Airdecap-ng & Airdecloak-ng 介绍

Airdecap-ng 能够解密WEP/WPA/WPA2捕获文件,它还可以捕获从一个未加密的无线header的采集,然后输出一个新-dec.cap的文件,解密/剥去输入所捕获的文件。

Airdecloak-ng删除WEP隐身从pcap文件。它是通过读取输入文件并选择从一个特定的网络数据包。每个选择的包放到一个列表和分类(默认状态是“未知”)。过滤器被应用的顺序(由用户指定)在这个列表中。他们将会改变数据包的状态(未知,揭露,可能隐藏或隐藏)。过滤器的顺序很重要,因为每个过滤器将基础分析对数据包的状态以及不同的命令会给不同的结果。

作者:Thomas d’Otreppe, Original work: Christophe Devine
证书:GPLv2

Airdecap-ng Wiki
Airdecloak-ng Wiki
Airdecap-ng and Airdecloak-ng 主页
Kali aircrack-ng Repo 仓库

airdecap-ng - 解密WEP或WPA加密的pcap文件

root@kali:~# airdecap-ng --help

  Airdecap-ng 1.2 rc4 - (C) 2006-2015 Thomas d'Otreppe
  http://www.aircrack-ng.org

  usage: airdecap-ng [options] <pcap file>

  Common options:
    -l     don't remove the 802.11 header
    -b <bssid>   access point MAC address filter
    -e <essid>   target network SSID
    -o <fname>   output file for decrypted packets (default <src>-dec)

  WEP specific option:
    -w <key>   target network WEP key in hex
    -c <fname> output file for corrupted WEP packets (default <src>-bad)

  WPA specific options:
    -p <pass>  target network WPA passphrase
    -k <pmk>   WPA Pairwise Master Key in hex

    --help   Displays this usage screen

airdecloak-ng – 删除从pcap文件里的wep隐形框架

root@kali:~# airdecloak-ng --help

  Airdecloak-ng 1.2 rc4 - (C) 2008-2015 Thomas d'Otreppe
  http://www.aircrack-ng.org

  usage: airdecloak-ng [options]

  options:

Mandatory:
   -i <file>   Input capture file
   --ssid <ESSID>   ESSID of the network to filter
      or
   --bssid <BSSID>   BSSID of the network to filter

Optional:
-o <file>   Output packets (valid) file (default: <src>-filtered.pcap),
-c <file>   Output packets (cloaked) file (default: <src>-cloaked.pcap),
-u <file>   Output packets (unknown/ignored) file (default: invalid_status.pcap),
--null-packets   Assume that null packets can be cloaked,
--disable-base_filter   Do not apply base filter,
--drop-frag   Drop fragmented packets,
--help   Displays this usage screen,

--filters <filters>   Apply filters (separated by a comma),
  <Filters>:
     signal: Try to filter based on signal,
     duplicate_sn: Remove all duplicate sequence numbers for both the AP and the client,
     duplicate_sn_ap: Remove duplicate sequence number for the AP only,
     duplicate_sn_client: Remove duplicate sequence number for the client only,
     consecutive_sn: Filter based on the fact that IV should be consecutive (only for AP),
     duplicate_iv: Remove all duplicate IV,
     signal_dup_consec_sn: Use signal (if available), duplicate and consecutive sequence number (filtering is much more precise than using all these filters one by one),

airdecap-ng and airdecloak-ng 用法示例

airdecap-ng

与给定ESSID(-e test)和密码(-p biscotte),解密指定捕获的WPA(-r /usr/share/doc/aircrack-ng/wpa.cap)例子。

root@kali:~# tcpdump -r /usr/share/doc/aircrack-ng/examples/wpa.cap
reading from file /usr/share/doc/aircrack-ng/examples/wpa.cap, link-type PRISM_HEADER (802.11 plus Prism header)
03:01:06.609737 Beacon (test) [1.0* 2.0* 5.5* 11.0* Mbit] ESS CH: 7, PRIVACY[|802.11]
03:01:06.678714 EAPOL key (3) v1, len 95
03:01:06.678928 Acknowledgment RA:00:0d:93:eb:b0:8c (oui Unknown)
03:01:06.681525 EAPOL key (3) v1, len 119
03:01:06.681732 Acknowledgment RA:00:09:5b:91:53:5d (oui Unknown)
03:01:06.684370 EAPOL key (3) v1, len 119
03:01:06.684584 Acknowledgment RA:00:0d:93:eb:b0:8c (oui Unknown)
03:01:06.685502 EAPOL key (3) v1, len 95
03:01:06.685708 Acknowledgment RA:00:09:5b:91:53:5d (oui Unknown)
03:01:06.686775 Data IV:12000 Pad 20 KeyID 0
03:01:06.686984 Acknowledgment RA:00:0d:93:eb:b0:8c (oui Unknown)
03:01:06.688139 Data IV:12000 Pad 20 KeyID 0
03:01:06.688344 Acknowledgment RA:00:09:5b:91:53:5d (oui Unknown)

root@kali:~# airdecap-ng -e test -p biscotte /usr/share/doc/aircrack-ng/examples/wpa.cap
Total number of packets read            13
Total number of WEP data packets         0
Total number of WPA data packets         2
Number of plaintext data packets         0
Number of decrypted WEP  packets         0
Number of corrupted WEP  packets         0
Number of decrypted WPA  packets         2

root@kali:~# tcpdump -r /usr/share/doc/aircrack-ng/examples/wpa-dec.cap
reading from file /usr/share/doc/aircrack-ng/examples/wpa-dec.cap, link-type EN10MB (Ethernet)
03:01:06.686775 EAPOL key (3) v1, len 127
03:01:06.688139 EAPOL key (3) v1, len 95