How to connect a wireless monitor (WiFi Display) with WiDi or Miracast?

Wireless attacks on Windows are pretty bad. One of the few free programs that can perform real attacks on Wi-Fi in Windows (and not just show available networks or retrieve previously entered passwords from Access Points) is the Router Scan by Stas'M program. She can perform WPS attacks, including Pixie Dust. It can also pick up passwords from Access Points - but it does this online, which means it requires constant presence near the AP, and it is also very slow.

There are several paid solutions for Wi-Fi monitor mode in Windows and even for wireless injection - but I have not studied them, if anyone has practical experience, then share it in this thread.

Some time ago (now discontinued), it was possible to buy a hardware solution AirPcap , with which some programs could work.

So, in this topic we share our experience in switching a Wi-Fi adapter to monitor mode in Windows and attacks on Wi-Fi from Windows.

Npcap + Wireshark = Wi-Fi Monitor Mode on Windows

Now Npcap, which replaced WinPcap, in conjunction with Wireshark, can switch Wi-Fi network interfaces to monitor mode and capture raw Wi-Fi frames.

After much struggle I managed to get it to work.

The procedure is as follows:

• remove WinPcap
• install Microsoft Visual C++ Redistributable 2013 (https://www.microsoft.com/ru-RU/download/details.aspx?id=40784)
• install Npcap (https://nmap.org/npcap/#download)
• install Wireshark (if not already installed)
• Check that wpcap.dll and Packet.dll files C:\WINDOWS\System32 and C:\WINDOWS\SysWOW64 . That is, these files should only be in C:\Windows\SysWOW64\Npcap\ and C:\Windows\System32\Npcap\ and nowhere else
• run Wireshark with administrator rights
• In the interface settings, check the box in the Monitor Mode :

Successfully tested with Alfa AWUS052NH (frames are being captured), but there are problems, which are discussed below.

Unresolved issues:

1. It was not possible to change the channel number for the Alfa AWUS052NH Wi-Fi adapter - only the first channel is always listened to.
2. When converting the Alfa AWUS036NHA adapter, Windows crashes to the blue screen of death. Perhaps the problem is in crooked drivers - you need to try different options. For example, Alfa AWUS036NHA works fine in Windows without installing drivers from the manufacturer. You can try installing or, conversely, uninstalling these drivers.

Remote access

To some extent, you can use a laptop as a PC monitor through remote access. However, in this case the situation is slightly different, since a user from a PC will have access to the mobile device system, but will work in it through a computer monitor. To do this, you need to install the appropriate software on both devices, and they must be connected to the Internet.

Important! A popular remote access application is TeamViewer. The application is distributed free of charge for home use.

By analogy, you can access the contents of your PC’s hard drive from a laptop by setting up a local network. However, in this case, the laptop will not be like a computer monitor, and you cannot see the desktop, you only have access to files.

Npcap is WinPcap for Windows 10

Npcap is a project from the Nmap programmers, it is a library designed for sniffing (and sending) packets, created to work on Windows. It is based on the WinPcap/Libpcap libraries, but has improved speed, portability and security. At its core, Npcap is a new version of WinPcap, with new features and support for modern versions of Windows 10.

Classic WinPcap can capture raw 802.11 frames, but only supports one hardware solution - AirPcap. Npcap can also capture raw 802.11 frames, but supports a variety of wireless cards.

Also included with Npcap are accompanying utilities that can switch wireless cards to monitor mode in Windows (if the driver supports it).

What is needed?

• TV with Smart TV function;
• Mobile device running Miracast technology or PC running Windows 8.

Modern TVs all have the Smart TV function and built-in Wi-Fi, so there will be no connection problems. The mobile device must have Android 4.2 and Wireless Display. If these rules are followed, then using the settings you can use the wireless screen , enjoying all its delights.

By the way, Linux and Apple mobile devices have problems connecting Wi-Fi displays . With the first option you will have to tinker, using various hacks from the Internet. Miracast technology is developing mainly in the direction of Android, and WiDi is intended for Windows.

Monitor mode in Windows

As with Linux, you can set many wireless cards that support monitor mode on Linux to Monitor Mode on Windows. For example, this works for many Alfas. But there are several problems:

• programs from the Aircrack-ng package cannot work with these interfaces - that is, it is impossible to capture any data using Airodump-ng
• There are practically no programs that can do wireless injections, that is, there is no way to perform the most popular attacks.

Nevertheless, there is a more or less working connection, namely: Wireshark can use Npcap to switch wireless interfaces to monitor mode and capture raw frames of Wi-Fi networks (at least that’s what the official Npcap documentation says). Again, it is impossible to do wireless injections, but... In attacks without clients (details here and here) we do not need to do wireless injections; to capture PMKID we need monitor mode, as well as a second wireless interface from which a normal connection attempt will be made (with any password).

Disadvantages of technology

How to connect a laptop to a TV via Wi-Fi

This system has become especially popular among users recently, as it greatly simplifies the process of viewing and reproducing data. However, the technology has a number of disadvantages noted during testing and use, which include:

• braking and freezing;
• low picture quality on TV;
• inability to connect from Apple and Linux devices.

For your information! If you need to watch movies or photos on TV, it is better to do this using an HDMI cable. It provides stable, uninterrupted operation and high picture quality. You can even play computer games with it.

How to install Npcap to capture raw Wi-Fi frames

So, we need Npcap itself. You can download it here (this is the official website).

Please note that Npcap and WinPcap must not be installed at the same time. Therefore, if you already have WinPcap, remove it first. Npcap completely replaces WinPcap and has additional features. If you remove WinPcap while installing Npcap, when asked whether to reboot your computer now, choose a manual reboot to complete the Npcap installation.

Although it is not written anywhere, Npcap apparently requires Microsoft Visual C++ Redistributable 2013.

When installing Npcap, select the options:

• Support raw 802.11 traffic
• Install Npcap in WinPcap API-compatible Mode

We also need Wireshark, which you can download here. If Npcap is installed correctly, then the option asking you to install WinPcap should be inactive:

To work with wireless cards in monitor mode, Npcap uses the “Native 802.11 WLAN” interface, which is obsolete in Windows 10. And although there is confirmation that it is still possible to use Native 802.11 WLAN in Windows 10, personally, something didn’t work out for me. Therefore, you can try to install all this in Windows 8. I tried it myself - installed Windows 8 in a virtual machine, but it still didn’t work.

You may also need drivers for your wireless card, for example, for Alfa I downloaded drivers here: alfa.com.tw/files/?dir=%5B1%5D%20WiFi%20USB%20adapter

Examples of adapters tested by the authors of the program: https://secwiki.org/w/Npcap/WiFi_adapters

The most popular utilities for remote communication

• ZoneOS ZoneScreen.
• Radmin.
• TeamViewer.
• AirDisplay.
• Space desk

Such programs are divided into two types:

• Display mirroring (Space Desk) - you will simply mirror the image from the PC screen to the laptop screen, and with their help you can split the image on both devices (great for working separately with a separate application (Photoshop)).
• Utilities for remote PC control (TeamViewer) - with them you can not only broadcast the display of one device to another, but also completely control the system using the second device.

How to Capture PMKID on Windows

Connect your Wi-Fi adapter.

Run Wireshark as administrator:

Now find the Capture and select Options :

If your card supports monitor mode and if you installed everything correctly before, then you should have a checkbox in the Monitor Mode opposite the wireless interfaces.

I have it for my cards (as you can see in the screenshot), but as soon as I check the box, it disappears. I tried three Wi-Fi adapters with different chipsets, tried virtual machines, tried it on a real computer, even specially installed Windows 8 and tried it there. The result is always the same - the check mark disappears immediately. One may begin to doubt whether this works at all, but here the authors write very confidently that it works.

Therefore, we will assume that it also worked for you.

In order for the access point to send the first handshake message with PMKID, you need to connect to it from another wireless interface - you can choose any password, since the password does not affect the first handshake message.

After the data has been captured, you can filter the desired frame directly in Wireshark, to do this, use a filter (for details on working with wireless frames, see the article “How to extract handshakes from a capture file with multiple handshakes”):

Once the PMKID is extracted, you can start brute-forcing it directly in Windows, in Aircrack-ng (as shown here) or in Hashcat (as shown here).

