unable to use --filterlist

[yahway]

hello,

I try to use hcxdumptool through the following cmd 👍

hcxdumptool - o hash -i wlan0mon --filterlist=list.txt --filtermode=2 --enable_status

I get the following error 👍

hcxdumptool: option '--enable_status' require an argument
invalid argument specified.

Any idea about the argument waited by hcxdumptool?

thanks for help.

[kali-user1]

i was having the same issue ....then i just specified "-o test.pcapng" and it worked....
Command:
hcxdumptool - o hash -i wlan0mon --filterlist=list.txt --filtermode=2 --enable_status -o test.pcapng

[SherlocksHat]

Same

…

On Sun, Aug 12, 2018 at 8:13 PM, kali-user1 ***@***.***> wrote: i have the same issue .... — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#27 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AoSXJOQG2PiPyxafoQZ7484UvhfPmW7Vks5uQAbKgaJpZM4V5PeB> .

[ZerBea]

First of all:
You are using an old version. Please do a git clone to get latest commit.
And from the help menu (-h)
--enable_status= : enable status messages
bitmask:
1: EAPOL
2: PROBEREQUEST/PROBERESPONSE
4: AUTHENTICATON
8: ASSOCIATION

In your case:
hcxdumptool -o test.pcapng -i wlan0mon --filterlist=list.txt --filtermode=2 --enable_status=3

--enable_status=3 means: you will get EAPOL and PROBEREQUEST/PROBERESPONSE
1 + 2 = 3 !!!!!!!

[yahway]

with this command :
hcxdumptool - o hash -i wlan0mon --filterlist=list.txt --filtermode=2 --enable_status -o test.pcapng

i get :

reading blacklist line 1 failed: XX:XX:XX:.....
failed to init globals

and again from the help menu:
--filterlist= : mac filter list
format: 112233445566 + comment

Wrong:
XX:XX:XX:XX:XX:XX

Correct:
112233445566

[yahway]

Thanks it works like a charm.

[ZerBea]

Nice to hear that.
Most of the reported issues are related to a misconfigured system, lack of driver support or wrong usage of the options.

[kali-user1]

bitmask:
1: EAPOL
2: PROBEREQUEST/PROBERESPONSE
4: AUTHENTICATON
8: ASSOCIATION

if i want to get all these bitmask in one command then?what should i use:
--enable_status=???

i have run it for atleast 10 mints but i am not getting the "pmkid found" message..
plz help me!!!! :(

[ZerBea]

First, answer yourself this questions:
does my driver support full monitor mode?
is the interface set to monitor mode?
are services like NetworkManager and wpa_supplicant stopped?
do I use the latest commit of hcxdumptool?
did I read help menu and README.md?
If you answered all with yes run:
sudo hcxdumptool -o test.hccapx -i -t 15 --enable-status=3

[ZerBea]

and if you would like to see all status messages use:
--enable-status=15
(1 +2 +4 +8)

[hashemahmad]

--filterlist is not working! v5.0.0

[ZerBea]

you need at least 2 options: filterlist and filtermode
git clone latest commit
add target to filterlist

then use
--filterlist= --filtermode=x

--filterlist= : mac filter list
format: 112233445566 + comment
maximum line lenght 255, maximum entries 64
--filtermode= : mode for filter list
1: use filter list as protection list (default) in transmission branch
receive everything, interact with all APs and CLIENTs in range,
except(!) the ones from the filter list
2: use filter list as target list in transmission branch
receive everything, only interact with APs and CLIENTs in range,
from the filter list
3: use filter list as target list in receiving branch
only receive APs and CLIENTs in range,
from the filter list

[hashemahmad]

This is my command:
hcxdumptool -o hash -i wlan1mon --filterlist=list.txt --filtermode=2 --enable_status=3
list.txt has only 1 MAC address in 112233445566 format, still hcxdumptool scans all APs. Thank you for replaying.

[ZerBea]

--filterlist=list.txt --filtermode=2
use filter list as target list in transmission branch
receive everything, only interact with APs and CLIENTs in range, from the filter list
That means:
interact only with the entries in the filter list (112233445566)
and(!)
receive complete traffic, but do not interact with the rest of the access points and clients out there.
So if hcxdumptool receive a handshake and/or PMKID it will save it to the capture file,
but it will not interact with other access points or the clients.

If you do not want this, you must use filter mode 3
That means:
interact only with the targets in the target list
and(!)
receive only traffic from entries of the target list!

[hashemahmad]

Its working sir!

[ZerBea]

That's great. Many users have asked for this feature, so I added filter mode 3 to hcxdumptool.

[axeldog]

Need help with hcxdumptool on nethunter. When running command "hcxdumptool -i wlan0 -w pmkid.pcapng" it runs and pumps in pmkid.pcapng but if i add any more to the command like --filterlist_ap=my filter.txt --filternode=3 or --enable_status=1 it throws "2 errors during run time" "failed to arm interface" .

[ZerBea]

This options (--filterlist_ap=my filter.txt --filternode=3 or --enable_status=1) have been removed since v6.3.0.
From now on, it is mandatory to add a Berkeley Packet Filter (BPF) that do the entire filtering.
More information is here:
#343
#330
as well as here:
$ hcxdumptool --help
and in changelog:
https://github.com/ZerBea/hcxdumptool/blob/master/changelog#L83