Hello everybody! Over the summers I did analysis on Wi-Fi and a part of my analysis concerned sending and receiving completely different sorts of IEEE 802.11 packets. I did most of these things utilizing Scapy so I believed why not create a tutorial about it? Once I began my analysis I needed to look via a number of on-line articles/tutorials to be able to get began with Scapy. With a purpose to prevent time I’m going to convey you up-to velocity by working you thru a brief tutorial.
Objective: Our finish purpose is to create two scripts. The primary script will ship WLAN beacon frames and the second script will intercept these beacon frames. Each of those scripts shall be working on two completely different methods. We wish to have the ability to ship beacon frames from one system and intercept them from the second.
For these of you who don’t know what a beacon body is (Wikipedia):
Beacon body is likely one of the administration frames in IEEE 802.11 based mostly WLANs. It comprises all of the details about the community. Beacon frames are transmitted periodically, they serve to announce the presence of a wi-fi LAN and to synchronise the members of the service set. Beacon frames are transmitted by the entry level(AP) in an infrastructure fundamental service set (BSS). In IBSS community beacon era is distributed among the many stations.
Sending Beacon frames:
from __future__ import print_function
from scapy.all import ( Dot11,
Dot11Beacon,
Dot11Elt,
RadioTap,
sendp,
hexdump)
SSID = 'Check SSID'
iface="wlp2s0"
sender="ac:cb:12:advert:58:27"
dot11 = Dot11(sort=0, subtype=8, addr1='ff:ff:ff:ff:ff:ff',
addr2=sender, addr3=sender)
beacon = Dot11Beacon()
essid = Dot11Elt(ID='SSID',information=SSID, len=len(SSID))
body = RadioTap()/dot11/beacon/essid
sendp(body, iface=iface, inter=0.100, loop=1)
To begin with we import the entire required modules after which outline some variables. Modify the sender handle to the MAC handle of your WiFi card and alter the iface to your wi-fi interface title (widespread variants are wlan0 and mon0).
Scapy works with “layers” so we then outline the Dot11 layer with some parameters. The sort parameter = 0 merely implies that this can be a administration body and the subtype = 8 implies that this can be a beacon body. Addr1 is the receiver handle. In our case that is going to be a broadcast (ff:ff:ff:ff:ff:ff is the printed MAC handle) as a result of we aren’t sending the beacon to a particular machine. Then we create a Dot11Beacon layer.
More often than not we don’t must go any parameters to a layer as a result of Scapy has sane defaults which work more often than not. After that we create a Dot11Elt layer which takes the SSID of the pretend entry level as an enter together with another SSID associated inputs. SSID is the title of the community which you see whereas scanning for WiFi on different units. Lastly we stack the layers so as and add a RadioTap layer on the backside. Now that the layers are all set-up we simply must ship the body and the sendp perform does precisely that.
Sniffing Beacon Frames
The sniffing half is fairly much like the sending half. The code is as follows:
#!/usr/bin/env python
from scapy.all import Dot11, sniff
ap_list = []
def PacketHandler(packet):
if packet.haslayer(Dot11):
if packet.sort == 0 and packet.subtype == 8:
if packet.addr2 not in ap_list:
ap_list.append(packet.addr2)
print("Entry Level MAC: %s with SSID: %s " %(packet.addr2, packet.information))
sniff(iface="wlp2s0", prn = PacketHandler)
Firstly, we import the Dot11 layer and the sniff perform. We create a packet filter perform which takes a packet as an enter. Then it checks whether or not the packet has a Dot11 layer or not. Then it checks if it’s a beacon or not (sort & subtype). Lastly, it provides it to the ap_list checklist and prints out the MAC handle and the SSID on display screen.
I hope you all discovered this brief walk-through useful. I really like how highly effective Scapy is. We’ve got solely scratched the floor on this put up. You are able to do all types of packet manipulation stuff in Scapy. The official docs are actually good and the WLAN BY GERMAN ENGINEERING weblog can also be tremendous useful.
See you subsequent time!
