Famous_Longwing/88x2bu-20210702
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update start-mon.sh

Browse Source
This commit is contained in:
morrownr 2021-11-18 14:45:11 -06:00
parent 5856b8ae70
commit 66fab704b6
2 changed files with 670 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

334
Monitor_Mode.md Normal file
View File

@ -0,0 +1,334 @@
## Monitor Mode
Purpose: Provide information and tools for testing and using monitor mode.
Monitor mode, or RFMON (Radio Frequency MONitor) mode, allows a computer with a
wireless network interface controller (WNIC) to monitor all traffic received on
a wireless channel. Monitor mode allows packets to be captured without having to
associate with an access point or ad hoc network first. Monitor mode only
applies to wireless networks, while promiscuous mode can be used on both wired
and wireless networks. Monitor mode is one of the eight modes that 802.11
wireless cards and adapters can operate in: Master (acting as an access point),
Managed (client, also known as station), Ad hoc, Repeater, Mesh, Wi-Fi Direct,
TDLS and Monitor mode.
Note: This document and the start-mon.sh script have been tested on the following:
```
Kali Linux
Raspberry Pi OS
Linux Mint
Ubuntu
```
-----
## Steps to test monitor mode
#### Update system
```
sudo apt update
```
```
sudo apt full-upgrade
```
-----
#### Ensure WiFi radio is not blocked
```
sudo rfkill unblock wlan
```
-----
#### Install the aircrack-ng and wireshark packages
```
sudo apt install aircrack-ng wireshark
```
-----
#### Check wifi interface information
```
iw dev
```
-----
#### Information
The wifi interface name ```wlan0``` is used in this document but you will need
to substitute the name of your wifi interface while using this document.
-----
#### Disable interfering processes
Option 1
```
sudo airmon-ng check kill
```
Option 2, another way that works for me on Linux Mint:
Note: I use multiple wifi adapters in my systems and I need to stay connected
to the internet while testing. This option works well for me and allows
me to stay connected by allowing Network Manager to continue managing interfaces
that are not marked as unmanaged.
Ensure Network Manager doesn't cause problems
```
sudo nano /etc/NetworkManager/NetworkManager.conf
```
add
```
[keyfile]
unmanaged-devices=interface-name:<wlan0>;interface-name:wlan0mon
```
Note: The above tells Network Manager to leave the specified interfaces alone.
Remember to replace ```<wlan0>``` with the name of the wifi interface that you
intend to use in monitor mode.
```
sudo reboot
```
-----
#### Change to monitor mode
Option 1
Note: This option may not work with some driver/adapter combinations. If not,
press on with ```start-mon.sh``` or option 2.
```
sudo airmon-ng start <wlan0>
```
Note: I have provided a script called ```start-mon.sh``` to automate most
of the following option. Please give it a try and make suggestions to improve it.
```
Usage: $ sudo ./start-mon.sh <wlan0>
```
Option 2
Check the wifi interface name and mode
```
iw dev
```
Take the interface down
```
sudo ip link set <wlan0> down
```
Set monitor mode
```
sudo iw <wlan0> set monitor control
```
Bring the interface up
```
sudo ip link set <wlan0> up
```
Verify the mode has changed
```
iw dev
```
-----
### Test injection
Option for 5 GHz and 2.4 GHz
```
sudo airodump-ng <wlan0> --band ag
```
Option for 5 GHz only
```
sudo airodump-ng <wlan0> --band a
```
Option for 2.4 GHz only
```
sudo airodump-ng <wlan0> --band g
```
Set the channel of your choice
```
sudo iw dev <wlan0> set channel <channel> [NOHT|HT20]
```
```
sudo aireplay-ng --test <wlan0>
```
-----
### Test deauth
Option for 5 GHz and 2.4 GHz
```
sudo airodump-ng <wlan0> --band ag
```
