Decrypting WPA2-Enterprise (EAP-PEAP) in WiresharkWindows WiFi with WPA2-Enterprise + EAP-TTLS + PAPHow do I decrypt WPA2 encrypted packets using Wireshark?Wireshark on WPA2-PSK [AES] not decryptingDecrypting WPA with wiresharkHow can I find Protected EAP credentials of a wireless network stored on Windows 7?wireshark monitor mode, decrypting captureUnified Write Filter with WPA2-Enterprise PEAP-MSCHAPv2Decrypting Application Data with (Pre)-Master-Secret log file in WiresharkDecrypting WiFi packets on a public hotspotDecrypting Captive Portal Data

Fastest way to perform complex search on pandas dataframe

Are UK pensions taxed twice?

How can I grammatically understand "Wir über uns"?

Is it possible to kill all life on Earth?

What is the indigenous Russian word for a wild boar?

Can non-English-speaking characters use wordplay specific to English?

Can a helicopter mask itself from Radar?

Is having a hidden directory under /etc safe?

Uncommanded roll at high speed

Creating Fictional Slavic Place Names

Self-Preservation: How to DM NPCs that Love Living?

Can an old DSLR be upgraded to match modern smartphone image quality

How did early x86 BIOS programmers manage to program full blown TUIs given very few bytes of ROM/EPROM?

How was Apollo supposed to rendezvous in the case of a lunar abort?

What does "Marchentalender" on the front of a postcard mean?

Biblical Basis for 400 years of silence between old and new testament

Intuition behind eigenvalues of an adjacency matrix

What are the problems in teaching guitar via Skype?

Do creatures all have the same statistics upon being reanimated via the Animate Dead spell?

Is there an evolutionary advantage to having two heads?

Could IPv6 make NAT / port numbers redundant?

Draw a checker pattern with a black X in the center

Can a non-EU citizen travel within the Schengen area without identity documents?

What is game ban VS VAC ban in steam?



Decrypting WPA2-Enterprise (EAP-PEAP) in Wireshark


Windows WiFi with WPA2-Enterprise + EAP-TTLS + PAPHow do I decrypt WPA2 encrypted packets using Wireshark?Wireshark on WPA2-PSK [AES] not decryptingDecrypting WPA with wiresharkHow can I find Protected EAP credentials of a wireless network stored on Windows 7?wireshark monitor mode, decrypting captureUnified Write Filter with WPA2-Enterprise PEAP-MSCHAPv2Decrypting Application Data with (Pre)-Master-Secret log file in WiresharkDecrypting WiFi packets on a public hotspotDecrypting Captive Portal Data






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;








2















The network packets that I want to decrypt uses username and password to log in with EAP-PEAP. Not on a captive portal. Where would I put the username when decrypting network packets. I can get the handshakes.










share|improve this question









New contributor



Nicholas Ficara is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

























    2















    The network packets that I want to decrypt uses username and password to log in with EAP-PEAP. Not on a captive portal. Where would I put the username when decrypting network packets. I can get the handshakes.










    share|improve this question









    New contributor



    Nicholas Ficara is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.





















      2












      2








      2








      The network packets that I want to decrypt uses username and password to log in with EAP-PEAP. Not on a captive portal. Where would I put the username when decrypting network packets. I can get the handshakes.










      share|improve this question









      New contributor



      Nicholas Ficara is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      The network packets that I want to decrypt uses username and password to log in with EAP-PEAP. Not on a captive portal. Where would I put the username when decrypting network packets. I can get the handshakes.







      wireshark username wpa2






      share|improve this question









      New contributor



      Nicholas Ficara is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.










      share|improve this question









      New contributor



      Nicholas Ficara is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.








      share|improve this question




      share|improve this question








      edited 7 hours ago









      grawity

      249k38526586




      249k38526586






      New contributor



      Nicholas Ficara is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.








      asked 8 hours ago









      Nicholas FicaraNicholas Ficara

      132




      132




      New contributor



      Nicholas Ficara is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.