Ways to connect a laptop as a monitor

According to the mechanism of their operation, both devices are almost identical, so connecting them with each other will not be difficult. It is also important to note that it is impossible to connect a laptop computer to the system unit to broadcast an image, just as you would not try to connect a system unit; it will still perceive the third-party device as additional memory.

Therefore, in order to install a laptop computer instead of a monitor, we will have to go in other ways. There are two ways to do this:

• Cable connection(HDMI, DVI, VGA)
• WI-FI

How to connect a laptop screen to a computer? Depends on what is more convenient for you. For the first two you will need an appropriate connector and cable, for the second - a stable Internet connection.

Reference! Using most of the methods listed below, you can also broadcast the image to the display of any of your mobile devices.

How to put a Wi-Fi adapter into monitor mode in Windows

If you also have problems capturing raw Wi-Fi frames, then as a consolation prize, you can switch your Alfa to monitor mode in Windows - there are no problems with this. The problem is that any use of this monitor mode is completely absent: Airodump-ng does not understand these interfaces. And even Wireshark, which seems to work with Npcap, does not understand this monitor mode - it needs to switch the card itself to monitor mode.

Therefore, for those who, like me, did not succeed, this monitor mode is given as a consolation (and useless) prize.

To enable it, open a command prompt as an administrator and go to the C:\Windows\System32\Npcap\ :

Look at the names of the wireless interfaces:

I renamed my interface to awus052nh, by default it may be called “Wireless Network” or something similar. As written in the help, WlanHelper.exe must understand both the Interface Name and the GUID, which is shown a couple of lines down. But my WlanHelper.exe categorically does not accept the Interface Name, an error appears

Although the GUID ID works fine.

Therefore, in subsequent commands, instead of a name, I will use the GUID (replace it with your own).

To view the current monitor mode, enter:

Option for gamers

If you are interested in how to connect a laptop monitor to a PC as a screen for comfortable gaming, then you can use Steam Remote Play - a function of the famous platform that allows you to remotely launch the desired application on the main device, but at the same time broadcast and control it using the second one.

• To make one device a translator for another, install the Steam application on both devices and connect them to a common network. Remote Play will allow you not only to set up your laptop as a display for your PC, but also to play games through it that previously did not meet its system requirements.
• Open Steam on both devices, log into one account.
• Instead of clicking PLAY, click “Stream from..”
• Start streaming and enjoy the game.

Important! Connecting a laptop to the system unit is useless, since they will simply perceive each other as additional memory. You can connect the system unit to a laptop for the purpose of transferring files or operations with memory storage.

Setting up a laptop as a computer monitor is quite simple, you just need to find the method that suits you best. It will require the least cost and time to connect a laptop as a monitor via a network or using a third-party program, but at the same time, if you have the appropriate connectors and wires, it will be easier to connect two devices using a cable.

Also, do not forget that when installing third-party programs, it is important to download utilities only through official resources and keep the antivirus turned on during their installation.

Addition

I resolved my problem that in Windows Wi-Fi adapters are not switched to monitor mode. The advice from a visitor on the English version of this article helped:

Delete 2 dlls: wpcap.dll, Packet.dll in C:\WINDOWS\System32 and in C:\WINDOWS\SysWOW64. (maybe whireshark will stop working; then uninstall wireshark with winpcap, install npcap, install vc++2013, install wireshark).

The problem was solved by deleting the extra files wpcap.dll and Packet.dll in C:\WINDOWS\System32 and in C:\WINDOWS\SysWOW64 , leaving these files only in the folders C:\Windows\SysWOW64\Npcap\ and C:\Windows\ System32\Npcap\ .

One Wi-Fi adapter now normally switches to monitor mode and captures any frames. True, I can’t change the channel - it only works on channel 1. When switching it says “Success”, but when checking the channel it again turns out that it is working on channel 1.

The second Wi-Fi adapter, after switching to monitor mode, causes a blue screen of death - the problem is precisely in the adapter driver (the name of the file that caused the error is displayed on the blue screen).

I can dig further and deal with the problems - when I have time, I’ll continue to tinker. But still, in Linux everything is much simpler and more stable.

