Test method, system, and medium for wpa encrypted wireless networks

By using a pre-stored session key to decrypt data frames in a WPA encrypted wireless network and then sending them to wireless space, the problem of existing tools being unable to parse WPA3 encrypted data is solved, enabling efficient data analysis and testing.

CN121442387BActive Publication Date: 2026-06-09BRITE TECH (SHENZHEN) CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
BRITE TECH (SHENZHEN) CO LTD
Filing Date
2025-12-30
Publication Date
2026-06-09

AI Technical Summary

Technical Problem

Existing testing tools cannot effectively parse the data content of WPA3 encrypted wireless networks, resulting in low testing efficiency. It is necessary to decrypt the data at the endpoint to verify its correctness.

Method used

By acquiring WPA encrypted data frames, decrypting them using pre-stored WPA session keys, generating WPA decrypted data frames, and sending them to wireless space via the wireless interface, the protocol parsing tool can directly analyze the plaintext data.

Benefits of technology

This technology enhances the convenience and reliability of WPA-encrypted wireless networks. Protocol parsing tools can directly obtain plaintext data for analysis, avoiding testing obstacles and improving testing efficiency.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN121442387B_ABST
    Figure CN121442387B_ABST
Patent Text Reader

Abstract

The application provides a test method, system and medium for a WPA encrypted wireless network. The method comprises the following steps: obtaining a WPA encrypted data frame, decrypting the WPA encrypted data frame based on a pre-stored WPA session key to obtain original plaintext data corresponding to the WPA encrypted data frame, generating a WPA decrypted data frame corresponding to the WPA encrypted data frame based on the original plaintext data, and sending the WPA decrypted data frame to a wireless space through a wireless interface so that a protocol analysis tool compares and analyzes the WPA encrypted data frame based on the WPA decrypted data frame. The application generates a WPA decrypted data frame carrying association identification information and sends it to the wireless space, so that the protocol analysis tool can directly obtain the plaintext data of the WPA encrypted data frame to compare and analyze the WPA encrypted data frame, avoids the test obstacles caused by the WPA encryption mechanism, and improves the convenience of the WPA encrypted wireless network test.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of wireless communication, and in particular to a test method for WPA encrypted wireless networks, a Wi-Fi protocol test system, and a computer-readable storage medium. Background Technology

[0002] With the rapid development of Wi-Fi technology, network security issues have become increasingly prominent. The existing WPA3 wireless network protocol encrypts service data, keep-alive data, and management frames during data transmission to enhance security. After the WPA3 connection establishment phase (handshake phase) is completed, both the AP (Access Point) and Station (Wireless Terminal) have installed peer keys, and most subsequent data is sent in encrypted frames. This means that protocol parsing tools (such as Wireshark) cannot directly parse this encrypted data during protocol stack testing or data analysis. Therefore, existing testing tools lack effective methods for handling encrypted WPA3 data. Testers, developers, and data analysts must return to the original code level and verify correctness by printing the decrypted data at the endpoints (Station or AP), significantly reducing the testing efficiency of WPA3 encrypted wireless networks.

[0003] Therefore, how to test the system's testing efficiency on WPA3 encrypted wireless networks has become an urgent technical problem to be solved. Summary of the Invention

[0004] The main purpose of this application is to provide a test method for analyzing WPA encrypted data in a Wi-Fi protocol test system, aiming to improve the efficiency of the Wi-Fi protocol test system in analyzing encrypted data, thereby improving the overall system efficiency.

[0005] To achieve the above objectives, this application provides a testing method for WPA encrypted wireless networks, the testing method comprising the following steps:

[0006] Obtain a WPA encrypted data frame and decrypt the WPA encrypted data frame based on the pre-stored WPA session key to obtain the original plaintext data corresponding to the WPA encrypted data frame.

[0007] Based on the original plaintext data, generate the WPA decryption data frame corresponding to the WPA encrypted data frame;

[0008] The WPA decrypted data frame is sent to the wireless space via a wireless interface so that the protocol parsing tool can compare and analyze the WPA encrypted data frame based on the WPA decrypted data frame.

[0009] Furthermore, to achieve the above objectives, this application also provides a Wi-Fi protocol testing system, which includes at least one computer device. The computer device is a wireless access point, a wireless terminal, or a protocol parsing tool. The computer device includes a processor, a memory, and a test program for WPA encrypted wireless networks stored in the memory and executable by the processor. When the test program for WPA encrypted wireless networks is executed by the processor, it implements the steps of the test method for WPA encrypted wireless networks as described above.

[0010] In addition, to achieve the above objectives, this application also provides a computer-readable storage medium storing a test program for a WPA encrypted wireless network, wherein when the test program for a WPA encrypted wireless network is executed by a processor, it implements the steps of the test method for a WPA encrypted wireless network as described above.

[0011] This application provides a testing method for WPA encrypted wireless networks. The method involves: acquiring a WPA encrypted data frame; decrypting the WPA encrypted data frame based on a pre-stored WPA session key to obtain the original plaintext data corresponding to the WPA encrypted data frame; generating a WPA decrypted data frame based on the original plaintext data; and transmitting the WPA decrypted data frame to wireless space via a wireless interface, so that a protocol parsing tool can compare and analyze the WPA encrypted data frame based on the decrypted data frame. Through this method, this application decrypts the WPA encrypted data frame using a pre-stored WPA session key to obtain the original plaintext data corresponding to the WPA encrypted data frame, and obtains the corresponding WPA decrypted data frame based on the original plaintext data. The WPA decrypted data frame is then transmitted to wireless space, enabling the protocol parsing tool to directly obtain the plaintext data of the WPA encrypted data frame for analysis. This effectively avoids testing obstacles caused by the WPA encryption mechanism and improves the convenience and reliability of WPA encrypted wireless network testing. Attached Figure Description

[0012] Figure 1 This is a flowchart illustrating a testing method for a WPA encrypted wireless network provided in this application.

[0013] Figure 2 This is a basic flowchart illustrating the communication process between the Station and the AP provided in this application.

[0014] Figure 3 A schematic diagram illustrating the interaction between various devices during the testing process of the test system provided in this application.

[0015] Figure 4 A schematic block diagram of the structure of a computer device provided in this application.

[0016] The realization of the purpose, functional features and advantages of this application will be further explained in conjunction with the embodiments and with reference to the accompanying drawings. Detailed Implementation

[0017] The technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.

[0018] The flowchart shown in the attached diagram is for illustrative purposes only and does not necessarily include all content and operations / steps, nor does it necessarily have to be performed in the order described. For example, some operations / steps can be broken down, combined, or partially merged, so the actual execution order may change depending on the actual situation.

[0019] It should be understood that the terminology used in this specification is for the purpose of describing particular embodiments only and is not intended to limit the scope of the application. As used in this specification and the appended claims, the singular forms “a,” “an,” and “the” are intended to include the plural forms unless the context clearly indicates otherwise.

[0020] It should also be understood that the term “and / or” as used in this application specification and the appended claims means any combination of one or more of the associated listed items and all possible combinations, and includes such combinations.

[0021] The testing method for WPA encrypted wireless networks involved in the embodiments of this application is mainly applied to computer equipment, which can be a PC, laptop computer, mobile terminal or other device with display and processing functions.

