• Stars
    star
    135
  • Rank 269,297 (Top 6 %)
  • Language
    C++
  • Created over 11 years ago
  • Updated over 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

An 802.11 WEP/WPA2 on-the-fly decrypter.

dot11decrypt

dot11decrypt is a WEP/WPA2(AES and TKIP) on-the-fly decrypter.

Description


dot11decrypt requires a wireless interface in monitor mode and the appropriate information required to decrypt the encrypted traffic. The decrypted traffic is encapsulated using Ethernet frames and written to a tap device.

After that, you can use any application(such as tcpdump, wireshark, ngrep, etc) that interprets network traffic to analyze the decrypted traffic.

This is not a WEP/WPA2 cracker, it is just a tool that allows you to use other tools that don't support the decryption of encrypted traffic.

There's a more detailed explanation of this application in my blog.

Requirements


The only requirement is libtins >= v1.1, compiled using support for WPA2 decryption(this is enabled by default), and a fairly recent C++ compiler. g++ 4.6 is enough, probably 4.5 works as well, but I haven't had the chance to try it.

Compilation


In order to compile, run:

mkdir build
cd build
cmake ..
make

Decrypting data


In order to decrypt WEP/WPA2 encrypted frames, the following data is required:

  • WEP: The access point's BSSID(aka MAC address) and the WEP key.
  • WPA2: The access point's SSID(aka "name") and the PSK(aka "password").

dot11decrypt supports the decryption of both WPA2 AES(CCMP) and TKIP. If there are more than one access points that broadcast the same SSID, then all of them will be decrypted.

In order to decrypt WPA2, the application waits for Beacon frames, so as to identify the BSSIDs associated with each SSID. Afterwards, it waits for EAPOL handshakes, which are required for decryption. Note that if the 4-way handshake is not processed, then decryption will not be successful. After that, the traffic sent by clients for which the handshake was captured will be decrypted.

Decrypted packets


When the application is launched, a tap network interface will be created. Every decrypted packet will be encapsulated using Ethernet frames and written to that interface.

Usage


In order to use dot11decrypt, you need to specify the interface in which to listen and the decryption options:

./dot11decrypt wlan0 wpa:MyAccessPoint:some_password
./dot11decrypt mon0 wep:00:01:02:03:04:05:blahbleehh

The wpa: option allows you to decrypt both WPA and WPA2 encrypted packets.

You can provide as many decryption data tuples as you want.

More Repositories

1

libtins

High-level, multiplatform C++ network packet sniffing and crafting library.
C++
1,897
star
2

cppkafka

Modern C++ Apache Kafka client library (wrapper for librdkafka)
C++
557
star
3

presenterm

A terminal slideshow tool
Rust
487
star
4

Programs-Scripts

The tiny programs and scripts that don't deserve a project, but I still want to share.
C
214
star
5

ces

CLI for crypto exchanges
Python
49
star
6

packet-capture-benchmarks

Packet capture libraries benchmark
C++
31
star
7

sloth-fuzzer

A smart file fuzzer.
C++
26
star
8

blind-sqli

A simple python script that exploits blind SQL Injections. Useful for PoCs.
Python
24
star
9

trustrl

CLI tool to manipulate URLs
Rust
8
star
10

mergebro

The bro you need when you want to merge a pull request
Rust
5
star
11

pytins

Python bindings for libtins
C++
4
star
12

tcp-stream-assembler

C++
4
star
13

bogeyman-remote-cpp

C++ remote client for samelat/bogeyman
C++
2
star
14

libtins-sanitizers

Random short apps using libtins to find errors in packet parsing/serialization
C++
2
star
15

bgprust

Rust library to parse BGP (MRT/Zebra) files
Rust
2
star
16

DirHound

Crawler + Directory/file bruteforcer
Haskell
2
star
17

procmon

A tiny project to play around with eBPF
Rust
1
star
18

shaplim

Shared Playlist Manager
C++
1
star
19

dotfiles

m'dotfiles
Lua
1
star
20

roberto

Yet another Socks proxy server
C++
1
star
21

sockwho

Use eBPF tracepoints to inspect socketaddrs
Rust
1
star
22

brainchuck

A LLVM based brainfuck JIT compiler
Rust
1
star
23

SMTPPot

An extensible SPAMPot
Python
1
star
24

shaplim-gui

A shaplim GTK interface
Python
1
star
25

dns-metrics

A Rust toy project to capture DNS packets and expose metrics about them via a prometheus compatible endpoint
Rust
1
star