Guide to merge all the capture files together for Hashcat cracking

Discussion in 'Scripts & Commands' started by Yuuki_Ame, 15 Aug 2020.

  1. Yuuki_Ame

    Yuuki_Ame Well-Known Member

    23 Nov 2019
    Likes Received:
    Hello everyone,

    Took me while to find all this. Did a bit of research. There wasn't much of a guide online to combine all the capture files into a single file with all the handshakes you captured. Well. Here it is. I am here to share my knowledge on the subject.

    1. pcapfix

    - For a lot of people, when they capture a handshake, they stopped the handshake mid-way so it "breaks" the capture files. Due to this, Wireshark cannot let you merge capture files together. Check if you encounter this error by opening your capture file in Wireshark. If it displays an error:

    > The capture file appears to have been cut short in the middle of a packet.

    If you do not encounter this, skip to step 2.

    You need to install pcapfix. Download it from Login or Signup to view links / downloads.

    For Linux:
    download the tar.gz and extract it. Open the INSTALL file. Instructions are inside.
    >make install
    There are extra steps here. The output after >make install will tell you what to do.
    > pcapfix File.cap

    The output file should be Fixed_File.cap.

    For windows:
    download the Extract it. Use the pcapfix.exe by opening a terminal in the address line with cmd
    pcapfix.exe File.cap

    2. mergecap

    For Linux

    The following command should work if it mergecap already installed.

    > mergecap Fixed_file_1.cap Fixed_file_2.cap Fixed_file_3.cap -w Merged_file.cap -F pcap

    The output file should be Merged_file.cap
    All the handshakes within the capture files above should all be inside this new merged file.

    For Windows
    - Read the following Login or Signup to view links / downloads. Wireshark has a detailed guide on this part already. Check 5.4.1.

    3. hashcat
    In order to use the capture files above in Hashcat. You need to convert it from .cap to .hccapx
    There are two ways to do this.
    One with cap2hccapx service from hashcat website. Here is the Login or Signup to view links / downloads
    Or, hashcat_utils. Read this Login or Signup to view links / downloads
    Download the utils with cap2hccapx.bin to use terminal. Do the terminal command in a folder with cap2hccapx.bin or .exe inside it

    >cap2hccapx.exe Merged_file.cap New_file.hccapx


    Now you can use it for hashcat -m 2500 with all the handshakes in a single file. So you do not have to finish 1 capture before moving on to the next one with another file.

    Login or Signup to view links / downloads
    Login or Signup to view links / downloads
    Login or Signup to view links / downloads
    Login or Signup to view links / downloads
    Login or Signup to view links / downloads
  2. longshanks

    longshanks Well-Known Member

    1 Jul 2016
    Likes Received:
    You can cat hccapx files as well.
    cat 1.hccapx 2.hccapx 3.hccapx > /root/multi.hccapx
    • Like Like x 1
  • About Us

    We are a community mixed with professionals and beginners with an interest in wireless security, auditing and pentesting. Feel free to check out and upload resources.

    You can also find us on: Twitter and Facebook

  • Donate to Us

    Did you find our forums useful? Feel free to donate Bitcoin to us using the form below. Those who donate the equivlent of $10 USD or more will be upgraded to VIP membership. Don't have Bitcoin? Use your credit card to GO VIP here. Don't want to fork out some coin? There are other ways to GO VIP. Bitcoin: 1LMTGSoTyJWXuy2mQkHfgMzD7ez74x1Z8K