Jump to content
Hak5 Forums
Zylla

Kismet - Now working on Pineapples!

Recommended Posts

Posted (edited)

Kismet - Pineapple Edition - With WEB-UI

I just saw the video uploaded by Hak5 to youtube the other day, where they used an array of Tetra's running Kismet to scan ALL channels at all times.
After that, i just had to get it working!

Today i finally managed to compile the latest source-files for kismet, which also has a working web interface.
I've tested it all day on my Tetra, but it should be working on the Nano as well.

It might complain about the version of libmicrohttpd , so i recommend to also download the version of libmicrohttpd on my repo. (links to ipk's below)
All the other libs should work (downloaded under installation), if you just remember to run opkg update before installing them.

I've updated the version of Kismet (26.05.2018).
So the "issue" with libmicrohttpd should be fixed, and it should now be content with the version on openwrt's repos. which it downloads under installation.
Also tried adding support for libpcap and pcre, please test it out. ?

Kismet
Kismet-remote

After installation:

  1. Run "kismet" inside a SSH terminal to the Pineapple.
  2. Kismet should launch.
  3. You should now be able to access the web-interface on TCP-port 2501. (Eg: http://172.16.42.1:2501)

Another tip:

  1. run airodump-ng-oui-update on the Pineapple
  2. When completed, run:
    ln -s /etc/aircrack-ng/airodump-ng-oui.txt /etc/manuf

     

  3. This will make Kismet use Aircrack-ng's OUI database. ?

 

Ask questions, or whine about issues here. I'll try my best to keep it up to date.
Makefiles needed for the OpenWRT-SDK can be found on the repo. mentioned above, if you want to compile it yourself.

Edited by Zylla
  • Like 2
  • Upvote 2

Share this post


Link to post
Share on other sites

Always amazing work @Zylla! Is this on the latest firmware v2.1.0? Can't wait to try this out.

  • Upvote 1

Share this post


Link to post
Share on other sites

@kbeflo

Yes. It’s working on 2.1.0! :)

the only issue i mentioned was the version of libmicrohttpd in use on the Openwrt repos. is lower than the version i’ve compiled kismet with.

Which is why i provided the IPK to the same one used during compiling.

But i can easily fix it by re-compiling kismet with the same version that the Pineapple auto-matically downloads from openwrt repos. when installing (the older version)

I’ll see if i can fix that today :)

 

Share this post


Link to post
Share on other sites

Another tip if you get issues with RAM (memory) is to insert a usb drive with swap, so it has a little more to work witH.

Kismet is memory friendly, but when in a high traffic environment it can go up, and one will then definetly improve performance by having some swap ??

Share this post


Link to post
Share on other sites

The question is, can I plug a gps dongle into the tetra usb port and go wardriving with this?

Share this post


Link to post
Share on other sites
Posted (edited)

@Zylla its sooo nice ? but you know... im always looking for more lol jokin - After a bit of exploration i notice it can also monitor rtl-sdr for 433mhz signals (as well as bluetooth - but i think thats not an option ATM) but we do have working RTL-SDR drivers on Pineapples - i plugged mine in and see the following errors and cant select it as source  -

ERROR: IPC could not find binary 'kismet_cap_sdr_rtl433'
ERROR: Data source  () encountered an error: failed to launch IPC binary
       'kismet_cap_sdr_rtl433'

Whats the chances of having a poke round at that? Feel free to tell me NO! ?

Edited by Just_a_User

Share this post


Link to post
Share on other sites
Posted (edited)
6 hours ago, Zylla said:

Another tip if you get issues with RAM (memory) is to insert a usb drive with swap, so it has a little more to work witH.

Kismet is memory friendly, but when in a high traffic environment it can go up, and one will then definetly improve performance by having some swap ??

you think 8gb would be enough lol.  Awesome job works great.

 

May 26 2018 12:50:32 datasource not compiled with libcap capabilities control

May 26 2018 12:50:32 datasource not compiled with libcap capabilities control

keep seeing this in the terminal

Edited by b0N3z

Share this post


Link to post
Share on other sites
Posted (edited)
8 hours ago, PixL said:

The question is, can I plug a gps dongle into the tetra usb port and go wardriving with this?

