Another big ToDo solved: Handling large capture-files used to be painfully slow in Pyrit. Therefore Pyrit from version 0.3.1-dev r232 on now uses libpcap (the heart of tcpdump) to parse capture-files and bind to live capture-sources. Due to some new BPF-filter trickery, reading and parsing a capture file is super fast from now on.
For example, reading a 23mb (500.000 packets) file used to take about 1 minute, 30 seconds on my MacBook; the same thing is now done in 7 seconds!
The new libpcap-core also allows us to read packets from live devices. The command stripLive can have the option “-r” to take the name of a network-device (e.g. wlan0). You can therefore have Pyrit gather packets directly from the air and produce very small capture files like this:
pyrit -r wlan0 -o wlan0.cap stripLive
Notice that Pyrit does not care to take the device into monitor mode or change channels. You should use a tool like Kismet for that and have Pyrit take the score.
Leave a comment
No comments yet.