Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

C#

JavaScript

CSS

Rust

Go

Elixir

Python

Ruby

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

Rust

PHP

Dart

Shell

Java

PowerShell

Julia

C

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇳🇺 Niue

🇹🇷 Türkiye

🇸🇰 Slovakia

🇪🇬 Egypt

🇧🇴 Bolivia

🇵🇪 Peru

🇰🇿 Kazakhstan

🇳🇱 Netherlands

All Countries Compare Countries

GDSSecurity/wifitap

Stars
152
Rank 243,171 (Top 5 %)
Language
Python
License
GNU General Publi...
Created over 11 years ago
Updated over 7 years ago

GDSSecurity/wifitap

GDSSecurity

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

wifitap updated for BT5r3

#########################################
#
# wifitap.py --- WiFi injection tool through tun/tap device
# Cedric Blancher <[email protected]>
#
# http://sid.rstack.org/index.php/Wifitap (french)
# http://sid.rstack.org/index.php/Wifitap_EN (english)
#
#########################################

This program is a proof of concept tool allowing WiFi communications using
traffic injection.
You'll need:

	. Python >= 2.2
	. Psyco Python optimizer (optional)
	. Philippe Biondi's Scapy
	. Injection ready wireless adapter

It's been tested on GNU/Linux using Atheros chipset based adapter with patched
Madwifi driver and Intersil Prism GT Full MACchipset with Prism54 driver. It
should as well work with Prism2/2.5/3 chipset hostap driver or wlan-ng driver,
Ralink rt2500/2750 chipset using rt2500 driver and Realtek RTL8180 chipset
using rtl8180-sa2400 driver.

I didn't take time to test Prism2/2.5/3 support and don't have Ralink or Realtek
based hardware for testing. By the way, I would be glad to have feedback for
Wifitap attempts with thoses chipsets.

Drivers patches are written by Christophe Devine and updated by Aircrack-ng
people. For details about drivers patch and installation, see PATCHING file.


To get wifitap work on other Unix operating systems than GNU/Linux, you have to
install pcap or dnet wrappers for Python so Scapy can work (see
http://www.secdev.org/projects/scapy/portability.html). Then, and it's the most
important part, you have to find a wireless adapter driver that supports raw
wireless traffic injection if any.


NB : Python is so slow...


o Getting Wifitap ;)

	Wifitap is available at:

		http://sid.rstack.org/index.php/Wifitap (french)
		http://sid.rstack.org/index.php/Wifitap_EN (english)

	Lastest version is downloadable at:

		http://sid.rstack.org/code/wifitap.tgz

	Repository available at:

		http://sid.rstack.org/code/wifitap/


o Getting Scapy

	A working Scapy version is attached, so Wifitap is ready to work.
	However, you can get a more featured version of the tool at:

		http://www.secdev.org/projects/scapy/
	
	Download "work-in-progress" version or (better) use provided version...


o Preparing WiFi adapter

	Download, patch and install driver (see PATCHING).
	
	Supposing channel is 11:

		~# iwconfig $IFACE mode monitor channel 11
		~# ifconfig $IFACE up promisc

	NB: Atheros driver Madwifi requires specific configuration to get driver
	    in promisc mode and/or activate traffic injection. See website
	    (http://www.madwifi.org/) for details if you use madwifi-ng or
	    madwifi-old.

o Launching Wifitap

		~# ./wifitap.py -b <bssid>

	A wj0 interface will be created that needs to be configured as a
	regular interface, with optional MAC address specification:

		~# ifconfig wj0 [hw ether <MAC>] 192.168.1.1 [mtu <MTU>]


o Using Wifitap

	Now, you can us wj0 interface just as a usual interface to communicate
	with your prefered applications and tools, according to system routing
	table :)


o Wifitap command line arguments

	Usage : wifitap -b <BSSID> [-o <iface>] [-i <iface> [-s <SMAC>]
			[-w <WEP key> [-k <key id>]] [-d [-v]] [-h]

	-b	Specifies BSSID in ususal 6 hex digits MAC address format:
			. 00:01:02:03:04:05

	-o	Specifies output WiFi interface for frames injection

	-i	Specifies input WiFi interface for frames sniffing

	-s	Specifies source MAC address
			. 00:01:02:03:04:05

	-w	Activates WEP encryption/decryption with specified WEP key
		Key can be given using following formats:
			. 0102030405 or 0102030405060708090a0b0c0d
			. 01:02:03:04:05 or
			  01:02:03:04:05:06:07:08:09:0a:0b:0c:0d
			. 0102-0304-05 or 0102-0304-0506-0708-090a-0b0c-0d

	-k	Specifies WEP key id, from 0 to 3

	-d	Activates debugging

	-v	Increases debugging verbosity

	-h	Help screen

o Latest libpcap fully supports Wi-Fi specific headers, typically Prism Headers.
  However, if your system uses old libpcap, you will need to apply provided
  patch:

	patch -p0 < prismheaders.patch

  It will add a flag (-p) to tell Wifitap to shift 144 bits of Prism Headers to
  access 802.11 frame.


