Can't Capture Handshake

[jsl303]

airodump-ng captures fine when using aireplay-ng, but wifite just keeps looping deauth and listening without capturing. Other people are having the same problem. https://forums.kali.org/showthread.php?26521-Wifite-not-capturing-WPA-handshake

[NicoHood]

Me too. If I open a 2nd terminal with airodump-ng it captures the handshake while I abuse wifite to send deathauths every X seconds. But wifite itself wont recognize the handshake.

It also looks to me that sending deauths takes too long and the handshake listening is very short.

I am using Linux with a proper hardware that does work. (Mentioning that because not any wlan stick works for me, so I bought a recommended one).

[darkr4y]

I also hv this problem ~

[darkr4y]

I check the code

1. wifite will run airodump-ng , and save the cap file to the path which like this name - /tmp/wifitem0NGA7/
2. and wifite will check if that file exists I test origin wifite in Kali2 , and check the file by myself , it exists

3. check the origin wifite in kali2 , line 2158 function wpa_get_handshake()

            # Copy current dump file for consistency
            if not os.path.exists(self.RUN_CONFIG.temp + 'wpa-01.cap'): continue
            copy(self.RUN_CONFIG.temp + 'wpa-01.cap', self.RUN_CONFIG.temp + 'wpa-01.cap.temp')

            # Save copy of cap file (for debugging)
            #remove_file('/root/new/wpa-01.cap')
            #copy(temp + 'wpa-01.cap', '/root/new/wpa-01.cap')

            # Check for handshake
            if self.has_handshake(self.target, self.RUN_CONFIG.temp + 'wpa-01.cap.temp'):
                got_handshake = True

                try:
                    os.mkdir(self.RUN_CONFIG.WPA_HANDSHAKE_DIR + os.sep)
                except OSError:
                    pass

step into function has_handshake() this func will use 4 method to valid handshake cap is ok maybe I find what wrong it is , wait for a moment I will write some code to patch it ...

[darkr4y]

the dirty method to patch this problem is ... modify function has_handshake() , add this:

valid_handshake = True # dirty patch

after that:

    # Check for handshake using aircrack-ng
    if valid_handshake and self.RUN_CONFIG.WPA_HANDSHAKE_AIRCRACK:
        tried = True
        valid_handshake = self.has_handshake_aircrack(target, capfile)

Now its working

[darkr4y]

if your system has installed tshark you can just modify the function has_handshake_tshark()

if program_exists('tshark'):
        # Call Tshark to return list of EAPOL packets in cap file.
        cmd = ['tshark',
               '-r', capfile,  # Input file
               '-Y', 'eapol',  # Filter (only EAPOL packets) 
               '-n']  # Do not resolve names (MAC vendors)

change -R to -Y cuz when use -R it will shows tips: tshark: -R without -2 is deprecated. For single-pass filtering use -Y.

[darkr4y]

and another thing to be attention: if you login Kali as root user , you should change the file

/usr/share/wireshark/init.lua

find the diasble_lua and set it to true

disable_lua=true

[jsl303]

Are these going to be updated on the git?

On 8/26/2015 12:15 AM, D@rkR4y. wrote:

and another thing to be attention: if you login Kali as root user , you should change the file

|/usr/share/wireshark/init.lua |

find the diasble_lua and set it to true

|disable_lua=true |

— Reply to this email directly or view it on GitHub https://github.com/derv82/wifite/issues/54#issuecomment-134824219.

[WilsonBradley]

Good question...

Sincerely,

Wilson Bradley Wilsonb@pobox.com

My LinkedIn profile. http://lnkd.in/DiPBGk

On Wed, Aug 26, 2015 at 12:02 AM, jsl303 notifications@github.com wrote:

Are these going to be updated on the git?

On 8/26/2015 12:15 AM, D@rkR4y. wrote:

and another thing to be attention: if you login Kali as root user , you should change the file

|/usr/share/wireshark/init.lua |

find the diasble_lua and set it to true

|disable_lua=true |

— Reply to this email directly or view it on GitHub https://github.com/derv82/wifite/issues/54#issuecomment-134824219.

