Hello everybody! Over the summers I did analysis on Wi-Fi and a part of my analysis concerned sending and receiving completely different sorts of IEEE 802.11 packets. I did most of these items utilizing Scapy so I assumed why not create a tutorial about it? Once I began my analysis I needed to look via a number of on-line articles/tutorials with the intention to get began with Scapy. With the intention to prevent time I’m going to carry you up-to velocity by working you thru a brief tutorial.

Objective: Our finish aim is to create two scripts. The primary script will ship WLAN beacon frames and the second script will intercept these beacon frames. Each of those scripts will likely be working on two completely different programs. We wish to have the ability to ship beacon frames from one system and intercept them from the second.

For these of you who don’t know what a beacon body is (Wikipedia):

Beacon body is without doubt one of the administration frames in IEEE 802.11 primarily based WLANs. It incorporates all of the details about the community. Beacon frames are transmitted periodically, they serve to announce the presence of a wi-fi LAN and to synchronise the members of the service set. Beacon frames are transmitted by the entry level(AP) in an infrastructure primary service set (BSS). In IBSS community beacon technology is distributed among the many stations.

Sending Beacon frames:

from __future__ import print_function
from scapy.all import ( Dot11,
                        Dot11Beacon,
                        Dot11Elt,
                        RadioTap,
                        sendp,
                        hexdump)

SSID = 'Take a look at SSID' 
iface="wlp2s0"   
sender="ac:cb:12:advert:58:27"

dot11 = Dot11(kind=0, subtype=8, addr1='ff:ff:ff:ff:ff:ff',
addr2=sender, addr3=sender)
beacon = Dot11Beacon()
essid = Dot11Elt(ID='SSID',data=SSID, len=len(SSID))

body = RadioTap()/dot11/beacon/essid

sendp(body, iface=iface, inter=0.100, loop=1)

To start with we import the entire required modules after which outline some variables. Modify the sender tackle to the MAC tackle of your WiFi card and alter the iface to your wi-fi interface title (widespread variants are wlan0 and mon0).

Scapy works with “layers” so we then outline the Dot11 layer with some parameters. The sort parameter = 0 merely implies that this can be a administration body and the subtype = 8 implies that this can be a beacon body. Addr1 is the receiver tackle. In our case that is going to be a broadcast (ff:ff:ff:ff:ff:ff is the printed MAC tackle) as a result of we aren’t sending the beacon to a particular system. Then we create a Dot11Beacon layer.

More often than not we don’t have to go any parameters to a layer as a result of Scapy has sane defaults which work more often than not. After that we create a Dot11Elt layer which takes the SSID of the faux entry level as an enter together with another SSID associated inputs. SSID is the title of the community which you see whereas scanning for WiFi on different gadgets. Lastly we stack the layers so as and add a RadioTap layer on the backside. Now that the layers are all set-up we simply have to ship the body and the sendp perform does precisely that.

Sniffing Beacon Frames

The sniffing half is fairly much like the sending half. The code is as follows:

#!/usr/bin/env python

from scapy.all import Dot11, sniff
                       

ap_list = []

def PacketHandler(packet):
    if packet.haslayer(Dot11):
        if packet.kind == 0 and packet.subtype == 8:
            if packet.addr2 not in ap_list:
                ap_list.append(packet.addr2)
                print("Entry Level MAC: %s with SSID: %s " %(packet.addr2, packet.data))


sniff(iface="wlp2s0", prn = PacketHandler)

Firstly, we import the Dot11 layer and the sniff perform. We create a packet filter perform which takes a packet as an enter. Then it checks whether or not the packet has a Dot11 layer or not. Then it checks if it’s a beacon or not (kind & subtype). Lastly, it provides it to the ap_list checklist and prints out the MAC tackle and the SSID on display.

I hope you all discovered this brief walk-through useful. I really like how highly effective Scapy is. We’ve solely scratched the floor on this submit. You are able to do all types of packet manipulation stuff in Scapy. The official docs are actually good and the WLAN BY GERMAN ENGINEERING weblog can also be tremendous useful.

See you subsequent time!