Widy/Scapy: Difference between revisions
From charlesreid1
(Created page with "=Scapy= See the Scapy page for more info. ==Installing= Fortunately, scapy is really easy to install with opkg - someone's already done the hard work of compiling it an...") |
No edit summary |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
See the [[Scapy]] page for more info. | See the [[Scapy]] page for more info. | ||
==Installing= | ==Installing== | ||
Fortunately, scapy is really easy to install with opkg - someone's already done the hard work of compiling it and getting it to work with the OpenWRT kernel. | Fortunately, scapy is really easy to install with opkg - someone's already done the hard work of compiling it and getting it to work with the OpenWRT kernel. | ||
| Line 9: | Line 9: | ||
<pre> | <pre> | ||
$ opkg install scapy | $ opkg install scapy | ||
</pre> | |||
NOTE: This worked at some point in 2015, but breaks now (March 2017). | |||
Alternatively, you can install it from source using the following instructions (hat tip: [http://stackoverflow.com/questions/31389949/is-it-possible-to-install-scapy-on-openwrt#34021608]): | |||
<pre> | |||
opkg update | |||
opkg upgrade tar wget | |||
opkg install python tcpdump unzip | |||
wget http://www.secdev.org/projects/scapy/files/scapy-latest.tar.gz | |||
tar -xvf scapy-latest.tar.gz | |||
cd scapy* | |||
python setup.py install | |||
cd .. | |||
rm -rf scapy* | |||
</pre> | </pre> | ||
| Line 49: | Line 65: | ||
</pre> | </pre> | ||
===Script Breakdown=== | ===Fake AP Script Breakdown=== | ||
Here's how the script works: | Here's how the script works: | ||
| Line 80: | Line 96: | ||
time.sleep(5.0) | time.sleep(5.0) | ||
</pre> | </pre> | ||
=Flags= | |||
{{WidyFlag}} | |||
Latest revision as of 04:19, 3 March 2017
Scapy
See the Scapy page for more info.
Installing
Fortunately, scapy is really easy to install with opkg - someone's already done the hard work of compiling it and getting it to work with the OpenWRT kernel.
$ opkg install scapy
NOTE: This worked at some point in 2015, but breaks now (March 2017).
Alternatively, you can install it from source using the following instructions (hat tip: [1]):
opkg update opkg upgrade tar wget opkg install python tcpdump unzip wget http://www.secdev.org/projects/scapy/files/scapy-latest.tar.gz tar -xvf scapy-latest.tar.gz cd scapy* python setup.py install cd .. rm -rf scapy*
Fake AP
You can use Scapy to create a quick Fake AP with the Widy. Here's a Scapy script written in Python to construct packets advertising a wireless network:
import sys from scapy.all import * import subprocess name = "CIA Surveillance Van #108" subprocess.call(['ifconfig','wlan0','down']) subprocess.call(['iwconfig','wlan0','mode','monitor']) subprocess.call(['ifconfig','wlan0','up']) broadcast = ":".join(["ff"]*6) bssid = ":".join(["aa"]*6) for i in range(10): namename = name + "%s"%(i) radioTapHeader = RadioTap() dot11Header = Dot11(addr1 = broadcast, addr2 = bssid, addr3 = bssid) dot11BeaconHeader = Dot11Beacon(cap = 0x1104) dot11Elt1 = Dot11Elt( ID=0, info = namename) dot11Elt2 = Dot11Elt( ID=1, info = "\x82\x84\x8b\x96\x24\x30\x48\x6c") dot11Elt3 = Dot11Elt( ID=3, info = "\x0b") dot11Elt4 = Dot11Elt( ID=5, info = "\x00\x01\x00\x00") pkt = radioTapHeader / dot11Header / dot11BeaconHeader / dot11Elt1 / dot11Elt2 / dot11Elt3 / dot11Elt4 print "Creating fake ap with ssid "+namename sendp(pkt, iface="wlan0", count=100, inter=0.2) time.sleep(5.0)
Fake AP Script Breakdown
Here's how the script works:
First, we use Scapy to create an empty beacon 802.11 beacon packet. This is a kind of packet that wireless routers use to advertise their presence. That's what this portion is doing:
radioTapHeader = RadioTap() dot11Header = Dot11(addr1 = broadcast, addr2 = bssid, addr3 = bssid) dot11BeaconHeader = Dot11Beacon(cap = 0x1104) dot11Elt1 = Dot11Elt( ID=0, info = namename) dot11Elt2 = Dot11Elt( ID=1, info = "\x82\x84\x8b\x96\x24\x30\x48\x6c") dot11Elt3 = Dot11Elt( ID=3, info = "\x0b") dot11Elt4 = Dot11Elt( ID=5, info = "\x00\x01\x00\x00") pkt = radioTapHeader / dot11Header / dot11BeaconHeader / dot11Elt1 / dot11Elt2 / dot11Elt3 / dot11Elt4
Next, we send out the beacon packet, 100 times, with an in-between interval of 0.2 seconds:
print "Creating fake ap with ssid "+namename sendp(pkt, iface="wlan0", count=100, inter=0.2)
Finally, we did a lot of hard work, so we can take a nap:
time.sleep(5.0)
Flags
 |
Widy running OpenWRT on a router to make it into a wearable wireless ear
The Widy Device: Widy installation: Widy/Installing · Widy/Redux Widy Wireless Internet Gateway: Widy/Wireless Gateway Widy Ethernet Internet Gateway: Widy/Ethernet Gateway Widy post-installation: Widy/Post-Install Widy configuration: Widy/Configuration
Using tools on the Widy: Widy/Toolbox Using tcpdump on Widy: Widy/Tcpdump Using aircrack on Widy: Widy/Aircrack Python/Scapy on Widy: Widy/Scapy
Scripting the slider button on the Widy: Widy/Configuration#Slider Button Configuration Using widy as a wireless access point: Widy/Access_Point Debugging some SSH problems: Widy/Access_Point/SSH Bridging widy wireless and ethernet connections: Widy/Bridging Widy startup services: Widy/Startup Services Create a hard-wired serial/TTL connection: Widy/Serial
|