A python implementation of airodump-ng - the classic wifi sniffing tool.
airodump-iv is probably inferior in a lot of ways to airodump-ng but is being written as a learning tool. It might also be useful to python developers interested in wifi sniffing.
Currently the only feature in airodump-iv not in airodump-ng is clearly identifying the SSIDs for hidden networks (when possible).
airodump.py is being developed in ubuntu precise with an Alpha AWUS036H or D-Link DWA-123 wireless card.
- For more BackTrack: http://www.backtrack-linux.org/
- For more Alpha AWUS036H: https://www.google.com/search?q=Alpha+AWUS036H
- For more D-Link DWA-123: http://www.dlink.co.in/products/?pid=528
TODO
airodump.py makes uses of scapy for sniffing and protocol/structure parsing
- For more scapy: http://www.secdev.org/projects/scapy/
- For better scapy docs: http://fossies.org/dox/scapy-2.2.0/index.html
My interest in this project was kicked off by a wifi penetration class @ Blackhat EU. Since then I've read quite a few protocol documents.
- For more on the class: http://www.blackhat.com/eu-13/training/advanced-wifi-penetration-testing.html
- The class basically followed this book: http://www.amazon.com/BackTrack-Wireless-Penetration-Testing-Beginners/dp/1849515581
- 802.11 base spec - http://standards.ieee.org/getieee802/download/802.11-2012.pdf
- 802.11i security spec - http://standards.ieee.org/getieee802/download/802.11i-2004.pdf
- Radiotap Headers - http://www.radiotap.org/
- Wireless Extensions IOCTL -
less /usr/include/linux/wireless.h
Steps to run include:
- Grab the code:
git clone git://github.com/ivanlei/airodump-iv.git
git submodule init
git submodule update
cd airodump-iv/airoiv
- Set wireless card into monitor mode:
sudo airmon-ng check kill
sudo airmon-ng start wlan0
- Once the card is in monitor mode:
sudo python airodump-iv.py
- To exit
CTRL-C
(... repeatedly sometimes)
Useful options include:
--iface=IFACE
- Set the interface to sniff on. By defaultmon0
.--channel=CHANNEL
- Monitor a single channel. By default it will channel-hop.--max-channel=MAX_CHANNEL
- Set maximum channel during hopping. By default queries Wireless Extensions.--packet_count=PACKET_COUNT
- Number of packets to capture. By default unlimited.--input-file=INPUT_FILE
- Read from PCAP file.-v
- Verbose mode. Does not play well with curses mode.--no-curses
- Disable the curses interface.
A Ubuntu precise Vagrantfile is included in the project. It will use puppet standalone to configure a clean wifi test environment in VirtualBox that includes airocrack-ng (from unofficial apt repo), iw tools, wireless-tools, and the contents of this repo.
After installing Vagrant and Virtualbox:
- Boot the box:
cd airodump-iv/Vagrant
vagrant up airoiv01
vagrant ssh airoiv01
- Let the box see a usb wifi adapter. From the host:
vboxmanage list usbhost
and find the UUID of the USB devicevboxmanage list vms
and find the UUID of the vmvboxmanager controlvm <UUID-of-vm> usbattach <UUID-of-usb-device>
- Implement channel hopping in a standards compliant manner
- Fix curses mode display to not have quite so many bugs
- Improve station display
- Test with other wifi cards
- Write unit tests
- Cleanup code
- World peace