— Reply to this email directly or view it on GitHub https://github.com/derv82/wifite/issues/54#issuecomment-134832221.

[darkr4y]

I dont think so ... but help me to test if it works plz ... if there r some error , just let me know

[darkr4y]

wifite has a logic bug check the default config:

    self.WPA_HANDSHAKE_TSHARK = True  # Checks for sequential 1,2,3 EAPOL msg packets (ignores 4th)
    self.WPA_HANDSHAKE_PYRIT = False  # Sometimes crashes on incomplete dumps, but accurate.
    self.WPA_HANDSHAKE_AIRCRACK = True  # Not 100% accurate, but fast.
    self.WPA_HANDSHAKE_COWPATTY = False  # Uses more lenient "nonstrict mode" (-2)

on the above , I fix the bug about tshark check the cap valid, if you review the function has_handshake(),you can find that variable valid_handshake always be FALSE, and it will never jump into the procedure that aircrack-ng would check the cap valid.

replace the function has_handshake()

def has_handshake(self, target, capfile):
    """
        Checks if .cap file contains a handshake.
        Returns True if handshake is found, False otherwise.
    """
    valid_handshake = True
    tried = False
    if self.RUN_CONFIG.WPA_HANDSHAKE_TSHARK:
        tried = True
        valid_handshake = self.has_handshake_tshark(target, capfile)

    # Use CowPatty to check for handshake.
    if valid_handshake == False and self.RUN_CONFIG.WPA_HANDSHAKE_COWPATTY:
        tried = True
        valid_handshake = self.has_handshake_cowpatty(target, capfile)

    # Check for handshake using Pyrit if applicable
    if valid_handshake == False and self.RUN_CONFIG.WPA_HANDSHAKE_PYRIT:
        tried = True
        valid_handshake = self.has_handshake_pyrit(target, capfile)

    # Check for handshake using aircrack-ng
    if valid_handshake == False and self.RUN_CONFIG.WPA_HANDSHAKE_AIRCRACK:
        tried = True
        valid_handshake = self.has_handshake_aircrack(target, capfile)

    if tried: return valid_handshake
    print R + ' [!]' + O + ' unable to check for handshake: all handshake options are disabled!'
    self.RUN_CONFIG.exit_gracefully(1)

[darkr4y]

got a error , just record

Traceback (most recent call last):...
  File "/usr/bin/wifite", line 3538, in <module>
    engine.Start()
  File "/usr/bin/wifite", line 1467, in Start
    if wpa_attack.RunAttack():
  File "/usr/bin/wifite", line 2151, in RunAttack
    self.wpa_get_handshake()
  File "/usr/bin/wifite", line 2268, in wpa_get_handshake
    if self.has_handshake(self.target, self.RUN_CONFIG.temp + 'wpa-01.cap.temp'):
  File "/usr/bin/wifite", line 2505, in has_handshake
    valid_handshake = self.has_handshake_tshark(target, capfile)
  File "/usr/bin/wifite", line 2406, in has_handshake_tshark
    msg = fields[-1][0]
IndexError: string index out of range

[leggewie]

The old tracker on code.google.com might have some interesting information.

[mag37]

Following this. Trying to run Nethunter on my Nexus 7 2012, Kitkat 4.4.4. Finally got it all running smooth, recognizes my ext wifi etc. But cant get it to cap handshakes yet.

Tried to follow your steps but now when I run wifite it stops on error.

Traceback (most recent call last):... File "/usr/bin/wifite", line 3528, in engine.Start() File "/usr/bin/wifite", line 1467, in Start if wpa_attack.RunAttack(): File "/usr/bin/wifite", line 2151, in RunAttack self.wpa_get_handshake() File "/usr/bin/wifite", line 2268, in wpa_get_handshake if self.has_handshake(self.target, self.RUN_CONFIG.temp + 'wpa-01.cap.temp'): AttributeError: 'WPAAttack' object has no attribute 'has_handshake'

I probably screwed up something while trying to follow your steps.