Hello people! I've encountered a problem, I'm not an expert in this matter, so I'm asking for your help, I have a TP-Link TL-WN7227N adapter and I switched it to monitor mode, how can I get everything back to how it was?

What team did you do this with? Did you try to break your neighbor's network?

airmon-ng start. Well yeah xD

Look in man airmon-ng

AIRMON-NG(8) System Manager's Manual AIRMON-NG(8)

NAME airmon-ng - POSIX sh script designed to turn wireless cards into monitor mode.

SYNOPSIS airmon-ng [channel] airmon-ng [kill]

DESCRIPTION airmon-ng This script can be used to enable monitor mode on wireless interfaces. It may also be used to go back from monitor mode to man‐aged mode. Entering the airmon-ng command without parameters will show the interfaces status. It can also list/kill programs that can interfere with the wireless card operation.

OPTIONAL PARAMETERS start [channel] Enable monitor mode on an interface (and specify a channel). Note: Madwifi-ng is a special case, 'start' has to be used on wifi interfaces and 'stop' on ath interfaces.

stop Disable monitor mode and go back to managed mode (except for madwifi-ng where it kills the ath VAP).

check [kill] List all possible programs that could interfere with the wireless card. If 'kill' is specified, it will try to kill all of them.

—verbose This flag must precede start/stop/check and can be combined with with other parameters or used alone. This flag will increase the verbosity to provide additional useful information which may not be needed for normal operation.

—debug This flag must precede start/stop/check and can be combined with with other parameters or used alone. This flag will increase the verbosity to debug level to assist in troubleshooting errors in airmon-ng. Use this flag when opening a bug, but only use --verbose when requesting support in irc.

—elite WARNING: DO NOT USE: This flag must precede start or stop and will prevent airmon-ng from removing interfaces. WARNING: Use of this flag will immediately disqualify receiving any support from the aircrack-ng team, due to the fact that this behavior is known to be

How to connect?

Watch the video instructions for connecting your smartphone to your TV using Miracast:

Connecting a wireless display is very easy. In the TV settings, go to the “Network” menu. Find "Miracast/Intel's WiDi".

Connecting to a smartphone

Let's move on to a smartphone or tablet running Android OS. To set up your mobile device, go to Settings options. Connect Wi-Fi data transfer. In the “Screen” tab of your mobile device, select “Wireless Screen” from the provided list. After activating the “Enable” button, a list of possible connections pops up. From the list that appears, we find our TV. Feel free to click the “Connect” button. That's it - your TV functions as a wireless display. Everything you see on your tablet or Android smartphone is now displayed on your TV monitor.

Connecting to a computer

The following video talks about WiDi technology:

To activate WiDi, we launch Intel Wireless Display - a special driver that is responsible for the operation of the technology. A window will appear on the TV screen where you need to enter a security code.

On the computer we find the Charms panel, which appears on the right side of the monitor when the PC is used as the main screen when multiple monitors are connected. Now select “Devices”, go to “Projector” and click “Select wireless display”.

Ethical hacking and penetration testing, information security

See the updated instructions “Transferring a wireless card to monitor (surveillance) mode in Kali Linux using the ip and iw commands,” which has been prepared to replace this instruction.

Switching the wireless card to monitor (control) mode is the very first thing that needs to be done before starting penetration testing of wireless networks. If this is not done, then no program will work correctly! Therefore, if something is done wrong, or something goes wrong at this stage, then all other actions described in the instructions are meaningless.

Other tools

We can use tools other than the operating system itself to connect and thus have the screen of our operating system on the laptop. There are several third party tools that we can use interchangeably, but SpaceDesk works best. Right now we are going to tell you about all the advantages of this tool, which is also ideal for the task that we are facing today.

SpaceDesk

SpaceDesk works over a local network, so the only requirement is that the main PC and the device to which we are going to send the image are connected to the same router and that both computers have Windows 10 .

With this program we can do the same thing that we explained above with the operating system desktop, that is, we can expand or duplicate it on an additional screen.