Option for 5 GHz only
```
sudo airodump-ng <wlan0> --band a
```
Option for 2.4 GHz only
```
sudo airodump-ng <wlan0> --band g
```
```
sudo airodump-ng <wlan0> --bssid <routerMAC> --channel <channel of router>
```
Option for 5 GHz:
```
sudo aireplay-ng --deauth 0 -c <deviceMAC> -a <routerMAC> <wlan0> -D
```
Option for 2.4 GHz:
```
sudo aireplay-ng --deauth 0 -c <deviceMAC> -a <routerMAC> <wlan0>
```
-----
### Revert to Managed Mode
Check the wifi interface name and mode
```
iw dev
```
Take the wifi interface down
```
sudo ip link set <wlan0> down
```
Set managed mode
```
sudo iw <wlan0> set type managed
```
Bring the wifi interface up
```
sudo ip link set <wlan0> up
```
Verify the wifi interface name and mode has changed
```
iw dev
```
-----
### Change the MAC Address before entering Monitor Mode
Check the wifi interface name, MAC address and mode
```
iw dev
```
Take the wifi interface down
```
sudo ip link set dev <wlan0> down
```
Change the MAC address
```
sudo ip link set dev <wlan0> address <new mac address>
```
Set monitor mode
```
sudo iw <wlan0> set monitor control
```
Bring the wifi interface up
```
sudo ip link set dev <wlan0> up
```
Verify the wifi interface name, MAC address and mode has changed
```
iw dev
```
-----
### Change txpower
```
sudo iw dev <wlan0> set txpower fixed 1600
```
Note: 1600 = 16 dBm
-----
### airodump-ng can receive and interpret key strokes while running.
```
The following list describes the currently assigned keys and supported actions:
a
Select active areas by cycling through these display options:
AP+STA; AP+STA+ACK; AP only; STA only
d
Reset sorting to defaults (Power)
i
Invert sorting algorithm
m
Mark the selected AP or cycle through different colors if the selected AP is
already marked
o
Enable colored display of APs and their stations.
p
Disable colored display.
q
Quit program.
r
(De-)Activate realtime sorting -
applies sorting algorithm every time the display will be redrawn
s
Change column to sort by, which currently includes:
BSSID;
PWR level;
Beacons;
Data packets;
Packet rate;
Channel;
Max. data rate;
Encryption;
Strongest Ciphersuite;
Strongest Authentication;
ESSID
```
-----

336
start-mon.sh Executable file
View File

@ -0,0 +1,336 @@
#!/bin/bash
SCRIPT_NAME="start-mon.sh"
SCRIPT_VERSION="20211118"
# Purpose: Start and test monitor mode on the provided wlan interface
#
# Usage: $ sudo ./start-mon.sh [interface:wlan0]
#
# Status: This script is a work in progress. Please feel free to help
# make it better.
#
# Information:
#
# Some parts of this script require the installation of the following:
# aircrack-ng
# wireshark
#
# $ sudo apt install -y aircrack-ng wireshark
#
# Interfering processes must be disabled prior to running this script:
#
# Option 1
#```
# $ sudo airmon-ng check kill
#```
#
# Option 2, another way that works for me on Linux Mint:
#
# Note: I use multiple wifi adapters in my systems and I need to stay
# connected to the internet while testing. This option works well for
# me and allows me to stay connected by allowing Network Manager to
# continue managing interfaces that are not marked as unmanaged.
#
# Note: Tells Network Manager to leave the specified interfaces alone.
#```
# $ sudo nano /etc/NetworkManager/NetworkManager.conf
#```
# add
#```
# [keyfile]
# unmanaged-devices=interface-name:<wlan0>;interface-name:wlan0mon
#```
# Note: Option 2 may not be enough and needs testing.
# Set color definitions (https://en.wikipedia.org/wiki/ANSI_escape_code)
RED='\033[1;31m'
YELLOW='\033[0;33;1m'
GREEN='\033[1;32m'
CYAN='\033[1;36m'
NoColor='\033[0m'
# Check that sudo was used to start the script
if [[ $EUID -ne 0 ]]
then
echo "You must run this script with superuser (root) privileges."
