Python2->Python3 script update? Mk7 doesn’t have python2.

[Aaron Outhier]

I suppose this isn’t limited to a Pineapple - it could be used on other devices also. I am trying to detect deauth floods. The Pineapple is small, lightweight, and portable. Would make a great platform for this.

Copied from another post in the Tetra section.

-.- Cut -.-

Install scapy onto pineapple: -

opkg update
opkg upgrade tar wget
opkg install python tcpdump unzip
wget https://github.com/secdev/scapy/archive/v2.4.3rc1.tar.gz
tar -xvf v2.4.3rc1.tar.gz
cd scapy*
python setup.py install
cd ..
rm -rf scapy*

make the authwatch.py - i just used nano and pasted the following into it: -

#!/usr/bin/env python

######################################################
#	authWatch.py v. 0.1 (Quick, Dirty and Loud) - by TinMan
#	Place card in monitor mode and set the channel. 
#	If you want channel hopping, run airodump-ng in 
#	another terminal. Will add channel hopping 
# 	in the next version. 
######################################################	
#
#	Usage: python authWatch.py 
#	

import sys
from scapy.all import *

interface = sys.argv[1]

def sniffReq(p):
     if p.haslayer(Dot11Deauth):
# Look for a deauth packet and print the AP BSSID, Client BSSID and the reason for the deauth.
           print p.sprintf("Deauth Found from AP [%Dot11.addr2%] Client [%Dot11.addr1%], Reason [%Dot11Deauth.reason%]")
# Look for an association request packet and print the Station BSSID, Client BSSID, AP info.
     if p.haslayer(Dot11AssoReq):
           print p.sprintf("Association request from Station [%Dot11.addr1%], Client [%Dot11.addr2%], AP [%Dot11Elt.info%]")
# Look for an authentication packet and print the Client and AP BSSID
     if p.haslayer(Dot11Auth):
	   print p.sprintf("Authentication Request from [%Dot11.addr1%] to AP [%Dot11.addr2%]")
 	   print p.sprintf("------------------------------------------------------------------------------------------")
sniff(iface=interface,prn=sniffReq)

-.- cut -.-

this doesn’t work with the new Pineapple Mk7, since it is python 3 only.

[dark_pyrro]

Scapy is possible to run with Python3 so adjust the code (if needed) and use Python3 instead. With Scapy onboard, and executing the script, any errors that might show up will lead to what needs to be changed. The "print syntax" will probably show up as non-Python3-friendly.

[Aaron Outhier]

Yeah, I’ve already tried this (maybe I should’ve mentioned that). Syntax error or something at p.sprintf…

I never learned python. Stopped programming when the Apple ][ series died off. Long time ago. I’m old, I know…

I have tried both the latest scapy, btw, as well as the archive version listed. Factory reset in between.

[dark_pyrro]

Wow, that script is really old. Found the video where Darren shows this and it's over 12 years old. Anyway, anyhow..... It's possible to get it to execute on the Mark VII using Python3. I did the following.......

* Install Scapy

opkg update
opkg install python3-pip
pip install scapy

* Create the "authwatch.py" file fit for Python3

#!/usr/bin/env python3

import sys
from scapy.all import *

interface = sys.argv[1]

def sniffReq(p):
     if p.haslayer(Dot11Deauth):
           print(p.sprintf("Deauth Found from AP [%Dot11.addr2%] Client [%Dot11.addr1%], Reason [%Dot11Deauth.reason%]"))
     if p.haslayer(Dot11AssoReq):
           print(p.sprintf("Association request from Station [%Dot11.addr1%], Client [%Dot11.addr2%], AP [%Dot11Elt.info%]"))
     if p.haslayer(Dot11Auth):
	   print(p.sprintf("Authentication Request from [%Dot11.addr1%] to AP [%Dot11.addr2%]"))
 	   print(p.sprintf("------------------------------------------------------------------------------------------"))
sniff(iface=interface,prn=sniffReq)

(beware of the indentation that needs to be fully correct according to the "Python police")

* Start a monitor interface. I'm using wlan1 since it's not used as I have a 5 GHz adapter for recon/pineap stuff, the trailing "1" specifies the channel
airmon-ng start wlan1 1

* Run ifconfig to make sure that wlan1mon is there

* Start the script
python3 authwatch.py wlan1mon

* Try to deauth (using the Pineapple or something else, I used the Mark VII) and you should get messages about deauths, association requests and authentication requests.