airdecap
Project Homepage:
http://www.cr0.net:8040/code/network/
(OFFLINE)
Project Homepage:
Local Mirror
aircrack-2.41.tar.gz MD5: 05A37C8A165EFB11EA226829C809DEB3
NOTE: The next generation of Aicrack:
Aircrack-ng is now
available!
airdecap is a tool for decrypting WEP and WPA capture files.
This can be useful if we which to confirm a WEP or WPA key that we have acquired
using one of the WEP or WPA cracking programs.
Usage
Decrypting WEP
Decrypting WPA
To decrypt a WEP capture
"WEP-capture-01.cap" we specify the WEP key with the -w switch.
airdecap -w
866578388f517be0b4818a0db1 WEP-capture-01.cap
As can be seen airdecap
has successfully decrypted all 151 WEP data packets thus confirming that
the WEP key is indeed 866578388f517be0b4818a0db1.
The file
WEP-capture-01-dec.cap has now also been created which is an unencrypted
version of our capture file. This file is a standard pcap file and can be
viewed in ethereal or tcpdump (e.g. tcpdump -r WEP-capture-01-dec.cap)
Because WPA encryption not only make use of a pass-phrase but also salts the
process with the network SSID we are required to supply both the SSID and WPA
pass-phrase.
airdecap -e cuckoo -p sausages wpa-test.cap
<image>
In the above example cuckoo is the network SSID for our capture
wpa-test.cap and sausages is the WPA pass-phrase.
The file wpa-test-01-dec.cap has now also been created which is an
unencrypted version of our capture file. This file is a standard pcap file
and can be viewed in ethereal or tcpdump (e.g. tcpdump -r
wpa-test-01-dec.cap)
Using the -b switch (BSSID) we can specify which BSSID to decrypt with
airdecap. Handy if our capture file contains the traffic from several
different networks.
|
Linux
