Comments (26)
Thanks for notifying me, I tried the latest Kali Rolling & reproduced the bug.
It seems like wash
can't fingerprint WPS access points via the -i
option + the .cap from airodump-ng.
It might be due to changes in wash
, or how airodump-ng
writes the .cap file.
I may just move WPS-detection to a tshark
filter (on wps
) on the .cap file, and extracting the AP BSSIDs that have WPS-enabled flags.
from wifite2.
Use the wash tool to verify the bug.
from wifite2.
How can i do that?
Wash tool?
from wifite2.
Yeah wash, it comes with reaver...
from wifite2.
is there any fix for this?
from wifite2.
My guess is that this is a relatively easy to solve bug since the tool itself, wash, works fine.
I'll try to look into it if i get some time.
from wifite2.
i'm not certain what @derv82 want's to do with the -i option, it is meant to be used with an interface, not a pcap file. there is however the -j json mode which we added specifically for 3rd party tools like wifite, with the guarantee that we won't change its output (merely adding new fields, if it makes sense), unlike the regular scan ouput.
from wifite2.
what should i do exactly?
I am new in this
Commands or etc?
Thanks
from wifite2.
I'm having this same issue, latest Kali fully updated, wash v1.6.4 and latest version of wifite2.
If i run wash all WPS routers are correctly shown, but wifite shows all of them as no WPS, and of course it won't let me try --pixie over a router i know that have WPS enabled.
from wifite2.
Confirmed for me on the latest kali nightly, behaviour the same for the first version as well
from wifite2.
I also confirm having the same issue. All is red in WPS column, even I have 2 routers tested with WPS on and nothing works properly... What a pityπ
from wifite2.
I remember back in the days using it with backtrack 5, all was working fine but now with Kali there are issues. If the devs receive our messages maybe there is hope...
from wifite2.
Which version backtrack?
from wifite2.
Backtrack 5 r3, but now there's no support or updates to use it. I tried it and does not work with the new version of wifite...I found a version of BT5 online but wifite is not installed by default. When I was using it 2 years ago approx. I had older version of wifite installed of course. I will try to find older versions and try if it works. If yes I will post the solution....
from wifite2.
@mrboombastik backtrack 5 was released long before wifite2 was around.
You are thinking of wifite
And @Obakemono the tool doesn't use wash to my knowledge... It uses the aircrack suite. Whole different beast
from wifite2.
@rofl0r @kcdtv any input on wash here?
from wifite2.
@derv82 What should we do?
I am new.
Can you prepare a tutorial for this?
Thanks
from wifite2.
@Uraniumhazee Follow this issue if you want to know when this is fixed.
@rofl0r Sorry, I meant Wash's -f
option instead of -i
when specifying input files.
Here's a .cap file with beacon frames that include WPS flags: https://github.com/derv82/wifite2/raw/master/py/tests/files/handshake_exists.cap
Airodump detects 1.0 DISP
WPS feature on the AP:
# Read the handshake .cap using airodump
% airodump-ng -r handshake_exists.cap --wps
BSSID PWR Beacons Data /s CH MB ENC CIPHER AUTH WPS ESSID
A4:2B:8C:16:6B:3A 0 1 13 0 11 54e. WPA2 CCMP PSK 1.0 DISP Test Router Please Ignore
^^^^^^^^
Wireshark shows numerous wps.*
attributes on the beacon frames in the .cap file.
% wireshark handshake_exists.cap
# Filter `wps`
But wash -f handshake_exists.cap
shows no output:
% wash -f handshake_exists.cap
Wash v1.6.4 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner
BSSID Ch dBm WPS Lck Vendor ESSID
--------------------------------------------------------------------------------
The -j
option makes no difference as no access points are found (response is empty).
% wash -f handshake_exists.cap -j
Wash v1.6.4 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner
- Should
wash
detect access points in this .cap file? - Has anything changed in how
wash
detects WPS networks in the past few years? - How does
wash
detect WPS networks? - I.e. what PCap properties / heuristics are used?
- Is it here? https://github.com/t6x/reaver-wps-fork-t6x/blob/master/src/libwps/libwps.c#L225
I'm thinking of rolling my own WPS-detection for a given Cap file using tshark & text-parsing. But the --json
approach in wash
is ideal.
from wifite2.
this .cap has no radiotap header, and wash mistakenly tried to check the FCS checksum. fixed in e9ab13a ^
from wifite2.
regarding your other questions: wps is detected when the beacon had a vendor-specified IE from microsoft with WPS in its tagged elements. this hasn't changed since day 1. what has changed is that wash used to have a completely broken FCS check which has been disabled. i fixed it and reenabled it, but did not think about that it might get called with pcap's lacking a radiotap header. HTH
from wifite2.
btw, this issue might be relevant for wifite t6x/reaver-wps-fork-t6x#199 . it is recommended to send out a burst of probe request to broadcast address ff:ff:ff:ff:ff:ff prior to passing the pcap to wash, so you have probe responses from each AP.
alternatively you could run wash live (instead of using a pcap) and use the --scan option with -n. afaik there are no issues when several programs use the same monitor device, at least not on recent kernels.
from wifite2.
@rofl0r: Thanks for info on how WPS packets are detected in Wash. I opted to use Tshark's filters to extract WPS-enabled APs from cap files.
Whoops, reopening until others confirm the issue is resolved.
@ Everyone,
Please let me know if the latest version (080e674) works, and that Wifite can successfully detect WPS networks again.
Note: The new version uses the tshark
program to detect WPS networks. If you don't have it installed, you'll probably see errors or WPS: n/a
in the targets list.
from wifite2.
WPS detection works fine for me now with the latest version.
Thank you! :D
from wifite2.
@derv82
WPS detection works fine but this time wps pin attack doesn't work.
Look at the SS's please
https://imgur.com/PbyNqVy
https://imgur.com/0TbbR8C
it stucks and doesn't try pins.
from wifite2.
Yep, having same issue also me.
I am not quite sure but I think that pixie dust don't work either well....
from wifite2.
Sounds like WPS detection works. Resolving!
But seriously, Wifite 2's WPS attacks are broken right now.
I am working on fixing it. See #28 for tracking on this issue.
Until then, you'll have to run reaver
or bully
manually like a neanderthal.
# Running reaver:
reaver -i INTERFACE -vv -K -c CHANNEL -b BSSID
# Example for channel 11 and interface wlan0mon:
reaver -i wlan0mon -vv -K -c 11 -b AA:BB:CC:DD:EE:FF
# Running bully:
bully --pixiewps -c CHANNEL -b BSSID IFACE
# Example for channel 11 and interface wlan0mon:
bully --pixiewps -c 11 -b AA:BB:CC:DD:EE:FF wlan0mon
from wifite2.
Related Issues (20)
- Wifite2
- Cory
- Wifite
- How to change the save folder of airodump-01.cap
- Failed: Reaver process stopped (exit code: -11)
- [hcxtools] Recommended Package Name Resolution Issue!
- Root termux.
- Gune
- Warning!! [HELP] for Wifite2 HOT 2
- Wifite HOT 2
- [Feature] WPS PIN Attack Timeout or max duration
- Wifi HOT 1
- [NetHunter] Fail to enable monitoring on wlan0 HOT 2
- Wifite HOT 2
- monitor mode
- Wifite HOT 3
- Please fixe the problem HOT 1
- Yoo
- after cracking wps enable network Wifite's 2nd time scan shows wps turned off
- Cannot find any interfaces in monitor mode ( in wifite using ubuntu for root( in root))
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wifite2.