#########################################
#
# Copyright (C) 2005 Cedric Blancher <[email protected]>
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation; version 2.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
#
#########################################

GWT-Penetration-Testing-Toolset

A set of tools made to assist in penetration testing GWT applications. Additional details about these tools can be found on my OWASP Appsec DC slides available here: http://www.owasp.org/images/7/77/Attacking_Google_Web_Toolkit.ppt

Jetleak-Testing-Script

Script to test if a server is vulnerable to the JetLeak vulnerability

SQLBrute

SQLBrute is a tool for brute forcing data out of databases using blind SQL injection vulnerabilities.

GDS-PMD-Security-Rules

Custom security ruleset for the popular Java static analysis tool PMD.

Whitepapers

A collection of publicly released whitepapers

Add-Trusted-Certificate-to-iOS-Simulator

Script for easily importing a trusted CA certificate into the iOS Simulator's trust store. This provides application testers the ability to intercept SSL traffic when using the simulator for testing.

WCF-Binary-SOAP-Plug-In

This is a Burp Suite plug-in designed to encode and decode WCF Binary Soap request and response data ("Content-Type: application/soap+msbin1). There are two versions of the plug-in available (consult the README for more information).

burpee

Python object interface to requests/responses recorded by Burp Suite

cloud-and-control

OSX-Continuity-Dialer-POC

PaddingOracleDemos

Anti-CSRF-Library

This library was co-developed with a leading financial institution in order to build a single solution for Cross-Site Request Forgery (CSRF) prevention that is flexible enough to deploy firm-wide within diverse Java/J2EE web application environments.

DotNET-MVC-Enumerator

Unibrute

Multithreaded SQL union bruteforcer

AntiXSS-for-Java

AntiXSS for Java is a port of the Microsoft Anti-Cross Site Scripting (AntiXSS) v1.5 library for .NET applications. The library requires Java 1.4 or higher, but has no other prerequisites.

Code-from-O-reilly-Network-Security-Tools

Tools developed for the book Network Security Tools: Writing, Hacking, and Modifying Security Tools (Published April 2005 by O'Reilly - ISBN 0-596-00794-9). These examples, along with the rest of the examples from the book, are also available from O'Reilly.

Deflate-Burp-Plugin

The Deflate Burp Plugin is a plug-in for Burp Proxy (it implements the IBurpExtender interface) that decompresses HTTP response content in the ZLIB (RFC1950) and DEFLATE (RFC1951) compression formats.

JSSE_Fortify_SCA_Rules

Custom Fortify SCA rules to detect common JSSE certification validation flaws

SSLSecurityChecker

IronWASP module to test security of SSL services. Ported from http://www.bolet.org/TestSSLServer/

Presentations

This repository contains slide decks and other materials for talks and research presented at various conferences.

SubstrateDemo

ListLock APK contains the demo APK for the Using Mobile Substrate With Android Applications blog post

mangers-oracle

Demonstration of Manger's Oracle, attacking RSA OAEP

Convert2FPR

Utility for converting Findbugs, ESLint and PMD XML results into HP Fortify FPRs

blazentoo

Blazentoo is an Adobe AIR application that can be used to exploit insecure Adobe BlazeDS and LiveCycle Data Services ES servers. Blazentoo provides the ability to seamlessly browse web content, abusing insecurely configured Proxy Services.

Scala-Findbugs-Sample

Sample Findbugs custom detector for finding potentially insecure Scala code.

SubstrateDemo2

CSAW_2010

Source code to the Crypto Challenges for the CSAW 2010 qualifying CTF

mimegusta

Configurable content-sniffing XSS test bed

WCF-WSDualHttpBinding-Port-Scanner

Proof of Concept utility for abusing WCF Web Services that use the WSDualHttpBinding in order to perform remote port scans of arbitrary hosts.