[0022] The following detailed description of some embodiments of this application is provided in conjunction with the accompanying drawings. Unless otherwise specified, the following embodiments and features can be combined with each other.

[0023] Reference Figure 1 , Figure 1 This is a flowchart illustrating a testing method for a WPA encrypted wireless network provided in this application.

[0024] like Figure 1 As shown, this application embodiment provides a testing method for WPA encrypted wireless networks, which includes steps S101 to S103.

[0025] In this embodiment, the 80211 protocol has evolved to the 80211.be stage, achieving new heights in terms of speed, latency, and protection. The protection mechanisms for the air communication portion of Wi-Fi devices have also been continuously upgraded, with WPA2 / WPA3 protocols currently being commonly used. The testing method for WPA encrypted wireless networks is applied to a test system, which includes an AP (Access Point), a Station (Wireless Terminal), and protocol parsing tools (including packet capture network cards and parsing tools such as Wireshark). WPA encrypted data frames are sent to wireless space through the Station or AP. The testing method for WPA encrypted wireless networks provided in this application is used to test WPA protocols (such as WPA2 / WPA3 protocols). The 80211 protocol serves the communication connection between the Station (STA) and the AP, helping terminal devices access the Internet through wireless channels. The communication process between the Station and the AP represents the basic flow of the 80211 protocol as follows: Figure 2 As shown.

[0026] The Wi-Fi communication process can be divided into the following stages:

[0027] 1. The AP broadcasts beacon frames. As broadcast messages, beacon frames are unencrypted.

[0028] 2. Connection Establishment Phase: The Station initiates a connection and starts the authentication process. Taking WPA3 SAE mode as an example, the process is as follows:

[0029] Station send sae commit;

[0030] AP send sae commit?

[0031] Station sends confirmation.

[0032] AP sends sae confirm;

[0033] Station send association, request;

[0034] AP sends association response;

[0035] At this stage, both parties send messages in plaintext.

[0036] 3. Handshake phase:

[0037] AP send eapol m1;

[0038] Station send eapol m2;

[0039] AP send eapol m3;

[0040] Station send eapol m4;

[0041] 4. Transmission of management frames such as business data, keep-alive data, and actions. During this stage, both the Station and the AP have completed the installation of their peer keys. The protected data specified in the 80211 series protocol will be transmitted in encrypted frames.

[0042] 5. Disconnect. The 80211 protocol stipulates that the first disconnect message must be sent as an encrypted frame, and subsequent disconnect response messages will be sent as decrypted frames.

[0043] Because the data is encrypted, analyzing the encrypted data in Phase 4 and beyond is difficult. Protocol stack testing systems or tools need to provide effective solutions to improve testing efficiency and facilitate user use.

[0044] For WPA3, currently the decrypted content can only be viewed at the endpoint (STA / AP). The only observation point for WPA protocol compliance testing equipment is the protocol frames captured in the wireless space. The common analysis method is to capture protocol frames and parse the messages using parsing tools. The inability to parse the encrypted messages in real time significantly reduces the efficiency of the testing equipment in analyzing and locating problems.

[0045] To address the aforementioned issues, this application simultaneously sends the decryption frame to wireless space upon receiving and sending the encryption frame, thereby enabling the capture of both the decryption and encryption frames from wireless space.

[0046] The testing method for WPA encrypted wireless networks includes the following steps:

[0047] Step S101: Obtain a WPA encrypted data frame and decrypt the WPA encrypted data frame based on the pre-stored WPA session key to obtain the original plaintext data corresponding to the WPA encrypted data frame.

[0048] Step S102: Based on the original plaintext data, generate a WPA decryption data frame corresponding to the WPA encrypted data frame;

[0049] Step S103: The WPA decrypted data frame is sent to the wireless space via the wireless interface so that the protocol parsing tool can compare and analyze the WPA encrypted data frame based on the WPA decrypted data frame.

[0050] To address the issue of WPA3 encrypted data being invisible during protocol testing, this application provides a testing method for WPA encrypted wireless networks. This method involves receiving encrypted frames, internally decrypting them, copying and generating plaintext copies, marking / isolating the plaintext copies, and sending the plaintext copies to the wireless space. This enables protocol parsing tools to directly capture and analyze the plaintext data of WPA encrypted frames, effectively circumventing testing obstacles caused by the WPA3 encryption mechanism and improving the convenience and reliability of WPA encrypted wireless network testing.

[0051] Specifically, the protocol parsing tool captures WPA3 protocol data frames (such as action frames) from the wireless space or prepares to send them by the test system itself. The network protocol stack of the test system (as an AP or Station) identifies the frame as a WPA3 encrypted frame (e.g., by checking that the Protected Flag in the frame header is TRUE) and marks it as an encrypted frame that needs to be processed. For the identified encrypted frame, the test system uses the session key (Pairwise Master Key, PMK, etc.) successfully established during the previous SAE handshake phase and stored locally to decrypt the payload of the encrypted frame according to the WPA3 standard decryption algorithm, obtaining the original, unencrypted plaintext protocol data. Based on the decrypted plaintext data, the test system creates an identical copy, resulting in two sets of data: a plaintext data stream for normal communication and a plaintext data copy for test analysis. One set (the plaintext data stream for normal communication) is used for normal protocol stack processing (such as reporting to upper-layer applications or normal forwarding), while the other set (the plaintext data copy for test analysis) serves as a debug copy (i.e., a WPA decrypted data frame) in the subsequent decryption process. To avoid interfering with normal communication, the plaintext data copy is marked and isolated to make it easily identifiable by protocol parsing tools and unresponsive to other devices in the network. The marking or isolation of the copy includes:

[0052] Strategy A (Logical Isolation, i.e., Address Modification): Modify the destination MAC address in the replica frame header to a reserved address or a special address (such as 11:11:11:11:11:11), thereby making the replicas distinguishable at the data link layer.

[0053] Strategy B (Physical Isolation, i.e., Channel Switching): The copy content is not modified, but it is sent via the wireless network card to a preset wireless channel or frequency band different from the original encrypted frame (e.g., the original frame is on 5GHz Ch.36, the copy is sent to 5GHz Ch.40), thus obtaining a plaintext data copy that has been marked / isolated. The marked / isolated plaintext data copy is then transmitted into the wireless space via the radio frequency (RF) module, treating the copy frame as a regular unencrypted management frame or data frame, through the test system's driver and wireless network card. In the wireless space, there are two types of frames: the original WPA encrypted frame and the special, unencrypted plaintext copy frame.

[0054] Protocol parsing tools (such as Wireshark) can capture both types of frames simultaneously by listening to the corresponding wireless channels. Analysts can: see the encrypted frame and understand its transmission timing and external characteristics; directly parse and view the complete content of the plaintext copy frame to understand the actual data inside the encrypted frame; and efficiently perform protocol consistency, functionality, and performance testing by comparing the two.

[0055] In one embodiment, the step of sending the WPA decrypted data frame to the wireless space via the wireless interface so that the protocol parsing tool can capture the WPA decrypted data frame to perform WPA encrypted wireless network testing on the WPA encrypted data frame includes:

[0056] The WPA decryption data frame and the WPA encryption data frame are respectively sent to the wireless space through the wireless interface;

[0057] Obtain the association identifier between the WPA decrypted data frame and the WPA encrypted data frame, and send the association identifier to the wireless space so that the protocol parsing tool can perform WPA encrypted wireless network testing on the associated WPA decrypted data frame and the WPA encrypted data frame based on the association identifier.

