My question concerns sniffing in my local wireless network.
So I would like to test in my home network the cookie stealing and session hijacking attack.
The thing is that I want to do it over wifi. I know that on a simple lan wired network it's not a big deal since it's easy to sniff TCP packets containing the session cookies (and there is a tool Firesheep which makes it even easier). I noticed though, that it seems much harder to do on a wifi network.
I'm using Wireshark and when another computer in my network is comunicating with a website the only thing I see are LLC frames. Inside the LLC frames is a Data field which contains some weird ascii (possibly encrypted) string.
My question is: how can I decrypt these LLC frames in order to get the content of the TCP packets?
P.S. my wifi is WPA protected (and of course I have the WPA password of this network)
P.S.2 I'm guessing that it is possible to do a MITM attack but I was wondering if it is the only way to tackle this problem
-- Fri Jun 01, 2012 1:13 am --
After some searching and googling I'm answering myself (but correct me if I'm wrong).
In a WPA protected wireless network every computer's connection is ciphered with a session key (only the broadcast frames are readable for all PCs in the network).
If I'm not wrong, if I am able to capture the handshake of a connection and I have the PSK key, than I can use airdecap-ng to decrypt someone else's frames and thus get the plain TCP and HTTP packets.