A step-by-step guide to decrypting WPA with Wireshark and AirPcap in Windows.

When AirPcap was first released, only WEP decryption was supported. However, with the release of Wireshark 0.99.5 it is possible to decrypt WPA packets with the AirPcap adapter in Windows. Here’s how:

  1. Install Wireshark 0.99.5 or above
  2. Run Wireshark
  3. Go: View > Wireless Toolbar
  4. Click on “Decryption Keys…”
  5. Add a new decryption key. In my instance, because I know the Passphrase, I used WPA-PWD. If you’re doing penetration testing and, you have a 64byte string from something like AirCrack, you should use WPA-PSK.
  6. Capture away. In the screenshots below, I’ve filtered my own Wi-Fi card to cut down on the volume of ‘junk’ and demonstrate that it is, in fact, decrypting the packets on the WLAN.
    2007-04-13_160402.gif 2007-04-13_160440.gif

For a lot more information on getting this set up, check out the AirPcap Userguide.

Did this help you at all? Any questions? Feel free to leave me a comment below!