      New contributor




      Nicholas Ficara is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






















          1 Answer
          1






          active

          oldest

          votes


















          4














          Nowhere.



          Capturing the PEAP handshake is useless, as the session key for EAP-TLS, EAP-PEAP, EAP-TTLS is derived from the TLS master secret, which is protected by the TLS handshake – it is the same as in HTTPS connections and provides the same level of security against monitoring.1



          The TLS handshake has no relationship to the username or password, so knowing those does not help either.



          (In rare cases it might be decryptable using the RADIUS server's certificate/key, but probably most TLS handshakes just use DH key exchange.)



          So your only option is to obtain the key from the RADIUS server itself (e.g. activate verbose logging – the keys are delivered to the access point, and so can be found in MS-MPPE-*-Key attributes. Then you can add the keys as raw PSK.




          "Raw" EAP-MSCHAPv2 (without EAP-TLS protection) keys are derived from the password hash and the 'NtResponse' found in the handshake. (But not the username.) You probably can calculate the resulting PSK using various Linux tools and add it to Wireshark (again as wpa-psk), but Wireshark itself isn't capable of doing this.



          (Not that you should ever see WPA-Enterprise without EAP-TLS in the first place, but...)




          1 (As long as the client verifies the certificate. If it doesn't, it's vulnerable to active MITM attacks (rogue access points), but still not to passive interception.)






          share|improve this answer

























            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "3"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );






            Nicholas Ficara is a new contributor. Be nice, and check out our Code of Conduct.









            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1442223%2fdecrypting-wpa2-enterprise-eap-peap-in-wireshark%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            4














            Nowhere.



            Capturing the PEAP handshake is useless, as the session key for EAP-TLS, EAP-PEAP, EAP-TTLS is derived from the TLS master secret, which is protected by the TLS handshake – it is the same as in HTTPS connections and provides the same level of security against monitoring.1



            The TLS handshake has no relationship to the username or password, so knowing those does not help either.



            (In rare cases it might be decryptable using the RADIUS server's certificate/key, but probably most TLS handshakes just use DH key exchange.)



            So your only option is to obtain the key from the RADIUS server itself (e.g. activate verbose logging – the keys are delivered to the access point, and so can be found in MS-MPPE-*-Key attributes. Then you can add the keys as raw PSK.




            "Raw" EAP-MSCHAPv2 (without EAP-TLS protection) keys are derived from the password hash and the 'NtResponse' found in the handshake. (But not the username.) You probably can calculate the resulting PSK using various Linux tools and add it to Wireshark (again as wpa-psk), but Wireshark itself isn't capable of doing this.



            (Not that you should ever see WPA-Enterprise without EAP-TLS in the first place, but...)




            1 (As long as the client verifies the certificate. If it doesn't, it's vulnerable to active MITM attacks (rogue access points), but still not to passive interception.)






            share|improve this answer





























              4














              Nowhere.



              Capturing the PEAP handshake is useless, as the session key for EAP-TLS, EAP-PEAP, EAP-TTLS is derived from the TLS master secret, which is protected by the TLS handshake – it is the same as in HTTPS connections and provides the same level of security against monitoring.1



              The TLS handshake has no relationship to the username or password, so knowing those does not help either.



              (In rare cases it might be decryptable using the RADIUS server's certificate/key, but probably most TLS handshakes just use DH key exchange.)



              So your only option is to obtain the key from the RADIUS server itself (e.g. activate verbose logging – the keys are delivered to the access point, and so can be found in MS-MPPE-*-Key attributes. Then you can add the keys as raw PSK.




              "Raw" EAP-MSCHAPv2 (without EAP-TLS protection) keys are derived from the password hash and the 'NtResponse' found in the handshake. (But not the username.) You probably can calculate the resulting PSK using various Linux tools and add it to Wireshark (again as wpa-psk), but Wireshark itself isn't capable of doing this.



              (Not that you should ever see WPA-Enterprise without EAP-TLS in the first place, but...)




              1 (As long as the client verifies the certificate. If it doesn't, it's vulnerable to active MITM attacks (rogue access points), but still not to passive interception.)






              share|improve this answer



























                4












                4








                4







                Nowhere.