[0058] In one embodiment, obtaining the association identifier between the WPA decrypted data frame and the WPA encrypted data frame includes:

[0059] The plaintext data of the WPA decryption data frame and the WPA encryption data frame are obtained, or the destination MAC address of the WPA decryption data frame is obtained after modification, and used as the association identifier.

[0060] In one embodiment, the step of sending the WPA decrypted data frame to the wireless space via a wireless interface, so that a protocol parsing tool can perform comparative analysis on the WPA encrypted data frame based on the WPA decrypted data frame, includes:

[0061] The WPA decrypted data frame and the WPA encrypted data frame are simultaneously sent to the wireless space through the wireless interface, so that the protocol parsing tool can simultaneously capture the WPA encrypted data frame and its corresponding WPA decrypted data frame for WPA encrypted wireless network testing.

[0062] In this embodiment, to further improve testing convenience, a test switch is provided. The test switch flag includes 0, 1, and 2, where 0 indicates normal communication, 1 indicates simultaneous transmission of encrypted and decrypted frames, and 2 indicates separate transmission of encrypted and decrypted frames. Specifically:

[0063] like Figure 3 As shown, the test system includes, but is not limited to, a packet capture device, an AP, a STA, and a wireless space. The packet capture device listens to the wireless space and captures WPA encrypted frames (such as action frames) and decrypted frames from it. For the encrypted frames, using the session key (Pairwise Master Key, PMK, etc.) successfully established during the previous SAE handshake phase and stored locally, the payload of the encrypted frame is decrypted according to the WPA3 standard decryption algorithm to obtain the original, decrypted plaintext protocol data, which serves as the WPA3 decrypted frame. Based on the decrypted plaintext data, an identical copy is created, resulting in two sets of data (a plaintext data stream for normal communication and a plaintext data copy for test analysis). One set (the plaintext data stream for normal communication) is used for normal protocol stack processing (such as reporting to the upper-layer application or normal forwarding), and the other set (the plaintext data copy for test analysis) serves as a debug copy (i.e., the WPA decrypted data frame) in the subsequent decryption process. Wherein:

[0064] 1. When the test switch flag is 0, only encrypted frames are sent, indicating that the STA and AP are communicating normally;

[0065] 2. When the test switch flag is 1, it indicates that encrypted and decrypted frames are sent simultaneously.

[0066] 3. When the test switch flag is 2, it indicates delayed transmission. During delayed transmission, the protocol parsing tool can test the previously sent encrypted frames when the decrypted data frame is sent.

[0067] When sending with a delay, it is necessary to match the association identifier between the encrypted frame and the decrypted frame. The plaintext data part that is the same in the encrypted frame and the decrypted frame can be used as the association identifier. Alternatively, the MAC address of the modified characteristic format of the decrypted frame can be used as the association identifier. This avoids the problem that the timestamp changes due to the inconsistency between the time system of the protocol parsing tool and the STA and AP, which makes the timestamp unable to be used as the association identifier.

[0068] In one embodiment, sending the WPA decrypted data frame to the wireless space includes:

[0069] Obtain the working channel and channel for sending the WPA encrypted data frame;

[0070] The WPA decryption data frame is sent to a working channel and channel other than the WPA encryption data frame to perform channel switching between the WPA decryption data frame and the WPA encryption data frame, thereby achieving physical isolation between the WPA decryption data frame and the WPA encryption data frame and ensuring that the WPA decryption data frame has no impact on the workflow of the WPA encryption data frame.

[0071] In one embodiment, sending the WPA decrypted data frame to the wireless space includes:

[0072] The destination MAC address of the WPA decryption data frame is modified, and the modified WPA decryption data frame is sent to the wireless space to distinguish between the WPA encryption data frame and the WPA decryption data frame, thereby achieving logical isolation between the WPA decryption data frame and the WPA encryption data frame.

[0073] The modification of the destination MAC address of the WPA decryption data frame includes:

[0074] The destination MAC address of the WPA decryption data frame is modified to a preset format so that the protocol parsing tool can distinguish between the WPA decryption data frame and the WPA encryption data frame based on the preset format destination MAC address.

[0075] The step of generating a WPA decryption data frame corresponding to the WPA encrypted data frame based on the original plaintext data includes:

[0076] The original plaintext data is copied to obtain plaintext copies that are identical to the original plaintext data. These copies serve as the WPA decryption data frames used for testing and analysis, and as plaintext data streams used for normal communication.

[0077] In this embodiment, in the test system, the sent and received encrypted frames are decrypted, copied, and then sent to wireless space. The operations following copying include, but are not limited to, the following:

[0078] (1) Modify individual fields to distinguish them from the original packets in air packet capture without affecting the normal protocol interaction process. For example, modify the dest MAC address to 11:11:11:11:11:11 or other easily identifiable values;

[0079] (2) Send to a different channel or frequency band than the encrypted frame. For example, the encrypted frame is normally sent on channel 36 of 5G, without modifying any fields of the decrypted frame, but is sent to channel 40 of 5G or a certain channel of 2G / 6G;

[0080] Using the above method, the original data is sent to the wireless space in the form of decrypted frames. Custom modifications can be made or the data can be sent to other frequency bands / channels before it is sent to the wireless space.

[0081] In a specific embodiment, the association identifier refers to the information used to uniquely identify WPA encrypted data frames. Specifically, it can be implemented using frame sequence numbers or other unique identifiers such as the checksum value of the data frame or a cyclic redundancy check code generated based on the content of the data frame. For example, in the IEEE 802.11 protocol, the frame sequence number is used to distinguish different data frames, mainly to achieve a unique identifier for the data frame.

[0082] Therefore, in the process of generating WPA decryption data frames, an association identifier is embedded in them. Based on this association identifier, a one-to-one mapping relationship is established between the original encrypted frame and its plaintext copy. This allows the captured original encrypted frame to be accurately associated with its corresponding plaintext copy based on the association identifier, avoiding the inefficiency and low accuracy of methods that rely on timestamp approximation matching or manual comparison.

[0083] Based on the pre-stored WPA session key in the test system, the WPA encrypted data frame is decrypted to obtain the original plaintext data corresponding to the WPA encrypted data frame.

[0084] In this embodiment, the pre-stored WPA session key refers to the key used to decrypt WPA encrypted data frames that is pre-stored in the test system. Specifically, it can be configured by the user manually entering it during the initialization of the test system, or imported from a trusted source through a security key management protocol, such as using a key file in PKCS#12 format. The main purpose is to securely complete the decryption process within the test system, avoiding traditional decryption methods that rely on external tools.

[0085] Based on the original plaintext data and the associated identification information, a corresponding WPA decryption data frame is generated;

[0086] In this embodiment, the associated identification information can be embedded into a user-defined field of the plaintext data, or it can be encapsulated together with the plaintext data as additional metadata, for example, by adding an identification information field at the end of the data frame.

[0087] The WPA decrypted data frame is sent to the wireless space via the wireless interface so that the protocol parsing tool can capture the WPA decrypted data frame for testing the WPA encrypted wireless network.

