break

WifiZoo v1.3 Released – Passive Info Gathering for Wifi

WifiZoo is a tool to gather wifi information passively. It is created to be helpful in wifi pentesting and was inspired by ‘Ferret‘ from Errata Security.

The tool is intended to get all possible info from open wifi networks (and possibly encrypted also in the future, at least with WEP) without joining any network, and covering all wifi channels.

WifiZoo does the following:

-gathers bssid->ssid information from beacons and probe responses *(now the graph contains the ssid of the bssid :) , new in v1.1)*
-gathers list of unique SSIDS found on probe requests (you can keep track of all SSIDS machines around you are probing for, and use this information on further attacks)*new in v1.1*
-gathers the list and graphs which SSIDS are being probed from what sources *new in v1.1*
-gathers bssid->clients information and outputs it in a file that you can later use with graphviz and get a graph with “802.11 bssids->clients”. It gathers both src and dst addresses of packets to make the list of clients so sometimes you get weird graphs that are fun to analyze :) (basically, because I still need to omit multicast dst addresses and things like that). Using the dst address means that sometimes you get mac addresses of wifi devices that are not near you, but I think gives you information about the wifi ‘infrastructure’, again, I think :) .
-gathers ‘useful’ information from unencrypted wifi traffic (ala Ferret,and dsniff, etc); like pop3 credentials, smtp traffic, http cookies/authinfo, msn messages,ftp credentials, telnet network traffic, nbt, etc.
-and I think that’s it.

and remember.. WifiZoo is work in progress…

Channel Hopping

WifiZoo just listens on a wifi interface and will not do channel hopping by itself (this is sthg inside the huge TODO list the tool has). right now, I do channel hopping using Kismet, weird perhaps, but it works:

-Configure Kismet to do channel hopping
-run kismet
-run wifizoo and wait

For example, you can customize how Kismet does channel hopping thru the kismet.conf file by modifying the following options:

channelhop
channelvelocity
channeldwell
defaultchannels
sourcechannels

you can confIgure how much time to spend on each channel, which channels to hop thru, etc.

What do you need to run WifiZoo?

-python
-scapy
-kismet if you want to do channel hopping (although you can probably come up with a script instead of installing kismet just to do channel hopping)
-logs are stored in ./logs/, make sure this directory is created before running the tool :) .

TODO

Mmm, lots of things TODO. you’ll notice.

Wifi bssids->clients graphs

This is perhaps the most fun, because everyone loves graphs, right?. The bssid->clients file is stored in ./logs/clients.log, to generate the graph do:

dot -Tpng -oclients.png clients.log

clients.png will be the file with the graph.

You can download WifiZoo v1.3 here:

wifizoo_v1.3.tgz

Posted in Security | 1 Comment »

One Response

  1. ArianaCymn Says:
    May 13th, 2009 at 10:36 pm

    Great! Thank you very much! I always wanted to write in my blog something like that. Can I take part of your post to my site? Of course, I will add backlink? Regards

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.