Quick and painless wireless real-time monitor
Simple and easy to use wireless managment software that will allow non-technical "sysadmins" to understand how their networks are being used. Goal
Run the following commands to install prerequisites: Requirements
apt-get update sudo apt-get install python python-pip libboost-all-dev libpcap-dev libssl-dev cmake g++ sudo -H pip install -r requirements.txt
You will also need: (*check on both links to see how to build).
- libtins: https://github.com/mfontanini/libtins
- dot11decrypt: https://github.com/mfontanini/dot11decrypt
How to Run
Tested with following Environment:
- OS: Linux Mint 17.2 'Rafaela' (Mate 32-bit)
- Wireless Adapter: TP-Link TL-WN722N (High Gain 150Mbps) [wlan1]
- Make sure you have all the required packages described above.
Running the program:
- Change the necessary values (AP Name, Interface Name) in setup.sh (and possibly packetCapture.py & APFind.py's main function)
sudo python backend.py
- You should be able to go to localhost:1992 and see a website being hosted there.
- On the website you should be able to simply select your AP and password and hit "monitor"
- Then the packet capture will start. (Notice: the capture currently lasts a few seconds for debuggin purposes).
Running the program in TEST Mode (w/o packet capture):
- On backend.py, set
- On packetCapture.py, set
capture = "<some path to a .pcap capture file>.
- backend.py: Runs a flask server listening on localhost:1992 it recieves requests from the client (get data) and data from the APFind and packetCapture scripts (post data).
- APFind.py: Find APs and then upload to localhost:1992
- packetCapture.py: Capture packets (or read from a pcap file), parsing the important info and uploading to localhost:1992
- template/index.html: HTML website that contains the client info. Pretty much barebones
- templates/leaks.html: Small helper site to show HTTP leaked information (so as to not crowd the original site)
- First we put our wireless interface in promiscuos mode (meaning it is authenticated to an AP, but we can still read all the other packets from other authenticated users to the same AP).
- We use dot11decrypt to decrypt packets that our interface is reading. These decrypted packets are dropped into a new interaface called TAP0.
- We then use python's library: scapy to read from TAP0.
- Scapy can then do some very minor data analysis on the packets (arange them by users, define their packet type, etc.)
- We wrap scapy over a flask framework so we can do a simple API that a front-end can call.