[0088] In this embodiment, WPA decrypted data frames can be sent directly using the standard IEEE 802.11 protocol, or the test system can be configured to broadcast to the wireless space, for example, using a multicast address. This allows the protocol parsing tool to capture the WPA decrypted data frames for comparison and analysis, solving the problem that general protocol analysis tools cannot parse WPA encrypted data, thus improving testing efficiency and eliminating the need for data verification at the original code level. As a preferred implementation, the generation process of the associated identification information can be configured to automatically extract other fields from the frame sequence number. Therefore, this embodiment, by decrypting the WPA encrypted data frames within the test system and generating WPA decrypted data frames carrying associated identification information for transmission to the wireless space, enables the protocol parsing tool to directly capture plaintext data, overcoming the limitation in the WPA3 protocol that the key is not transmitted over the network.

[0089] During testing, the test system is configured to capture WPA encrypted data frames in real time and generate associated identification information corresponding to each encrypted data frame. This associated identification information includes at least one of a frame sequence number and a capture timestamp. This identification information is constructed based on the unique temporal characteristics of the data frame during transmission to ensure the traceability of subsequent test data. Furthermore, based on the WPA session key pre-stored in the test system, the encrypted data frame is decrypted to obtain the original plaintext data. This process leverages the test environment's characteristic of holding the key as a trusted node, securely completing the decryption operation within the system, thereby circumventing the restriction in the WPA3 protocol that keys are not transmitted over the network. Subsequently, the original plaintext data and the associated identification information are combined to generate a decrypted WPA data frame. This copy retains the complete content of the original data and embeds the identification information, enabling external tools to accurately associate it with the test context. Thus, the decrypted WPA data frame is transmitted to wireless space via the wireless interface, allowing protocol parsing tools to directly obtain the content in a standard plaintext data capture manner without processing the encryption mechanism, thereby achieving real-time testing and analysis of the WPA3 encrypted wireless network.

[0090] In a preferred implementation, the test system can be specifically implemented as a server running the Ubuntu operating system, equipped with a wireless test network card that supports the test method described in this patent. In actual deployment, when the test system processes WPA encrypted data frames, the user-configured fields are extracted and associated identification information is generated; using the pre-stored WPA session key, the encrypted data frame is decrypted using the built-in algorithm in the encryption library of the wireless network card or the platform, to obtain the original plaintext data; the associated data is added to the plaintext data (e.g., replacing the original dst mac) and encapsulated into a new data frame conforming to the IEEE 802.11a standard to form a WPA decrypted data frame; finally, this copy is sent through the wireless network card to a wireless channel in the 5.8GHz band so that the protocol parsing tool can capture and parse the data content.

[0091] Therefore, this method effectively solves the problem that general protocol analysis tools (such as Wireshark) cannot directly analyze WPA3 encrypted data. Because decrypted WPA data frames are sent to the wireless space in unencrypted form, external tools can capture and analyze the data content in real time, significantly improving the testing efficiency of WPA3 encrypted wireless networks. Specifically, by completing decryption and generating a plaintext copy carrying identification information within the test system, the cumbersome process of data verification at the original code level is avoided. This ensures the integrity and traceability of test data, enabling testers, developers, and data analysts to efficiently verify the correctness of network protocols.

[0092] In the implementation of the above embodiments, if there is no effective mechanism to distinguish between WPA decrypted data frames and original WPA encrypted data frames in the wireless space, it may lead to various wireless devices in the test environment being unable to accurately identify the test data, potentially mistaking the test data for real network traffic or vice versa, thereby affecting the accuracy and reliability of the test results. Specifically, since all data in a WPA3 network should be encrypted, but the WPA decrypted data frames generated for testing are sent in unencrypted form, without logical distinction, various wireless devices in the test environment are prone to confusing test data with real encrypted traffic, especially in multi-protocol interaction scenarios, which may lead to protocol parsing errors or misjudgment of test indicators.

[0093] To further address the aforementioned issues, embodiments of this application provide a testing method for WPA-encrypted wireless networks, and further:

[0094] Based on the protocol interaction phase to which the WPA encrypted data frame belongs or the requirement information of the current test case corresponding to the WPA encrypted data frame, the target strategy is determined from at least one predefined modification strategy;

[0095] Based on the target strategy, at least one field in the frame header of the WPA decryption data frame is modified to a preset format, and the modified WPA decryption data frame is sent to the wireless space to logically mark the WPA decryption data frame so that the WPA decryption data frame is different from the WPA encrypted data frame.

[0096] Modification fields include, but are not limited to, the destination MAC address, the source MAC address, the Basic Service Set Identifier (BSSID), or the segment number in the sequence control field.

[0097] In this embodiment, the characteristics of the plaintext copy to be sent are identified, and an appropriate modification strategy is selected accordingly. Specifically, modifying the destination / source MAC address is simple and direct, easy to filter and identify, but statistical functions dependent on the MAC address may be affected after modification; modifying the BSSID can isolate traffic at the network dimension, which is very clear, but may cause confusion if the test involves multiple BSSIDs; modifying the segment number is a very subtle change that does not affect the main frame structure, but the signal is relatively hidden and requires special identification by the analysis script, making it suitable for application scenarios with minimal modification to the original frame. Therefore, based on the protocol interaction stage to which the WPA encrypted data frame belongs or the requirements of the current test case corresponding to the WPA encrypted data frame, modification strategies suitable for different situations are determined.

[0098] The protocol interaction phase refers to the key timing divisions in the WPA connection process, which can include different states such as the connection establishment phase, key exchange phase, or service data transmission phase. Its purpose is to dynamically adapt the marking policy according to the real-time running status of the network protocol stack, avoiding modification of key fields during sensitive phases that could disrupt protocol synchronization. The test case requirements specifically refer to the specific performance verification objectives of the test task, which may include throughput test requirements, security protocol compliance verification requirements, or error injection test requirements. Its purpose is to ensure that the marking policy serves a specific test objective, ensuring that the logical marking process meets test requirements while minimizing interference with network behavior. The modification policy can be understood as a predefined set of frame header adjustment rules, which can be implemented using a rule engine-based policy selection mechanism or a machine learning-based dynamic policy matching mechanism. Its purpose is to provide a standardized marking method, ensuring the resolvability of external tools while maintaining the flexibility of the marking process. The modification field specifically refers to the adjustable identifying parameters in the wireless frame structure, which can be implemented using a test-specific prefix for the destination MAC address, a virtual extended identifier for the BSSID, or a controllable increment for the sequence control field. Its purpose is to create non-destructive logical identifiers, enabling test data to be reliably distinguishable in the wireless space without affecting the normal operation of real devices.

[0099] This application's solution triggers an intelligent matching process from a predefined policy library by real-time collection of multi-dimensional parameters, including protocol interaction phases and test case requirements, to determine the optimal frame header modification strategy. Based on this strategy, the system applies pre-formatted logical markings to specified fields of WPA decrypted data frames. For example, it adjusts the destination MAC address to a test-specific address range or modifies the BSSID to a virtual service set identifier, making the marked data form a recognizable feature pattern in the wireless space. This marking mechanism is deeply coupled with the normal data transmission process of the wireless network, avoiding the channel resource overhead caused by physical isolation and ensuring that the marked data is not misprocessed by real network devices. Since the marking operation only applies to key fields in the frame header and follows the pre-formatted specifications, protocol parsing tools can accurately filter out the test data stream by parsing the specific patterns of these fields, thereby achieving unambiguous distinction between test data and real encrypted traffic. This process, while maintaining the integrity of the WPA network protocol stack, constructs a logical isolation layer for test data, effectively solving the core problem of ambiguous data identification in the wireless space.

