seeking help with pyrit -r capturefile attack_db and analyze

[GoogleCodeExporter]

What steps will reproduce the problem?
1.pyrit -u mysql://pyrit:pass@127.0.0.1/pyrit -r capturefile -e ssid attack_db
2.pyrit -u postgres://pyrit:pass@127.0.0.1/pyrit -r capturefile -e ssid 
attack_db
3.pyrit -r capturefile analyze

What is the expected output? What do you see instead?

Pyrit 0.3.0 (C) 2008-2010 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+

Connecting to storage at 'mysql://pyrit:pass@127.0.0.1/pyrit'...  connected.
Parsing file xxx.cap' (1/1)...
Traceback (most recent call last):
  File "/usr/local/bin/pyrit", line 6, in <module>
    pyrit_cli.Pyrit_CLI().initFromArgv()
  File "/usr/local/lib/python2.6/dist-packages/pyrit_cli.py", line 106, in initFromArgv
    func(self, **options)
  File "/usr/local/lib/python2.6/dist-packages/pyrit_cli.py", line 143, in new_f
    f(*args, **kwds)
  File "/usr/local/lib/python2.6/dist-packages/pyrit_cli.py", line 712, in attack_db
    ap = self._fuzzyGetAP(self._getParser(capturefile), bssid, essid)
  File "/usr/local/lib/python2.6/dist-packages/pyrit_cli.py", line 158, in _getParser
    parser.parse_file(capturefile)
  File "/usr/local/lib/python2.6/dist-packages/cpyrit/pckttools.py", line 368, in parse_file
    self.parse_packet(pckt)
  File "/usr/local/lib/python2.6/dist-packages/cpyrit/pckttools.py", line 381, in parse_packet
    self._add_ap(dot11_pckt.addr2, dot11_pckt)
  File "/usr/local/lib/python2.6/dist-packages/cpyrit/pckttools.py", line 351, in _add_ap
    essid = self._find_ssid(pckt)
  File "/usr/local/lib/python2.6/dist-packages/cpyrit/pckttools.py", line 343, in _find_ssid
    for elt_pckt in pckt.iterSubPackets(scapy.layers.dot11.Dot11Elt):
  File "/usr/local/lib/python2.6/dist-packages/cpyrit/pckttools.py", line 87, in iterSubPackets
    elt = elt[cls:2]
  File "/usr/lib/pymodules/python2.6/scapy/packet.py", line 758, in __getitem__
    raise IndexError("Layer [%s] not found" % lname)
IndexError: Layer [Dot11Elt] not found

What version of the product are you using? On what operating system?
Xubuntu 10.10 64bit - python 2.6, pyrit 0.3.0 cpyrit-opencl 0.3.0

Please provide any additional information below.
I just started using pyrit, and been loading wordlists into multiple databases 
for testing, sqlite, mysql, postgresq. After I have my databases setup and 
loaded, I have no trouble running create ssid, but attack_db is giving me trace 
errors. Im new to pyrit and python, and since this is the only good source of 
info for pyrit, Im hoping this is the place to ask for help :)

Original issue reported on code.google.com by fooofoo...@gmail.com on 31 Dec 2010 at 8:13

[GoogleCodeExporter]

the capture file ist proabably truncated. use stripLive to create a new one

Original comment by lukas.l...@gmail.com on 31 Dec 2010 at 8:15

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

i tried striplive but it produced the same error. i did clean up the cap using 
tshark, and i think pyrit is working now. thanks lukas

Original comment by fooofoo...@gmail.com on 31 Dec 2010 at 10:35

[GoogleCodeExporter]

lukas, i have a new problem. a couple of my captured files are from airbase-ng, 
it contains eapol entries from 3 mac address's. fake ap, real ap, and client 
ap, and some other ap/client transmitting eapol packets that got logged within 
the cap. i used wireshark and extracted all the eapol entries.  pyrit produces 
this now when I run it with analyze.

# pyrit -r capturedfile analyze
Pyrit 0.3.0 (C) 2008-2010 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+

Parsing file 'capturedfile' (1/1)...
13 packets (13 802.11-packets), 3 APs

#1: AccessPoint xx:xx:realap:xx ('None')
  #0: Station xx:xx:client:xx
#2: AccessPoint xx:xx:fakeap:xx:Xx ('None')
  #0: Station xx:xx:client:xx handshake found
#3: AccessPoint xx:xx:other-ap-transmitting-got-logged:Xx  ('None')
  #0: Station xx:xx:other-ap-transmitting to some client-got-logged:Xx  

No valid EAOPL-handshake detected.

Just for extra reference, i used strip anyways on the captured file

# pyrit -r capturedfile -e thessid -o newcapturedfile strip
Pyrit 0.3.0 (C) 2008-2010 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+

Parsing file 'capturedfile' (1/1)...
13 packets (13 802.11-packets), 3 APs

Picked AccessPoint xx:xx:fakeapmac:xx:xx: automatically...
#1: AccessPoint xx:xx:xx:fakeapmac:xx:('None')
  #0: Station xx:xx:clientmac:Xx:Xx (1 authentications)

New pcap-file 'capturedfile' written (2 out of 13 packets)

Cowpatty has no trouble with the both original and extracted eapol captured 
file from wireshark

# ./cowpatty -c -2 -r capturedfile
cowpatty 4.6 - WPA-PSK dictionary attack. <jwright@hasborg.com>

Collected all necessary data to mount crack against WPA2/PSK passphrase.

# ./aircrack-ng -w password.lst capturedfile
Opening capturedfile
Read 13 packets.

   #  BSSID              ESSID                     Encryption

   1  realap                            WPA (0 handshake)
   2  client                          WPA (1 handshake)
   3  foreign AP(eapol packets logged)  WPA (0 handshake)
Index number of target network ? 

How can I get pyrit to work with my caps? 

Original comment by fooofoo...@gmail.com on 1 Jan 2011 at 12:05

[GoogleCodeExporter]

are  you actually able to crack the handshake? aircrack-ng and cowpatty have 
lousy handshake reconstruction and may indicate a valid handshake when there is 
in fact none. can you send me the dump by email?

Original comment by lukas.l...@gmail.com on 1 Jan 2011 at 1:01

[GoogleCodeExporter]

I just saw that you are using Pyrit 0.3. Can you try using 0.4-dev, which comes 
with a completely reworked handshaked detection

Original comment by lukas.l...@gmail.com on 1 Jan 2011 at 6:08

[GoogleCodeExporter]

any update here?

Original comment by lukas.l...@gmail.com on 7 Jan 2011 at 9:51

[GoogleCodeExporter]

Original comment by lukas.l...@gmail.com on 9 Jan 2011 at 5:15

• Changed state: Invalid