echo "Try: \"sudo ./${SCRIPT_NAME}\""
exit 1
fi
# Assign default monitor mode interface name
iface0mon='wlan0mon'
# Activate option to set automatic or manual interface mode
#
# Option 1: if you only have one wlan interface (automatic detection)
#iface0=`iw dev | grep 'Interface' | sed 's/Interface //'`
#
# Option 2: if you have more than one wlan interface (default wlan0)
iface0=${1:-wlan0}
# Set iface0 down
ip link set $iface0 down
# Check if iface0 exists and continue if true
if [ $? -eq 0 ]
then
# Display interface settings
clear
echo -e "${GREEN}"
echo ' --------------------------------'
echo -e " ${SCRIPT_NAME} ${SCRIPT_VERSION}"
echo
echo ' WiFi Interface:'
echo ' '$iface0
echo ' --------------------------------'
# iface_name=$(iw $iface0 info | grep 'Interface' | sed 's/Interface //' | sed -e 's/^[ \t]*//')
# echo ' name - ' $iface_name
# iface_type=$(iw $iface0 info | grep 'type' | sed 's/type //' | sed -e 's/^[ \t]*//')
# echo ' type - ' $iface_type
iface_addr=$(iw $iface0 info | grep 'addr' | sed 's/addr //' | sed -e 's/^[ \t]*//')
echo ' addr - ' $iface_addr
iface_state=$(ip addr show $iface0 | grep 'state' | sed 's/.*state \([^ ]*\)[ ]*.*/\1/')
echo ' state - ' $iface_state
echo ' --------------------------------'
echo -e "${NoColor}"
# Set addr
read -p " Do you want to set a new addr? [y/N] " -n 1 -r
if [[ $REPLY =~ ^[Yy]$ ]]
then
iface_addr_orig=$iface_addr
echo
read -p " What addr do you want? ( 12:34:56:78:90:ab ) " iface_addr
# ip link set dev $iface0 up
ip link set dev $iface0 address $iface_addr
# ip link set dev $iface0 down
fi
# Rename the interface
# echo
# read -p " Do you want to rename $iface0 to wlan0mon? [y/N] " -n 1 -r
# echo
# if [[ $REPLY =~ ^[Yy]$ ]]
# then
ip link set $iface0 name $iface0mon
# else
# iface0mon=$iface0
# fi
# Set monitor mode
# iw dev <devname> set monitor <flag>
# Valid monitor flags are:
# none: no special flags
# fcsfail: show frames with FCS errors
# control: show control frames
# otherbss: show frames from other BSSes
# cook: use cooked mode
# active: use active mode (ACK incoming unicast packets)
# mumimo-groupid <GROUP_ID>: use MUMIMO according to a group id
# mumimo-follow-mac <MAC_ADDRESS>: use MUMIMO according to a MAC address
iw dev $iface0mon set monitor control
# Set iface0mon up
ip link set $iface0mon up
# Display interface settings
clear
echo -e "${GREEN}"
echo ' --------------------------------'
echo -e " ${SCRIPT_NAME} ${SCRIPT_VERSION}"
echo
echo ' WiFi Interface:'
echo ' '$iface0
echo ' --------------------------------'
iface_name=$(iw $iface0mon info | grep 'Interface' | sed 's/Interface //' | sed -e 's/^[ \t]*//')
echo ' name - ' $iface_name
iface_type=$(iw $iface0mon info | grep 'type' | sed 's/type //' | sed -e 's/^[ \t]*//')
echo ' type - ' $iface_type
iface_addr=$(iw $iface0mon info | grep 'addr' | sed 's/addr //' | sed -e 's/^[ \t]*//')
echo ' addr - ' $iface_addr
iface_state=$(ip addr show $iface0mon | grep 'state' | sed 's/.*state \([^ ]*\)[ ]*.*/\1/')
echo ' state - ' $iface_state
echo ' --------------------------------'
echo -e "${NoColor}"
# Run airodump-ng
# airodump-ng will display a list of detected access points and clients
# https://www.aircrack-ng.org/doku.php?id=airodump-ng
# https://en.wikipedia.org/wiki/Regular_expression
echo -e " airodump-ng can receive and interpret key strokes while running..."
