First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

decrypting traffic on my own hotspot

My PC is plugged into ethernet cable and I have a WiFi dongle which does let me set up a hotspot. I've tested the hotspot and I can connect my phone with no issues. Surely as all the WiFi traffic is going through my machine I can capture and decrypt it? I mean there should be no packet loss, signal issues or anything as all the traffic will go through my PC.

So far trying this it has worked but I only see QUIC or GQUIC protected payloads as packets when I try use my phone and google something and never get to see any readable data other than a DNS requests. I don't notice any EAPOL handshakes so how can I set up decryption?

stucknoob's avatar
1
stucknoob
asked 2021-02-02 21:46:20 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

2 Answers

0

You can't.

Decrypting traffic from 3rd party devices without the correct key set from 1 of the 2 endpoints is not possible without quantum computing and a bruteforce attack.

I think you have an incorrect expectation here.

hugo.vanderkooij's avatar
76
hugo.vanderkooij
answered 2021-02-03 10:36:40 +0000
edit flag offensive 0 remove flag delete link
more

Comments

I'm confused, if this is impossible then this means no one can see my traffic no matter what WiFi network I connect to? I was under the impression connecting to a WiFi network runs the risk of my data being read, so if this is possible for a random hacker then why is this not possible if I own and am in control of my phone, pc and router network?

stucknoob's avatar stucknoob (2021-02-03 17:00:18 +0000) edit
more
  • delete

I think you're messing something up. In your case you've at least two encryptions. The first one is the wifi encryption (WPA). This exist between your phone and your wifi dongle. It encrypts the wifi traffic that's flying throught the air. Everybody in range of your wifi can capture this traffic by using an wifi adapter which supports the monitor mode. But she/he needs to know the WPA key to decrypt the traffic (e.g. by capturing the EAPOL handshake or he/she knows the key already).

You did your capture on your machine, the router between your wifi and the Internet. At this point there is no wifi encryption anymore, because it has been already decrypted by your wifi dongle. What you see now is QUIC, a transport layer security which has been negotiated between the client and the server (app on your phone and ... (more)

JasMan's avatar JasMan (2021-02-06 13:46:22 +0000) edit
more
  • delete
add a comment see more comments
0

When capturing traffic passing through your machine, i.e. when it's acting as the Access Point, you won't see the Wifi encrypted data, instead you'll see the regular data that's inside the Wifi channels.

The regular traffic itself may be encrypted, e.g. GQUIC, so you would need suitable keying material to decrypt those protocols, e.g. an SSLKEYLOGFILE generated by the client, but as this is your phone that may be difficult to impossible.

As to why you don't see the EAPOL handshakes, you'd have to capture in monitor mode to do that and as Windows hosts generally have a difficult time doing that (WiFi drivers often don't work in that mode) and as I don't think a Windows machine can be a hotspot and run in monitor mode you won't be able to do that either.

grahamb's avatar
23.8k
grahamb
answered 2021-02-03 12:07:03 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer