Widy/Scapy: Difference between revisions
From charlesreid1
| Line 49: | Line 49: | ||
</pre> | </pre> | ||
===Script Breakdown=== | ===Fake AP Script Breakdown=== | ||
Here's how the script works: | Here's how the script works: | ||
Revision as of 17:57, 16 June 2016
Scapy
See the Scapy page for more info.
Installing
Fortunately, scapy is really easy to install with opkg - someone's already done the hard work of compiling it and getting it to work with the OpenWRT kernel.
$ opkg install scapy
Fake AP
You can use Scapy to create a quick Fake AP with the Widy. Here's a Scapy script written in Python to construct packets advertising a wireless network:
import sys from scapy.all import * import subprocess name = "CIA Surveillance Van #108" subprocess.call(['ifconfig','wlan0','down']) subprocess.call(['iwconfig','wlan0','mode','monitor']) subprocess.call(['ifconfig','wlan0','up']) broadcast = ":".join(["ff"]*6) bssid = ":".join(["aa"]*6) for i in range(10): namename = name + "%s"%(i) radioTapHeader = RadioTap() dot11Header = Dot11(addr1 = broadcast, addr2 = bssid, addr3 = bssid) dot11BeaconHeader = Dot11Beacon(cap = 0x1104) dot11Elt1 = Dot11Elt( ID=0, info = namename) dot11Elt2 = Dot11Elt( ID=1, info = "\x82\x84\x8b\x96\x24\x30\x48\x6c") dot11Elt3 = Dot11Elt( ID=3, info = "\x0b") dot11Elt4 = Dot11Elt( ID=5, info = "\x00\x01\x00\x00") pkt = radioTapHeader / dot11Header / dot11BeaconHeader / dot11Elt1 / dot11Elt2 / dot11Elt3 / dot11Elt4 print "Creating fake ap with ssid "+namename sendp(pkt, iface="wlan0", count=100, inter=0.2) time.sleep(5.0)
Fake AP Script Breakdown
Here's how the script works:
First, we use Scapy to create an empty beacon 802.11 beacon packet. This is a kind of packet that wireless routers use to advertise their presence. That's what this portion is doing:
radioTapHeader = RadioTap() dot11Header = Dot11(addr1 = broadcast, addr2 = bssid, addr3 = bssid) dot11BeaconHeader = Dot11Beacon(cap = 0x1104) dot11Elt1 = Dot11Elt( ID=0, info = namename) dot11Elt2 = Dot11Elt( ID=1, info = "\x82\x84\x8b\x96\x24\x30\x48\x6c") dot11Elt3 = Dot11Elt( ID=3, info = "\x0b") dot11Elt4 = Dot11Elt( ID=5, info = "\x00\x01\x00\x00") pkt = radioTapHeader / dot11Header / dot11BeaconHeader / dot11Elt1 / dot11Elt2 / dot11Elt3 / dot11Elt4
Next, we send out the beacon packet, 100 times, with an in-between interval of 0.2 seconds:
print "Creating fake ap with ssid "+namename sendp(pkt, iface="wlan0", count=100, inter=0.2)
Finally, we did a lot of hard work, so we can take a nap:
time.sleep(5.0)