echo
echo -e " a - select active area"
echo -e " i - invert sorting order"
echo -e " s - change sort column"
echo -e " q - quit"
echo ' --------------------------------'
echo
read -p " Do you want to run airodump-ng to display a list of detected access points and clients? [y/N] " -n 1 -r
if [[ $REPLY =~ ^[Yy]$ ]]
then
# usage: airodump-ng <options> <interface>[,<interface>,...]
#
# -c <channels> : Capture on specific channels
# -a : Filter unassociated clients
# --ignore-negative-one : Removes the message that says fixed channel <interface>: -1
# --essid-regex <regex> : Filter APs by ESSID using a regular expression
#
# Select option
#
# 1) shows hidden ESSIDs
# airodump-ng -c 1-165 -a --ignore-negative-one $iface0mon
#
# 2) does not show hidden ESSIDs
airodump-ng -c 1-165 -a --ignore-negative-one --essid-regex '^(?=.)^(?!.*CoxWiFi)' $iface0mon
fi
# Set channel
# Default
chan=6
# read -p " Do you want to set the channel? [y/N] " -n 1 -r
# if [[ $REPLY =~ ^[Yy]$ ]]
# then
# echo
read -p " What channel do you want to set? " chan
# fi
# ip link set dev $iface0mon down
# iw dev $iface0mon set channel $chan
iw $iface0mon set channel $chan
# ip link set dev $iface0mon up
# Display interface settings
clear
echo -e "${GREEN}"
echo ' --------------------------------'
echo -e " ${SCRIPT_NAME} ${SCRIPT_VERSION}"
echo
echo ' WiFi Interface:'
echo ' '$iface0
echo ' --------------------------------'
iface_name=$(iw $iface0mon info | grep 'Interface' | sed 's/Interface //' | sed -e 's/^[ \t]*//')
echo ' name - ' $iface_name
iface_type=$(iw $iface0mon info | grep 'type' | sed 's/type //' | sed -e 's/^[ \t]*//')
echo ' type - ' $iface_type
iface_addr=$(iw $iface0mon info | grep 'addr' | sed 's/addr //' | sed -e 's/^[ \t]*//')
echo ' addr - ' $iface_addr
# bug - Realtek drivers don't show the right channel after it is set but the channel that was set does work
iface_chan=$(iw $iface0mon info | grep 'channel' | sed 's/channel //' | sed -e 's/^[ \t]*//')
echo ' chan - ' $chan
iface_txpw=$(iw $iface0mon info | grep 'txpower' | sed 's/txpower //' | sed -e 's/^[ \t]*//')
echo ' txpw - ' $iface_txpw
iface_state=$(ip addr show $iface0mon | grep 'state' | sed 's/.*state \([^ ]*\)[ ]*.*/\1/')
echo ' state - ' $iface_state
echo ' --------------------------------'
echo -e "${NoColor}"
# Set txpw
read -p " Do you want to attempt to set the txpower? [y/N] " -n 1 -r
if [[ $REPLY =~ ^[Yy]$ ]]
then
echo
read -p " What txpw setting do you want? ( 2300 = 23 dBm ) " iface_txpw
# ip link set dev $iface0mon down
# iw dev $iface0mon set txpower fixed $iface_txpw
iw $iface0mon set txpower fixed $iface_txpw
# ip link set dev $iface0mon up
# Display interface settings
clear
echo -e "${GREEN}"
echo ' --------------------------------'
echo -e " ${SCRIPT_NAME} ${SCRIPT_VERSION}"
echo
echo ' WiFi Interface:'
echo ' '$iface0
echo ' --------------------------------'
iface_name=$(iw $iface0mon info | grep 'Interface' | sed 's/Interface //' | sed -e 's/^[ \t]*//')
echo ' name - ' $iface_name
iface_type=$(iw $iface0mon info | grep 'type' | sed 's/type //' | sed -e 's/^[ \t]*//')
echo ' type - ' $iface_type
