Save decrypted pcap or decrypt on reading with rdpcap

Question

I created a small program with runs command:

tshark -i2 -o wlan.enable_decryption:TRUE -o "uat:80211_keys:\"wpa-pwd\",\" Passphrase:SSID\"" -w test.pcapng

This creates the file test.pcapng, but it is not decrypted. I know from Wireshark docs that you cannot save decrypted file. You can only open it in Wireshark and provide wifi key or using that command and filter everything you want. Can I somehow read and decrypt on the fly using rdpcap because I created a very long program that uses rdpcap to read pcap and then it extracts all important (relevant) info. I don't want to just delete it, is there any way to decrypt it using rdpcap?

EDIT:
I found pyDot11 which seems to do what I want but there is no guide or example code for decrypting WPA. Can someone share the code for decrypting WPA?

I believe your question may be a duplicate: https://security.stackexchange.com/questions/157678/wireshark-cant-decrypt-wpa2-lan-traffic — safesploit, Sep 15 '18 at 21:12
But I can decrypt it in wireshark. I see decrypted packets, but I want to save it somehow or decrypt them using scapy — Adrian Rudy Dacka, Sep 16 '18 at 07:45

score 0 · Accepted Answer · edited Sep 23 '18 at 12:45

0

You use airdecap to decrypt and save 802.11.

edited Sep 23 '18 at 12:45

schroeder

123,438
55
284
319

answered Sep 23 '18 at 11:31

Adrian Rudy Dacka

43
7

Save decrypted pcap or decrypt on reading with rdpcap

1 Answers1