hii readers,
Today, In This Post I Am Going To Show You How To Create WLAN SSID Sniffing Script Using Python And Socket Module.
And If You Are A New Visitor On My Blog Then I Will Suggest You To Take A Look On My Blog Index For My Previous Interesting And Knowledgeable Posts.
So, Let's Focus To Our Main Topic.
To Create A WLAN SSID Sniffer Script Using Socket Module First We Need To Understand Basic Structure Of Wireless Devices And Their Procedure. So, To Make Your All Queries Clear Here, I am Writing Some Important Information In Question And Answer Way.
Q 1. What Is Beacon Frames?
Ans. Check This Previous Post
Beacon Frame, IEEE 802.11Q 2. What Is Monitor Mode?
Ans. Check This Previous Post
2-Easiest Way To Enable Wireless Lan Monitor Mode.
Q 3. What we are going to do?
Ans. First, We Will Start Our Wireless LAN Monitor Modes To Capture All Packets Available On Air. Then We Will Use Python Socket Module To Capture all Packets From WLAN Interface And After That, We Will Try To Filter Useful Frames From Packets To Find Required Information. Here, Useful Frames Means RadioTab Header Frame And Beacon Frame. As I Already Described In This Previous Post
Beacon Frame, IEEE 802.11 Beacon Frame Provides Various Important Information's About Wireless Access Point. So, In Simple Words, We Will Try To Find And Filter Beacon Frames From All Captured Packets To Extract Required Access Point Information.
So, Let's Move Ahead And Try To Understand These Codes. Here, This Is My Codes
1. ap_socket.py
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 | #!/usr/bin/python # -*- coding: utf-8 -*- # # +++++++++++++++++++++++++++++++++++++++++ # # WLAN BEACON FRAME EXTRACTOR # +++++++++++++++++++++++++++++++++++++++++ # # # Author : # surajsinghbisht054@gmail.com # http://www.bitforestinfo.com # github.com/surajsinghbisht054 # # # This Script Is Created For Educational And Practise Purpose Only # # # import module import socket import struct
# create Socket s = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(0x0003))
# bind with monitor mode interface s.bind(('mon0',0x0003))
# function for formating mac addresses def addr(s): return "{}{}:{}{}:{}{}:{}{}:{}{}:{}{}".format(*s.upper())
# Founded Access Point List ap_list = []
# loop while True: # Sniff Packet and get packet from list pkt = s.recvfrom(2048)[0]
# Check RadioTap Header Frame In Packet if pkt[2:4]=='$\x00':
# Get Total Length Of RadioTap Header Packet Bytes len_of_header = struct.unpack('h', pkt[2:4])[0]
# Extract RadioTap Header radio_tap_header_frame = pkt[:len_of_header].encode('hex')
# Now, assume that next frame from radiotap is Beacon Frame beacon_frame = pkt[len_of_header:len_of_header+24].encode('hex')
# Frame Type f_type = beacon_frame[:2]
# Extract Addr1 addr1 = beacon_frame[8:20]
# Extract Addr2 addr2 = beacon_frame[20:32]
# Extract Addr3 addr3 = beacon_frame[32:44]
# Try To Extract SSID if present try: len_of_ssid = ord(pkt[73]) ssid = pkt[74:74+len_of_ssid] except: ssid = "Unknown"
# Verify that extract frame is a beacon frame and not printed yet if addr2 not in ap_list and f_type=='80':
# append addr2 in ap_list ap_list.append(addr2)
# Print Info print """ ++++++++++ [ Beacon Frame ] ++++++++++++++++++++
Frame Type : {} SSID : {} Receiver : {} Transmitter : {} Source : {}
""".format(f_type, # Frame Type ssid , # SSID addr(addr1), # Addr1 addr(addr2), # Addr2 addr(addr3) # Addr3 )
|
To Run These Codes On Your System, First You need to start your wireless monitor mode. for more info about monitor mode check here
2-Easiest Way To Enable Wireless Lan Monitor Mode.
