Configuring Cain to Sniff Passwords on Wireless LAN Adapter

The Cain & Abel software by Massimiliano Montoro, is probably the best password recovery on Windows platform. It is listed as number the number one password recovery software on sectools.org, and the best thing is that although closed sourced, it is free. It can recover your password and others of course in many different ways, by directly recovering the password over the network or indirectly by using the various nifty tools available. In the last case using APR-DNS, to *cough*pharm*cough* and test other browsers security setting, is one of my favorite, but that is another story.

Although it is well known that you can use it to recover passwords on wired network, you can actually also use it on wireless network.

Here's a step-by-step how to prepare your Wireless LAN adapter for Cain goodness. (No airpcap adapter needed)

The assumption here is that you have properly installed Cain and used it previously.

  1. Enable both your wireless LAN adapter and your Ethernet adapter.
  2. Connect to a wireless network and take note your Wireless LAN adapter IP address, subnet mask, and default gateway.
  3. Turn on Cain using sufficient privilege
  4. Click on Configure, and the Sniffer tab select the adapter with the IP address that has been assigned to your Wireless LAN adapter, then click on Apply.
  5. If you get The spoofing IP address must be in your subnet error message, you need to change your Ethernet adapter IP address and default gateway to a new IP that is in the same subnet as your Wireless LAN adapter. Twice. Yes you heard it right, Twice (although if you did hear the word twice instead of reading it, I strongly suggest you see a shrink, NOW!) Redo the previous step. Note: You don't have to disable and enable the Ethernet adapter or closing Cain while doing this step.
  6. Click on APR (Arp Poison Routing) tab, Click Use Spoofed IP and MAC addresses, select the IP address you want to spoof, to change the spoofing MAC address, use regedit and modify the value "SpoofMAC" at this location: "HKEY_CURRENT_USER\Software\Cain\Settings" then click Apply.
  7. That's it. You are good to go.

I'd like to thank my good friend at First Media for reminding me that the MAC sublayer in 802.11 is different from that on Ethernet, and subsequently making me read a 15MB pdf file before I wrote this short article.