Are there more tools like ProbeKit for gathering and manipulating wifi data?

wifi
socialengineering

(Lagertha! Where are you?) #1

I am thinking about creating one myself / build on ProbeKit, but am wondering if there are such tools already in existence from which I can get ideas etc. I couldn’t find many by just Googling.

Sorry if it’s a noob/silly question, I am a small time lurker here with little knowledge of security and related fields.


(Full Snack Developer) #2

I see you figured out how to delete you post :wink:

Sorry I missed welcoming you before, so I’ll take the chance to do it now: glad to see you here and already asking good questions.

For manipulating data at the packet/frame level, it’s hard to beat Scapy. There are some other great tools for playing with 802.11 and ethernet like Ettercap, Aircrack, and Kismet. You’d probably have a fun time with those.

Additionally, you can capture wireless traffic with wireshark and filter it out to just see probes. I’ve also used things like Kismet to just discover what clients were in an area and watch their probes to see where they’ve been or were likely to go hang out. A machine with probes for the local Uni network, the Uni coffee shop, and 2 off campus coffee shops and a couple of airports likely indicates an out-of-state student, for instance.


(Lagertha! Where are you?) #3

I meant a tool more in line with manipulating the captured data rather than capturing the data itself. Something to keep track of whose data you’ve captured, combine data from various sources to create profiles for users/devices which can then be used for social engineering.


(Full Snack Developer) #4

I don’t know of a prepackaged tool for that, but you can get pretty far with Wireshark for that by following MAC addresses and building profiles based on conversation streams


(Lagertha! Where are you?) #5

Yes, Wireshark is a pretty neat tool. As you mentioned in your example, just by analyzing the Wifi probes we can tell where a person have been, and derive more conclusions. Probekit takes this and create those butterflies (/profiles) for devices it recognise. I mean a tool in that league, but more advanced/sophisticated. Something which can try to see through MAC randomization of mobile devices, try to fingerprint people, allow you to attach people with devices once in a while; when you get in range of a known Access point, it would show all those in your database which have been here etc.

So basically what analytics do on the web, but in realworld instead; which can then be linked to other data from other sources.

I want to create such a tool. But there has to be one already. How could there not be. I don’t want to waste effort. I found probekit and I’ll look into it further and try to build on it. I wanted to know if there are more such tools.


(Full Snack Developer) #6

Haven’t heard of one, but that would be a good thing to build if you do find that space is lacking in the community’s current tooling


#7

Python’s scapy might be what you’re looking for.
It makes it very easy to script something yourself.
Perhaps this can give you an idea:


(Command-Line Ninja) #8

I really really like this idea. What language would you use? I think python + scapy matched with an sqlite db.

I would be interested in working on this page project. If you make a repo on the gitlab, git.0x00sec.org, and if you hop on IRC. I’ll happily join you in development for this. I’m sure a few others would be eager.

Looking forward to it :slight_smile:


(Lagertha! Where are you?) #9

That’s awesome! I will create the repository when I have a little free time on my hand. I’ll also add a proper write-up of the idea. I am cool with Python.

PS: I am a web developer by profession, I have little experience with security, and with low level packet management. So please consider me a noob at all levels. If you’d still like to collaborate, I’ll ping you in IRC after I’ve created the repository : )


(Command-Line Ninja) #10

What sort of manipulation of data are you talking about. SSL strip? Or script injection?

As far as I know, you can only inject + modify packets if you are spoofing the network devices, or some how intercepting them. If youre just sniffing (like probekit), you can’t modify packets.


(Ken) #11

Hak5 Wifi Pineapple will manipulate wifi data real time as a MitM.


(Command-Line Ninja) #12

By intercepting by means of a Evil Twin attack. It doesn’t inject passively or just by sniffing.


(Ken) #13

sorry, I don’t know of any passive(active) injection tools besides a deauth. To have something passive to work, you basically have to overpower the legitimate signal ( assuming of course it’s an open wireless net )


(Command-Line Ninja) #14

You can do the same with a WPA2 secured network, but you just need to know the key.

Did you also know, you can decrypt encrypted WPA2 traffic if you know the key? Wireshark has the capability to decrypt, so now you can passively sniff, even on an encrypted network!


(Lagertha! Where are you?) #15

Don’t we need the 4way handshake along with the key to decrypt WPA2 traffict b/w a client and AP? Or have I been doing it wrong?


(Full Snack Developer) #16

I would think you do. The PSK is just the opening part of how the session key is negotiated.


(Not a N00b, but still learning) #17

Of course you can get that by doing a deauth