[0100] As a specific implementation method, the solution of this application is implemented as follows: When the WPA encrypted data frame is in the service data transmission stage, the system determines the target strategy to modify the destination MAC address, replaces the destination MAC address field of the WPA decrypted data frame with a test-specific address range starting with 02:00:00:00:00:00, and keeps the source MAC address consistent with the original WPA encrypted data frame. During this process, the modified WPA decrypted data frame is sent to the wireless space through the wireless interface. The protocol parsing tool can accurately capture the test data stream by identifying the reserved value identifier of the test-specific prefix of the destination MAC address, thereby avoiding interference with normal network behavior.

[0101] Through the above technical solutions, other 80211 devices in the test environment can reliably distinguish test data from real encrypted traffic, significantly reducing the protocol parsing error rate and the risk of misjudgment of test indicators. In multi-protocol interaction scenarios, the logical tagging mechanism ensures the identifiability of test data, enabling testers to complete accurate testing of WPA encrypted networks without relying on physical channel isolation, effectively improving testing efficiency and result reliability.

[0102] The protocol interaction phase refers to the different functional periods in WPA network communication, which may include the connection establishment phase, handshake phase, and service data transmission phase. Its purpose is to adapt testing strategies according to network behavior characteristics. The service data transmission phase can be understood as the period when user data is actually transmitted. It can be implemented by continuously sending data frames, and its purpose is to efficiently transmit service content without interrupting communication. The connection establishment or handshake phase refers to the security authentication and key negotiation process, which may include steps such as the four-way handshake, and its purpose is to establish a secure communication channel. The destination MAC address is the address of the target device of the data frame. It can be implemented using a 48-bit Ethernet address format, and its purpose is to ensure that the data is correctly routed to the receiving end. The BSSID can be understood as the Basic Service Set Identifier of a wireless network. It can be a 6-byte MAC address, and its purpose is to uniquely identify a wireless access point and its associated wireless network.

[0103] Specifically, the solution in this application dynamically selects a modification strategy based on the characteristics of each stage of the protocol interaction to which the WPA encrypted data frame belongs, by identifying the stage in real time. During the service data transmission stage, since the core task is user data transmission, the destination MAC address is directly associated with data routing. Modifying the destination MAC address can securely redirect the WPA decrypted data frame to a device not present in the test network without changing the BSSID, thus avoiding disruption to the network topology stability between the AP and the Station. During the connection establishment or handshake stage, since secure key exchange and authentication are involved, modifying the destination MAC address, as a critical identifier, would trigger authentication failure. Therefore, modifying the BSSID can create a virtual network identifier to mark copies and implicitly distinguish data without interfering with the core handshake logic, thereby ensuring the identifiability of the test data while maintaining the integrity of the WPA3 connection establishment.

[0104] As a specific implementation method, the solution of this application is implemented as follows: During the business data transmission phase, the test system detects that the WPA decryption data frame belongs to user data transmission and modifies the destination MAC address to the address of the protocol parsing tool; during the connection establishment phase, the test system modifies the BSSID to a preset virtual value.

[0105] Through the above scheme, this application can achieve data redirection by modifying the destination MAC address during the business data transmission phase without affecting network routing, and ensure that security authentication is not interfered with by modifying the BSSID during the connection establishment phase. This enables protocol parsing tools to reliably distinguish between WPA decrypted data frames and encrypted data frames, thereby improving the accuracy and efficiency of WPA encrypted wireless network testing.

[0106] In the above embodiments, the strategy selection does not take into account the test requirements for specific testing needs such as latency measurement or content fidelity, which may lead to latency measurement deviation or content distortion.

[0107] In one embodiment, to further address the above-mentioned problems, determining the target strategy from at least one predefined modification strategy based on at least one feature parameter of the WPA decrypted data frame includes:

[0108] When the required information includes a delay measurement requirement, the target strategy is determined to be to modify the segment number in the sequence control field;

[0109] When the required information includes content fidelity requirements, the target strategy is determined to be not to modify any frame header fields and to send the WPA decrypted data frame to a different wireless channel than the WPA encrypted data frame.

[0110] In this embodiment, the requirement information refers to the test requirement type specified in the test instruction. It can use predefined identifiers to represent latency measurement requirements or content fidelity requirements, aiming to incorporate the specific requirements of the test scenario into the strategy decision-making process. Specifically, the segment number in the sequence control field refers to the field in the WPA data frame used to identify frame segments. It can be modified to a preset specific value to implement a logical marker for the data copy. This aims to leverage the field's minimal impact on latency during frame processing, avoiding the introduction of additional processing delays. Specifically, not modifying any frame header fields means maintaining the original state of all frame header fields, ensuring the integrity and authenticity of the data content, and eliminating the risk of data distortion caused by field modifications. Furthermore, sending the WPA decrypted data frame to a different wireless channel means selecting an available channel different from the channel used to send the WPA encrypted data frame. This utilizes the physical isolation characteristics of the wireless channel to distinguish data copies, aiming to provide a reliable foundation for content fidelity testing by replacing logical markers with physical layer isolation.

[0111] Specifically, this solution uses test requirement information as the core basis for strategy decision-making and customizes processing logic for different test scenarios. When the requirement information indicates latency measurement requirements, the system prioritizes modifying the segment number in the sequence control field. Since this field only involves segment reassembly in the frame parsing and processing flow and has extremely low processing overhead, it avoids introducing additional processing latency while implementing data copy logical marking, ensuring that the accuracy of latency measurement results is not affected. When the requirement information indicates content fidelity requirements, the system chooses not to modify any frame header fields and sends the WPA decrypted data frame to different wireless channels. By maintaining the original state of the frame header, the integrity and authenticity of the data content are maintained. At the same time, the physical isolation mechanism of the wireless channel is used to distinguish data copies, avoiding the risk of data distortion caused by field modification, and providing a reliable data foundation for content fidelity testing. This design achieves precise matching between strategy decisions and test requirements through the dynamic binding of test requirement information and strategy selection.

[0112] As a specific implementation method, when the test command specifies the delay measurement requirement, the system modifies the segment number in the sequence control field to a preset specific value to complete the logical marking; when the test command specifies the content fidelity requirement, the system sends the WPA decrypted data frame to an other available wireless channel that is different from the WPA encrypted data frame transmission channel, such as selecting a channel in an adjacent frequency band for transmission, thereby achieving physical isolation.

[0113] The above technical solution avoids delay measurement deviations and content distortion caused by improper strategy selection, ensuring the accuracy of test results and the authenticity of data content.

[0114] In the above embodiments, WPA decryption data frames and WPA encryption data frames are transmitted on the same wireless channel, making it difficult for other network elements in the test environment (AP, STA, protocol parsing tools, etc.) to distinguish between test data and real encrypted data, which may cause data confusion or interfere with normal network operation.