                Capturing the PEAP handshake is useless, as the session key for EAP-TLS, EAP-PEAP, EAP-TTLS is derived from the TLS master secret, which is protected by the TLS handshake – it is the same as in HTTPS connections and provides the same level of security against monitoring.1



                The TLS handshake has no relationship to the username or password, so knowing those does not help either.



                (In rare cases it might be decryptable using the RADIUS server's certificate/key, but probably most TLS handshakes just use DH key exchange.)



                So your only option is to obtain the key from the RADIUS server itself (e.g. activate verbose logging – the keys are delivered to the access point, and so can be found in MS-MPPE-*-Key attributes. Then you can add the keys as raw PSK.




                "Raw" EAP-MSCHAPv2 (without EAP-TLS protection) keys are derived from the password hash and the 'NtResponse' found in the handshake. (But not the username.) You probably can calculate the resulting PSK using various Linux tools and add it to Wireshark (again as wpa-psk), but Wireshark itself isn't capable of doing this.



                (Not that you should ever see WPA-Enterprise without EAP-TLS in the first place, but...)




                1 (As long as the client verifies the certificate. If it doesn't, it's vulnerable to active MITM attacks (rogue access points), but still not to passive interception.)






                share|improve this answer















                Nowhere.



                Capturing the PEAP handshake is useless, as the session key for EAP-TLS, EAP-PEAP, EAP-TTLS is derived from the TLS master secret, which is protected by the TLS handshake – it is the same as in HTTPS connections and provides the same level of security against monitoring.1



                The TLS handshake has no relationship to the username or password, so knowing those does not help either.



                (In rare cases it might be decryptable using the RADIUS server's certificate/key, but probably most TLS handshakes just use DH key exchange.)



                So your only option is to obtain the key from the RADIUS server itself (e.g. activate verbose logging – the keys are delivered to the access point, and so can be found in MS-MPPE-*-Key attributes. Then you can add the keys as raw PSK.




                "Raw" EAP-MSCHAPv2 (without EAP-TLS protection) keys are derived from the password hash and the 'NtResponse' found in the handshake. (But not the username.) You probably can calculate the resulting PSK using various Linux tools and add it to Wireshark (again as wpa-psk), but Wireshark itself isn't capable of doing this.



                (Not that you should ever see WPA-Enterprise without EAP-TLS in the first place, but...)




                1 (As long as the client verifies the certificate. If it doesn't, it's vulnerable to active MITM attacks (rogue access points), but still not to passive interception.)







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited 6 hours ago

























                answered 7 hours ago









                grawitygrawity

                249k38526586




                249k38526586




















                    Nicholas Ficara is a new contributor. Be nice, and check out our Code of Conduct.









                    draft saved

                    draft discarded


















                    Nicholas Ficara is a new contributor. Be nice, and check out our Code of Conduct.












                    Nicholas Ficara is a new contributor. Be nice, and check out our Code of Conduct.











                    Nicholas Ficara is a new contributor. Be nice, and check out our Code of Conduct.














                    Thanks for contributing an answer to Super User!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1442223%2fdecrypting-wpa2-enterprise-eap-peap-in-wireshark%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    19. јануар Садржај Догађаји Рођења Смрти Празници и дани сећања Види још Референце Мени за навигацијуу