Yes. As long as the Tetra manages to map the device to eg: /dev/ttyUSB0 (or whatever device it gets mapped as.)
Then if the Tetra manages to read from it, Kismet should also be able to read from it.

I have an iPhone (yeah, i'm getting it replaced with an Android device in the future), and been having great success "wardriving" with the App: GPS2IP ($6.99 USD @ AppStore (URL)).
So here's how do use it:

Method 1:
Using the command below on the Tetra will make netcat listen on TCP port 11123, and then forward the data to the device /dev/ttyUSB0

nc -l -p 11123 | tee /dev/ttyUSB0 &

You then setup Kismet to use /dev/ttyUSB0 it should be receiving GPS data perfectly.
(Remember: Socket must be marked in GPS2IP. The iPhone and Tetra has to be on the same network. Make sure to mark the correct network in GPS2IP, if not; no connections can be made)

Method 2:
Or you can setup GPS2IP to use Socket-mode, instead of using "TCP Push" as we did above.
Using the command below on the Tetra will make netcat connect to your iPhone's IP and PORT, and then forward the data to the device /dev/ttyUSB0

nc 192.168.1.15 11123 | tee /dev/ttyUSB0 &

You then setup Kismet to use /dev/ttyUSB0 it should be receiving GPS data perfectly.
(Remember: Socket must be marked in GPS2IP. The iPhone and Tetra has to be on the same network. Make sure to mark the correct network in GPS2IP, if not; no connections can be made)

 

8 hours ago, Just_a_User said:

@Zylla its sooo nice ? but you know... im always looking for more lol jokin - After a bit of exploration i notice it can also monitor rtl-sdr for 433mhz signals (as well as bluetooth - but i think thats not an option ATM) but we do have working RTL-SDR drivers on Pineapples - i plugged mine in and see the following errors and cant select it as source  -


ERROR: IPC could not find binary 'kismet_cap_sdr_rtl433'
ERROR: Data source  () encountered an error: failed to launch IPC binary
       'kismet_cap_sdr_rtl433'

Whats the chances of having a poke round at that? Feel free to tell me NO! ?

This is on my todo-list!
For example, the kismet version now is compiled "without" python support (for plugins).
But as python most definitely does work on OpenWRT, i don't see why it shouldn't be able to work here. It might need some customized tweaking to get it working, but it's definitely on my todo-list.
And should be doable. Hell, i got sslstrip+ working on these devices ?

 

2 hours ago, b0N3z said:

you think 8gb would be enough lol.  Awesome job works great.

 


May 26 2018 12:50:32 datasource not compiled with libcap capabilities control

May 26 2018 12:50:32 datasource not compiled with libcap capabilities control

keep seeing this in the terminal

I recommend every one of you to watch this awesome video uploaded to YouTube by Hak5. (Wifi Cactus)
Where they tested Kismet with like 20+ Pineapple Tetra's in a huge array. To cover every 2.4GHz + 5GHz channels, with no hopping!
Each Pineapple ran a client, and they all reported back the WiFi-traffic to a main kismet-server, which you could access the web-ui on.
Even with all these devices, and all that WiFi-traffic, it used quite low memory!
But still, kinda limited RAM on the Pineapples. 64MB on the Nano, and 128MB on the Tetra.
So my gut-feeling says to use swap on the Nano at all times. But on the Tetra; only if you experience issues.
I have medium amount of traffic around my house, some neighbors , and a lot of bypassing cars, buses, etc. It only used about 8MB RAM in the beginning, and then scaled minimally.

About libpcap, i'm gonna try to implement libpcap into this version. It's also on my todo-list ?

Last tip is to:

  1. Transfer the captures to a laptop, or thumb-drive. They can get quite big. Especially if you leave it running for a long time, in a high-WiFi environment.
Edited by Zylla
  • Like 2

Share this post


Link to post
Share on other sites
Posted (edited)

Updated Kismet just now.
It should now use the "correct" older version of libmicrohttpd, please test it and confirm if possible.
I've also tried adding support for libpcap, and pcre, as some users got some errors relating to that. Please check if those "errors/warnings" are gone. ?

Edited by Zylla
  • Like 2

Share this post


Link to post
Share on other sites

Regarding support for RTL-SDR within kismet, it seems to depend on python.
I'm currently trying to get it to compile with python, but it's going to take some time. ALOT of errors to go over.
But, i'm confident that it's possible to do. ?

  • Like 1

Share this post


Link to post
Share on other sites
13 hours ago, Zylla said:

Updated Kismet just now.
It should now use the "correct" older version of libmicrohttpd, please test it and confirm if possible.
I've also tried adding support for libpcap, and pcre, as some users got some errors relating to that. Please check if those "errors/warnings" are gone. ?

im now away so will reflash and try again once home tomorrow.

Great news about RTL-SDR, i have been using https://github.com/merbanan/rtl_433  and its amazing what extra info it can dig out of the airwaves ? Im imagining kismet will do something similar so am quite excited about this being possible with a pineapple/SDR combo..

Share this post


Link to post
Share on other sites
Posted (edited)

install worked great!!!!  still shows the libcap error but other than that works great.  I started monitoring memory usage, Im using both radios and a 3rd usb radio, and im close to peaked out at 23mb with around 124 devices.  Im in a high traffic area also.

I also like to run my Tetra at home from the eth0 and you cant access the webui for kismet without adding some firewall rules

config rule
        option name 'Kismet-UI'
        option src 'wan'
        option proto 'tcp'
        option dest_port '2501'
        option target 'ACCEPT'
        option family 'ipv4'

add this to /etc/config/firewall and then you can access the WebUI for kismet from your network (192.168.x.x:2501)

Edited by b0N3z

Share this post


Link to post
Share on other sites
On 5/27/2018 at 4:09 PM, b0N3z said:

install worked great!!!!  still shows the libcap error but other than that works great.  I started monitoring memory usage, Im using both radios and a 3rd usb radio, and im close to peaked out at 23mb with around 124 devices.  Im in a high traffic area also.

I also like to run my Tetra at home from the eth0 and you cant access the webui for kismet without adding some firewall rules


config rule
        option name 'Kismet-UI'
        option src 'wan'
        option proto 'tcp'
        option dest_port '2501'
        option target 'ACCEPT'
        option family 'ipv4'

add this to /etc/config/firewall and then you can access the WebUI for kismet from your network (192.168.x.x:2501)

Yeh, the memory efficiency of Kismet is effing' awesome!
I saw in Hak5's "WiFi Cactus" movie, they setup a Kismet server on an embedded device (don't remember which one), and they had enough Tetras to scan all channels at once (both 2 and 5 ghz. I think it was about 20-24 Tetras)
The server who handled all the data from ALL those Tetra's was connected via ethernet, and had a total of 16GB RAM available, it only consumed like 128-256MB RAM!
The main problem/bottleneck they stumbled into was the the writing speed of the storage they used for their pcap.
He wore the "cactus" into DefCon (i think it was), and he had it running for like an hour or two. The pcap was around 40GB!
So i guess one could use a Raspberry Pi, but he chose something that had NVMe storage (512GB), to take care of the bottleneck-issue.
Sick... I hope we can get this optimized fully for the Pineapples! It'd be so awesome!
Perhaps one could combing the interface with a Pineapple Module as well. ?

Share this post


Link to post
Share on other sites

Wait WHAT? libpcap error?!
Did  it complain about missing libpcap.so.1.3???

The first IPK i accidently compiled with libpcap-1.3, as i forgot Hak5 had upgraded.
But the last ones was compiled with libpcap-1.8.1!
I'm gonna check this later today....

Share this post


Link to post
Share on other sites
2 minutes ago, Zylla said:

Yeh, the memory efficiency of Kismet is effing' awesome!
I saw in Hak5's "WiFi Cactus" movie, they setup a Kismet server on an embedded device (don't remember which one), and they had enough Tetras to scan all channels at once (both 2 and 5 ghz. I think it was about 20-24 Tetras)
The server who handled all the data from ALL those Tetra's was connected via ethernet, and had a total of 16GB RAM available, it only consumed like 128-256MB RAM!
The main problem/bottleneck they stumbled into was the the writing speed of the storage they used for their pcap.
He wore the "cactus" into DefCon (i think it was), and he had it running for like an hour or two. The pcap was around 40GB!
So i guess one could use a Raspberry Pi, but he chose something that had NVMe storage (512GB), to take care of the bottleneck-issue.
Sick... I hope we can get this optimized fully for the Pineapples! It'd be so awesome!
Perhaps one could combing the interface with a Pineapple Module as well. ?

