1. Introduction
With the widespread popularity of wireless networks, people are increasingly using wireless networks, he changed the way people live. Now a lot of people go to a place, the first thing to ask is "Is there WiFi?" However, the wireless network security problem has not aroused people's attention enough. In some public places, such as airports, train stations, cafes, restaurants, and so on, some free Wi-Fi is provided for customers to use, but their security is very unreliable. WiFi fishing, counterfeit hotspots, traffic hijacking is often used in this event to attack people in public places connected to WiFi, resulting in terrible information breaches.
This article is the main WiFi hotspot broadcast signal beaconframe and uses concise python to sniff the SSID of the AP.
2. Learn about BeaconFrame2.1 a simple wireless network.
Some laptops, smartphones, pads and other smart terminals wirelessly connect to the Internet via wireless hotspots (APS). Attackers use a single computer and a wireless card to attack.
2.2 Understanding the types of WLAN packages
There are three kinds of package types:
- Management
- Control
-
Data
For more detailed information, refer to:
Http://standards.ieee.org/about/get/802/802.11.html
The following is an explanation of the WLAN packet fields.
Understanding Wireless access points (ap,access Piont)
-
Each AP is configured with an SSID.
- This SSID plays the role of a network name.
- The terminal device searches for this AP or wireless network through this SSID.
- The AP sends a broadcast frame (beaconframes) to indicate its presence.
- The endpoint lists the wireless networks by SSID.
2.3 Wireshark crawl Beaconframe for analysis.
Connect the USB wireless card to the Kali and turn on the monitor mode.
"'
# ifconfig Wlan0 up
# Airmon-ng Start Wlan0
"'
End the related process and improve the monitoring stability. and view the monitoring interface.
Start the Wireshark and listen with the Mon0 interface.
# wireshark &
Before starting, select Mon0.
Select a beacon frame type of package to view.
You can see that this beaconframe broadcast frame was sent by the "LYC" hotspot.
3. Python uses raw sockets to sniff WiFi SSID
The raw socket, the original socket, can receive data frames or packets on the local network card, which is very useful for monitoring traffic and analysis of networks. Using raw sockets is not a good idea in the traditional sense, but it allows you to access the network interface at a low level and get all the packages directly.
Vim Open the ssniffer.py file and write the Python code:
#! / usr / bin / env python
import socket
rawSocket = socket.socket (socket.AF_PACKET, socket.SOCK_RAW, socket.htons (0x0003))
rawSocket.bind (("mon0", 0x0003)) #Binding mon0 interface
apList = set ()
while True:
pkt = rawSocket.recvfrom (2048) [0]
# Through wireshark packet analysis, we know that the frame control of BeaconFrame is 0x80, that is, the subtype is 8.
if pkt [26] == "\ x80":
if pkt [36:42] not in apList and ord (pkt [63])> 0:
apList.add (pkt [36:42]) # 36 to 42 bytes of the packet store the MAC address of the AP
print "SSID:% s AP ‘s MAC address:% s"% (pkt [64: 64 + ord (pkt [63])], pkt [36:42] .encode (‘hex‘))
Save, add executable permissions, and execute.
"' # chmod +x ssniffer.py
#./ssniffer.py
Python only needs 10来 lines of code to get it done, isn't it powerful.
We use the Airodump-ng command to verify the results,
# airodump-ng mon0
Haha, finally said: "Has fun, enjoy!!!" ”
Wireless network security Python uses raw sockets to sniff WiFi SSID