5

Here my Problem:

If I am connected to a network (so I know the WPA/WPA2-PSK), I´d like to be able to decrypt the traffic I capture from other devices in the network. (If WEP is used, tcpdump does this automatically).

As far as I know, WPA uses something like a session key for each client in the WiFi - but I know this is possible - so I´m wondering HOW to do this. (If this is not possibile with tcpdump, how to do this "by hand"?)

Thanks for any help!

koch.trier
  • 604
  • 8
  • 21

3 Answers3

5

I've written a small, open source, application that does exactly this.

mfontanini
  • 21,410
  • 4
  • 65
  • 73
  • 1
    I used the app written by mfontanini and after a couple of minor compilation hiccups (had to figure out the dependencies a bit) it worked great on my ARM Ubuntu 14.04 system. You do have to remember that you need to disconnect and re-associate any device you want to dump 'cause the pgm needs to see the 4-way handshake to be able to decrypt. – TvE Apr 09 '15 at 16:02
4

If you capture the traffic with tcpdump and can save it to file you should be able to use Wireshark to decrypt it on a PC/Mac. You need to catch the association traffic and the four-way handshake and configure Wireshark with the PSK.

Per Knytt
  • 1,931
  • 1
  • 11
  • 14
0

TamoSoft has CommView for WiFi product which does what you need. As far as I know, decrypting WPA is a tricky task, and this is what they charge for.

Eugene Mayevski 'Callback
  • 45,135
  • 8
  • 71
  • 121
  • The problem is, I´m trying to do this on Android - so I´ll have to do something myself... Any other suggestions? – koch.trier Jun 01 '11 at 22:15
  • @user727035 afaik Commview *cracks* passcodes for WPA, i.e. they perform cryptographic analysis on-the-fly. And they know some tricks and weak places. So I doubt that this is easily doable. – Eugene Mayevski 'Callback Jun 01 '11 at 22:21