Create WLAN SSID Sniffer Using Python Socket Module

Posted by Suraj Singh on July 19, 2017 · 17 mins read
hii readers,



Today, In This Post I Am Going To Show You How To Create WLAN SSID Sniffing Script Using Python And Socket Module.
And If You Are A New Visitor On My Blog Then I Will Suggest You To Take A Look On My Blog Index For My Previous Interesting And Knowledgeable Posts.
So, Let's Focus To Our Main Topic.

To Create A WLAN SSID Sniffer Script Using Socket Module First We Need To Understand Basic Structure Of Wireless Devices And Their Procedure. So, To Make Your All Queries Clear Here, I am Writing Some Important Information In Question And Answer Way.

Q 1. What Is Beacon Frames?

Ans. Check This Previous Post Beacon Frame, IEEE 802.11

Q 2. What Is Monitor Mode?

Ans. Check This Previous Post 2-Easiest Way To Enable Wireless Lan Monitor Mode.

Q 3. What we are going to do?

Ans. First, We Will Start Our Wireless LAN Monitor Modes To Capture All Packets Available On Air. Then We Will Use Python Socket Module To Capture all Packets From WLAN Interface And After That, We Will Try To Filter Useful Frames From Packets To Find Required Information. Here, Useful Frames Means RadioTab Header Frame And Beacon Frame. As I Already Described In This Previous Post  Beacon Frame, IEEE 802.11 Beacon Frame Provides Various Important Information's About Wireless Access Point. So, In Simple Words, We Will Try To Find And Filter Beacon Frames From All Captured Packets To Extract Required Access Point Information.

So, Let's Move Ahead And Try To Understand These Codes.  Here, This Is My Codes

1. ap_socket.py

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# +++++++++++++++++++++++++++++++++++++++++
#
# WLAN BEACON FRAME EXTRACTOR 
# +++++++++++++++++++++++++++++++++++++++++
#
#
# Author :  
#  surajsinghbisht054@gmail.com
#  http://www.bitforestinfo.com
#  github.com/surajsinghbisht054
#
#
# This Script Is Created For Educational And Practise Purpose Only
#
#
# import module
import socket
import struct

# create Socket
s = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(0x0003))

# bind with monitor mode interface
s.bind(('mon0',0x0003))


# function for formating mac addresses
def addr(s):
 return "{}{}:{}{}:{}{}:{}{}:{}{}:{}{}".format(*s.upper())

# Founded Access Point List
ap_list = []


# loop
while True:
 # Sniff Packet and get packet from list
 pkt = s.recvfrom(2048)[0]

 # Check RadioTap Header Frame In Packet
 if pkt[2:4]=='$\x00':

  # Get Total Length Of RadioTap Header Packet Bytes
  len_of_header = struct.unpack('h', pkt[2:4])[0]

  # Extract RadioTap Header
  radio_tap_header_frame = pkt[:len_of_header].encode('hex')

  # Now, assume that next frame from radiotap is Beacon Frame
  beacon_frame = pkt[len_of_header:len_of_header+24].encode('hex')

  # Frame Type
  f_type = beacon_frame[:2]

  # Extract Addr1
  addr1  = beacon_frame[8:20]

  # Extract Addr2
  addr2  = beacon_frame[20:32]

  # Extract Addr3
  addr3  = beacon_frame[32:44]

  # Try To Extract SSID if present
  try:
   len_of_ssid = ord(pkt[73])
   ssid   = pkt[74:74+len_of_ssid]
  except:
   ssid = "Unknown"

  # Verify that extract frame is a beacon frame and not printed yet
  if addr2 not in ap_list and f_type=='80':

   # append addr2 in ap_list 
   ap_list.append(addr2)

   # Print Info
   print """
++++++++++ [ Beacon Frame ] ++++++++++++++++++++

Frame Type : {}
SSID  : {}
Receiver : {}
Transmitter : {}
Source  : {}


   """.format(f_type, # Frame Type
    ssid ,  # SSID
    addr(addr1),  # Addr1
    addr(addr2),  # Addr2
    addr(addr3) # Addr3
    )

To Run These Codes On Your System, First You need to start your wireless monitor mode. for more info about monitor mode check here 2-Easiest Way To Enable Wireless Lan Monitor Mode.
Then, Type On Terminal

 sudo python ap_socket.py 


My Output:



aya@bitforestinfo:~$ sudo python ap_socket.py 

++++++++++ [ Beacon Frame ] ++++++++++++++++++++

Frame Type : 80
SSID  : E*****e
Receiver : FF:FF:FF:FF:FF:FF
Transmitter : C8:**:**:**:**:5B
Source  : C8:**:**:**:**:5B


Now, Let me explain you these python codes in simple way by dividing all codes in small parts with explanation.


