Permalink
Switch branches/tags
Nothing to show
Find file
Fetching contributors…
Cannot retrieve contributors at this time
155 lines (102 sloc) 4.55 KB
#########################################
#
# wifitap.py --- WiFi injection tool through tun/tap device
# Cedric Blancher <sid@rstack.org>
#
# http://sid.rstack.org/index.php/Wifitap (french)
# http://sid.rstack.org/index.php/Wifitap_EN (english)
#
#########################################
This program is a proof of concept tool allowing WiFi communications using
traffic injection.
You'll need:
. Python >= 2.2
. Psyco Python optimizer (optional)
. Philippe Biondi's Scapy
. Injection ready wireless adapter
It's been tested on GNU/Linux using Atheros chipset based adapter with patched
Madwifi driver and Intersil Prism GT Full MACchipset with Prism54 driver. It
should as well work with Prism2/2.5/3 chipset hostap driver or wlan-ng driver,
Ralink rt2500/2750 chipset using rt2500 driver and Realtek RTL8180 chipset
using rtl8180-sa2400 driver.
I didn't take time to test Prism2/2.5/3 support and don't have Ralink or Realtek
based hardware for testing. By the way, I would be glad to have feedback for
Wifitap attempts with thoses chipsets.
Drivers patches are written by Christophe Devine and updated by Aircrack-ng
people. For details about drivers patch and installation, see PATCHING file.
To get wifitap work on other Unix operating systems than GNU/Linux, you have to
install pcap or dnet wrappers for Python so Scapy can work (see
http://www.secdev.org/projects/scapy/portability.html). Then, and it's the most
important part, you have to find a wireless adapter driver that supports raw
wireless traffic injection if any.
NB : Python is so slow...
o Getting Wifitap ;)
Wifitap is available at:
http://sid.rstack.org/index.php/Wifitap (french)
http://sid.rstack.org/index.php/Wifitap_EN (english)
Lastest version is downloadable at:
http://sid.rstack.org/code/wifitap.tgz
Repository available at:
http://sid.rstack.org/code/wifitap/
o Getting Scapy
A working Scapy version is attached, so Wifitap is ready to work.
However, you can get a more featured version of the tool at:
http://www.secdev.org/projects/scapy/
Download "work-in-progress" version or (better) use provided version...
o Preparing WiFi adapter
Download, patch and install driver (see PATCHING).
Supposing channel is 11:
~# iwconfig $IFACE mode monitor channel 11
~# ifconfig $IFACE up promisc
NB: Atheros driver Madwifi requires specific configuration to get driver
in promisc mode and/or activate traffic injection. See website
(http://www.madwifi.org/) for details if you use madwifi-ng or
madwifi-old.
o Launching Wifitap
~# ./wifitap.py -b <bssid>
A wj0 interface will be created that needs to be configured as a
regular interface, with optional MAC address specification:
~# ifconfig wj0 [hw ether <MAC>] 192.168.1.1 [mtu <MTU>]
o Using Wifitap
Now, you can us wj0 interface just as a usual interface to communicate
with your prefered applications and tools, according to system routing
table :)
o Wifitap command line arguments
Usage : wifitap -b <BSSID> [-o <iface>] [-i <iface> [-s <SMAC>]
[-w <WEP key> [-k <key id>]] [-d [-v]] [-h]
-b Specifies BSSID in ususal 6 hex digits MAC address format:
. 00:01:02:03:04:05
-o Specifies output WiFi interface for frames injection
-i Specifies input WiFi interface for frames sniffing
-s Specifies source MAC address
. 00:01:02:03:04:05
-w Activates WEP encryption/decryption with specified WEP key
Key can be given using following formats:
. 0102030405 or 0102030405060708090a0b0c0d
. 01:02:03:04:05 or
01:02:03:04:05:06:07:08:09:0a:0b:0c:0d
. 0102-0304-05 or 0102-0304-0506-0708-090a-0b0c-0d
-k Specifies WEP key id, from 0 to 3
-d Activates debugging
-v Increases debugging verbosity
-h Help screen
o Latest libpcap fully supports Wi-Fi specific headers, typically Prism Headers.
However, if your system uses old libpcap, you will need to apply provided
patch:
patch -p0 < prismheaders.patch
It will add a flag (-p) to tell Wifitap to shift 144 bits of Prism Headers to
access 802.11 frame.
#########################################
#
# Copyright (C) 2005 Cedric Blancher <sid@rstack.org>
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation; version 2.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
#########################################