portable wifi audit tool controled by BT PAN network
the name comes from stalker series svarog detector that in our case parses wifi signal instead anomailes and artifacts
- Some raspberry (I used RPI4 4GB) with SD card
- network card with monitor mode and packet injection capabilities (i used AWUS1900)
0x90
wget https://kali.download/arm-images/kali-2023.4/kali-linux-2023.4-raspberry-pi-arm64.img.xz
xzcat kali-linux-2023.4-raspberry-pi-arm64.img.xz | sudo dd of=/dev/sdb bs=4M status=progress
insert SD card and boot rpi
sudo systemctl enable bluetooth.service
sudo systemctl enable hciuart.service
joined it to my_wifi network in order to setup all the tools.
-
install bluez tools
sudo apt-get install bluez-tools -
configure PAN (ref)
-
/etc/systemd/system/bt-network.service
[Unit] Description=Bluetooth NEP PAN After=pan0.network [Service] ExecStart=/usr/bin/bt-network -s nap pan0 ExecStartPost=bt-adapter --set Discoverable 1 Type=simple [Install] WantedBy=multi-user.target
-
/etc/systemd/system/bt-agent.service
[Unit] Description=Bluetooth Auth Agent [Service] ExecStart=/usr/bin/bt-agent -c NoInputNoOutput ExecStartPost=sh -c 'printf "%%s\n" "clients use: sudo bt-network -C $( bt-adapter -l | sed -rn "s/.?(([[:xdigit:]]{2}:){5}[[:xdigit:]]{2})./\1/p" ) nap"' Type=simple [Install] WantedBy=multi-user.target -
/etc/systemd/network/pan0.netdev
[NetDev] Name=pan0 Kind=bridge
-
/etc/systemd/network/pan0.network
[Match] Name=pan0 [Network] Address=192.168.55.55/24 DHCPServer=yes [DHCPServer] PoolOffset=100 PoolSize=20 EmitDNS=yes DNS=1.1.1.1
I also added [DHCPServer] config(ref)
-
now just use bluetooth manager to pair a device to the rpi and trust it. It should stay persistant over time.
-
AWUS1900 does not work out of the box with kali. So they need to be installed. (ref)
we can see that AWUS1900 uses rtl8814au chipset
lsusb
from referenced guide we can install drivers
sudo apt update
sudo apt install realtek-rtl8814au-dkms
for fun and remote purpose (good idea is to poke the rpi into ethernet behind some dhcp or have it with LTE module installed - zerotier will always punch its way through DNS
echo "deb http://download.zerotier.com/debian/jammy jammy main" > /etc/apt/sources.list.d/zerotier.list
apt update && apt install zerotier-one
systemctl enable zerotier-one
zerotier-one join #your_network_hash
see what services are taking our time on bootup
systemd-analyze blame
systemctl disable systemd-networkd-wait-online.service
systemctl disable plocate-updatedb.service
tmux
echo "set -g mouse on" >> ~/.tmux.conf
0x90
-
adding ao alias
echo "alias ao='angryoxide --interface wlan1 --whitelist my_wifi_SSID'" >> ~/.bashrc
-
installation
apt install golang-gogo install github.com/bettercap/bettercap@latestln -s ~/go/bin/bettercap /usr/local/bin -
fix monitor mode issue (ref)
wgethttp://old.kali.org/kali/pool/main/libp/libpcap/libpcap0.8_1.9.1-4_arm64.debdpkg -i libpcap0.8_1.9.1-4_arm64.deb -
update bettercap
bettercap -eval “caplets.update; ui.update" -
edit ui password
vim /usr/local/shareLbettercap/caplets/http-ui.caplet -
lunch
bettercap -iface wlan1 -caplet http-ui
-
installation
TBD
-
in terminal run setup (without screen / for ssh usage)
echo "alias airgeddon="AIRGEDDON_WINDOWS_HANDLING=tmux bash /root/airgeddon/airgeddon.sh" >> ~/.bashrc -
install dependencies
apt install hostapd-wpe isc-dhcp-server asleap hostapd mdk4 hcxdumptool hcxtools lighttpd beef-xss -y