[0115] In one embodiment, to further address the above-mentioned problems, the step of transmitting the WPA decrypted data frame carrying the associated identification information to the wireless space via a wireless interface includes:

[0116] Obtain the wireless channel through which the WPA encrypted data frame is transmitted, and use it as the first wireless channel;

[0117] The WPA decryption data frame is sent to a second wireless channel, which is a wireless channel other than the first wireless channel, to physically isolate the WPA decryption data frame from the WPA encryption data frame.

[0118] In this embodiment, the first wireless channel refers to the actual transmission channel of the WPA encrypted data frame. It can be any channel in the 2.4GHz or 5GHz frequency band defined by the IEEE 802.11 standard. Its purpose is to accurately reflect the real-time communication environment of the encrypted data frame and provide a dynamic benchmark for channel isolation. The second wireless channel refers to an available channel that is mutually exclusive with the first wireless channel. It can be a non-overlapping channel in the same frequency band or a cross-frequency band channel. Its purpose is to establish a physical layer isolation barrier to ensure that the test data and the real network traffic are completely separated on the transmission medium.

[0119] Specifically, the solution in this application dynamically determines the first wireless channel by capturing the transmission channel of WPA encrypted data frames in real time, thereby accurately locking the transmission reference of encrypted data. Based on this, the WPA decrypted data frames are directed to a second wireless channel that strictly excludes the first wireless channel, forming a physically isolated path. This channel separation mechanism allows protocol parsing tools to focus on capturing a clean test data stream on the second wireless channel, avoiding interference from real encrypted frames, and preventing network devices from misinterpreting WPA decrypted data frames as valid communication data, thus maintaining the normal communication order of the wireless network.

[0120] As a specific implementation method, the solution of this application is implemented as follows: When the test system detects that a WPA encrypted data frame is transmitted through channel 1 of the 2.4GHz band, the first wireless channel is set to channel 1; subsequently, channel 6 of the 2.4GHz band is selected as the second wireless channel, and the WPA decrypted data frame carrying the associated identification information is sent to this channel. The protocol parsing tool is configured to listen only to channel 6, which can capture the WPA decrypted data frame without interference, thereby achieving accurate testing of the WPA encrypted wireless network.

[0121] Through the above solution, this application effectively solves the problem of capture confusion caused by the mixing of test data and real encrypted data in the wireless channel, significantly improves the parsing efficiency of the protocol parsing tool for test data, and avoids the risk of WPA decryption data frames interfering with normal network communication.

[0122] In the implementation of the above embodiments, the performance indicators of the test system when processing WPA encrypted data frames cannot be obtained by the protocol parsing tool, making it difficult for testers to evaluate the operating efficiency and resource consumption status of the test system itself, and thus making it impossible to fully diagnose test bottlenecks or optimize system performance.

[0123] To further address the aforementioned issues, testing methods for WPA-encrypted wireless networks also include:

[0124] The performance metadata generated by the test system in processing the WPA encrypted data frames is collected to evaluate the performance of the test system.

[0125] The performance metadata includes at least one of the following: decryption processing time, CPU utilization, memory utilization, or internal processing status code.

[0126] The performance metadata and the associated identification information are embedded into the WPA decryption data frame.

[0127] In this embodiment, performance metadata refers to the performance metrics data generated in real time by the test system when processing WPA encrypted data frames. It can be implemented using at least one of the following: performance counters provided by the operating system kernel or decryption processing time, CPU utilization, memory utilization, or internal processing status codes collected by an independent monitoring process. The purpose is to quantify the processing efficiency and resource consumption level of the test system. Embedding performance metadata and associated identification information into the WPA decryption data frame can be understood as the process of integrating performance data in the protocol extension field or user-defined area of ​​the WPA decryption data frame. Specifically, this can be achieved by modifying the reserved fields of the data frame or utilizing the unallocated frame header space. The purpose is to ensure that the protocol parsing tool can directly parse out the performance information corresponding to the original data frame.

[0128] Specifically, the solution in this application synchronously triggers the collection of performance metadata within the same processing flow that generates the WPA decryption data frame. This allows performance data to be bound in real time to the processing events of a specific WPA encrypted data frame, and the collection results, along with associated identification information, are embedded into a designated area of ​​the WPA decryption data frame. Since the associated identification information already includes the frame sequence number or capture timestamp, the protocol parsing tool, after capturing the WPA decryption data frame, can accurately associate the performance metadata with the corresponding original encrypted data frame based on this identification information. This avoids the process complexity caused by deploying independent monitoring tools in traditional methods, and achieves automatic collection and transmission of performance evaluation data.

[0129] In one specific implementation, after decrypting the WPA encrypted data frame, the test system obtains the CPU utilization rate by calling the operating system kernel's performance monitoring interface, encodes this value as hexadecimal data, and embeds it into the frame header extension field of the decrypted WPA data frame. When the protocol parsing tool captures this WPA decrypted data frame, it can parse the CPU utilization rate data and, combined with the frame sequence number in the associated identification information, map the performance indicators to the corresponding WPA encrypted data frame processing procedure.

[0130] Through the above scheme, this application realizes the real-time acquisition and transmission of test system performance indicators, enabling testers to directly obtain key performance data such as decryption processing time and resource usage status through protocol parsing tools, thereby accurately evaluating the operating efficiency of the test system, timely diagnosing resource bottlenecks and optimizing system performance.

[0131] In the above embodiments, the WPA decryption data frames corresponding to the WPA encrypted data frames generated by the multiple test commands sent by the test system lack a direct association mechanism with the test commands. This makes it difficult for the data captured by the protocol parsing tool to be accurately traced back to the source of the specific test command, thus making it difficult to verify whether the execution result of a specific test command meets expectations.

[0132] In one embodiment, to address the above-mentioned problems, the testing method further includes:

[0133] Obtain the test indicator identifier associated with the test instruction sent by the test system, associate and bind the test instruction identifier with the associated identification information, and the WPA encrypted data frame is generated by the test instruction;

[0134] Based on the test instruction identifier, the WPA decryption data frame is updated, and the WPA decryption data frame carrying the test instruction identifier is sent to the wireless space to verify the execution result of the test instruction based on the WPA decryption data frame carrying the test instruction identifier, the test instruction, and the WPA encrypted data frame.

[0135] In this embodiment, in addition to addressing the one-way association problem from encrypted frames to plaintext copies in the embodiments described above, a complete automated testing system needs to know not only which encrypted frame corresponds to the plaintext copy, but also verify the correctness of the testing system's own behavior. That is, bidirectional association and closed-loop verification are required.

[0136] Specifically, the test instruction identifier is a data identifier used to uniquely identify the test instruction. It can be implemented using a globally unique identifier or an incrementing sequence number, with the aim of ensuring the identifiability of the test instruction. Association binding refers to the operation of establishing a correspondence between the test instruction identifier and associated identification information. This can be achieved through memory mapping or database association, with the aim of maintaining the contextual association between the instruction and the data frame. Updating the WPA decryption data frame refers to the process of embedding the test instruction identifier into the WPA decryption data frame. This can be achieved by modifying specific fields in the frame header or adding custom tags, with the aim of tightly binding the identifier with the data copy. Verifying the execution result of the test instruction refers to the operation of confirming the correctness of execution by cross-referencing the WPA decryption data frame, the test instruction, and the WPA encrypted data frame. This can be achieved based on predefined verification rules or content matching algorithms, with the aim of achieving closed-loop verification of the test results.

[0137] Specifically, the proposed solution first obtains the test indicator identifier associated with the test command sent by the test system, which serves as the unique identifier of the test command. Then, this identifier is associated and bound with related identification information, tightly coupling the identifier with the processing context of the WPA encrypted data frame. Based on this, the WPA decrypted data frame is updated based on the test command identifier, embedding the identifier into the copy content to avoid the complexity of external tool parsing. Next, the WPA decrypted data frame carrying the test command identifier is sent to the radio space, establishing a physically traceable data channel. Finally, by cross-comparing the WPA decrypted data frame carrying the test command identifier, the test command, and the WPA encrypted data frame, the execution result of the test command is verified to meet expectations. The entire process, through the introduction and binding of identifiers, seamlessly connects the logical intent of the test command with physical layer data capture, forming a complete verification loop.

[0138] As a specific implementation method, the solution of this application is implemented as follows: the test instruction identifier is generated in UUID format; the association binding is implemented by maintaining a hash table in the memory of the test system, where the key is the test instruction identifier and the value is the association identification information; when updating the WPA decryption data frame, the test instruction identifier is embedded in a custom field in the frame header; after the WPA decryption data frame carrying the identifier is sent to the wireless space through the wireless interface, the protocol parsing tool captures the copy and extracts the identifier; when verifying the execution result, the test system retrieves the original test instruction and the corresponding WPA encrypted data frame according to the identifier, and performs content comparison to confirm the correctness of the execution.

[0139] Through the above scheme, this application achieves a precise association between test commands and WPA decryption data frames, enabling protocol parsing tools to accurately trace data to the source of specific test commands, thereby effectively verifying whether the execution results of specific test commands meet expectations and solving the verification blind spot problem caused by the disconnect between test data and commands.

[0140] In some of the embodiments described above in this application, a testing method for WPA3 encrypted wireless networks is proposed. However, in multi-hop wireless network scenarios, since data frames are transmitted through multiple relay nodes, existing solutions lack a mechanism for tracing the data frame transmission path, making it difficult for protocol parsing tools to distinguish data frames from different paths, and thus difficult to accurately verify end-to-end behavior and diagnose problems.

[0141] In this regard, this application further proposes a method for use in relay testing equipment in multi-hop wireless networks;

[0142] The associated identification information also includes path tracing information, which indicates the network path that the WPA encrypted data frame traverses before reaching the relay test equipment;

[0143] Path tracing information includes the media access control address of the previous hop network node, or the path identifier stack assigned by the relay test device to the WPA encrypted data frame.

[0144] Among them, applying the test method to the relay test equipment in multi-hop wireless networks refers to deploying test functions at intermediate nodes of the data transmission path. This can be achieved by using network routers or dedicated relay equipment as test nodes. The purpose is to enable the test operation to cover the intermediate links of data transmission rather than being limited to endpoint devices, thereby overcoming the limitation that endpoint testing cannot monitor the relay links.

[0145] The association identification information includes path tracing information, which means that path-related data is integrated into the identification information. This can be achieved by using additional fields or extended data structures. The purpose is to provide the transmission path context for WPA decryption data frames, so that the protocol parsing tool can identify the source of the data frame without relying on additional inference.

[0146] Specifically, path tracing information includes the media access control address of the previous hop network node or the path identifier stack. This information can record the location of the previous node or accumulate path history. It can be implemented using a MAC address list or a stack-based data structure. The purpose is to support the immediate location of problem nodes or the verification of end-to-end transmission behavior under complex topologies.

[0147] Specifically, the solution in this application extends the testing method to relay testing equipment, performing decryption and copy generation operations in real time as the data frame passes through each relay point, and embedding path tracing information into the associated identification information. When the protocol parsing tool captures a WPA decrypted data frame, it can directly parse the path tracing information to identify the complete transmission path of the data frame. During the processing of WPA encrypted data frames, the relay testing equipment first obtains the previous hop node information or allocates a path identification stack, then integrates the path tracing information with the original plaintext data to generate a copy. After this copy is sent to the wireless space via the wireless interface, the protocol parsing tool can distinguish data frames from different transmission paths based on the path tracing information, thereby eliminating path confusion and achieving accurate behavioral verification.

[0148] As a preferred embodiment, the solution of this application is implemented as follows: The relay test device can be a wireless router deployed in a mesh network. When the router receives a WPA encrypted data frame, it parses the media access control address of its upstream node and appends the MAC address as path tracing information to the association identifier; then, based on the pre-stored WPA session key, it decrypts the data frame, generates a WPA decrypted data frame carrying path tracing information, and sends a copy to the wireless space through the wireless interface. After the protocol parsing tool captures the copy, it can clearly identify that the data frame comes from a specific upstream node by parsing the path tracing information, such as distinguishing test data from different branch paths, thereby accurately verifying the integrity and correctness of the data transmission path.

[0149] Through the above solution, this application solves the problem of untraceable data frame paths in multi-hop wireless networks, enabling protocol parsing tools to directly distinguish data frames from different transmission paths, thereby improving the accuracy of testing and the efficiency of problem diagnosis, and effectively supporting end-to-end behavior verification and network fault diagnosis.

[0150] The above method can be implemented as a computer program, which can be used in, for example... Figure 4 It runs on the computer device shown.

[0151] Please see Figure 4 , Figure 4 This application provides a schematic block diagram of a computer device. The computer device may be an access point (AP), a station, or a protocol parsing tool.

[0152] See Figure 4 The computer device includes a processor, memory, and wireless interface connected via a system bus, wherein the memory may include non-volatile storage media and internal memory.

[0153] The non-volatile storage medium can store an operating system and a computer program. The computer program includes program instructions that, when executed, cause the processor to perform any test method for a WPA-encrypted wireless network.

[0154] The processor provides computing and control capabilities, supporting the operation of the entire computer device.

[0155] Internal memory provides an environment for the execution of computer programs stored in non-volatile storage media. When executed by a processor, the computer program enables the processor to perform any test method for WPA encrypted wireless networks.

[0156] This wireless interface is used for network communication, such as sending assigned tasks. Those skilled in the art will understand that... Figure 4The structure shown is merely a block diagram of a portion of the structure related to the present application and does not constitute a limitation on the computer device to which the present application is applied. Specific computer devices may include more or fewer components than those shown in the figure, or combine certain components, or have different component arrangements.

[0157] It should be understood that the processor can be a Central Processing Unit (CPU), but it can also be other general-purpose processors, digital signal processors (DSPs), application-specific integrated circuits (ASICs), field-programmable gate arrays (FPGAs), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. Among these, a general-purpose processor can be a microprocessor or any conventional processor.

[0158] In one embodiment, the processor is configured to run a computer program stored in memory to perform the following steps:

[0159] Obtain a WPA encrypted data frame and decrypt the WPA encrypted data frame based on the pre-stored WPA session key to obtain the original plaintext data corresponding to the WPA encrypted data frame.

[0160] Based on the original plaintext data, generate the WPA decryption data frame corresponding to the WPA encrypted data frame;

[0161] The WPA decrypted data frame is sent to the wireless space via a wireless interface so that the protocol parsing tool can compare and analyze the WPA encrypted data frame based on the WPA decrypted data frame.

