How to create Simple Wifi Access Point Finder Using Python And Scapy | Python Scapy Tutorial

Namaste Friends,



As We already Know, In Today's Digital Life Wireless Technology Spreading Their Range Very Rapidly And Now, Wi-Fi Networks Are Really Playing Big Roles In Providing Fast And Reliable Network Connections To Their Users and  Yes, That's Why Now, I Am Focusing My Blog Tutorials On Wireless Related Python Tools. In Other Words, Now I Also Wants To Show You Python programming Language Power In Wireless Technology Field And as A Beginning Today, I am Going To Show You How To Find Available Wireless Access Points (AP) Using Python And Scapy.

Now, Let Me First Introduce Python Scapy Module.


Python Scapy Module Introduction

Python Scapy Module Is A Very Useful Module That's Provides Us Capabilities To Encode And Decode Various Types of Packets Belongs To Different Types of Protocol, Various Types Of Packet Sniffing, Various Types Of Packet Capturing And Receiving And Much More. In Simple Word, the Scapy module can be used to handle different types of Network Task like Scanning, Packet Capturing, Sniffing, Different Types of Network Attacks and much more.

And In My Opinion, If You Want To Be A Intelligent Network Expert Then Don't Underestimate The Possibilities Of Python Scapy Module.




Now, Let's Focus On Our Wireless Sniffing Codes.

In These Codes, First With The Help of Scapy Module, I Will try To Capture All Packets Available On Air Then Again With The Help Of Scapy Module I Will Also Extract Or Decode Those Frames To Find Available Access Point. Not Understanding?? Hmm ok Let me explain you in more simple words, basically, almost all wireless device regularly sends beacon frames packet On Air To show their presence to their client. That's why Wireless clients easily find available Access Point Available in their network range.

Beacon Frames Basically A Non-Encrypted Frames Contains Various Various Types Of Access Point Information like Access Point Name, Access Point Channel Informations, Security Encryption Types And Much More.

Beacon Packet Format




As you can see in above image, it is a beacon frame format. For more information, i will suggest you use google.

Now, let's move ahead to codes.


Ohh, I Forget To Mention That To Run These Codes We Also Need Aircrack-ng Suite And Monitor Mode Supported Wifi Card Because To Make Our Script Successful We Need Monitor Mode And For Monitor Mode, We Need to be Supported Wifi Card And Airmon-ng Suite Or You Can Also Use Built-in Command Line Tool Called iwconfig. Click here


Now, let's Again Focus On Our Main Topic. In Simple Words, Here Our main goal is to just capture available beacon frame floating on air and after capturing we will try to extract access point information who created and sent the packet on air. basically from beacon frames, we will just try to extract Access point ssid and bssid. SSID means AP Name And BSSID means Access Point MAC Address. Now, Let Me Show You Quickly My Codes.


Get_Wifi_AP.py


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
#!/usr/bin/env python


# import scapy module
import scapy.all as scapy


# Extracted Packet Format 
Pkt_Info = """
---------------[ Packet Captured ]-----------------------
 Subtype  : {}
 Address 1  : {}
 Address 2 : {} [BSSID]
 Address 3  : {}
 Address 4 : {}
 AP  : {} [SSID]

"""

# Founded Access Point List
ap_list = []

# For Extracting Available Access Points
def PacketHandler(pkt) :
 #
 # pkt.haslayer(scapy.Dot11Elt)
 #
 #  This Situation Help Us To Filter Dot11Elt Traffic From
 #  Various Types Of Packets
 #
 # pkt.type == 0 
 #
 # This Filter Help Us To Filter Management Frame From Packet
 #
 # pkt.subtype == 8 
 #
 # This Filter Help Us To Filter Becon From From Captured Packets
 #
 #
 if pkt.haslayer(scapy.Dot11Elt) and pkt.type == 0 and pkt.subtype == 8 :
  # 
  # This Function Will Verify Not To Print Same Access Point Again And Again
  #
  if pkt.addr2 not in ap_list:
   #
   # Append Access Point
   #
   ap_list.append(pkt.addr2)
   #
   # Print Packet Informations
   #
    print Pkt_Info.format(pkt.subtype,pkt.addr1, pkt.addr2, pkt.addr3, pkt.addr4, pkt.info)
 
# Main Trigger
if __name__=="__main__":

 # Previous Function Trigger
 #
 # here, iface="mon0" for Interface with monitor mode enable
 # 
 scapy.sniff(iface="mon0", prn = PacketHandler, timeout=300)

 Now, Let me explain you in simple words what exactly happing over their.

As You See In Above Codes,

Explaination


1. In First Line, Import Scapy Module

2. Then I wrote  PacketHandler(pkt)  Function. basically here this function is for Extracting various information from packets.

3. In PacketHandler function, I wrote a condition instruction that starts like pkt.haslayer(scapy.Dot11Elt). Actually, This condition is only for verify that we have captured a valid beacon frame. basically, pkt.haslayer(scapy.Dot11Elt)  is to verifying that the captured packet contains a  Dot11Elt frame layer,  pkt.type == 0  to verify Management Frames And pkt.subtype == 8  to verify Beacon Frames. If packet passed all condition and it is a valid beacon frame.

4. Now, After capturing a valid beacon packet, our next work is to extract it. and here, scapy provides its powerful facilities. In Simple Words, With Scapy module we don't need to worry about binary level packet creating, managing and extracting. Thanks To Scapy Module That Help Us To Do Our Work Very Easily And Fastly. Basically, Scapy provides us pythonic like function and class to play with binary packets.

For Example :

  • pkt.subtype,
    • Extract Packet Sub Type From packet
  • pkt.addr1, 
    • Extract Packet Address 1 Field From Packet
  • pkt.addr2, 
    • Extract Packet Address 2 Field From packet
  • pkt.addr3,
    • Extract Packet Address 3 Field From packet
  • pkt.addr4, 
    • Extract Packet Address 4 Field From packet
  • pkt.info
    • Extract Packet Information Field From packet

5. In The End, scapy.sniff(iface="mon0", prn = PacketHandler, timeout=300) function provides the facility to capture on-air packets automatically and send all packets to PacketHandler Function.

Wow, Scapy is really very amazing module.

I hope now you all got it.


Now, it's time to run these Codes, but first, we need to enable Monitor Mode.

Just Follow Below Setups To Enable Monitor Mode through the airmon-ng suite.


sudo airmon-ng

sudo airmon-ng start [Interface]




Ohh yes,

Now To Run Our Sniffing Code Just Type Below Commands

sudo python Get_Wifi_AP.py

If you like these codes and wants to practice it on your system then you can latest updated codes from my GitHub repo.

To Download Raw Script Click Here



After Running this script you have to wait for few moments to find an available access point.

Done!

I hope you enjoy this tutorial.
Comment your feedback below.

Thanks For Reading
Have A Nice Day

Share this

Related Posts

Previous
Next Post »