iface_addr=$(iw $iface0mon info | grep 'addr' | sed 's/addr //' | sed -e 's/^[ \t]*//')
echo ' addr - ' $iface_addr
# bug - Realtek drivers don't show the right channel after it is set but the channel that was set does work
iface_chan=$(iw $iface0mon info | grep 'channel' | sed 's/channel //' | sed -e 's/^[ \t]*//')
echo ' chan - ' $chan
iface_txpw=$(iw $iface0mon info | grep 'txpower' | sed 's/txpower //' | sed -e 's/^[ \t]*//')
echo ' txpw - ' $iface_txpw
iface_state=$(ip addr show $iface0mon | grep 'state' | sed 's/.*state \([^ ]*\)[ ]*.*/\1/')
echo ' state - ' $iface_state
echo ' --------------------------------'
echo -e "${NoColor}"
fi
# Test injection capability with aireplay-ng
read -p " Do you want to test injection capability? [y/N] " -n 1 -r
if [[ $REPLY =~ ^[Yy]$ ]]
then
echo
aireplay-ng --test $iface0mon
fi
# Start wireshark
read -p " Do you want to start Wireshark? [y/N] " -n 1 -r
if [[ $REPLY =~ ^[Yy]$ ]]
then
wireshark --interface wlan0mon
# filter: wlan.fc.type_subtype == 29
fi
# Return the adapter to original settings
read -p " Do you want to return the adapter to original settings? [Y/n] " -n 1 -r
if [[ $REPLY =~ ^[Yy]$ ]]
then
# Display interface settings
clear
echo -e "${GREEN}"
echo ' --------------------------------'
echo -e " ${SCRIPT_NAME} ${SCRIPT_VERSION}"
echo
echo ' WiFi Interface:'
echo ' '$iface0
echo ' --------------------------------'
iface_name=$(iw $iface0mon info | grep 'Interface' | sed 's/Interface //' | sed -e 's/^[ \t]*//')
echo ' name - ' $iface_name
iface_type=$(iw $iface0mon info | grep 'type' | sed 's/type //' | sed -e 's/^[ \t]*//')
echo ' type - ' $iface_type
iface_addr=$(iw $iface0mon info | grep 'addr' | sed 's/addr //' | sed -e 's/^[ \t]*//')
echo ' addr - ' $iface_addr
iface_state=$(ip addr show $iface0mon | grep 'state' | sed 's/.*state \([^ ]*\)[ ]*.*/\1/')
echo ' state - ' $iface_state
echo ' --------------------------------'
echo -e "${NoColor}"
else
ip link set $iface0mon down
ip link set $iface0mon name $iface0
iw $iface0 set type managed
ip link set dev $iface0 address $iface_addr_orig
# ip link set $iface0 up
# Display interface settings
clear
echo -e "${GREEN}"
echo ' --------------------------------'
echo -e " ${SCRIPT_NAME} ${SCRIPT_VERSION}"
echo
echo ' WiFi Interface:'
echo ' '$iface0
echo ' --------------------------------'
iface_name=$(iw $iface0 info | grep 'Interface' | sed 's/Interface //' | sed -e 's/^[ \t]*//')
echo ' name - ' $iface_name
iface_type=$(iw $iface0 info | grep 'type' | sed 's/type //' | sed -e 's/^[ \t]*//')
echo ' type - ' $iface_type
iface_addr=$(iw $iface0 info | grep 'addr' | sed 's/addr //' | sed -e 's/^[ \t]*//')
echo ' addr - ' $iface_addr
iface_state=$(ip addr show $iface0 | grep 'state' | sed 's/.*state \([^ ]*\)[ ]*.*/\1/')
echo ' state - ' $iface_state
echo ' --------------------------------'
echo -e "${NoColor}"
fi
exit 0
else
echo -e "${YELLOW}ERROR: Please provide an existing interface as parameter! ${NoColor}"
echo -e "${NoColor}Usage: $ ${CYAN}sudo ./start-mon.sh [interface:wlan0] ${NoColor}"
echo -e "${NoColor}Tip: $ ${CYAN}iw dev ${NoColor}(displays available interfaces)"
exit 1
fi