Jump to content

do I have to clean my .cap before cracking it?


Recommended Posts

hi! I would like to know if I need to clean my wpa handshake captured with aircrack-ng before converting it to hccap for cracking it in hascat? When I use the tool wpaclean in kali-linux It seems to remove important part of 4 ways handshake... Can I just use the file with all the junk traffic and the full handhsake inside it without having problems? I dont want to spend a day to crack a broken handshake.


If I got the 4 way handshake like this picture for the same client I should be ok even with a .cap file not clean?

Link to comment
Share on other sites

I have cleaned cap files before. When the are super large and only want the relevant information...

processing extremely large pcap files eat up resources and causes delay results if you plan on processing the file multiple times over and over again...

You should be fine.

Link to comment
Share on other sites

Ive run large pcap files and they will skyrocket my cpu temps (95C), but smaller ones will keep it more reasonable(75C)

Link to comment
Share on other sites

Thx for all the responsse! I can confirm that this is working without a problem! hascat is pulling the important information from the pcap file by himself and crack the password like diginija said. I prefer not cleaning the file to prevent myself from beaking an otherwise perfect handshake!

Link to comment
Share on other sites

I capture a new handhsake yesterday, But it seem I had a lot of broken one before aircrack-ng finaly detect a good one. By looking at the last 4 packet with the eapol filter in wireshark I was able to see that it was a good handshake because the packet 1,2,3,4 were here. I also check that the replay value was the same for the first 2 packet and the same for the last 2 packet and I make sur that the nouce value was the the same for the first and third packet.

I followed this page to make sure everything was good : http://aircrack-ng.org/doku.php?id=wpa_capture&DokuWiki=074d5917c87bb3032d8c42de85f2e8da

After that I selected the 4 good eapol packet and selected one brocast becon frame and put it in a new file like on the pictures.



Do you guys see any error in the way I am making sure that the .cap handshake is good before converting it to hccap?

Link to comment
Share on other sites

aircrack-ng doesn't see any problems:

$ aircrack-ng bell919.cap
Opening /home/robin/Desktop/bell919.cap
Read 5 packets.
   #  BSSID              ESSID                     Encryption
   1  54:64:D9:EA:47:8F  BELL919                   WPA (1 handshake)
Choosing first network as target.
Opening bell919.cap

We have to assume you have permission to test this AP so have the person who knows the PSK put it in a file and test that it will work.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...