Results 1 to 6 of 6

Thread: On the Fly WEP data sniffing using scapy

  1. #1
    Junior Member
    Join Date
    May 2008
    Posts
    35

    Default On the Fly WEP data sniffing using scapy

    i have been playing around with scapy for quite sometime now... works great for sniffing wireless traffic without even associating to any AP, but i havent figured out how to sniff on data protected by WEP.

    i dont want to use airtun-ng i was hoping there is a way scapy handles the data after providing it with the wep key. i have seen a variable that holds the wepkey in the configuration file of scapy "conf.wepkey" and i have read some where about the use of unwep() function which needs pycrypto lib so was wondering if these could help me sniff and decode wireless wep traffic in real time,, if anyone knows how to accomplish this please help me out.

  2. #2
    Member
    Join Date
    Jun 2007
    Posts
    218

    Default

    I pulled this from the scapy list some time ago. Never tried it but it may be what you're looking for.

    > what is the correct way to decrypt a wep key using Dot11.unwep()

    I'm not sure what you mean by "decrypt a wep key".
    You cannot use Scapy to find out an unknown key (at least not easily).
    But if you supply the correct key yourself, you can decrypt the packets.

    I think the easiest way is to use the toEthernet() method on
    Dot11PacketLists. This uses unwep() internally (after some filtering)
    and returns the results as Ethernet frames:

    >>> enc=rdpcap("weplab-64bit-AA-managed.pcap")
    >>> enc.show()
    >>> enc[0]
    >>> conf.wepkey="AA\x00\x00\x00"
    >>> dec=Dot11PacketList(enc).toEthernet()
    >>> dec.show()
    >>> dec[0]

  3. #3
    Junior Member
    Join Date
    May 2008
    Posts
    35

    Default

    Quote Originally Posted by level View Post
    I pulled this from the scapy list some time ago. Never tried it but it may be what you're looking for.
    this isnt on the fly we are reading a .pcap file which is already present in the disk... i came across this example before making a post on the forum.. i need packets to be sniffed and decoded in real time,, any help with that?

  4. #4
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    How about pasting the cod you have tried thus far... or are you looking for someone to write this for you?
    dd if=/dev/swc666 of=/dev/wyze

  5. #5
    Junior Member
    Join Date
    May 2008
    Posts
    35

    Default

    Quote Originally Posted by wyze View Post
    How about pasting the cod you have tried thus far... or are you looking for someone to write this for you?
    Code:
    conf.iface='mon0'
    conf.wepkey='\x19\xdd\x32\x72\x7c'
    pkt=sniff(count=0, prn=lambda x:x.summary())
    ^C
    pkt[321].unwep() # where pkt[321] is a packet containing Dot11WEP layer
    i get an error saying

    Code:
    Traceback (most recent call last):
      File "<stdin>", line 1, in <module>
      File "/usr/lib/python2.5/site-packages/scapy/packet.py", line 162, in __getattr__
        fld,v = self.getfield_and_val(attr)
      File "/usr/lib/python2.5/site-packages/scapy/packet.py", line 158, in getfield_and_val
        return self.payload.getfield_and_val(attr)
      File "/usr/lib/python2.5/site-packages/scapy/packet.py", line 158, in getfield_and_val
        return self.payload.getfield_and_val(attr)
      File "/usr/lib/python2.5/site-packages/scapy/packet.py", line 158, in getfield_and_val
        return self.payload.getfield_and_val(attr)
      File "/usr/lib/python2.5/site-packages/scapy/packet.py", line 158, in getfield_and_val
        return self.payload.getfield_and_val(attr)
      File "/usr/lib/python2.5/site-packages/scapy/packet.py", line 158, in getfield_and_val
        return self.payload.getfield_and_val(attr)
      File "/usr/lib/python2.5/site-packages/scapy/packet.py", line 998, in getfield_and_val
        raise AttributeError(attr)
    AttributeError: unwep
    so i guess the write question to be asked is what is the correct syntax for using the unwep function on a packet?

  6. #6
    Junior Member
    Join Date
    May 2008
    Posts
    35

    Default

    well i figured it out.. scapy decrypts things automatically once the wepkey is entered in the correct format,, philippe was kind enough to point that out... but now i need to figure out a way to monitor two seperate AP with two different keys... any help with that would be greatly appreciated

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •