Solved: Decrypting 802.11 traffic in wireshark over web authentication SSID.

Muhammed Adnan · ‎06-13-2020

Hello Experts,

How do we decrypt the 802.11 traffic for a SSID configured with CWA?

For WPA-PSK & WEP there will be options in wireshark, however for web authentication SSID, how would we do that?

Karsten Iwen · ‎06-14-2020

Decrypting the wireless traffic is completely independent of the fact that CWA is used or not. CWA only runs after the wireless link is already established. You have two typical situations here:

The SSID is protected with WPA (1 or 2): You configure the PSK in Wireshark as before.
The SSID is open: Noting to decrypt here as the link is already cleartext.

If you want to look into the CWA authentication-traffic of the client, you are probably out of luck. That is HTTPS and outside a lab-environment, you can't decrypt it.

View solution in original post

Karsten Iwen · ‎06-14-2020

Decrypting the wireless traffic is completely independent of the fact that CWA is used or not. CWA only runs after the wireless link is already established. You have two typical situations here:

The SSID is protected with WPA (1 or 2): You configure the PSK in Wireshark as before.
The SSID is open: Noting to decrypt here as the link is already cleartext.

If you want to look into the CWA authentication-traffic of the client, you are probably out of luck. That is HTTPS and outside a lab-environment, you can't decrypt it.

Muhammed Adnan · ‎06-30-2020

Thank you Karsten.

Yes indeed, as explained by you for open SSID regardless of CWA or not, the traffic goes un-encrypted.