Skip to content

GDSSecurity/wifitap

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

#########################################
#
# wifitap.py --- WiFi injection tool through tun/tap device
# Cedric Blancher <sid@rstack.org>
#
# http://sid.rstack.org/index.php/Wifitap (french)
# http://sid.rstack.org/index.php/Wifitap_EN (english)
#
#########################################

This program is a proof of concept tool allowing WiFi communications using
traffic injection.
You'll need:

	. Python >= 2.2
	. Psyco Python optimizer (optional)
	. Philippe Biondi's Scapy
	. Injection ready wireless adapter

It's been tested on GNU/Linux using Atheros chipset based adapter with patched
Madwifi driver and Intersil Prism GT Full MACchipset with Prism54 driver. It
should as well work with Prism2/2.5/3 chipset hostap driver or wlan-ng driver,
Ralink rt2500/2750 chipset using rt2500 driver and Realtek RTL8180 chipset
using rtl8180-sa2400 driver.

I didn't take time to test Prism2/2.5/3 support and don't have Ralink or Realtek
based hardware for testing. By the way, I would be glad to have feedback for
Wifitap attempts with thoses chipsets.

Drivers patches are written by Christophe Devine and updated by Aircrack-ng
people. For details about drivers patch and installation, see PATCHING file.


To get wifitap work on other Unix operating systems than GNU/Linux, you have to
install pcap or dnet wrappers for Python so Scapy can work (see
http://www.secdev.org/projects/scapy/portability.html). Then, and it's the most
important part, you have to find a wireless adapter driver that supports raw
wireless traffic injection if any.


NB : Python is so slow...


o Getting Wifitap ;)

	Wifitap is available at:

		http://sid.rstack.org/index.php/Wifitap (french)
		http://sid.rstack.org/index.php/Wifitap_EN (english)

	Lastest version is downloadable at:

		http://sid.rstack.org/code/wifitap.tgz

	Repository available at:

		http://sid.rstack.org/code/wifitap/


o Getting Scapy

	A working Scapy version is attached, so Wifitap is ready to work.
	However, you can get a more featured version of the tool at:

		http://www.secdev.org/projects/scapy/
	
	Download "work-in-progress" version or (better) use provided version...


o Preparing WiFi adapter

	Download, patch and install driver (see PATCHING).
	
	Supposing channel is 11:

		~# iwconfig $IFACE mode monitor channel 11
		~# ifconfig $IFACE up promisc

	NB: Atheros driver Madwifi requires specific configuration to get driver
	    in promisc mode and/or activate traffic injection. See website
	    (http://www.madwifi.org/) for details if you use madwifi-ng or
	    madwifi-old.

o Launching Wifitap

		~# ./wifitap.py -b <bssid>

	A wj0 interface will be created that needs to be configured as a
	regular interface, with optional MAC address specification:

		~# ifconfig wj0 [hw ether <MAC>] 192.168.1.1 [mtu <MTU>]


o Using Wifitap

	Now, you can us wj0 interface just as a usual interface to communicate
	with your prefered applications and tools, according to system routing
	table :)


o Wifitap command line arguments

	Usage : wifitap -b <BSSID> [-o <iface>] [-i <iface> [-s <SMAC>]
			[-w <WEP key> [-k <key id>]] [-d [-v]] [-h]

	-b	Specifies BSSID in ususal 6 hex digits MAC address format:
			. 00:01:02:03:04:05

	-o	Specifies output WiFi interface for frames injection

	-i	Specifies input WiFi interface for frames sniffing

	-s	Specifies source MAC address
			. 00:01:02:03:04:05

	-w	Activates WEP encryption/decryption with specified WEP key
		Key can be given using following formats:
			. 0102030405 or 0102030405060708090a0b0c0d
			. 01:02:03:04:05 or
			  01:02:03:04:05:06:07:08:09:0a:0b:0c:0d
			. 0102-0304-05 or 0102-0304-0506-0708-090a-0b0c-0d

	-k	Specifies WEP key id, from 0 to 3

	-d	Activates debugging

	-v	Increases debugging verbosity

	-h	Help screen

o Latest libpcap fully supports Wi-Fi specific headers, typically Prism Headers.
  However, if your system uses old libpcap, you will need to apply provided
  patch:

	patch -p0 < prismheaders.patch

  It will add a flag (-p) to tell Wifitap to shift 144 bits of Prism Headers to
  access 802.11 frame.


#########################################
#
# Copyright (C) 2005 Cedric Blancher <sid@rstack.org>
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation; version 2.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
#
#########################################

Releases

No releases published

Packages

No packages published

Languages