Follow the given instructions to get started:
tshark
via the following command:tshark -n -i mon0 subtype probereq
tshark
is not designed to be readable, just to have as much information in it as possible. It should look like the following:tshark –n –i mon0 subtype probereq –T fields –e separator= -e wlan.sa –e wlan_mgt.ssid
The screenshot of the following command is as follows:
results.txt
is created in the directory you are in. The Python script is as follows:import subprocess import datetime results = open("results.txt", "a") while 1: blah = subprocess.check_output(["tshark –n –i mon0 subtype probereq –T fields –e separator= -e wlan.sa –e wlan_mgt.ssid –c 100"], shell=True) splitblah = blah.split(" ") for value in splitblah[:-1]: splitvalue = value.split(" ") MAC = str(splitvalue[1]) SSID = str(splitvalue[2]) time = str(datetime.datetime.now()) Results.write(MAC+" "+SSID+" "+time+" ")
Let's get briefed on the python script:
import subprocess
library and datetime
library: This allow us to refer to the subprocess and datetime libraries. The subprocess
library allows us to monitor the interface from the Linux command line, and datetime
allows us to get the accurate time and date readings.while 1
: This line means run until stopped.results = open("results.txt", "a")
: This opens a file with the append rights and assigns it to results. The append rights only allow the script to add to the contents of the file. This stops the file from constantly being overwritten.blah = subprocess.check_output(["tshark –n –I mon0 subtype probereq –T fields –e separator= -e wlan.sa –e wlan_mgt.ssid –c 100"], shell=True)
: This opens a shell to perform our previously tested tshark
command. The only difference this time is—c 100. What this flag does is it limit the command to 100 queries. This allows us to return the results to ourselves without having to stop the program. Since we said run forever after writing the results, the script will restart again.blah
.splitblah = blah.split("
")
: This takes the variable blah and splits it by line.for value in splitblah[:-1]
: This repeats the following action for each line in the output, ignoring the first line that contains headers.splitvalue = value.split(" ")
: This breaks each line into further smaller chunks using the tab
character as the delimiter.MAC = str(splitvalue[1]) SSID = str(splitvalue[2]) time = str(datetime.datetime.now())
results.write(MAC+" "+SSID+" "+time+"
")
: This takes all the values, writes them to a file separated by spaces, and ends with a return and a new line for neatness.The output will be neat lines of text written to the file.
We took the input from probe requests and output them to a file using Python.
You may ask yourself what the purpose of this is. This can be achieved by simply performing the original tshark
command and adding a >> results.txt
command to the end. You would be correct; however, what we have created is a framework for integration with other tools, visualization platforms, databases, and services.
For example, using the WiGLE database that maps SSIDs to locations, you can add a few lines of code to take the SSID variable and query the WiGLE database.
Alternatively, you could set up a MySQL database and output the results there to perform the SQL commands on it.
This section has provided you with the first steps to create your own probe-monitoring tools. Through experimentation and using this simple code as the first step, a multitude of useful tools can be created.
Research which tools are available that allow visualization or data analytics and are easily integrated with Python. Tools such as Maltego have free versions that can be used to plot information.
Set yourself up a MySQL database to record the data and reconfigure the preceding Python script to output the results to the database. Then, build another script (or do it in the same one) to retrieve the data and output it to Maltego.
Reconfigure the script to query WiGLE, and collect geolocation data for probe requests. Output this data through Maltego.
Make an attempt to set up a web-based frontend through Flask, Django, or PHP to display your results. Investigate currently existing solutions for presenting the data and attempting to emulate or improve them through a discussion with their creators.