To connect through this application we will need to do the following:

• First, install server as the main one and the client in which it will be secondary.
• The server we opened in the main will appear on the client's main screen.
• We just need to click on IP for the second monitor to automatically start working.
• All settings and different operating modes change in Windows in the same way as we saw before.

How to determine what mode a wireless card is in

To control the process, let's first learn how to determine what mode the wireless card is in. This can be done with the command:

In my case, two interfaces (eth0 and lo) do not have wireless extensions. We are not interested in them and we will not return to them. We are interested in wlan0 . the Mode:Managed line is currently the most important for us . This means that the wireless card is in managed mode.

Monitor without wires - new boundaries of leisure

People have long dreamed of getting rid of network connections and wires. Intel began to make dreams come true by creating a wireless monitor. Wi-Fi Display is an opportunity to see photos, videos, in general, everything that is displayed on the screen of a computer, smartphone, etc., on a large TV monitor using a wireless connection. Now you can play your favorite games, watch movies, enjoying high-quality and large images.

There is one minus. Everything that is displayed on the phone display will be visible on the TV screen. For example, you decide to watch a movie with friends by launching a wireless monitor from your smartphone . While watching, you receive a message on Skype. The alert text displayed on the phone will be visible on the screen.

It is worth taking this into account - do not touch the smartphone display or say goodbye to privacy.

What are the wireless card modes?

Before we move on to changing the wireless card mode, let's figure out what they are and why, in fact, we are not satisfied with the managed mode.

Setting the device operating mode depends on the network topology and purpose of use. The mode can be:

• Ad-Hoc (the network consists of only one cell without an Access Point),
• Managed - Managed (the node connects to a network consisting of many Access Points, there is roaming)
• Master - Master (the node is a synchronization master or works as an Access Point),
• Repeater - Repeater (node ​​forwards packets between other wireless nodes)
• Secondary - Secondary (the node acts as a backup master/repeater),
• Monitor - Control (the node is connected to all cells and passively monitors all packets on the frequency)
• Auto - Automatic.

Already from this brief description it becomes clear that the mode we are interested in is the monitor (control) mode.

How to make a laptop a computer display over a local network

• Through the Control Panel, open the “Network and Sharing Center”.
• Create a remote connection on one of the devices you are using.
• We use the installation wizard and install manually, fill in all the necessary fields.
• On the laptop, open the control panel and select “Project to this computer.”
• Click “Available everywhere” and select the most convenient functions.
• On the PC, right-click on the desktop and select “display options”.
• We connect to the wireless display and select the name of the desired device.
• We agree with the connection and make a monitor out of the laptop.

Attention! To turn a laptop into a monitor for a PC by synchronizing, you need Windows 10 installed on both gadgets; earlier systems do not support such a function.

Switching the wireless card to monitor mode using the iwconfig command

The most popular translation method is using the airmon-ng program. But lately there have been reports of related errors. The airmon-ng command not only switches to control mode, but also changes the interface name. So, often airmon-ng changes the name and does NOT switch to monitor mode. The unfamiliarity of the situation can confuse even experienced people.

Therefore, I will start with an alternative method of switching to control mode, since there is no difficulty in this. You need to type the following sequence of commands:

Or in one line

Note that in each of these commands you may need to replace wlan0 with whatever name your wireless interface has. This name can be found with the same iwconfig , typed without options. This also applies to subsequent commands - replace the interface name with your own if you have a different name.

The Mode:Monitor line tells us that everything was successful.

The channel can be set as follows:

But, firstly, some modes ignore this setting, and secondly, this is not needed often.

It’s easier to set the channel directly in the program you are using:

Problems during connection

Some problems may occur during connection. The most common one is the message “Unable to connect” . Also, the connection can take a very long time and be unsuccessful.

In this case, the reasons may be the lack of the latest version of drivers on the adapter or the fact that it does not support such a function. The drivers can be updated, but in the second case nothing can be done.

It is also recommended to try connecting with different devices. It's just that some of them can connect and others can't.

Firewall problems

If the connection is not established or is reset at the very last moment, then the problem may be with the Firewall. You need to disconnect it and try to connect again. If everything went smoothly, it is recommended to switch the Firewall to interactive mode. In this case, it will ask for permission for suspicious connections.

Useful: How to disable the firewall