The wifi cactus has been the only reason ive messed around with kismet as much as i have.  That thing is freaking sweet and Id love to see a Kismet module.

  • Like 1

Share this post


Link to post
Share on other sites
Just now, Zylla said:

Wait WHAT? libpcap error?!
Did  it complain about missing libpcap.so.1.3???

The first IPK i accidently compiled with libpcap-1.3, as i forgot Hak5 had upgraded.
But the last ones was compiled with libpcap-1.8.1!
I'm gonna check this later today....

yes still libcap error.  It didnt say what version of libcap was causing it so im not sure.  If there is a way to check it, let me know ill dig deeper into the error.

Share this post


Link to post
Share on other sites
1 minute ago, b0N3z said:

yes still libcap error.  It didnt say what version of libcap was causing it so im not sure.  If there is a way to check it, let me know ill dig deeper into the error.

Could you paste the error?

Share this post


Link to post
Share on other sites

No, wait. I see it now, read wrong lol.
LIBCAP. Not LIBPCAP

I'll see into it asap.

  • Like 1

Share this post


Link to post
Share on other sites
Posted (edited)
RROR: IPC could not find binary 'kismet_cap_sdr_rtl433'
ERROR: Data source  () encountered an error: failed to launch IPC binary
       'kismet_cap_sdr_rtl433'
INFO: datasource not compiled with libcap capabilities control
ERROR: IPC could not find binary 'kismet_cap_sdr_rtl433'
ERROR: Data source  () encountered an error: failed to launch IPC binary
       'kismet_cap_sdr_rtl433'
INFO: datasource not compiled with libcap capabilities control
INFO: datasource not compiled with libcap capabilities control

this what just showed up from running it.  only using wlan1mon right now.  I know about the sdr_rtl433 error.\

right after I got this also... 

May 28 2018 10:08:58 PACKETLOST Kismet has started to drop packets; the packet queue has a backlog of 1025 packets. Your system may not be fast enough to process the number of packets being seen. You change this behavior in 'kismet_memory.conf'.

This is with wlan1mon only and I have a 1gb swap from a usb drive and the swap is active.  Didnt see the memory usage when the error was thrown.  but this is also the first time ive gotten this message since the first version you put out.

Edited by b0N3z

Share this post


Link to post
Share on other sites

Just re-compiled kismet. Try checking if the LIBCAP error is gone.
Remember: opkg remove kismet before installing the new one. ?

Share this post


Link to post
Share on other sites
Posted (edited)

I would say that error is gone.  Only error showing is still the rtl433.  only other thing I have noticed is that after downloading the oui and symlinking it,  kismet still wont show manufacture (tp-link, apple device, netgear, etc)  not a big deal, just something I noticed

your link to kismet in the original post shows 404 error. dont know if thats just because you updated it or there is an error

Edited by b0N3z

Share this post


Link to post
Share on other sites

did either of you guys experience a packet backlog? notification? i seem to recall that... just reflashed so not installed atm

Share this post


Link to post
Share on other sites
13 minutes ago, b0N3z said:

I would say that error is gone.  Only error showing is still the rtl433.  only other thing I have noticed is that after downloading the oui and symlinking it,  kismet still wont show manufacture (tp-link, apple device, netgear, etc)  not a big deal, just something I noticed

your link to kismet in the original post shows 404 error. dont know if thats just because you updated it or there is an error

Yeah, it seems that getting the rtl-433 need some more work. Or worse, compiled python support. :S
But glad to hear the libcap error is gone.
The issue with manufacturers not showing up, might be because kismet doesn't like aircrack's version, or unable to read it correctly.
Will look into that as well!

Also fixed the links, thanks for the headsup. ?

  • Upvote 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×