1

I am currently working on a python script to crack WPA2. From this SO question:

How exactly does 4-way handshake cracking work?

I've all of the necessary fields as described, i.e. Addresses, NONCES, PSK, and ESSID. What i am not able to get is EAPOL payload which is used with KCK to compute Message Integrity Code (MIC). The question is what is this EAPOL payload and how can i get hold of it?

Shameer Kashif
  • 137
  • 1
  • 5

1 Answers1

0

EAPoL is an authentication protocol which is also used in WPA/WPA2. Its utility is to authenticate a user and establish a shared data from which the future encryption key will be derived.

EAPoL payload (i think you meant the handshake messages) are transmitted via Wi-Fi (in our case). The details of the actual payload content can be found here. So in order to get it, you need to:

  1. Ensure your wi-fi card supports monitor mode (e.g. listen to all the traffic nearby).
  2. Start to sniff that traffic (e.g. with help of WireShark and aircrack-ng tools)
  3. Deauthenticate a connected user to force him in re-authentication. That's when that handshake will occur and since you are listening to traffic, you'll be able to see and save it.

Here is a step-by-step guide into cracking WPA2 through EAPoL handshake. You should also know that in order to perform the crack you'll have to brute-force password which means you might succeed only if your password dictionary will contain a right one.

Andrii K
  • 62
  • 3
  • Yeah, i know that. Have you seen the answer of question, i've referenced. He used the word `EAPOL payload` while after digging some code from github, mostly programmers referenced it as `data`. I – Shameer Kashif Jul 22 '18 at 06:03
  • I do know what is EAPOL and how it works. I am just not familiar with what is its payload. – Shameer Kashif Jul 22 '18 at 06:04
  • @Shiri, I've updated the answer with the link which contains the details about payload content. – Andrii K Jul 23 '18 at 11:17
  • Thanks. The link helped. Your answer to some extent is perfect. EAPOL payload is the Raw data from 2nd EAPOL frame but with also the header information from EAPOL headers. – Shameer Kashif Jul 23 '18 at 11:55
  • The exact answer is EAPOL payload is the data from 2nd message of 4-way handshake but instead the 16 bytes of `MIC` are replaced by null-bytes. – Shameer Kashif Jul 23 '18 at 12:41