1

I created a small program with runs command:

tshark -i2 -o wlan.enable_decryption:TRUE -o "uat:80211_keys:\"wpa-pwd\",\" Passphrase:SSID\"" -w test.pcapng

This creates the file test.pcapng, but it is not decrypted. I know from Wireshark docs that you cannot save decrypted file. You can only open it in Wireshark and provide wifi key or using that command and filter everything you want. Can I somehow read and decrypt on the fly using rdpcap because I created a very long program that uses rdpcap to read pcap and then it extracts all important (relevant) info. I don't want to just delete it, is there any way to decrypt it using rdpcap?

EDIT:
I found pyDot11 which seems to do what I want but there is no guide or example code for decrypting WPA. Can someone share the code for decrypting WPA?

safesploit
  • 1,827
  • 8
  • 18
  • I believe your question may be a duplicate: https://security.stackexchange.com/questions/157678/wireshark-cant-decrypt-wpa2-lan-traffic – safesploit Sep 15 '18 at 21:12
  • But I can decrypt it in wireshark. I see decrypted packets, but I want to save it somehow or decrypt them using scapy – Adrian Rudy Dacka Sep 16 '18 at 07:45

1 Answers1

0

You use airdecap to decrypt and save 802.11.

schroeder
  • 123,438
  • 55
  • 284
  • 319