[darkr4y]

I have not test it in Kali Nethunter seems like class WPAAttack has no function named has_handshake . I will check the code and then reply to you also u can clone this project and test it https://github.com/darkr4y/wifite-mod

[mag37]

Thanx darkr4y. How do I implement your project in my setup? do I just replace the current wifite? I'll look into it.

[darkr4y]

ln -s /opt/wifite-mod/wifite.py /usr/local/bin/wifite chmod +x /usr/local/bin/wifite

[ha1f3mpty]

So I made the clone but still no love on capturing handshakes. I have the same thing as others, running airodump-ng and aireplay-ng gets handshakes like it was nothing, but wifite runs in circles. I am running Kali 2 on a VM with USB AWUS036NH and AWUS036H. I don't think the hardware or even the deployment platform is the issue because the air* method works. Sorry I don't have more to contribute other than my setup, I don't know python all that much yet. Looking forward to a solution.

[zaventh]

As @darkr4y pointed out, this is the solution for Nethunter at least:

diff --git a/wifite.py b/wifite.py
index 3fb72e8..65a7999 100755
--- a/wifite.py
+++ b/wifite.py
@@ -2340,7 +2340,7 @@ class WPAAttack(Attack):
             # Call Tshark to return list of EAPOL packets in cap file.
             cmd = ['tshark',
                    '-r', capfile,  # Input file
-                   '-R', 'eapol',  # Filter (only EAPOL packets)
+                   '-Y', 'eapol',  # Filter (only EAPOL packets)
                    '-n']  # Do not resolve names (MAC vendors)
             proc = Popen(cmd, stdout=PIPE, stderr=DN)
             proc.wait()

If you still can't capture handshakes, you're likely just out of range from the clients.

[ha1f3mpty]

@zaventh Thanks for the direction as to what @darkr4y was trying to say. Don't know why I wasn't able to make that out on my own. I changed that one line in Kali 1.1.0, no updates or any other mod - fresh install, and it worked so I was happy, I then used the original and it still worked so I got unhappy. I fired up my fresh, not updated or anything, Kali 2.0.0 ran wifite and didn't work. I copied over the wifite from 1.1.0 to Kali 2.0.0 and that didn't work. I can only guess that it is something between the versions of aircrack between Kali 1.1.0 and 2.0.0, 1.2-rc1-Okali1 and 1:1.2-0~rc2-Okali5, respectively. I will do an update on my Kali 1.1.0 and see if it breaks it.

[ha1f3mpty]

UPDATE

Ok to I had my netbook running Kali 3.18.6-1~kali2 (2015-03-02) aircrack 1.2-rc1-0kali1 wifite v2-85 ------No handshake

So I updated wifite by downloading the zip so now my netbook is Kali 3.18.6-1~kali2 (2015-03-02) aircrack 1.2-rc1-0kali1 wifite v2-87 ------Handshake

So I tried to revert to aircrack 1.2-rc1 on my VM running Kali 2 by doing the following.

apt-get install build-essential libssl-dev libnl-3-dev libnl-genl-3-dev dpkg-dev g++ g++-4.8 libc-dev-bin libc6-dev libstdc++-4.8-dev zlib1g-dev debian-keyring g++-multilib g++-4.8-multilib gcc-4.8-doc libstdc++6-4.8-dbg glibc-doc libstdc++-4.8-doc libalgorithm-merge-perl libssl-doc libalgorithm-diff-xs-perl wireless-tools -y

wget http://download.aircrack-ng.org/aircrack-ng-1.2-rc1.tar.gz

tar -zxvf aircrack-ng-1.2-rc1.tar.gz

cd aircrack-ng-1.2-rc1

make

make install

airodump-ng-oui-update

wget https://raw.github.com/derv82/wifite/master/wifite.py

cp wifite.py /usr/bin/wifite

chmod 755 /usr/bin/wifite

------No handshake

Not sure what the trip up is with Kali 2 and wifite. I guess I will just stick with Kali 1 for wifi and make sure when I don't update aircrack-ng and wireless-tools (apt-mark hold aircrack-ng wireless-tools).