                    Israel Cuprins Etimologie | Istorie | Geografie | Politică | Demografie | Educație | Economie | Cultură | Note explicative | Note bibliografice | Bibliografie | Legături externe | Meniu de navigaresite web oficialfacebooktweeterGoogle+Instagramcanal YouTubeInstagramtextmodificaremodificarewww.technion.ac.ilnew.huji.ac.ilwww.weizmann.ac.ilwww1.biu.ac.ilenglish.tau.ac.ilwww.haifa.ac.ilin.bgu.ac.ilwww.openu.ac.ilwww.ariel.ac.ilCIA FactbookHarta Israelului"Negotiating Jerusalem," Palestine–Israel JournalThe Schizoid Nature of Modern Hebrew: A Slavic Language in Search of a Semitic Past„Arabic in Israel: an official language and a cultural bridge”„Latest Population Statistics for Israel”„Israel Population”„Tables”„Report for Selected Countries and Subjects”Human Development Report 2016: Human Development for Everyone„Distribution of family income - Gini index”The World FactbookJerusalem Law„Israel”„Israel”„Zionist Leaders: David Ben-Gurion 1886–1973”„The status of Jerusalem”„Analysis: Kadima's big plans”„Israel's Hard-Learned Lessons”„The Legacy of Undefined Borders, Tel Aviv Notes No. 40, 5 iunie 2002”„Israel Journal: A Land Without Borders”„Population”„Israel closes decade with population of 7.5 million”Time Series-DataBank„Selected Statistics on Jerusalem Day 2007 (Hebrew)”Golan belongs to Syria, Druze protestGlobal Survey 2006: Middle East Progress Amid Global Gains in FreedomWHO: Life expectancy in Israel among highest in the worldInternational Monetary Fund, World Economic Outlook Database, April 2011: Nominal GDP list of countries. Data for the year 2010.„Israel's accession to the OECD”Popular Opinion„On the Move”Hosea 12:5„Walking the Bible Timeline”„Palestine: History”„Return to Zion”An invention called 'the Jewish people' – Haaretz – Israel NewsoriginalJewish and Non-Jewish Population of Palestine-Israel (1517–2004)ImmigrationJewishvirtuallibrary.orgChapter One: The Heralders of Zionism„The birth of modern Israel: A scrap of paper that changed history”„League of Nations: The Mandate for Palestine, 24 iulie 1922”The Population of Palestine Prior to 1948originalBackground Paper No. 47 (ST/DPI/SER.A/47)History: Foreign DominationTwo Hundred and Seventh Plenary Meeting„Israel (Labor Zionism)”Population, by Religion and Population GroupThe Suez CrisisAdolf EichmannJustice Ministry Reply to Amnesty International Report„The Interregnum”Israel Ministry of Foreign Affairs – The Palestinian National Covenant- July 1968Research on terrorism: trends, achievements & failuresThe Routledge Atlas of the Arab–Israeli conflict: The Complete History of the Struggle and the Efforts to Resolve It"George Habash, Palestinian Terrorism Tactician, Dies at 82."„1973: Arab states attack Israeli forces”Agranat Commission„Has Israel Annexed East Jerusalem?”original„After 4 Years, Intifada Still Smolders”From the End of the Cold War to 2001originalThe Oslo Accords, 1993Israel-PLO Recognition – Exchange of Letters between PM Rabin and Chairman Arafat – Sept 9- 1993Foundation for Middle East PeaceSources of Population Growth: Total Israeli Population and Settler Population, 1991–2003original„Israel marks Rabin assassination”The Wye River Memorandumoriginal„West Bank barrier route disputed, Israeli missile kills 2”"Permanent Ceasefire to Be Based on Creation Of Buffer Zone Free of Armed Personnel Other than UN, Lebanese Forces"„Hezbollah kills 8 soldiers, kidnaps two in offensive on northern border”„Olmert confirms peace talks with Syria”„Battleground Gaza: Israeli ground forces invade the strip”„IDF begins Gaza troop withdrawal, hours after ending 3-week offensive”„THE LAND: Geography and Climate”„Area of districts, sub-districts, natural regions and lakes”„Israel - Geography”„Makhteshim Country”Israel and the Palestinian Territories„Makhtesh Ramon”„The Living Dead Sea”„Temperatures reach record high in Pakistan”„Climate Extremes In Israel”Israel in figures„Deuteronom”„JNF: 240 million trees