How to: From WarDriving to SSIDs on Google Maps with Latitude/Longitude

Jordan Drysdale //

Step 1: Build your capture rig

RPi3, Kali, Battery Packs, 2 x supported wifi card of your choosing (I used the Alfa Black for this run). My finished product:

Solar Battery Pack, Pi, Alfa, Rock and Roll


xz -cd kali-2017.01-rpi2.img.xz | dd of=/dev/mmcblk0 bs=4M iflag=fullblock oflag=direct status=progress

You may need to install Kismet.

apt-get install kismet

apt-get install gpsd gpsd-clients

Attach your gps puck.

Verify whether its /dev/ttyUSBx or /dev/ttyAMAx. Then something like this will work:

gpsd -b -N -D 3 -n -F /var/run/gpsd.sock /dev/ttyUSB0

Or

service gpsd start
cgps -s

 

GPSd Functioning as Expected

Step 2: Configure kismet to monitor the two 802.11b/g channels that will cover all US legal 2.4 frequencies.

Monitor on the arrows to cover all ‘legal’ US 2.4GHz frequency spreads

Add Source… Config Channel… Important Kismet Options

Channels Locked on 3 and 8 for War Driving

Step 3: Walk/Drive/Ride

War-Walking Path

At this point, you really want to gracefully exit out of Kismet. This will keep your resulting files in good shape for further analysis.

Step 4: Manipulate results and Upload

This repo will allow a very easy translation of your netxml files to a usable CSV for the last step.

git clone https://github.com/MichaelCaraccio/NetXML-to-CSV.git

Run the conversion tool:

python3 main.py file.netxml result.csv

Upload the results to maps.

https://www.google.com/maps/d/

Needly Pinned SSIDs and Lat/Long Output

In this case, business names have been redacted. The point here is the amount of information we leak from our wireless networks is too much. Open networks are everywhere. We all know the PSKs on some of these networks are way too short. Broadcasting an SSID name that matches your business in some way is a sure way to give away more information than you want to. Let’s take a step back from our lenses and ask ourselves, do we really need to provide open and free wireless access?

We have demonstrated the flaws in basic wireless design:

The only way to wireless correctly is with certificate validating supplicant configuration, strong user passwords and consistent testing and validation. Otherwise, your wireless is a threat.



Want to learn more mad skills from the person who wrote this blog?

Check out this class from Kent and Jordan:

Defending the Enterprise

Available live/virtual and on-demand!