Permalink
Browse files

.

  • Loading branch information...
0 parents commit a5edd182654af76def64f4e3bbbc236e624a2448 Oliver committed Jan 31, 2013
Showing with 1,817 additions and 0 deletions.
  1. +1 −0 AUTHORS
  2. +1 −0 BUGS
  3. +340 −0 COPYING
  4. +43 −0 Changelog
  5. +25 −0 PATCHING
  6. +154 −0 README
  7. +5 −0 TODO
  8. +1 −0 VERSION
  9. +278 −0 prismheaders.patch
  10. +216 −0 wifiarp.py
  11. +253 −0 wifidns.py
  12. +231 −0 wifiping.py
  13. +269 −0 wifitap.py
@@ -0,0 +1 @@
+Cedric Blancher <sid@rstack.org>
1 BUGS
@@ -0,0 +1 @@
+o Sometimes slow on specific operations...
340 COPYING

Large diffs are not rendered by default.

Oops, something went wrong.
@@ -0,0 +1,43 @@
+0.1 - Initial release
+
+0.2 - BPF filter added on listening socket
+ WEP support
+
+0.3 - Code cleanup
+ Arguments input and parsing
+ Psyco optimizer support
+ Public release
+
+0.3.1 - Typo fixed
+
+0.3.2 - Versioning changed
+ Hostap and wlan-ng patches
+ More documentation
+
+0.3.3 - Updated patches from Christophe Devine for hostap and madwifi
+ New patches from Christophe Devine for rt2500 and rtl8180
+ Updated README
+
+0.3.4 - Updated patches from Christophe Devine
+ Updated documentation: README, PATCHING
+ Added links to drivers and patches on http://100h.org/
+ Added a sample ping answering machine (wifians.py)
+
+0.3.5 - Updated documentation: README
+ Renamed wifians.py into wifiping.py
+ Added a sample DNS answering machine (wifidns.py)
+
+0.3.6 - Code cleanup
+ Awful bugs corrected in wifitap.py and wifidns.py
+ Moved to Scapy v1.0.0.30
+
+0.3.7 - Adjusted frame size for tuntap (1526) and 802.11 (2346)
+
+0.4.0 - Updated documentation: README, PATCHING
+ Prism Headers handling removed as latest libpcap handles them
+ Added patch to enable Prism Headers if needed
+ Moved to Scapy v1.0.4.74
+ Added Scapy warnings support
+ Code cleanup, optimizations and bugfixing (thx to P. Biondi)
+ Added source MAC address setting support
+ Added a sample ARP answering machine (wifiarp.py)
@@ -0,0 +1,25 @@
+#########################################
+#
+# wifitap.py --- WiFi injection tool through tun/tap device
+# Cedric Blancher <sid@rstack.org>
+#
+# http://sid.rstack.org/index.php/Wifitap (french)
+# http://sid.rstack.org/index.php/Wifitap_EN (english)
+#
+#########################################
+
+Wifitap relies on a raw injection capable Linux wireless driver. Supported
+drivers are currently :
+
+ . Intersil PrismGT FullMAC with prism54 driver
+ . Atheros with Madwifi driver (old and ng supported)
+ . Intersil Prism2/2.5/3 with hostap or wlan-ng driver
+ . Ralink rt2500/2750 with rt2500 driver
+ . Realtek RTL8180 with rtl8180-sa2400 driver
+
+Patches can be found in aircrack-ng.org.tgz archive, or can be downloaded at
+Aircrack-ng website:
+
+ http://patches.aircrack-ng.org/
+
+Untar driver tarball, patch with according driver, build and install.
154 README
@@ -0,0 +1,154 @@
+#########################################
+#
+# wifitap.py --- WiFi injection tool through tun/tap device
+# Cedric Blancher <sid@rstack.org>
+#
+# http://sid.rstack.org/index.php/Wifitap (french)
+# http://sid.rstack.org/index.php/Wifitap_EN (english)
+#
+#########################################
+
+This program is a proof of concept tool allowing WiFi communications using
+traffic injection.
+You'll need:
+
+ . Python >= 2.2
+ . Psyco Python optimizer (optional)
+ . Philippe Biondi's Scapy
+ . Injection ready wireless adapter
+
+It's been tested on GNU/Linux using Atheros chipset based adapter with patched
+Madwifi driver and Intersil Prism GT Full MACchipset with Prism54 driver. It
+should as well work with Prism2/2.5/3 chipset hostap driver or wlan-ng driver,
+Ralink rt2500/2750 chipset using rt2500 driver and Realtek RTL8180 chipset
+using rtl8180-sa2400 driver.
+
+I didn't take time to test Prism2/2.5/3 support and don't have Ralink or Realtek