planted since 1901”„Vegetation of Israel and Neighboring Countries”Environmental Law in Israel„Executive branch”„Israel's election process explained”„The Electoral System in Israel”„Constitution for Israel”„All 120 incoming Knesset members”„Statul ISRAEL”„The Judiciary: The Court System”„Israel's high court unique in region”„Israel and the International Criminal Court: A Legal Battlefield”„Localities and population, by population group, district, sub-district and natural region”„Israel: Districts, Major Cities, Urban Localities & Metropolitan Areas”„Israel-Egypt Relations: Background & Overview of Peace Treaty”„Solana to Haaretz: New Rules of War Needed for Age of Terror”„Israel's Announcement Regarding Settlements”„United Nations Security Council Resolution 497”„Security Council resolution 478 (1980) on the status of Jerusalem”„Arabs will ask U.N. to seek razing of Israeli wall”„Olmert: Willing to trade land for peace”„Mapping Peace between Syria and Israel”„Egypt: Israel must accept the land-for-peace formula”„Israel: Age structure from 2005 to 2015”„Global, regional, and national disability-adjusted life years (DALYs) for 306 diseases and injuries and healthy life expectancy (HALE) for 188 countries, 1990–2013: quantifying the epidemiological transition”10.1016/S0140-6736(15)61340-X„World Health Statistics 2014”„Life expectancy for Israeli men world's 4th highest”„Family Structure and Well-Being Across Israel's Diverse Population”„Fertility among Jewish and Muslim Women in Israel, by Level of Religiosity, 1979-2009”„Israel leaders in birth rate, but poverty major challenge”„Ethnic Groups”„Israel's population: Over 8.5 million”„Israel - Ethnic groups”„Jews, by country of origin and age”„Minority Communities in Israel: Background & Overview”„Israel”„Language in Israel”„Selected Data from the 2011 Social Survey on Mastery of the Hebrew Language and Usage of Languages”„Religions”„5 facts about Israeli Druze, a unique religious and ethnic group”„Israël”Israel Country Study Guide„Haredi city in Negev – blessing or curse?”„New town Harish harbors hopes of being more than another Pleasantville”„List of localities, in alphabetical order”„Muncitorii români, doriți în Israel”„Prietenia româno-israeliană la nevoie se cunoaște”„The Higher Education System in Israel”„Middle East”„Academic Ranking of World Universities 2016”„Israel”„Israel”„Jewish Nobel Prize Winners”„All Nobel Prizes in Literature”„All Nobel Peace Prizes”„All Prizes in Economic Sciences”„All Nobel Prizes in Chemistry”„List of Fields Medallists”„Sakharov Prize”„Țara care și-a sfidat "destinul" și se bate umăr la umăr cu Silicon Valley”„Apple's R&D center in Israel grew to about 800 employees”„Tim Cook: Apple's Herzliya R&D center second-largest in world”„Lecții de economie de la Israel”„Land use”Israel Investment and Business GuideA Country Study: IsraelCentral Bureau of StatisticsFlorin Diaconu, „Kadima: Flexibilitate și pragmatism, dar nici un compromis în chestiuni vitale", în Revista Institutului Diplomatic Român, anul I, numărul I, semestrul I, 2006, pp. 71-72Florin Diaconu, „Likud: Dreapta israeliană constant opusă retrocedării teritoriilor cureite prin luptă în 1967", în Revista Institutului Diplomatic Român, anul I, numărul I, semestrul I, 2006, pp. 73-74MassadaIsraelul a crescut in 50 de ani cât alte state intr-un mileniuIsrael Government PortalIsraelIsraelIsraelmmmmmXX451232cb118646298(data)4027808-634110000 0004 0372 0767n7900328503691455-bb46-37e3-91d2-cb064a35ffcc1003570400564274ge1294033523775214929302638955X146498911146498911

                    Кастелфранко ди Сопра Становништво Референце Спољашње везе Мени за навигацију43°37′18″ СГШ; 11°33′32″ ИГД / 43.62156° СГШ; 11.55885° ИГД / 43.62156; 11.5588543°37′18″ СГШ; 11°33′32″ ИГД / 43.62156° СГШ; 11.55885° ИГД / 43.62156; 11.558853179688„The GeoNames geographical database”„Istituto Nazionale di Statistica”проширитиууWorldCat156923403n850174324558639-1cb14643287r(подаци)