Hi

I have a device which is controlled from a smart phone application via a password-free WPA connection.

I’d like to intercept the traffic between my smart phone and the device and see if I can write an API to control the device without the developers application

The device sets up a WPA wireless network without a password and hands out a single IP – any additional connections do not receive an IP.

I was able to connect a laptop to the device and nmap it. it only has tcp/50007 open

I was considering setting up a MITM device which uses one NIC to connect to the device and another to mock the WPA connection. I should then be able to Wireshark or tcpdump the traffic to/from the device

Before I embark on building a raspberry pi with the wifi devices – is there a better way? Is there a reliable way to intercept the password-less WPA traffic directly between the application and device?

Maybe a cheap rooted android device running the app would be easiest?