[intrd]

Thanks @darkr4y.. "-R to -Y" solved the problem...

[DevelopIdeas]

Thanks @darkr4y! This also worked for me on a Kali VirtualBox install and NetHunter (Nexus 7 2012 32GB)

[domesticatedviking]

Thanks @darkr4y! You definitely pointed me in the right direction, but here is some more detail in case others are struggling.

If tshark is not installed or not available on your distro (ie. in OpenWRT), Wifite will fail due to the way has_handshake() works. When has_handshake() calls its method has_handshake_tshark(), it attempts to use tshark to validate the .cap file stored in /tmp/wifiteXXXXXX/wpa-01.cap . The problem is that the has_handshake_tshark() method will return False not only when the capfile is invalid, but when the tshark program doesn't exist. A False value being stored in valid_handshake prevents the other tools in the suite from ever checking the .cap file and when the loop resumes, has_handshake_tshark() makes the same mistake again, resulting in an infinite loop.

Because of its ambiguous output, has_handshake_tshark() should not be called on a system that does not have tshark installed on it, however the option RUN_CONFIG.WPA_HANDSHAKE_TSHARK is set incorrectly as dark4y indicates in this snippet.

self.WPA_HANDSHAKE_TSHARK = True  # Checks for sequential 1,2,3 EAPOL msg packets (ignores 4th)
self.WPA_HANDSHAKE_PYRIT = False  # Sometimes crashes on incomplete dumps, but accurate.
self.WPA_HANDSHAKE_AIRCRACK = True  # Not 100% accurate, but fast.
self.WPA_HANDSHAKE_COWPATTY = False  # Uses more lenient "nonstrict mode" (-2)

If you change the value for WPA_HANDSHAKE_TSHARK to False in the line above, the other tools will have a chance to validate any handshake files that are generated, and wifite will become aware of valid handshake captures, fixing the problem.

[SuicSoft]

Same for me running Elementary OS freya, so I opened the wifite python script in a text editor (Scratch) using sudo scratch-text-editor /usr/bin/wifite and replaced 'aireplay-ng' (with quotes) with 'aireplay-ng', '--ig' (with quotes) and saved the file. Then ran sudo ifconfig wlan0 down (replacing 0 with the wireless card number (0 for me is because i am using a internel laptop wifi card)) and then wifite. wifite should work now, but remember to run sudo ifconfig wlan0 up (replace zero as mentioned above) when you want to use internet (after wifite has captured the handshake).

An already modified script can be found at : https://gist.github.com/SuicSoft/d16d9a59f8d9b2ea9787

[redwards510]

So it sounds like the workaround is to either apt-get install tshark or use this command line wifite --aircrack

[ghost]

Does this issue still exist in the latest version?

Is apt-get install tshark still the workaround?

[NicoHood]

the version has not changed for almost a year, so yes.

[KhanKrum]

For me (Kali rolling 2016.2; 64-bit, kernel: #1 SMP Debian 4.6.2-2kali2 (2016-06-28) command line like this: wifite --aircrack works just fine. I've got tshark but it doesn't help... BTW, command line like this: wifite --pyrit is OK too, just a little bit slower...

