Closed GoogleCodeExporter closed 8 years ago
What do hidden SSIDs look like? Are they blank ("") or do they say something
else ("<hidden>")? Could you copy/paste the output?
Sorry, I don't have any hidden SSIDs where I am.
Original comment by der...@gmail.com
on 23 Sep 2010 at 9:40
Empty strings "".
18. "" (28dB WPA) *CLIENT*
Original comment by ian.pa...@gmail.com
on 23 Sep 2010 at 10:01
I think I was able to fix this bug in revision 17. I have no way of testing
this, so please let me know if hidden SSIDs still appear.
Original comment by der...@gmail.com
on 23 Sep 2010 at 10:10
I'll test it tomorrow and let you know.
Original comment by ian.pa...@gmail.com
on 23 Sep 2010 at 10:19
It's still including the hidden SSIDs in the attack. No change.
Original comment by ian.pa...@gmail.com
on 24 Sep 2010 at 8:44
WEP ATTACK
[+] attacking ""...
[0:09:56] attempting fake-authentication (attempt 3/3)
[0:09:55] fake authentication unsuccessful :(
[0:09:55] exiting attack...
----------------------------------------------------------------
WPA ATTACK
[+] attacking ""...
[0:01:00] starting wpa handshake capture
[0:00:54] sent 3 deauth packets;
Traceback (most recent call last):
File "./wifite.py", line 2749, in <module>
main() # launch the main method
File "./wifite.py", line 712, in main
attack(x - 1) # subtract one because arrays start at 0
File "./wifite.py", line 1436, in attack
attack_wpa(index)
File "./wifite.py", line 2225, in attack_wpa
proc_crack = subprocess.Popen(crack, stdout=subprocess.PIPE, stderr=open(os.devnull, 'w'), shell=True)
File "/usr/lib/python2.5/subprocess.py", line 594, in __init__
errread, errwrite)
File "/usr/lib/python2.5/subprocess.py", line 1153, in _execute_child
raise child_exception
TypeError: execv() arg 2 must contain only strings
----------------------------------------------------------------
Original comment by ian.pa...@gmail.com
on 24 Sep 2010 at 9:12
It would be great if the program could try to deauth a client if it's on a
hidden AP to try and uncloack the SSID before quiting out.
Original comment by ian.pa...@gmail.com
on 24 Sep 2010 at 9:17
Sorry. I did not know that airodump-ng outputs a null character for hidden
SSIDs (one nullchar for each letter of the hidden network).
SSIDs are required for cracking WPA (it is needed to check for a proper
handshake), so I will have Wifite remove hidden networks from the targets list.
This was (hopefully) fixed in revision 20.
I will look into deauthing clients when hidden networks are found, but this may
be a bit too advanced for me. Don't hold your breath.
Original comment by der...@gmail.com
on 24 Sep 2010 at 9:24
Cool, that's sorted hidden networks showing for now.
Good luck with the uncloaking of SSIDs :), it would make a great feature to an
already awesome tool!
Original comment by ian.pa...@gmail.com
on 24 Sep 2010 at 9:36
I think i got it... I whipped up a ghetto deauther, but it works (for me).
It only attempts to deauth if it's on a fixed channel (because deauthing while
channel-hopping is useless).
And it only deauths if it finds another client.
Let me know if you think it should deauth the entire router (not just the
client).
Also, should it not print out when it tries deauthing? Mine prints like 10
lines in a row before it's able to grab the SSID...
Updated in revision 21
Original comment by der...@gmail.com
on 24 Sep 2010 at 9:47
I think that just deauthing a client is enough. I'll setup something here to
test fully on the weekend.
Original comment by ian.pa...@gmail.com
on 24 Sep 2010 at 11:15
I'd hoped to be able to test this out more today, but as I'm away and the AP
here does not support hidden SSID (?!) I can't. I'll be back at my place on
Monday and I'll setup an OpenWRT AP with 1 hidden WEP and 1 hidden WPA.
Original comment by ian.pa...@gmail.com
on 25 Sep 2010 at 7:48
Thanks for testing. I tested it here and it worked, so I think it will work
for you, but I'll leave the issue Open until I get a confirmation.
Original comment by der...@gmail.com
on 25 Sep 2010 at 7:59
Original comment by der...@gmail.com
on 28 Sep 2010 at 6:40
Original issue reported on code.google.com by
ian.pa...@gmail.com
on 23 Sep 2010 at 6:37