Sorry, did overlook the word 'Enterprise' ! Well, the only chance to decode 802.1x is on the RADIUS side and I'm not aware of any standard product not even freeradius, which will show you on the highest debug level the dynamic changed 802.1x PMK in clear text. With wireshark you can decrypt WPA/WPA2 & WEP Pre-Shared key if you provide the correct keys per SSID in the global options. 802.1x you can only see the handshakes, like with display filter: eapol Rgds, Gerald
I am curious if those who are linking tools here have actually used them for this purpose. the original posting had asked about wpa enterprise. wireshark flat out states on the page listed above that it doesnt support this. from what ive reviewed of omnipeeks latest offerings, they appear to have the same functionality as wireshark. unless the tool is going to decrpt the radius authentication to extract the msk/pmk it will not intelligently decrypt wpa enterprise. ive not tried this, but what you can attempt would be to extract the pmk via other methods, and try entering that as a hex preshared key.
6 Replies
Sorry, did overlook the word 'Enterprise' ! Well, the only chance to decode 802.1x is on the RADIUS side and I'm not aware of any standard product not even freeradius, which will show you on the highest debug level the dynamic changed 802.1x PMK in clear text. With wireshark you can decrypt WPA/WPA2 & WEP Pre-Shared key if you provide the correct keys per SSID in the global options. 802.1x you can only see the handshakes, like with display filter: eapol Rgds, Gerald
You could use omnipeek 5.1 and above.
I am curious if those who are linking tools here have actually used them for this purpose. the original posting had asked about wpa enterprise. wireshark flat out states on the page listed above that it doesnt support this. from what ive reviewed of omnipeeks latest offerings, they appear to have the same functionality as wireshark. unless the tool is going to decrpt the radius authentication to extract the msk/pmk it will not intelligently decrypt wpa enterprise. ive not tried this, but what you can attempt would be to extract the pmk via other methods, and try entering that as a hex preshared key.
I'm not aware of any.
I believe Omnipeek will allow this. However you must catch the 4-way EAPOL handshake, so start capture prior to a client association.
wireshark is your tool... http://wiki.wireshark.org/HowToDecrypt802.11