+based hardware for testing. By the way, I would be glad to have feedback for
+Wifitap attempts with thoses chipsets.
+
+Drivers patches are written by Christophe Devine and updated by Aircrack-ng
+people. For details about drivers patch and installation, see PATCHING file.
+
+
+To get wifitap work on other Unix operating systems than GNU/Linux, you have to
+install pcap or dnet wrappers for Python so Scapy can work (see
+http://www.secdev.org/projects/scapy/portability.html). Then, and it's the most
+important part, you have to find a wireless adapter driver that supports raw
+wireless traffic injection if any.
+
+
+NB : Python is so slow...
+
+
+o Getting Wifitap ;)
+
+ Wifitap is available at:
+
+ http://sid.rstack.org/index.php/Wifitap (french)
+ http://sid.rstack.org/index.php/Wifitap_EN (english)
+
+ Lastest version is downloadable at:
+
+ http://sid.rstack.org/code/wifitap.tgz
+
+ Repository available at:
+
+ http://sid.rstack.org/code/wifitap/
+
+
+o Getting Scapy
+
+ A working Scapy version is attached, so Wifitap is ready to work.
+ However, you can get a more featured version of the tool at:
+
+ http://www.secdev.org/projects/scapy/
+
+ Download "work-in-progress" version or (better) use provided version...
+
+
+o Preparing WiFi adapter
+
+ Download, patch and install driver (see PATCHING).
+
+ Supposing channel is 11:
+
+ ~# iwconfig $IFACE mode monitor channel 11
+ ~# ifconfig $IFACE up promisc
+
+ NB: Atheros driver Madwifi requires specific configuration to get driver
+ in promisc mode and/or activate traffic injection. See website
+ (http://www.madwifi.org/) for details if you use madwifi-ng or
+ madwifi-old.
+
+o Launching Wifitap
+
+ ~# ./wifitap.py -b <bssid>
+
+ A wj0 interface will be created that needs to be configured as a
+ regular interface, with optional MAC address specification:
+
+ ~# ifconfig wj0 [hw ether <MAC>] 192.168.1.1 [mtu <MTU>]
+
+
+o Using Wifitap
+
+ Now, you can us wj0 interface just as a usual interface to communicate
+ with your prefered applications and tools, according to system routing
+ table :)
+
+
+o Wifitap command line arguments
+
+ Usage : wifitap -b <BSSID> [-o <iface>] [-i <iface> [-s <SMAC>]
+ [-w <WEP key> [-k <key id>]] [-d [-v]] [-h]
+
+ -b Specifies BSSID in ususal 6 hex digits MAC address format:
+ . 00:01:02:03:04:05
+
+ -o Specifies output WiFi interface for frames injection
+
+ -i Specifies input WiFi interface for frames sniffing
+
+ -s Specifies source MAC address
+ . 00:01:02:03:04:05
+
+ -w Activates WEP encryption/decryption with specified WEP key
+ Key can be given using following formats:
+ . 0102030405 or 0102030405060708090a0b0c0d
+ . 01:02:03:04:05 or
+ 01:02:03:04:05:06:07:08:09:0a:0b:0c:0d
+ . 0102-0304-05 or 0102-0304-0506-0708-090a-0b0c-0d
+
+ -k Specifies WEP key id, from 0 to 3
+
+ -d Activates debugging
+
+ -v Increases debugging verbosity
+
+ -h Help screen
+
+o Latest libpcap fully supports Wi-Fi specific headers, typically Prism Headers.
+ However, if your system uses old libpcap, you will need to apply provided
+ patch:
+
+ patch -p0 < prismheaders.patch
+
+ It will add a flag (-p) to tell Wifitap to shift 144 bits of Prism Headers to
+ access 802.11 frame.
+
+
+#########################################
+#
+# Copyright (C) 2005 Cedric Blancher <sid@rstack.org>
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 as
+# published by the Free Software Foundation; version 2.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+#########################################
5 TODO
@@ -0,0 +1,5 @@
+o Bug tracking (always)
+o Communication with LAN side with custom association support
+ . Inject To-DS frames (todo)
+o "Shell-ification" : command line interface for wj interfaces creation on
+ demande with different parameters (so useless)
@@ -0,0 +1 @@
+0.4.0
Oops, something went wrong.

0 comments on commit a5edd18

Please sign in to comment.