Then, Type On Terminal
sudo python ap_socket.py
My Output:
aya@bitforestinfo:~$ sudo python ap_socket.py
++++++++++ [ Beacon Frame ] ++++++++++++++++++++
Frame Type : 80
SSID : E*****e
Receiver : FF:FF:FF:FF:FF:FF
Transmitter : C8:**:**:**:**:5B
Source : C8:**:**:**:**:5B
Now, Let me explain you these python codes in simple way by dividing all codes in small parts with explanation.
Code Part 1.import socket module and struct module
#
# import module
import socket
import struct
Code Part 2.Here, In This Codes First Statement Is For Creating RAW Socket Object And Second Statement is for binding RAW Socket With Monitor Mode Enabled Interface.
# create Socket
s = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ihtons(0x0003))
# bind with monitor mode interface
s.bind(('mon0',0x0003))
Code Part 3.addr(s) function is only for formatting provided mac address in standard way.
For Example:
Input ------> addr(ffffffffffff)
Output ---------------------> FF:FF:FF:FF:FF:FF
# function for formating mac addresses
def addr(s):
return "{}{}:{}{}:{}{}:{}{}:{}{}:{}{}".format(*s.upper())
# Founded Access Point List
ap_list = []
Code Part 4.Here,
pkt = s.recvfrom(2048)[0] statement is for capturing packets from WLAN Interface and Then,
if pkt[2:4]=='$\x00': Statement is for Verifying RadioTap Availability In Captured Packets. After Finding RadioTap,
len_of_header = struct.unpack('h', pkt[2:4])[0] Statement Extract RadioTap Frame Length.
radio_tap_header_frame = pkt[:len_of_header].encode('hex') Statement is For Extracting RadioTap From Captured Packets.
# loop
while True:
# Sniff Packet and get packet from list
pkt = s.recvfrom(2048)[0]
# Check RadioTap Header Frame In Packet
if pkt[2:4]=='$\x00':
# Get Total Length Of RadioTap Header Packet Bytes
len_of_header = struct.unpack('h', pkt[2:4])[0]
# Extract RadioTap Header
radio_tap_header_frame = pkt[:len_of_header].encode('hex')
Code Part 5.In This Part All Statements are responsible for extracting various information from beacon frame.
Extract Beacon Frames From Captured Packets.
beacon_frame = pkt[len_of_header:len_of_header+24].encode('hex')
Extract Frame Subtype.
f_type = beacon_frame[:2]
Extract Receiver MAC Address.
addr1 = beacon_frame[8:20]
Extract Transmitter MAC Address.
addr2 = beacon_frame[20:32]
Extract Source MAC Address.
addr3 = beacon_frame[32:44]
Extract SSID From Frame.
ssid = pkt[74:74+len_of_ssid]
# Now, assume that next frame from radiotap is Beacon Frame
beacon_frame = pkt[len_of_header:len_of_header+24].encode('hex')
# Frame Type
f_type = beacon_frame[:2]
# Extract Addr1
addr1 = beacon_frame[8:20]
# Extract Addr2
addr2 = beacon_frame[20:32]
# Extract Addr3
addr3 = beacon_frame[32:44]
# Try To Extract SSID if present
try:
len_of_ssid = ord(pkt[73])
ssid = pkt[74:74+len_of_ssid]
except:
ssid = "Unknown"
Code Part 6.And At The End, In this Part,
if addr2 not in ap_list and f_type=='80': Statement is for Verifying Beacon Frame And Also For Not Repeating Same Address Again.
# Verify that extract frame is a beacon frame and not printed yet
if addr2 not in ap_list and f_type=='80':
# append addr2 in ap_list
ap_list.append(addr2)
# Print Info
print """
++++++++++ [ Beacon Frame ] ++++++++++++++++++++
Frame Type : {}
SSID : {}
Receiver : {}
Transmitter : {}
Source : {}
""".format(f_type, # Frame Type
ssid , # SSID
addr(addr1), # Addr1
addr(addr2), # Addr2
addr(addr3) # Addr3
)
Done!
You Can Also Download Raw Code From
Here