way handshake extraction script

By: blake

blake — Wed, 31 Jul 2019 17:20:09 +0000

god, thank you so much. I don’t know why, but validating that packets contain EAPOL data has been soooo painful.

By: Pentesting

Pentesting — Fri, 14 Dec 2018 05:42:50 +0000

I understand.
I would like to thank you so much for your time.

By: Jerome

Jerome — Wed, 12 Dec 2018 22:55:47 +0000

To be honest I’ve not been keeping much of an eye on this space for some time but I don’t believe so, no. I mean, even if you decrypted the packets somehow, you wouldn’t see what the public IP address of the router was. You’d have to inject packets to talk to services that return such information, or log in to the router itself. Which as far as I know means knowing the passphrase!

By: Pentesting

Pentesting — Wed, 12 Dec 2018 22:13:50 +0000

Oh damn !
Do you any suggestion to sniff public address ip of a target router AP (encrypted with WPA) ?
There is a solution : “wesside-ng” but only if the targer AP is encrypted with WEP.
Thank you in advance

By: Jerome

Jerome — Wed, 12 Dec 2018 22:09:20 +0000

No, the 4-way handshake won't leak this. Not that the 4-way handshake is always necessary these days! - see this article

By: Pentesting

Pentesting — Tue, 11 Dec 2018 23:36:01 +0000

Hello,
Sorry if i’m asking a question a little bit far of the subject of this post.
I would like to know if there is a solution to know the public ip address of a target Router AP (not connected to it) ?
If I capture a 4-way handshake, can I decrypt it to discover the public ip address ?
Thank you

By: Jerome

Jerome — Fri, 20 Oct 2017 16:31:07 +0000

This is a bit too far in the past for further work I’m afraid!

By: malik shab

malik shab — Fri, 20 Oct 2017 04:17:09 +0000

alternative clean up script ?

By: Jerome

Jerome — Sat, 31 Oct 2015 20:59:30 +0000

Hi. Assuming you’re running with the defaults, try running this in the same directory as your capture file:
tshark -r YOUR_FILE.cap -R “eapol.keydes.key_info == 0x010a || eapol.keydes.key_info == 0×0109″ -T fields -e eapol.keydes.mic -e wlan.bssid -e eapol.keydes.key_info -e wlan.sa
What output do you get?

By: Dan Biles

Dan Biles — Mon, 26 Oct 2015 18:30:17 +0000

Jerome,

thanks for william, but it’s telling me a valid (works everywhere else) .cap file from Airodum-ng is not a valid capture file and doesn’t (yes it does….that’s all it contains!) contain any EAPOL packets. I’m running this in Kali 2.0 linux in a VirtualBox on a Macbook pro.
thanks Dan Biles dbiles@comcast.net