Skip to content
/ spytrap-wifi Public

Test a phone for stalkerware using a wifi hotspot and deep packet inspection

License

GPL-3.0 license
6 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

spytrap-org/spytrap-wifi

BranchesTags

Repository files navigation

spytrap-wifi

Test a phone for stalkerware using a wifi hotspot and deep packet inspection.

Based on stalkerware-indicators data provided by Echap.

Configuration: Wifi

Modern phones test for internet connectivity and might not stay connected to the network if it doesn't complete. This check uses TLS in some cases and can't be spoofed easily, so for a reliable setup a working internet connection is required. This can be a tethered connection with a different phone.

This is the only configuration required.

Edit roles/spytrap/files/wpa_supplicant.conf:

ctrl_interface=/run/wpa_supplicant
update_config=1

network={
    ssid="iPhone"
    psk="changeme"
}

Setup a device

This was developed using Arch Linux ARM:

# Build from source
cross build --release --target arm-unknown-linux-gnueabihf
# TODO: missing setup steps for pi zero
# on pi zero: install nginx openbsd-netcat gdb lsof dnsmasq tcpdump hostapd sniffglue socat tmux htop

# Edit the inventory with the ip of the pi zero
vim inventory

# Deploy
ansible-playbook -i inventory site.yml

Develop

sudo sniffglue --json enp0s25 | cargo run stream

Download IOCs

https://raw.githubusercontent.com/AssoEchap/stalkerware-indicators/master/ioc.yaml

Similar work

License

GPLv3+

About

Test a phone for stalkerware using a wifi hotspot and deep packet inspection

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

6 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages