Widy/Scapy
From charlesreid1
Scapy
See the Scapy page for more info.
Installing
Fortunately, scapy is really easy to install with opkg - someone's already done the hard work of compiling it and getting it to work with the OpenWRT kernel.
$ opkg install scapy
NOTE: This worked at some point in 2015, but breaks now (March 2017).
Alternatively, you can install it from source using the following instructions (hat tip: [1]):
opkg update opkg upgrade tar wget opkg install python tcpdump unzip wget http://www.secdev.org/projects/scapy/files/scapy-latest.tar.gz tar -xvf scapy-latest.tar.gz cd scapy* python setup.py install cd .. rm -rf scapy*
Fake AP
You can use Scapy to create a quick Fake AP with the Widy. Here's a Scapy script written in Python to construct packets advertising a wireless network:
import sys from scapy.all import * import subprocess name = "CIA Surveillance Van #108" subprocess.call(['ifconfig','wlan0','down']) subprocess.call(['iwconfig','wlan0','mode','monitor']) subprocess.call(['ifconfig','wlan0','up']) broadcast = ":".join(["ff"]*6) bssid = ":".join(["aa"]*6) for i in range(10): namename = name + "%s"%(i) radioTapHeader = RadioTap() dot11Header = Dot11(addr1 = broadcast, addr2 = bssid, addr3 = bssid) dot11BeaconHeader = Dot11Beacon(cap = 0x1104) dot11Elt1 = Dot11Elt( ID=0, info = namename) dot11Elt2 = Dot11Elt( ID=1, info = "\x82\x84\x8b\x96\x24\x30\x48\x6c") dot11Elt3 = Dot11Elt( ID=3, info = "\x0b") dot11Elt4 = Dot11Elt( ID=5, info = "\x00\x01\x00\x00") pkt = radioTapHeader / dot11Header / dot11BeaconHeader / dot11Elt1 / dot11Elt2 / dot11Elt3 / dot11Elt4 print "Creating fake ap with ssid "+namename sendp(pkt, iface="wlan0", count=100, inter=0.2) time.sleep(5.0)
Fake AP Script Breakdown
Here's how the script works:
First, we use Scapy to create an empty beacon 802.11 beacon packet. This is a kind of packet that wireless routers use to advertise their presence. That's what this portion is doing:
radioTapHeader = RadioTap() dot11Header = Dot11(addr1 = broadcast, addr2 = bssid, addr3 = bssid) dot11BeaconHeader = Dot11Beacon(cap = 0x1104) dot11Elt1 = Dot11Elt( ID=0, info = namename) dot11Elt2 = Dot11Elt( ID=1, info = "\x82\x84\x8b\x96\x24\x30\x48\x6c") dot11Elt3 = Dot11Elt( ID=3, info = "\x0b") dot11Elt4 = Dot11Elt( ID=5, info = "\x00\x01\x00\x00") pkt = radioTapHeader / dot11Header / dot11BeaconHeader / dot11Elt1 / dot11Elt2 / dot11Elt3 / dot11Elt4
Next, we send out the beacon packet, 100 times, with an in-between interval of 0.2 seconds:
print "Creating fake ap with ssid "+namename sendp(pkt, iface="wlan0", count=100, inter=0.2)
Finally, we did a lot of hard work, so we can take a nap:
time.sleep(5.0)
Flags
 |
Widy running OpenWRT on a router to make it into a wearable wireless ear
The Widy Device: Widy installation: Widy/Installing · Widy/Redux Widy Wireless Internet Gateway: Widy/Wireless Gateway Widy Ethernet Internet Gateway: Widy/Ethernet Gateway Widy post-installation: Widy/Post-Install Widy configuration: Widy/Configuration
Using tools on the Widy: Widy/Toolbox Using tcpdump on Widy: Widy/Tcpdump Using aircrack on Widy: Widy/Aircrack Python/Scapy on Widy: Widy/Scapy
Scripting the slider button on the Widy: Widy/Configuration#Slider Button Configuration Using widy as a wireless access point: Widy/Access_Point Debugging some SSH problems: Widy/Access_Point/SSH Bridging widy wireless and ethernet connections: Widy/Bridging Widy startup services: Widy/Startup Services Create a hard-wired serial/TTL connection: Widy/Serial
|