Ask Your Question
0

decrypting traffic on my own hotspot

asked 2021-02-02 21:46:20 +0000

My PC is plugged into ethernet cable and I have a WiFi dongle which does let me set up a hotspot. I've tested the hotspot and I can connect my phone with no issues. Surely as all the WiFi traffic is going through my machine I can capture and decrypt it? I mean there should be no packet loss, signal issues or anything as all the traffic will go through my PC.

So far trying this it has worked but I only see QUIC or GQUIC protected payloads as packets when I try use my phone and google something and never get to see any readable data other than a DNS requests. I don't notice any EAPOL handshakes so how can I set up decryption?

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2021-02-03 10:36:40 +0000

hugo.vanderkooij gravatar image

You can't.

Decrypting traffic from 3rd party devices without the correct key set from 1 of the 2 endpoints is not possible without quantum computing and a bruteforce attack.

I think you have an incorrect expectation here.

edit flag offensive delete link more

Comments

I'm confused, if this is impossible then this means no one can see my traffic no matter what WiFi network I connect to? I was under the impression connecting to a WiFi network runs the risk of my data being read, so if this is possible for a random hacker then why is this not possible if I own and am in control of my phone, pc and router network?

stucknoob gravatar imagestucknoob ( 2021-02-03 17:00:18 +0000 )edit

I think you're messing something up. In your case you've at least two encryptions. The first one is the wifi encryption (WPA). This exist between your phone and your wifi dongle. It encrypts the wifi traffic that's flying throught the air. Everybody in range of your wifi can capture this traffic by using an wifi adapter which supports the monitor mode. But she/he needs to know the WPA key to decrypt the traffic (e.g. by capturing the EAPOL handshake or he/she knows the key already).

You did your capture on your machine, the router between your wifi and the Internet. At this point there is no wifi encryption anymore, because it has been already decrypted by your wifi dongle. What you see now is QUIC, a transport layer security which has been negotiated between the client and the server (app on your phone and ...(more)

JasMan gravatar imageJasMan ( 2021-02-06 13:46:22 +0000 )edit
0

answered 2021-02-03 12:07:03 +0000

grahamb gravatar image

When capturing traffic passing through your machine, i.e. when it's acting as the Access Point, you won't see the Wifi encrypted data, instead you'll see the regular data that's inside the Wifi channels.

The regular traffic itself may be encrypted, e.g. GQUIC, so you would need suitable keying material to decrypt those protocols, e.g. an SSLKEYLOGFILE generated by the client, but as this is your phone that may be difficult to impossible.

As to why you don't see the EAPOL handshakes, you'd have to capture in monitor mode to do that and as Windows hosts generally have a difficult time doing that (WiFi drivers often don't work in that mode) and as I don't think a Windows machine can be a hotspot and run in monitor mode you won't be able to do that either.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2021-02-02 21:46:20 +0000

Seen: 4,867 times

Last updated: Feb 03 '21