Let's remove the crap inside a WPA(2) dump
Easy & fast
If you have a large WPA dump file you need to remove the excess data. You can (must!) do this with hcxpcaptool utility from the hcxtools suite.
Many thanks to ZerBea for his work. We advise you to always use hcxtools for anything WPA related, like conversion, cleaning, displaying information, etc.
Download
Source are available on github: hcxtools.
There are no binaries at this time you can download, so you will need to compile the tool: simply make.
Usage
./hcxpcaptool -o new.hccapx original_file.capMore options can be used:
options: -oAs said, "Do not use hcxpcaptool in combination with third party cap/pcap/pcapng cleaning tools!": output hccapx file (hashcat -m 2500/2501) -O : output raw hccapx file (hashcat -m 2500/2501) -x : output hccap file (hashcat -m 2500) -X : output raw hccap file (hashcat -m 2500) -z : output PMKID file (hashcat hashmode -m 16800) -Z : output PMKID file (hashcat hashmode -m 16801) -j : output john WPAPSK-PMK file (john wpapsk-opencl) -J : output raw john WPAPSK-PMK file (john wpapsk-opencl) -E : output wordlist (autohex enabled) to use as input wordlist for cracker -I : output unsorted identity list -U : output unsorted username list -P : output possible WPA/WPA2 plainmasterkey list -T : output management traffic information list : european date : timestamp : mac_sta : mac_ap : essid -H : output dump raw packets in hex -V : verbose (but slow) status output -h : show this help -v : show version --time-error-corrections= : maximum allowed time gap (default: 600s) --nonce-error-corrections= : maximum allowed nonce gap (default: 8) : should be the same value as in hashcat --netntlm-out= : output netNTLMv1 file (hashcat -m 5500, john netntlm) --md5-out= : output MD5 challenge file (hashcat -m 4800) --md5-john-out= : output MD5 challenge file (john chap) --tacacsplus-out= : output TACACS+ authentication file (hashcat -m 16100, john tacacs-plus) bitmask for message pair field: 0: MP info (https://hashcat.net/wiki/doku.php?id=hccapx) 1: MP info (https://hashcat.net/wiki/doku.php?id=hccapx) 2: MP info (https://hashcat.net/wiki/doku.php?id=hccapx) 3: x (unused) 4: ap-less attack (set to 1) - no nonce-error-corrections neccessary 5: LE router detected (set to 1) - nonce-error-corrections only for LE neccessary 6: BE router detected (set to 1) - nonce-error-corrections only for BE neccessary 7: not replaycount checked (set to 1) - replaycount not checked, nonce-error-corrections definitely neccessary Do not use hcxpcaptool in combination with third party cap/pcap/pcapng cleaning tools!
Once done you can upload the converted file to our website.
I'm lazy, do it for me !
You can use our instant online tool to do it: .cap converter.