[0162] In one embodiment, the processor is configured to run a computer program stored in memory to perform the following steps:

[0163] The WPA decryption data frame and the WPA encryption data frame are respectively sent to the wireless space through the wireless interface;

[0164] Obtain the association identifier between the WPA decrypted data frame and the WPA encrypted data frame, and send the association identifier to the wireless space so that the protocol parsing tool can perform WPA encrypted wireless network testing on the associated WPA decrypted data frame and the WPA encrypted data frame based on the association identifier.

[0165] In one embodiment, the processor is configured to run a computer program stored in memory to perform the following steps:

[0166] The plaintext data of the WPA decryption data frame and the WPA encryption data frame are obtained, or the destination MAC address of the WPA decryption data frame is obtained after modification, and used as the association identifier.

[0167] In one embodiment, the processor is configured to run a computer program stored in memory to perform the following steps:

[0168] Obtain the working channel and channel for sending the WPA encrypted data frame;

[0169] The WPA decryption data frame is sent to a working channel and channel other than the WPA encryption data frame to ensure that the WPA decryption data frame has no impact on the workflow of the WPA encryption data frame.

[0170] In one embodiment, the processor is configured to run a computer program stored in memory to perform the following steps:

[0171] The destination MAC address of the WPA decryption data frame is modified, and the modified WPA decryption data frame is sent to the wireless space to distinguish between the WPA encryption data frame and the WPA decryption data frame, thereby achieving logical isolation between the WPA decryption data frame and the WPA encryption data frame.

[0172] In one embodiment, the processor is configured to run a computer program stored in memory to perform the following steps:

[0173] The destination MAC address of the WPA decryption data frame is modified to a preset format so that the protocol parsing tool can distinguish between the WPA decryption data frame and the WPA encryption data frame based on the preset format destination MAC address.

[0174] In one embodiment, the processor is configured to run a computer program stored in memory to perform the following steps:

[0175] The original plaintext data is copied to obtain plaintext copies that are identical to the original plaintext data. These copies serve as the WPA decryption data frames used for testing and analysis, and as plaintext data streams used for normal communication.

[0176] In one embodiment, the processor is configured to run a computer program stored in memory to perform the following steps:

[0177] The WPA decrypted data frame and the WPA encrypted data frame are simultaneously sent to the wireless space through the wireless interface, so that the protocol parsing tool can simultaneously capture the WPA encrypted data frame and its corresponding WPA decrypted data frame for WPA encrypted wireless network testing.

[0178] The embodiments of this application also provide a computer-readable storage medium storing a computer program, the computer program including program instructions, and the processor executing the program instructions to implement any of the testing methods for WPA encrypted wireless networks provided in the embodiments of this application.

[0179] The computer-readable storage medium may be an internal storage unit of the computer device described in the foregoing embodiments, such as the hard disk or memory of the computer device. The computer-readable storage medium may also be an external storage device of the computer device, such as a plug-in hard disk, SmartMedia Card (SMC), Secure Digital (SD) card, or Flash Card equipped on the computer device.

[0180] The above description is merely a specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any person skilled in the art can easily conceive of various equivalent modifications or substitutions within the technical scope disclosed in this application, and these modifications or substitutions should all be covered within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.

Claims

1. A testing method for WPA-encrypted wireless networks, characterized in that, The testing method includes the following steps: Obtain a WPA encrypted data frame and decrypt the WPA encrypted data frame based on the pre-stored WPA session key to obtain the original plaintext data corresponding to the WPA encrypted data frame. Based on the original plaintext data, generate the WPA decryption data frame corresponding to the WPA encrypted data frame; The WPA decrypted data frame is sent to the wireless space via the wireless interface so that the protocol parsing tool can compare and analyze the WPA encrypted data frame based on the WPA decrypted data frame. The step of sending the WPA decrypted data frame to the wireless space includes: The WPA decryption data frame is sent to a working channel and channel other than the WPA encryption data frame to ensure that the WPA decryption data frame has no impact on the workflow of the WPA encryption data frame.

2. The test method as described in claim 1, characterized in that, The step of sending the WPA decrypted data frame to the wireless space via a wireless interface, so that the protocol parsing tool can compare and analyze the WPA encrypted data frame based on the WPA decrypted data frame, includes: The WPA decryption data frame and the WPA encryption data frame are respectively sent to the wireless space through the wireless interface; Obtain the association identifier between the WPA decrypted data frame and the WPA encrypted data frame, and send the association identifier to the wireless space so that the protocol parsing tool can compare and analyze the associated WPA decrypted data frame and the WPA encrypted data frame based on the association identifier.

3. The test method as described in claim 2, characterized in that, The step of obtaining the association identifier between the WPA decrypted data frame and the WPA encrypted data frame includes: The plaintext data of the WPA decryption data frame and the WPA encryption data frame are obtained, or the destination MAC address of the WPA decryption data frame is obtained after modification, and used as the association identifier.

4. The test method as described in claim 1, characterized in that, Sending the WPA decrypted data frame to the wireless space includes: Obtain the working channel and channel for sending the WPA encrypted data frame.

5. The test method as described in claim 1, characterized in that, Sending the WPA decrypted data frame to the wireless space includes: The destination MAC address of the WPA decryption data frame is modified, and the modified WPA decryption data frame is sent to the wireless space to distinguish between the WPA encryption data frame and the WPA decryption data frame, thereby achieving logical isolation between the WPA decryption data frame and the WPA encryption data frame.

6. The test method as described in claim 5, characterized in that, Modifying the destination MAC address of the WPA decryption data frame includes: The destination MAC address of the WPA decryption data frame is modified to a preset format so that the protocol parsing tool can distinguish between the WPA decryption data frame and the WPA encryption data frame based on the preset format destination MAC address.

7. The test method as described in claim 1, characterized in that, The step of generating a WPA decryption data frame corresponding to the WPA encrypted data frame based on the original plaintext data includes: The original plaintext data is copied to obtain plaintext copies that are identical to the original plaintext data. These copies serve as the WPA decryption data frames used for testing and analysis, and as plaintext data streams used for normal communication.

8. The test method according to any one of claims 1-6, characterized in that, The step of sending the WPA decrypted data frame to the wireless space via a wireless interface, so that the protocol parsing tool can compare and analyze the WPA encrypted data frame based on the WPA decrypted data frame, includes: The WPA decrypted data frame and the WPA encrypted data frame are simultaneously transmitted to the wireless space through the wireless interface, so that the protocol parsing tool can simultaneously capture the WPA encrypted data frame and its corresponding WPA decrypted data frame for comparison and analysis.

9. A Wi-Fi protocol testing system, characterized in that, The Wi-Fi protocol testing system includes at least one computer device, which is a wireless access point, a wireless terminal, or a protocol parsing tool. The computer device includes a processor, a memory, and a test program for WPA encrypted wireless networks stored in the memory and executable by the processor. When the test program for WPA encrypted wireless networks is executed by the processor, it implements the steps of the test method for WPA encrypted wireless networks as described in any one of claims 1 to 8.

10. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a test program for a WPA encrypted wireless network, wherein when the test program for a WPA encrypted wireless network is executed by a processor, it implements the steps of the test method for a WPA encrypted wireless network as described in any one of claims 1 to 8.