Trustwave SpiderLabs Uncovers Unique Cybersecurity Risks in Today's Tech Landscape. Learn More

Trustwave SpiderLabs Uncovers Unique Cybersecurity Risks in Today's Tech Landscape. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Wardrive, Raspberry Pi Style!

I purchased a Raspberry Pi a few weeks back. I found that I could power it, with a WiFi card and a GPS from my 12000mah Li-Ion battery pack for about 12 hours. What a great way to explore without having to have a huge laptop or giant battery in my bag.

From that I did a little bit of driving and biking with this tool kit, passively looking for and logging networks. I could have easily used my NinjaTel phone (and will attempt this in the future), but I wanted something that I didn't have to mess with too much and would have a long battery life to "power all the things".

From this, I found that out of 6,164 APs identified, only 5% had WEP configured (which is flawed). That is a total of 327 APs that still had WEP enabled. Not to bad as a basic health check. Of course, more data would always be better.

 

Hardware Used

  • Raspberry Pi: Model B, 512Meg (Adafruit or Newark.com)
  • 32GB Class 10 SD Card (8GB or 16GB would also work)
  • RealTek USB WiFi adapter, ideally with an RP-SMA connector for an external antenna
  • Mag mount WiFi Antenna with N or RP-SMA
  • Global Positioning System receiver (GPS) that will work with GPSD, I used a Garmin 60CSx over USB
  • USB Hard drive power splitter cable for the WiFi Radio
  • NewTrent USB portable device charger, I used a 12000mah version, YMMV.

 

Hardware Notes

The Raspberry Pi model B uses 700mah of power alone. If it dips or goes below that, it crashes and will need to be manually rebooted. That is why it's very important to supply at least 1Amp (or more) to the Pi itself and use a USB power splitter cable for the Wi-Fi device. At first, the Pi was crashing when I would fire up Kismet as the USB WiFi adapter pulled more (m)amps than could be supplied from the Pi. Below is a picture of one of these said cables. Plug the pass-through port into the power, and the other into the Raspberry Pi.

 

Install the OS

The first thing to do is get the Pi OS setup. You will need to install the "Raspbian" image and set up and expand the primary partition to use an entire SD card. There are many good tutorials on this, and the Raspberry Pi site has lots of documentation.

 

Install Dependencies

Once our OS is installed, we will then need to add the necessary packages to support Kismet.

SSH into your Pi as "pi", and download the Kismet code (or add it to your apt sources):

wget http://www.kismetwireless.net/code/kismet-2011-03-R2.tar.gz

First things first, screen. Screen is a great tool for having multiple virtual "consoles" that can continue to run in the background. I use them a lot when doing pen tests. I could run Kismet in server-only mode, but I don't have a Kismet client on my stock iPad. But I do have an SSH client, so instead, I'll just run the full ncurses UI in a screen session.

This will allow me to easily detach from the session and reattach where I left off. Also, we need to install some prerequisites before we begin compiling Kismet. I'm installing TCP dump as well. It's a very valuable tool to check and verify network traffic, or just peak at the data going across a network.

sudo apt-get install screen gpsd ncurses-dev libpcap-dev tcpdump

Wait for that to finish... Get some coffee or Tea.

 

Configure GPSD

Next, configure GPSD for your equipment. As I used a USB GPS device, I just updated the file /etc/default/gpsd with my relevant hardware.

/etc/default/gpsdGPSD_OPTIONS="/dev/ttyUSB0"

 

Install Kismet

Now we get to compile and install Kismet from the source we downloaded earlier.

tar xfvz kismet-2011-03-R2.tar.gzcd kismet-2011-03-R2./configuresudo make install

This takes a while... like minutes... reminds me of the days of sub-GHz processors, oh wait that is what the Pi is. It's great for graphics, but kind of slow for compiling, and I believe that is due to the SD card bus being the bottleneck.

 

Configure Kismet

Next, to speed up the start-up of kismet, edit your /usr/local/etc/kismet.conf to point at your wireless card. Check out the Kismet README, section five, for examples for your card. Otherwise, the newer version of Kismet will ask you for the wireless interface each time it starts up.

I added the following line to the /usr/local/etc/kismet.conf config file:

 ncsource=wlan0:name=RTL8187 

 

Wardrive, Warchalk, Warwalk, Warbike!

Now plug in "all the things" and take it out on the town for a spin.

screenkismetCtrl-A-D

Go for a drive, walk, or bike (my favorite pastime) and collect some data. Then take that raw Kismet data and combine it using the netxml2kml python script. Run it through netxml2kml.py, and then import the KML data into Google Earth and plot your WiFi data. Check out which of your neighbors still have WEP. Ideally, the next feature should be showing where people still have WPS enabled, but that's for another time.

Latest SpiderLabs Blogs

Why We Should Probably Stop Visually Verifying Checksums

Hello there! Thanks for stopping by. Let me get straight into it and start things off with what a checksum is to be inclusive of all audiences here, from Wikipedia [1]:

Read More

Agent Tesla's New Ride: The Rise of a Novel Loader

Malware loaders, critical for deploying malware, enable threat actors to deliver and execute malicious payloads, facilitating criminal activities like data theft and ransomware. Utilizing advanced...

Read More

Evaluating Your Security Posture: Security Assessment Basics

This is Part 4 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts. The full series can be found here.

Read More