forked from xme/hoover
-
Notifications
You must be signed in to change notification settings - Fork 0
Wireless Probe Requests Sniffer
hermanbanken/hoover
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
#!/usr/bin/perl # # hoover.pl - Wi-Fi probe requests sniffer # # Original idea by David Nelissen (twitter.com/davidnelissen) # Thank to him for allowing me to reuse the idea! # # This script scans for wireless probe requests and prints them out. # Hereby you can see for which SSID's devices nearby are searching. # # Copyright (c) 2012 David Nelissen & Xavier Mertens # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # 3. Neither the name of copyright holders nor the names of its # contributors may be used to endorse or promote products derived # from this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # # History # ------- # 2012/01/11 Created # use strict; use Getopt::Long; $SIG{USR1} = \&dumpNetworks; # Catch SIGINT to dump the detected networks $SIG{INT} = \&cleanKill; $SIG{KILL} = \&cleanKill; $SIG{TERM} = \&cleanKill; my $uniqueSSID = 0; #uniq ssid counter my %detectedSSID; # Detected network will be stored in a hash table # SSID, Seen packets, Last timestamp my $pid; my $help; my $verbose; my $interface; my $dumpFile; my $ifconfigPath = "/sbin/ifconfig"; my $iwconfigPath = "/sbin/iwconfig"; my $tsharkPath = "/usr/local/bin/tshark"; my $options = GetOptions( "verbose" => \$verbose, "help" => \$help, "interface=s" => \$interface, "ifconfig-path=s" => \$ifconfigPath, "iwconfig-path=s" => \$iwconfigPath, "tsharkPath=s" => \$tsharkPath, "dumpfile=s" => \$dumpFile, ); if ($help) { print <<_HELP_; Usage: $0 --interface=wlan0 [--help] [--verbose] [--iwconfig-path=/sbin/iwconfig] [--ipconfig-path=/sbin/ifconfig] [--dumpfile=result.txt] Where: --interface : Specify the wireless interface to use --help : This help --verbose : Verbose output to STDOUT --ifconfig-path : Path to your ifconfig binary --iwconfig-path : Path to your iwconfig binary --tshark-path : Path to your tshark binary --dumpfile : Save found SSID's/MAC addresses in a flat file (SIGUSR1) _HELP_ exit 0; } # We must be run by root (getlogin() ne "root") && die "$0 must be run by root!\n"; # We must have an interface to listen to (!$interface) && die "No wireless interface speficied!\n"; # Check ifconfig availability ( ! -x $ifconfigPath) && die "ifconfig tool not found!\n"; # Check iwconfig availability ( ! -x $iwconfigPath) && die "iwconfig tool not found!\n"; # Check tshark availability ( ! -x $tsharkPath) && die "tshark tool not available!\n"; # Configure wireless interface (system("$ifconfigPath $interface up")) && "Cannot initialize interface $interface!\n"; # Set interface in monitor mode (system("$iwconfigPath $interface mode monitor")) && die "Cannot set interface $interface in monitoring mode!\n"; # Create the child process to change wireless channels (!defined($pid = fork)) && die "Cannot fork child process!\n"; if ($pid) { # --------------------------------- # Parent process: run the main loop # --------------------------------- ($verbose) && print "!! Running with PID: $$ (child: $pid)\n"; open(TSHARK, "$tsharkPath -i $interface -n -l subtype probereq |") || die "Cannot spawn tshark process!\n"; while (<TSHARK>) { chomp; my $line = $_; chomp($line = $_); # Everything exept backslash (some probes contains the ssid in ascii, not usable) #if($line = m/\d+\.\d+ ([a-zA-Z0-9:]+).+SSID=([a-zA-ZÀ-ÿ0-9"\s\!\@\$\%\^\&\*\(\)\_\-\+\=\[\]\{\}\,\.\?\>\<]+)/) { if($line = m/\d+\.\d+ ([a-zA-Z0-9:_]+).+SSID=([a-zA-ZÀ-ÿ0-9"\s\!\@\$\%\^\&\*\(\)\_\-\+\=\[\]\{\}\,\.\?\>\<]+)/) { if($2 ne "Broadcast") { # Ignore broadcasts my $macAddress = $1; my $newKey = $2; print DEBUG "$macAddress : $newKey\n"; if (! $detectedSSID{$newKey}) { # New network found! my @newSSID = ( $newKey, # SSID 1, # First packet $macAddress, # MAC Address time()); # Seen now $detectedSSID{$newKey} = [ @newSSID ]; $uniqueSSID++; print "++ New probe request from $macAddress with SSID: $newKey [$uniqueSSID]\n"; } else { # Existing SSID found! $detectedSSID{$newKey}[1]++; # Increase packets counter $detectedSSID{$newKey}[2] = $macAddress; # MAC Address $detectedSSID{$newKey}[3] = time(); # Now ($verbose) && print "-- Probe seen before: $newKey [$uniqueSSID]\n"; } } } } } else { # -------------------------------------------------- # Child process: Switch channels at regular interval # -------------------------------------------------- ($verbose) && print STDOUT "!! Switching wireless channel every 5\".\n"; while (1) { for (my $channel = 1; $channel <= 12; $channel++) { (system("$iwconfigPath $interface channel $channel")) && die "Cannot set interface channel.\n"; sleep(5); } } } sub dumpNetworks { my $i; my $key; print STDOUT "!! Dumping detected networks:\n"; print STDOUT "!! MAC Address SSID Count Last Seen\n"; print STDOUT "!! -------------------- ------------------------------ ---------- -------------------\n"; if ($dumpFile) { open(DUMP, ">$dumpFile") || die "Cannot write to $dumpFile (Error: $?)"; print DUMP "MAC Address SSID Count Last Seen\n"; print DUMP "-------------------- ------------------------------ ---------- -------------------\n"; } for $key ( keys %detectedSSID) { my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($detectedSSID{$key}[2]); my $lastSeen = sprintf("%04d/%02d/%02d %02d:%02d:%02d", $year+1900, $mon+1, $mday, $hour, $min, $sec); print STDOUT sprintf("!! %-20s %-30s %10s %-20s\n", $detectedSSID{$key}[2], $detectedSSID{$key}[0], $detectedSSID{$key}[1], $lastSeen); ($dumpFile) && print DUMP sprintf("%-20s %-30s %10s %-20s\n", $detectedSSID{$key}[2], $detectedSSID{$key}[0], $detectedSSID{$key}[1], $lastSeen); } print STDOUT "!! Total unique SSID: $uniqueSSID\n"; ($dumpFile) && print DUMP "Total unique SSID: $uniqueSSID\n"; close(DUMP); return; } sub cleanKill { if ($pid) { # Parent process: display information print "!! Received kill signal!\n"; kill 1, $pid; dumpNetworks; } exit 0; }
About
Wireless Probe Requests Sniffer
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published
Languages
- Perl 100.0%