Airdecap-ng

Z ICT security wiki | airdump.cz
Přejít na: navigace, hledání

Obsah

Description

S airdecap-ng lze dešifrovat zachycený WEP/WPA/WPA2 soubor. Stejně tak lze aplikaci použít pro odstranění wireless hlaviček z nešifrovaného wireless záznamu. Výstupem je nový soubor končící na "-dec.cap", který je dešifrovanou/obranou verzí vstupního souboru.

Použití

 airdecap-ng [volba] <pcap soubor>
Option Parametr Volba Description
-l nedostranovat 802.11 hlavičku
-b |bssid|access point MAC address filter
-k |pmk|WPA/WPA2 Pairwise Master Key in hex
-e |essid|target network ascii identifier
-p |pass|target network WPA/WPA2 passphrase
-w |key| target network WEP key in hexadecimal

Wildcards may be used on the input file name providing it only matches a single file. In general, it is recommended that you use a single file name as input, not wildcarding.

Příklady použití

The following removes the wireless headers from an open network (no WEP) capture:

 airdecap-ng -b 00:09:5B:10:BC:5A open-network.cap

The following decrypts a WEP-encrypted capture using a hexadecimal WEP key:

 airdecap-ng -w 11A3E229084349BC25D97E2939 wep.cap

The following decrypts a WPA/WPA2 encrypted capture using the passphrase:

 airdecap-ng -e 'the ssid' -p passphrase  tkip.cap

Usage Tips

WPA/WPA2 Requirements

The capture file must contain a valid four-way handshake. For this purpose having (packets 2 and 3) or (packets 3 and 4) will work correctly. In fact, you don't truly need all four handshake packets.

As well, only data packets following the handshake will be decrypted. This is because information is required from the handshake in order to decrypt the data packets.


How to use spaces, double quote and single quote in AP names?

See this FAQ entry

Usage Troubleshooting

None at this time.

Osobní nástroje
Jmenné prostory

Varianty
Akce
Portál AMP
WiKi Navigace
Nástroje