Comments (6)
ZerBea
commented on July 24, 2024
1
Nice idea. Let me think about it how to implement it.
I think we filter the MAC by BPF and exit if we got a PMKID or a handshake. That is the fastest way.
from hcxdumptool.
ZerBea
commented on July 24, 2024
1
This new option in combination with a BPF is a nice improvement. Depending on BPF commands it is working on APs as well as on CLIENTs and all combinations of APs and CLIENTs.
And it running in kernels space which is ultra fast compared to a walk through a MAC list in user space.
from hcxdumptool.
ZerBea
commented on July 24, 2024
Please test latest commit:
--exitoneapol=<type> : exit on first EAPOL occurrence:
bitmask:
1 = PMKID
2 = EAPOL M2
4 = EAPOL M3
target BPF filter is recommended
set monitor mode:
$ sudo hcxdumptool -m wlp22s0f0u9u3
Requesting physical interface capabilities. This may take some time.
Please be patient...
interface information:
phy idx hw-mac virtual-mac m ifname driver (protocol)
---------------------------------------------------------------------------------------------
0 3 c83a35dc9ef0 b025aae7f0ba + wlp22s0f0u9u3 rt2800usb (NETLINK)
available frequencies: frequency [channel] tx-power of Regulatory Domain: DE
2412 [ 1] 20.0 dBm 2417 [ 2] 20.0 dBm 2422 [ 3] 20.0 dBm 2427 [ 4] 20.0 dBm
2432 [ 5] 20.0 dBm 2437 [ 6] 20.0 dBm 2442 [ 7] 20.0 dBm 2447 [ 8] 20.0 dBm
2452 [ 9] 20.0 dBm 2457 [ 10] 20.0 dBm 2462 [ 11] 20.0 dBm 2467 [ 12] 20.0 dBm
2472 [ 13] 20.0 dBm 2484 [ 14] disabled
monitor mode is active...
bye-bye
create target BPF:
$ tcpdump -i wlp22s0f0u9u3 wlan addr3 08:96:d7:98:e1:9e -ddd > attack0896d798e19e.bpf
run hcxdumptool:
$ sudo hcxdumptool -c 10a --exitoneapol=4 --attemptclientmax==0 --bpf=attack0896d798e19e.bpf
CHA LAST R 1 3 P S MAC-AP ESSID (last seen on top) SCAN-FREQUENCY: 2457
-----------------------------------------------------------------------------------------
[ 10] 12:06:05 + 0896d798e19e AP_7272
LAST E 2 MAC-AP-ROGUE MAC-CLIENT ESSID (last seen on top)
-----------------------------------------------------------------------------------------
exit on EAPOL M1M2M3
$
Please notice:
Using option --attemptclientmax==0 will prevent that the CLIENT connect to hcxdumptool instead of connecting to its AP.
from hcxdumptool.
ZerBea
commented on July 24, 2024
We use a bitmask. Using
"--exitoneapol=7"
hcxdumptool will exit on a PMKID or on AN EAPOL M1M2 or on an EAPOL M1M2M3
matrix:
1 = exit on PMKID
2 = exit on EAPOL M1M2
4 = exit on EAPOL M1M2M3
3 = exit on PMKID or EAPOL M1M2
5 = exit on PMKID or EAPOL M1M2M3
6 = exit on EAPOL M1M2 or EAPOL M1M2M3
7 = exit on PMKID or EAPOL M1M2 or EAPOL M1M2M3
It is possible to add more than one AP to the BPF, but hcxdumptool will exit on the first occurrence of an EAPOL MESSAGE PAIR or a PMKID coming from one of the filtered targets.
from hcxdumptool.
ZerBea
commented on July 24, 2024
Please notice that some of the possible bitmask combinations do not make sense, e.g.:
exitoneapol=6 does not make sense, because you never get an EAPOL M1M2M3 because hcxdumptool terminate after and EAPOL M1M2 has been received.
If an AP transmit a PMKID you will never get an EAPOL M1M2 on option --exitoneapol=3, because hcxdumptool terminate after the PMKID has been received.
from hcxdumptool.
AnotherWayIn
commented on July 24, 2024
yes sorry, i realised after i posted how bit masking works. thanks very much for the quick delivery of this. i'll test it out in the morning
from hcxdumptool.
Related Issues (20)
- iwlwifi info
- need obtain to additional data HOT 3
- wlan-ipadstartstop101.pcapng HOT 1
- beware! linux-firmware has changed mt76 fw path HOT 2
- Lists (aplist, clientlist, etc) are sorted AFTER item is evicted, potentially resulting in something not LRU being dropped HOT 10
- Doubt about hcxdumptool output (Columns "P", "3" and "2") HOT 1
- possible that a certain lib is interfering with the awus036achm mt7610u drivers HOT 1
- mt7921u driver is busy: failed to transmit proberesponse HOT 5
- Inconsistencies in (de?)referencing buffers for fd_socket_tx writes (send_80211_* functions) HOT 6
- Some problems HOT 4
- hcxdumptool: invalid option -- 'o' HOT 5
- HCXDumpTool runtime error on MediaTEK MT7922 / MT7921E HOT 19
- HCXDumpTool & MediaTEK MT7922 / MT7921E (Part 2) HOT 3
- orange pi zero HOT 1
- hcxdumptool: unrecognized option 'enable_status=15' HOT 2
- Is the problem in the driver or in the operating system? HOT 1
- Add a gpiowait.svg alongside gpiowait.odg HOT 2
- attack behaviors rules HOT 65
- openwrt: Issue finding interfaces HOT 44
- Android build instructions HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hcxdumptool.