Closed jimbonet closed 9 years ago
https://github.com/maximcherny/snoopy-ng/blob/headway/plugins/mods80211/wifi_aps.py
scapy_ex for the win.
Great minds @maximcherny :) I discovered scapy_ex last week and implemented some test code to extract RSSI and channel:
rssi = pkt.dBm_AntSignal
channel = pkt.Channel
I contacted the author ( Ivan ) who has kindly offered for us to include his code. I haven't integrated it into snoopy whilst I try figure out extracting the encryption type too. Have you had any luck with that? At the moment I've borrowed the code below from Stack Overflow, which checks packet IDs and 'capability':
isAP = False
if pkt.haslayer(Dot11Beacon) or pkt.haslayer(Dot11ProbeResp):
cap = pkt.sprintf("{Dot11Beacon:%Dot11Beacon.cap%}"
"{Dot11ProbeResp:%Dot11ProbeResp.cap%}").split('+')
isAP = True
crypto = ""
if pkt.haslayer(Dot11Elt):
p = pkt[Dot11Elt]
while isinstance(p, Dot11Elt):
if p.ID == 48 and crypto == "":
crypto = "WPA2"
elif p.ID == 221 and p.info.startswith('\x00P\xf2\x01\x01\x00') and crypto == "":
crypto = "WPA"
p = p.payload
if not crypto and isAP:
if 'privacy' in cap:
crypto = "WEP"
else:
crypto = "OPN"
encryption = crypto
It seems to work, but I'd like to leverage scapy_ex if possible. Also, the above does't seem to work for data frames. Ivan pointed me here:
https://github.com/ivanlei/airodump-iv/blob/master/airoiv/airodump-iv.py#L124
Thanks maximcherny..again! I should have spotted it from your headway fork! yes adding encryption type would also be useful - keep up the good work Glen
Great!
The thing with AP tracking - there is a Wigle.net Android app for this and I suspect these guys have location selection and improvement algorithms behind the scenes with millions if not more locations already collected, rather than reinventing this perhaps it's best to reuse existing tools imho.
It's a cool feature of snoopy indeed, but ideally the collected data should be going into Wigle itself as this is also used in other plugins as well as the wider community.
Good point...I have played with wiggle app..its a cool way of crowd sourcing/share data. But I do like having my own stand-alone data platform that doesnt rely on internet connection or third party servers, plus it gives me an excuse to tinker/learn more python code and scapy ofcourse!!
I have managed to get channel and signal strength added to wifi_AP_ssids using scapy_ex as suggested. Will do some more testing as the signal seemed to be different to what airodump-ng was showing.
Anyone managed to add signal strength of AP to the wifi_AP_obs table? I seem to remember someone getting it working for client probes. In the plugins> mods80211 folder there is reference to sig_str = p.dBm_AntSignal in wifi_aps.py but havent got any further than adding the column to the table. Any thoughts/tips appreciated.