[filippogasbarro]

@darkr4y I have no understand in what line must I write "valid_handshake = True # dirty patch". At line 2520? Because the output, after capturing the handshake is this:

Traceback (most recent call last): File "./wifite.py", line 3525, in engine.Start() File "./wifite.py", line 1462, in Start if wpa_attack.RunAttack(): File "./wifite.py", line 2146, in RunAttack self.wpa_get_handshake() File "./wifite.py", line 2286, in wpa_get_handshake if self.RUN_CONFIG.WPA_STRIP_HANDSHAKE: self.strip_handshake(save_as) File "./wifite.py", line 2547, in strip_handshake rename(capfile + '.temp', output_file) File "./wifite.py", line 1653, in rename os.rename(old, new) OSError: [Errno 2] No such file or directory

[darkr4y]

the author is developing wifite2 , and this issue will be closed.

[wifiuk]

wifite2 any news on this, as im still struggling with handshake capture in wifite with known working hardware and its def kicking devices off the network ..

[dcomaster]

plz, i use fluxion but i can't catch the handshake......and a warning appear when i install fluxion : locale not supported by Xlib, locale set to C....plz help!!!!!!!

[BenderIsTheGreatest]

Can't capture a handshake as of today

[soulquarian33]

Follow this guys it fixed it for me: https://www.youtube.com/watch?v=ncarDWSIWq8

[djdisikd]

I cant capture handshake when using 5ghz network

[ferib]

I found out that Wifite just coldn't find out when a handshake was captured. After a day of debugging i ended up changing this:

        # Various programs to use when checking for a four-way handshake.
        # True means the program must find a valid handshake in order for wifite to recognize a handshake.
        # Not finding handshake short circuits result (ALL 'True' programs must find handshake)
        self.WPA_HANDSHAKE_TSHARK = False  # Checks for sequential 1,2,3 EAPOL msg packets (ignores 4th)
        self.WPA_HANDSHAKE_PYRIT = False  # Sometimes crashes on incomplete dumps, but accurate.
        self.WPA_HANDSHAKE_AIRCRACK = True  # Not 100% accurate, but fast.
        self.WPA_HANDSHAKE_COWPATTY = False  # Uses more lenient "nonstrict mode" (-2)

I only set WPA_HANDSHAKE_AIRCRACK to True for confirming the Handshake. You might want to use another tool to confirm handshakes, but Aircrack is correctly installed for me and i prefer this one over the others.

[soulquarian33]

Hey Ferib this got fixed like 2 or 3 versions ago perhaps 6-8 months ago it's been patched for quite awhile now

[ferib]

@soulquarian33 Oh damn, dunno where iv got my script from..., So far i haven't done much with it, But is it possible to do WPA2 handshake attack only on AP where clients are? and let the tool loop through all AP's (timeout after like 2 min, and then goes to another one) without exiting the tool.

[soulquarian33]

@ferib Yep you can do that in latest version of wifite just choose all the AP's you wanna attack and it will try to capture them one by one it's all automatic

[kimocoder]

For handshake capture I would recommend using wifite2, it's fast and good for handshake, but WPS cracking got issues though

[ferib]

@soulquarian33 any discord/community server/groupchat for some more questions about wifite? i don't think its a good palce to discusse these here.

[derv82]

Created a discord, but not sure how active I/others will be on it: https://discord.gg/gY7FNKt

[lukaslangrock]

I noticed this problem only start occurring when you install the recommended software so I tried uninstalling everything I installed after it first worked and found that after I uninstalled hcxdumptool and hcxpcaptool, the gets handshake captured again without any configuration in wifite files required.

Uninstalling is very easy: Just go to the folder you cloned from the repository of hcxdumptool and hcxpcaptool (or clone them again if you deleted them) and execute "sudo make uninstall".

[wice222]

When I'm running wifite with default, it is listening 2.4Ghz freq only if I'm changing channels to some 5Ghz ones (-c 36) then it is listing only 5Ghz ones Can I somehow listen to both freq's at the same time?

[slythno]

![Uploading IMG_20210715_172813.jpg…]()

[Anant1711]

I captured all packets (handshakes and all ) on my first try, but when I try the next day airodump-ng to do a 4-way handshake it didn't happen. I mean everything works fine but I didn't find out a handshake. I don't know what happens, I tried airmon-ng check kill command also, but no success.