forked from GDSSecurity/wifitap
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME
154 lines (102 loc) · 4.55 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
#########################################
#
# wifitap.py --- WiFi injection tool through tun/tap device
# Cedric Blancher <[email protected]>
#
# http://sid.rstack.org/index.php/Wifitap (french)
# http://sid.rstack.org/index.php/Wifitap_EN (english)
#
#########################################
This program is a proof of concept tool allowing WiFi communications using
traffic injection.
You'll need:
. Python >= 2.2
. Psyco Python optimizer (optional)
. Philippe Biondi's Scapy
. Injection ready wireless adapter
It's been tested on GNU/Linux using Atheros chipset based adapter with patched
Madwifi driver and Intersil Prism GT Full MACchipset with Prism54 driver. It
should as well work with Prism2/2.5/3 chipset hostap driver or wlan-ng driver,
Ralink rt2500/2750 chipset using rt2500 driver and Realtek RTL8180 chipset
using rtl8180-sa2400 driver.
I didn't take time to test Prism2/2.5/3 support and don't have Ralink or Realtek
based hardware for testing. By the way, I would be glad to have feedback for
Wifitap attempts with thoses chipsets.
Drivers patches are written by Christophe Devine and updated by Aircrack-ng
people. For details about drivers patch and installation, see PATCHING file.
To get wifitap work on other Unix operating systems than GNU/Linux, you have to
install pcap or dnet wrappers for Python so Scapy can work (see
http://www.secdev.org/projects/scapy/portability.html). Then, and it's the most
important part, you have to find a wireless adapter driver that supports raw
wireless traffic injection if any.
NB : Python is so slow...
o Getting Wifitap ;)
Wifitap is available at:
http://sid.rstack.org/index.php/Wifitap (french)
http://sid.rstack.org/index.php/Wifitap_EN (english)
Lastest version is downloadable at:
http://sid.rstack.org/code/wifitap.tgz
Repository available at:
http://sid.rstack.org/code/wifitap/
o Getting Scapy
A working Scapy version is attached, so Wifitap is ready to work.
However, you can get a more featured version of the tool at:
http://www.secdev.org/projects/scapy/
Download "work-in-progress" version or (better) use provided version...
o Preparing WiFi adapter
Download, patch and install driver (see PATCHING).
Supposing channel is 11:
~# iwconfig $IFACE mode monitor channel 11
~# ifconfig $IFACE up promisc
NB: Atheros driver Madwifi requires specific configuration to get driver
in promisc mode and/or activate traffic injection. See website
(http://www.madwifi.org/) for details if you use madwifi-ng or
madwifi-old.
o Launching Wifitap
~# ./wifitap.py -b <bssid>
A wj0 interface will be created that needs to be configured as a
regular interface, with optional MAC address specification:
~# ifconfig wj0 [hw ether <MAC>] 192.168.1.1 [mtu <MTU>]
o Using Wifitap
Now, you can us wj0 interface just as a usual interface to communicate
with your prefered applications and tools, according to system routing
table :)
o Wifitap command line arguments
Usage : wifitap -b <BSSID> [-o <iface>] [-i <iface> [-s <SMAC>]
[-w <WEP key> [-k <key id>]] [-d [-v]] [-h]
-b Specifies BSSID in ususal 6 hex digits MAC address format:
. 00:01:02:03:04:05
-o Specifies output WiFi interface for frames injection
-i Specifies input WiFi interface for frames sniffing
-s Specifies source MAC address
. 00:01:02:03:04:05
-w Activates WEP encryption/decryption with specified WEP key
Key can be given using following formats:
. 0102030405 or 0102030405060708090a0b0c0d
. 01:02:03:04:05 or
01:02:03:04:05:06:07:08:09:0a:0b:0c:0d
. 0102-0304-05 or 0102-0304-0506-0708-090a-0b0c-0d
-k Specifies WEP key id, from 0 to 3
-d Activates debugging
-v Increases debugging verbosity
-h Help screen
o Latest libpcap fully supports Wi-Fi specific headers, typically Prism Headers.
However, if your system uses old libpcap, you will need to apply provided
patch:
patch -p0 < prismheaders.patch
It will add a flag (-p) to tell Wifitap to shift 144 bits of Prism Headers to
access 802.11 frame.
#########################################
#
# Copyright (C) 2005 Cedric Blancher <[email protected]>
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation; version 2.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
#########################################