Widy/Scapy

From charlesreid1

Revision as of 17:57, 16 June 2016 by Admin (talk | contribs) (Created page with "=Scapy= See the Scapy page for more info. ==Installing= Fortunately, scapy is really easy to install with opkg - someone's already done the hard work of compiling it an...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Scapy

See the Scapy page for more info.

=Installing

Fortunately, scapy is really easy to install with opkg - someone's already done the hard work of compiling it and getting it to work with the OpenWRT kernel. 

$ opkg install scapy

Fake AP

You can use Scapy to create a quick Fake AP with the Widy. Here's a Scapy script written in Python to construct packets advertising a wireless network: 

import sys
from scapy.all import *
import subprocess

name = "CIA Surveillance Van #108"

subprocess.call(['ifconfig','wlan0','down'])
subprocess.call(['iwconfig','wlan0','mode','monitor'])
subprocess.call(['ifconfig','wlan0','up'])

broadcast = ":".join(["ff"]*6)
bssid = ":".join(["aa"]*6)

for i in range(10):

	namename = name + "%s"%(i)

	radioTapHeader = RadioTap()
	dot11Header = Dot11(addr1 = broadcast, addr2 = bssid, addr3 = bssid)
	dot11BeaconHeader = Dot11Beacon(cap = 0x1104)

	dot11Elt1 = Dot11Elt( ID=0, info = namename)
	dot11Elt2 = Dot11Elt( ID=1, info = "\x82\x84\x8b\x96\x24\x30\x48\x6c")
	dot11Elt3 = Dot11Elt( ID=3, info = "\x0b")
	dot11Elt4 = Dot11Elt( ID=5, info = "\x00\x01\x00\x00")

	pkt = radioTapHeader / dot11Header / dot11BeaconHeader / dot11Elt1 / dot11Elt2 / dot11Elt3 / dot11Elt4

	print "Creating fake ap with ssid "+namename
	sendp(pkt, iface="wlan0", count=100, inter=0.2) 
	time.sleep(5.0)

Script Breakdown

Here's how the script works:

First, we use Scapy to create an empty beacon 802.11 beacon packet. This is a kind of packet that wireless routers use to advertise their presence. That's what this portion is doing: 

	radioTapHeader = RadioTap()
	dot11Header = Dot11(addr1 = broadcast, addr2 = bssid, addr3 = bssid)
	dot11BeaconHeader = Dot11Beacon(cap = 0x1104)

	dot11Elt1 = Dot11Elt( ID=0, info = namename)
	dot11Elt2 = Dot11Elt( ID=1, info = "\x82\x84\x8b\x96\x24\x30\x48\x6c")
	dot11Elt3 = Dot11Elt( ID=3, info = "\x0b")
	dot11Elt4 = Dot11Elt( ID=5, info = "\x00\x01\x00\x00")

	pkt = radioTapHeader / dot11Header / dot11BeaconHeader / dot11Elt1 / dot11Elt2 / dot11Elt3 / dot11Elt4

Next, we send out the beacon packet, 100 times, with an in-between interval of 0.2 seconds: 

	print "Creating fake ap with ssid "+namename
	sendp(pkt, iface="wlan0", count=100, inter=0.2)

Finally, we did a lot of hard work, so we can take a nap: 

	time.sleep(5.0)
Retrieved from "https://charlesreid1.com/w/index.php?title=Widy/Scapy&oldid=11097"