Github LinkedIn Twitter Podcast Blog About

Wifi scanning

2022-01-20 20:03:22

Do you want to make your walks more interesting, and also are interested a bit about wifi security? Then how about warwalking?

In this post, I gonna teach you how to set up a Raspberry Pi Zero 2 W, with a extra wifi card and GPS and how to set it up to automatically start to scan networks.

First off, You’ll need some things.

  1. Raspberry Pi Zero 2W
  2. Wifi with monitor mode (personally got Alfa AWUS036ACH v.2, to get also 5ghz monitor mode)
  3. a micro SD card (I got Samsung microSDXC EVO Plus (2021), 64GB, Class 10 +)
  4. USB hub with micro USB (MakerSpot 4-Port Micro USB Hub)
  5. Power bank (ADATA, P20000D Power Bank, 20000 mAh. To be fair- it’s an overkill, but works perfectly)
  6. GPS receiver (GlobalSat BU/353/S4 USB GPS Receiver)

Yeah, sounds a bit expensive, but, it’s worth it. You can reuse these devices later. If you’re into cybersecurity, then the rpi and alfa wifi will really do you good. Yes, you can get the monitor mode wifi cheaper, you just need to find the correct chipset. Personally, I took the Alfa one because of the reviews.

So, how to configure it all? First off, download rpi-imager (https://github.com/raspberrypi/rpi-imager) and install bare bone raspbian bulseye on the SD card.

When you have installed the everything in the sd card, go inside the card (trough your own OS) in boot drive, and create file in wpa_supplicant.conf (in boot directory) . This will allow you to automatically connect to a wifi, when it turns on.

and put in your wifi config

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

network={
    ssid="_MYSSID_"
    psk="SOME PSK"
}

This will make sure you can automatically connect to the wifi. (2.4Ghz Only, because this gonna connect trough Rpi built in wifi card).

after that, save it and close it. also, create a empty ssh file in boot directory, so you can automatically connect to the rpi. save and put in the sd card inside rpi and start it.

First off, if you can, check if the Rpi has connected to your wifi device (most of the wifis can show you, what are the current clients and their IPS). You’ll need the rpi IP address to connect to it. if you can’t find that, you can also use something like nmap to find it sudo nmap -sS -p 22 192.168.1.0/24 (scan your local network, basically)

when you have found your rpi just ssh into it with

ssh pi@YOURIP accept the connection. and then try to connect. the default password for raspberry pi zero is raspberry aaand you have connected if you made it this far.

So, what now. First things first- change the admin password with passwd and set it to something better.

also, if you want, you can go into sudo raspi-config and configure some things if you want to.

When you have installed all the default things, it would be nice to update and upgrade your rpi.

sudo apt update
sudo apt upgrade

after that, lets start and install some things. install gpsd ( https://gpsd.gitlab.io/gpsd/ ) sudo apt install gpsd Basically, this is the main component for gps data.

if you already have your gps device connected to usb, check if it exists with ls /dev/ttyUSB* The device will always be ttyUSB something, but most likely 0.

after you have checked what is what in there, run sudo gpsd /dev/ttyUSB0 -F /var/run/gpsd.sock (where USB0 is the device), to configure gpsd correctly. start the gpsd service with sudo systemctl start gpsd.service (also, enable it)

after that, go near the window and check the gpsmon to understand if you have configured the gps correctly or not. if you got your gps location- congratz! you have done one part of the config.

now… The fun part- wifi. This might be a bit pain in the ass, but it will work, trust me. also, I would advise to download this sudo apt install aircrack-ng this will help you to work with wifi monitor mode faster.

first things first, you’ll need to install the driver for the wifi. The Alfa wifi doesn’t have a driver by default, so, you’ll need to compile it by yourself.

sudo apt install git
git clone https://github.com/aircrack-ng/rtl8812au.git
sudo apt-get install raspberrypi-kernel-headers
cd rtl8812au/
sed -i 's/CONFIG_PLATFORM_I386_PC = y/CONFIG_PLATFORM_I386_PC = n/g' Makefile
sed -i 's/CONFIG_PLATFORM_ARM_RPI = n/CONFIG_PLATFORM_ARM_RPI = y/g' Makefile
make
sudo make install

this will download the git, download the rtl8812 chipset drivers, configure the driver, compile it and install it. this is really necesary to actually use the wifi. but it isn’t that hard. after you have done this, just restart it and check, if you can see your wifi inside the ip addr (https://access.redhat.com/sites/default/files/attachments/rh_ip_command_cheatsheet_1214_jcs_print.pdf) (would advise to read this) if iy shows up- great. that means you installed the drivers correctly. if not… Trial and error somewhere.

when you’re done there, i would advise to to add this in /etc/network/interfaces

allow-hotplug wlan1
iface wlan1 inet manual
pre-up iw dev wlan1 set type monitor
pre-up ip link set wlan1 up

this will automatically hotplug your wlan1, and set it to monitor mode, when the rpi is turned on.

Next thing… Kimset itself. first off, don’t install it straight away, you’ll get the old version. better, do this

echo "deb https://www.kismetwireless.net/repos/apt/release/$(lsb_release -cs) $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/kismet.list
sudo apt-get update
sudo apt-get install kismet2018

this will allow you to install the newer version, which you can control over browser. trust me- it’s a lot easier to see what’s being scanned from a browser, rather than from console.

now the fun shit- actually configuring it.

first off, go into /etc/kismet/kismet.config and add this in the config

source=wlan1:type=linuxwifi
source=hci0
gps=gpsd:host=localhost,port=2947

basically, this sets your gps and sources where you’ll get the info about the wifi. (one source is from your wifi, other is for bluetooth. if you don’t want bluetooth, remove the hci0)

in /etc/kismet/kismet_drone.config (if i’m correct. perhaps i still got this by installing the old kismet), add this

nsource=wlan1
gpshost=localhost:2947

(not sure about this, but perhaps)

then, change the damn logging, trust me. if you’re not going to run it root (which i wouldn’t advise to run), in the /etc/kismet/kismet_logging.config set log_prefix=/home/pi/your_directory . this will save all the kismet data to your directory there. but that directory should be created already.

so, the config there is dne, now you basically need to create a kismet group and add pi user to that group. (kismet group should already be created, if not, run groupadd)

but basically, just run this sudo usermod -aG kismet pi . that will add the pi user to kismet group.

then, go and create this service sudo vi /lib/systemd/system/kismet.service with this data

[Unit]
Description=Kismet
ConditionPathExists=/usr/bin/kismet
After=network.target auditd.service

[Service]
User=pi
Group=kismet
Type=simple
ExecStart=/usr/bin/kismet --no-ncurses-wrapper
KillMode=process
TimeoutSec=0
Restart=always

[Install]
WantedBy=multi-user.target

this will create a systemd process what you can activate to automatically start kismet.

basically, then you can start the kismet by sudo systemctl start kismet.service if there are any errors (or something wrong with status), check journalctl -xe and fix the errors.

then you can go in the browser rpi_IP:2501 and set the password

aaand you can start walking. also, be cool and add the kismet data to https://wigle.net/

aand this what i got in a week of walking around. I have seen almost 45k networks, and a lot of bluetooth devices. and i got information about their mac addresses, gps location, what kind of wifi it is (as in 2.4, or 5), what channel is it on, what encrpytion does it have, and a lot of other information.

this was a pretty neat project to go in and do.



Back
Dawgora 2020