1

I have a question that I can't seem to find a complete answer for. This may not be something that is possible, but I am hoping someone will have a solution.

At my work, we process wireless sniffs in wireshark. We have a shell script to merge and filter the files into the forms that we want, but we still have to manually generate a PSK and add it in wireshark preferences to decrypt each file for analysis. I would like to add a line to decrypt the main file before filtering and save it in a decrypted format.

Here is the problem: I know I can use the -o flag when running tshark to add the psk to the computers decryption keys, but the processing is done on one computer then the files are distributed among many employees for analysis, so I need the files themselves decrypted.

I know I can use aircrack-ng to decrypt pcap files, but we use pcapng files and aircrack does not recognize those.

Is there any solution? It would even help if I could somehow generate a psk from ssid and password and save that as a text file, but there does not even seem to be a clean way to do that.

We use Ubuntu 16.04 as our OS. Wireshark version 2.0.2.

  • If you have a way to do this with pcap files then why not convert the pcapng to pcap files and apply this tool? – Steffen Ullrich Mar 31 '17 at 04:40
  • Unfortunately pcap is an older format and you lose some information when converting. –  Mar 31 '17 at 16:44

2 Answers2

1

Is there any solution? It would even help if I could somehow generate a psk from ssid and password and save that as a text file, but there does not even seem to be a clean way to do that.

If you know how to use python, try this:

import sys
import binascii
from passlib.utils import pbkdf2

orig_stdout = sys.stdout
f = file('savefile.txt', 'w') # Specify the name and path of the output file.
sys.stdout = f

essid = 'examplessid' # Set ESSID
password = 'examplepassword' # Set password

psk = pbkdf2.pbkdf2(str.encode(password), str.encode(essid), 4096, 32)
print binascii.hexlify(psk)

sys.stdout = orig_stdout
f.close()

It will save psk to a text file. Tested in python 2.7

user633551
  • 353
  • 1
  • 4
  • Thanks! It doesnt solve everything I was hoping for, but is the best workaround I have seen so far. –  Mar 31 '17 at 04:24
0

I had a similar question some time ago, and asked it on superuser. Since I'm unsure as to how to mark this as a duplicate, and it seems rather rude to do so, I'll just give you the link

Same question, more specific use-case.

TheFuzzyFish
  • 25
  • 2