Jump to content

Automated capture of open WiFi


Br@d

Recommended Posts

OK, I have not scripted anything in a number of years, and those scripts were either a batch file for powershell v1 and v2.

I thought it would be fun to write a script that I could set to run at start up and use with a Raspberry Pi and the proper WiFi dongle to automatically capture open WiFi traffic based on the most active network.  

I would greatly appreciate the community taking a look at what I have and help me clean up and refine the code.

<this is of course purely for educational purposes>

I thinks this could also be converted to a useful pineapple module 

#/bin/bash

# references the interface
wlaninterface=wlan0mon

# sets the base file name for the wireless survey
recon=scouted

# sets the file name for the pcap file to write too
pcapfile=DaCapFile

# sets the lenth of time to run the survey for - in seconds
recontime=30s

# sets the lenth of time to run the packet capture for - in seconds
capturetime=600s

# finds the open WiFi network with the most active traffic and get the
channel number
channel=$(grep -a 'OPN' $recon*.csv | sort -nrk11 | tail -1 | awk '{print $6}')

# removes the comma from the output of the previous line
ch=${channel::-1}

#finds the open WiFi network with the most active traffic and get the ESSID
network=$(grep -a 'OPN' $recon*.csv | sort -nrk11 | tail -1 | awk '{print $19}')

# removes the comma from the output of the previous line
ssid=${network::-1}

# general house cleaning to remove previous captures
rm $recon*.csv &> /dev/null
rm $pcapfile*.cap &> /dev/null

# setting wlan0 into monitor mode
airmon-ng check kill
airmon-ng start wlan0

# running the wireless survey
airodump-ng -w $recon --output-format csv $wlaninterface &> /dev/null &
sleep $recontime
kill $!

#running the packet capture
airodump-ng -c $ch --essid $ssid -w $pcapfile --output-format pcap $wlaninterface &> /dev/null &
sleep $capturetime
kill $!

 

Edited by Br@d
Link to comment
Share on other sites

  • 2 weeks later...
On 31/12/2016 at 4:33 PM, Br@d said:

so far so good. The script works as is but with some caveats, so i'm going to make it more stable. 

I still have to figure our the best way to make it run automatically on power on :)

 

There's a few ways to get it running on boot. Imagine I saved the script as "coolScript.sh" in the /path_to_file/ directory.

The quick way would be to add a line like the following to the /etc/rc.local file (above the "exit 0" in the rc.local file of course):

/path_to_file/coolScript.sh || exit 1;

The better way would be to add an init script by adding a new script to the "/etc/init.d/" folder that calls the script. The commands would be like so (Note: must be run as root):

echo '#!/bin/sh' > /etc/init.d/runCoolScript
echo '/path_to_script/coolScript.sh' >> /etc/init.d/runCoolScript
chmod ugo+x /etc/init.d/runCoolScript
update-rc.d runCoolScript defaults

The top two lines could obviously be done in an editor instead or echoing them.

 

Link to comment
Share on other sites

ok so the script seemed to be working well on a test system running the Parrot distro but on my pi running Kali for ARM I get an error on line 22

ch=${channel::-1}

which was used to removes the comma from the output of the previous line (which found the desired channel but had a comma at the end)..

 

any thoughts

 

Link to comment
Share on other sites

50 minutes ago, Br@d said:

ok so the script seemed to be working well on a test system running the Parrot distro but on my pi running Kali for ARM I get an error on line 22


ch=${channel::-1}

which was used to removes the comma from the output of the previous line (which found the desired channel but had a comma at the end)..

 

any thoughts

 

Can you post the error that you get.

Or are you saying that line just doesn't work?

Link to comment
Share on other sites

oops sorry... the error is "line 22: -1: substring expression < 0"

but I just noticed that the was one error before that "grep: scouted*.csv: No such file or directory"

It looks like it is trying to call the variables before the are actually called on ---- or something like that 

Link to comment
Share on other sites

Maybe try adding in a condition after grep is run on the file, just in case the file doesn't exist.

if [[ ! $channel ]]; then
echo "Problem reading file $recon"
exit 0
fi

 

Does the file exist in the directory you called the script from? Also, try removing the "*" wild card symbol from the file name, or remove the ".csv" from the file name and have the line like so:

network=$(grep -a 'OPN' $recon*.csv | sort -nrk11 | tail -1 | awk '{print $19}')

 

I think I had problems putting a wild card into the middle of a filename before, so that could be the reason it can't grep the file :)

Link to comment
Share on other sites

those files are actually created with line #33

# running the wireless survey
airodump-ng -w $recon --output-format csv $wlaninterface &> /dev/null &

on parrot system (currently dead) do not try to call those variables until they actually called into action later in the script after the relevant content was created. They should just be defined at the start but seem to be called on instead... is that possible?

Link to comment
Share on other sites

Try

#/bin/bash

# references the interface
wlaninterface=wlan0mon

# sets the base file name for the wireless survey
recon=scouted

# sets the file name for the pcap file to write too
pcapfile=DaCapFile

# sets the lenth of time to run the survey for - in seconds
recontime=30s

# sets the lenth of time to run the packet capture for - in seconds
capturetime=600s

# general house cleaning to remove previous captures
rm $recon*.csv &> /dev/null
rm $pcapfile*.cap &> /dev/null

# setting wlan0 into monitor mode
airmon-ng check kill
airmon-ng start wlan0

# running the wireless survey
airodump-ng -w $recon --output-format csv $wlaninterface &> /dev/null &
sleep $recontime
kill $!

# finds the open WiFi network with the most active traffic and get the
channel number
channel=$(grep -a 'OPN' $recon*.csv | sort -nrk11 | tail -1 | awk '{print $6}')

# removes the comma from the output of the previous line
ch=${channel::-1}

#finds the open WiFi network with the most active traffic and get the ESSID
network=$(grep -a 'OPN' $recon*.csv | sort -nrk11 | tail -1 | awk '{print $19}')

# removes the comma from the output of the previous line
ssid=${network::-1}

#running the packet capture
airodump-ng -c $ch --essid $ssid -w $pcapfile --output-format pcap $wlaninterface &> /dev/null &
sleep $capturetime
kill $!

The only change made is that I've moved the house clearing and survey parts so that they run before the you process the survey results. I suspect that in your earlier testing you had an old recon file present which it then used and as the script leaves the recon file on the filesystem at the end you'd only encounter the issue when you moved the script across but not the recon file.  The good news is that this bug actually highlighted a logic bug that would be very difficult to spot otherwise (the logic bug was that each time it ran it was using the recon file from the previous time you ran the script not this time, which if you've changed locations wouldn't be much use).

Link to comment
Share on other sites

Nice script, but what if the WiFi network with the most active traffic changes in the moment between getting the channel number and getting the ESSID? Would it not be possible to set the $channel and $network variables in the same line of code? Just incase :wink:

Link to comment
Share on other sites

On 1/1/2017 at 2:40 PM, Teabot 5000 said:

There's a few ways to get it running on boot. Imagine I saved the script as "coolScript.sh" in the /path_to_file/ directory.

The quick way would be to add a line like the following to the /etc/rc.local file (above the "exit 0" in the rc.local file of course):

/path_to_file/coolScript.sh || exit 1;

The better way would be to add an init script by adding a new script to the "/etc/init.d/" folder that calls the script. The commands would be like so (Note: must be run as root):

echo '#!/bin/sh' > /etc/init.d/runCoolScript
echo '/path_to_script/coolScript.sh' >> /etc/init.d/runCoolScript
chmod ugo+x /etc/init.d/runCoolScript
update-rc.d runCoolScript defaults

The top two lines could obviously be done in an editor instead or echoing them.

 

ok I seem to be having issues getting this to run at power on.... can you try to elaborate on they steps needed in a Linux for dummies version.... (the amount I have learned in the last few weeks has surprised me but there is still a long way to go )

Link to comment
Share on other sites

So you should be able to save your script as say "openWifiCap.sh" in the /opt directory ("/opt/openWifiCap.sh" is now the full path to the script) and then have it executed at boot by placing a call to the script in the "/etc/rc.local" file.

First off, once you've saved the script make sure to run the command "sudo chmod +xw openWifiCap.sh" to make it executable (the +x) and give it write permissions (the w).

At this stage you should be able to run "./openWifiCap.sh" and it should work as expected.

Next, add in a call to the script in the in the "/etc/rc.local" file. By default, this file should look something like this:

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.


exit 0

You'll want to add the call to the script above the line with "exit 0". With it done, it would look like this:

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

sh /opt/openWifiCap.sh &

exit 0

The "sh" at the start will call the script and the "&" at the end of the line will get the script to run in the background.

If you still have issues with that method you could try the other. Take a look at the answers here for a decent run through of how to do that.

Link to comment
Share on other sites

Awesome, thanks.. that was a lot of help!

 

so here is the next funny thing.....

The script runs exactly as expected if  run it manually "sudo ./MyScirpt.sh" 

But... when running it as a start up script it does not run correctly.  Instead it shows the airodump-ng scan on the screen and does not quite after 30 seconds...

thoughts?

Link to comment
Share on other sites

Success!!  That script has changed a bit over the past few weeks... but not a lot

I appears (and I'm guessing)  that there is some background services needed that have not loaded by the time the script was called.

The fix was to set the pi to auto-login and call the script for the .bashrc file... this seems to be working well, but I have a lot of testing to do.

Thank you everyone for your help!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...