Monday 1 April 2013

Wi-Fi SSID Sniffer in 11 Lines of Python using Raw Sockets



I covered writing a Wi-Fi SSID Sniffer using Scapy in just 10 lines in a previous post.  Interestingly, a lot of people (mostly developers) want to know how your code would look like if you did not use scapy?

Here was the old scapy version I posted today:



Here is a raw socket version of the same code :)




The above jumps over the Radiotap header, get the MAC address in address field 2 and then gets the first Tagged TLV (typically the SSID) from the Beacon header. This is definitely not the most production ready code :) and needs a lot of work (need to iterate through TLVs in case SSID is not the first one etc. ) but seems to work quite well -- below is a sample output.

I'll probably do a more detailed writeup explaining the code later in the week with some more checks to make it reliable. I think its still possible to accomplish writing a SSID sniffer in under 25 lines with no 3rd party libs being used. We'll see - Good Night! :)


If you are interested in learning how to use Python for Pentesting then please have a look at our SecurityTube Python Scripting Expert course. This course is ideal for penetration testers, security enthusiasts and network administrators who want to learn to automate tasks or go beyond just using ready made tools. We will be covering topics in system security, network security, attacking web applications and services, exploitation techniques, malware and binary analysis and task automation.We have students from 73+ countries taking this course already!


3 comments:

  1. Is "pkt[26] == "\x80"" means that packet is beacon?
    Is pkt[36:42] equal to AP BSSID?
    Why SSID is placed in pkt[63:64]?

    ReplyDelete
  2. What version of python is this?

    ReplyDelete
  3. After putting an Alfa RTL8187 card in monitor mode, the script will execute but will not print anything to stdout. The scapy version works as demonstrated. Any ideas why this may be happening with the raw sockets version? Thank you for all of the information and knowledge that Security Tube has provided me.

    ReplyDelete