Loading

Sunday, July 12, 2009

Decrypting WPA with AirPcap in Windows

When AirPcap was first released, only WEP decryption was supported. However, with the release of Wireshark 0.99.5 it is possible to decrypt WPA packets with the AirPcap adapter in Windows. Here’s how:
  1. Install Wireshark
  2. Run Wireshark
  3. Go: View > Wireless Toolbar
  4. Click on “Decryption Keys…”
  5. Add a new decryption key. In my instance, because I know the Passphrase, I used WPA-PWD. If you’re doing penetration testing and, you have a 64byte string from something like AirCrack, you should use WPA-PSK.


  6. Capture away. In the screenshots below, I’ve filtered my own Wi-Fi card to cut down on the volume of ‘junk’ and demonstrate that it is, in fact, decrypting the packets on the WLAN.


For a lot more information on getting this set up, check out the AirPcap Userguide.

No comments:

Post a Comment