Thursday, December 22, 2016

how to setup a rasperry pi 2 model b for wlan sniffing

The setup described below is working with a Raspberry PI 2 Model B and Whezzy as Operating System. It is not working with Raspberry Pi 3 and Jessie.


Hardware
https://www.amazon.com/Raspberry-Pi-Model-Desktop-Linux/dp/B00T2U7R7I/
https://www.amazon.com/gp/product/B0046ZAZVY/



I know that this WLAN dongle is not available anymore but their exists a lot of others also working in monitor mode.

Download latest version of wheezy for PI
http://director.downloads.raspberrypi.org/raspbian/images/raspbian-2015-05-07/2015-05-05-raspbian-wheezy.zip

If your PI is not direct accessible  you can also connect him to your router, check his IP and use  SSH (user pi password raspberry)

open a shell and use the following commands:

sudo apt-get update
sudo apt-get install wireshark
sudo apt-get install tshark
sudo service ifplugd stop
sudo ifconfig wlan0 down
sudo iwconfig wlan0 mode monitor
sudo ifconfig wlan0 up
sudo iwconfig wlan0 channel 3




My wlan device is named wlan0. you can check this with the command "iwconfig".
The router which I was trying to record the traffic is running on channel 3.
To check your router enter the command "sudo iwlist wlan0 scan" to get the channel.
You can also write a script which switches the channel periodically.

To record traffic you can now use wireshark (gui) or tshark (console).
Example how to filter only  HTTP traffic with tshark:

sudo tshark -i wlan0 -T fields -e "http.request.method" -e "http.response.code" -e "http.host" -e "http.request.uri" -e "http.cookie" -e "http.authbasic"

This does only work for unencrypted WLANs to tamper HTTP traffic.