Jump to content

Surveillance


Ned

Recommended Posts

I have been testing the Mark IV with an observe/report system incorporating python. The biggest challenge has been memory. Something in my main python script is eating memory. The only way to run this system, and keep it stable is to run it inside of a bash script that kills and reloads the program before the pineapple crashes.

This setup can be used to search for lost/stolen equipment, and can also be used to detect equipment you do not want in your area. For example, if you are at a job location where people should be working instead of using unauthorized wireless devices, Nook, psp, personal laptops, etc. this setup can alert you via text message when they are present.

There are 2 python scripts and one bash script.

Macmon.sh restarts macwatch.py every 15 seconds, and exits if the file "macstop" exists.

In the current setup, macwatch.py checks for a single mac in every packet it receives, if it matches, it launches tweet.py and passes a message to it. macwatch.py then creates the file macstop, and exits.

Tweet.py posts the message passed to it, and exits.

I am keeping tweet.py separate to keep this system modular, and to keep the twitter codes in one place. Any suggestions regarding python memory management would be greatly appreciated.

macmon.sh

_______________________________________

#!/bin/bash

control_c()

# run if user hits control-c

{

echo -en "\n*** Killing Python ***\n"

pkill python > /dev/null

exit $?

}

# trap keyboard interrupt (control-c)

trap control_c SIGINT

while true; do

python macwatch.py $1 &

sleep 15

sync && echo 3 > /proc/sys/vm/drop_caches

if [ -e macstop ]

then

rm macstop

break

fi

pkill python

done

--------------------------------------------

macwatch.py

____________________________________________

import logging

logging.getLogger("scapy.runtime").setLevel(logging.ERROR)

from scapy.all import *

interface = "mon.wlan0"

def sniffReq(p):

macwatch = sys.argv[1]

if p.sprintf("%Dot11.addr2%") == macwatch:

macwatch = "Pineapple_detected_" + macwatch

notify = "python tweet.py " + str(macwatch)

os.system(notify)

os.system("touch macstop")

quit()

else:

del p

sniff(iface=interface,prn=sniffReq)

-----------------------------------------------

tweet.py

________________________________________________

import os

import tweepy

import string

import time

import sys

tweetline = sys.argv[1]

consumer_key =' '

consumer_secret=' '

access_token=' '

access_token_secret=' '

auth = tweepy.OAuthHandler(consumer_key, consumer_secret)

auth.set_access_token(access_token, access_token_secret)

api = tweepy.API(auth)

api.update_status(tweetline)

------------------------------------------------------------

Link to comment
Share on other sites

I don't understand quite exactly what it is you want to do, but you shouldn't need a bash script to restart the program, python is fully capable of that. What is python supposed to be watching for MAC addresses? From first glance it would appear that all of what you posted could possibly go into one or more classes inside one program.

You're indentation is also messed up, macwatch.py isn't going to run like that.

Link to comment
Share on other sites

  • 2 weeks later...

You are absolutely correct, when he posted the code the indents were stripped. It will have to be re-indented before it will run. The purpose of the code is to search for a particular device, or type of device. The problem was that the python program continually allocated memory until the pineapple shut down. only exiting the program and restarting it freed the memory. The purpose of the post was to find a way to manage the memory more effectively. Sounds like you could write something much more efficient.

-Prox

-----------------------------------

My definition of "Ghost Tweet" - Posting a message on an unrelated twitter feed just long enough for it to be sent via txt message to phones, then deleting it from the feed 2 seconds later.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...