Code Part 1.

import socket module and struct module


#
# import module
import socket
import struct



Code Part 2.

Here, In This Codes First Statement Is For Creating RAW Socket Object And Second Statement is for binding RAW Socket With Monitor Mode Enabled Interface.


# create Socket
s = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ihtons(0x0003))

# bind with monitor mode interface
s.bind(('mon0',0x0003))



Code Part 3.

addr(s) function is only for formatting provided mac address in standard way.
For Example:

Input ------> addr(ffffffffffff)
Output ---------------------> FF:FF:FF:FF:FF:FF 



# function for formating mac addresses
def addr(s):
 return "{}{}:{}{}:{}{}:{}{}:{}{}:{}{}".format(*s.upper())

# Founded Access Point List
ap_list = []



Code Part 4.

Here,  pkt = s.recvfrom(2048)[0] statement is for capturing packets from WLAN Interface and Then, if pkt[2:4]=='$\x00': Statement is for Verifying RadioTap  Availability In Captured Packets. After Finding RadioTap,  len_of_header = struct.unpack('h', pkt[2:4])[0] Statement Extract RadioTap Frame Length. radio_tap_header_frame = pkt[:len_of_header].encode('hex') Statement is For Extracting RadioTap From Captured Packets.


# loop
while True:
 # Sniff Packet and get packet from list
 pkt = s.recvfrom(2048)[0]

 # Check RadioTap Header Frame In Packet
 if pkt[2:4]=='$\x00':

  # Get Total Length Of RadioTap Header Packet Bytes
  len_of_header = struct.unpack('h', pkt[2:4])[0]

  # Extract RadioTap Header
  radio_tap_header_frame = pkt[:len_of_header].encode('hex')



Code Part 5.

In This Part All Statements are responsible for extracting various information from beacon frame.

Extract Beacon Frames From Captured Packets.
beacon_frame = pkt[len_of_header:len_of_header+24].encode('hex')
Extract Frame Subtype.
f_type = beacon_frame[:2]

Extract Receiver MAC Address.
addr1  = beacon_frame[8:20]

Extract Transmitter MAC Address.
addr2  = beacon_frame[20:32]

Extract Source MAC Address.
addr3  = beacon_frame[32:44]
  
Extract SSID From Frame.
ssid   = pkt[74:74+len_of_ssid]

  # Now, assume that next frame from radiotap is Beacon Frame
  beacon_frame = pkt[len_of_header:len_of_header+24].encode('hex')

  # Frame Type
  f_type = beacon_frame[:2]

  # Extract Addr1
  addr1  = beacon_frame[8:20]

  # Extract Addr2
  addr2  = beacon_frame[20:32]

  # Extract Addr3
  addr3  = beacon_frame[32:44]

  # Try To Extract SSID if present
  try:
   len_of_ssid = ord(pkt[73])
   ssid   = pkt[74:74+len_of_ssid]
  except:
   ssid = "Unknown"



Code Part 6.

And At The End, In this Part, if addr2 not in ap_list and f_type=='80': Statement is for Verifying Beacon Frame And Also For Not Repeating Same Address Again.



  # Verify that extract frame is a beacon frame and not printed yet
  if addr2 not in ap_list and f_type=='80':

   # append addr2 in ap_list 
   ap_list.append(addr2)

   # Print Info
   print """
++++++++++ [ Beacon Frame ] ++++++++++++++++++++

Frame Type : {}
SSID  : {}
Receiver : {}
Transmitter : {}
Source  : {}


   """.format(f_type, # Frame Type
    ssid ,  # SSID
    addr(addr1),  # Addr1
    addr(addr2),  # Addr2
    addr(addr3) # Addr3
    )


Done!

You Can Also Download Raw Code From Here


 
                 


  


        


        


          
          ← Previous
              Post
          
          
          Next
              Post