WiFi Sniffing

From Embedded Lab Vienna for IoT & Security
Jump to: navigation, search

Summary

Sniff Wi-Fi traffic using wireless interfaces supporting monitor mode and packet injection (*).

Requirements

Description

Open a terminal.

Display your wireless interfaces:

iwconfig

Connect the external Wi-Fi adapter to your host computer.

iwconfig

The newly added interface in the list is the external adapter. In my case it was 'wlan1'. In the following steps I refer to the external adapter as 'wlan1'.

Start monitor mode on the external adapter (**):

airmon-ng start wlan1

The previous command creates a new interface called 'wlan1mon'. Verify with:

iwconfig

Display active Wi-Fi networks:

airodump-ng wlan1mon

Remember the channel of the network you want to attack. In my case it was channel 11.

Set your adapter to the appropriate channel:

iwconfig wlan1mon channel 11

Verify the frequency:

iwconfig wlan1mon
iwlist channel

Start capturing data:

airodump-ng --channel 11 -w alfa wlan1mon

Filter URLs from captured traffic:

urlsnarf -p alfa-01.cap

Filter pictures from captured traffic:

driftnet -f alfa-01.cap -a -d Pictures/

Disable monitor mode:

airmon-ng stop wlan1mon

(*) Test if the adapter supports injection:

aireplay-ng -9 wlan1mon

Detailed information about wireless adapters available in ELVIS can be found here.

(**) This command did not work with ALFA NETWORK AWUS036ACH and ALFA NETWORK AWUS036EAC. The following commands are an alternative way to start monitor mode on the adapter:

ifconfig wlan1 down
iwconfig wlan1 mode monitor
ifconfig wlan1 up

Results

Browser urlsnarf driftnet
Microsoft Edge (Windows 10 host) no results reading the pcap file no results reading the pcap file
Mozilla Firefox (Windows 10 host) no results reading the pcap file no results reading the pcap file
Google Chrome (Windows 10 host) no results reading the pcap file no results reading the pcap file
Google Chrome (Android host) no results reading the pcap file no results reading the pcap file
Samsung Internet (Android host) URLs captured images captured

Used Hardware

References