[Chicago] Python traffic analysis idea

Steve Schwarz steve at agilitynerd.com
Tue Jan 28 21:20:15 CET 2014


Maybe I'm missing something but why not a basic web app (even a CGI script)
that the "Points" HTTP POST to? Then you can process the data at post or
store centrally for further processing. You can use urllib2 or
python-requests to do the POST with authentication. HTTP(S) is async and
sufficiently secure for this data - unless you are sending a real lot of
data/packets.

Best Regards,
Steve


On Tue, Jan 28, 2014 at 11:28 AM, Adrian Buford <
technicallydebatable at gmail.com> wrote:

> The issue isn't finding code to perform the task. The issue is getting the
> results to a log. I cannot find anything in that direction. I would put the
> idea in the same category as wardriving but with an added purpose. I am a
> daily user of kali and pentoo  I even went as far as reading the man pages
> on the Aircrack-ng suite to see if there was anything I overlooked. I've
> looked at Fern also. You are probably right. This is something I may need
> to hash out with my own code completely
> On Jan 28, 2014 10:38 AM, "Nick Bennett" <nick at goggl.es> wrote:
>
>> What you're talking about, logging information about WiFi access points,
>> sounds a lot like wardriving <http://en.wikipedia.org/wiki/Wardriving>.
>> Even if that's not exactly what you mean, it should point you in some
>> directions for how to do such things with Python.
>>
>> I think that one of the most important part of problem solving and
>> research in this day and age is to get relevant keywords. Searching for
>> "wardriving python" on DuckDuckGo<https://duckduckgo.com/?q=wardriving+python>produces a lot of seemingly relevant results, including:
>>
>> - a metric tonne of instructions on creating a mobile wardriving device
>> using RaspberryPi and other low power (consuming) hardware, which reminds
>> me of Paul Ebreo's talk at the ChiPy meeting<http://www.chipy.org/meetings/past/>November 2013 at Spartz "Python <3 Open Source Hardware"
>> - a ton of stuff related to computer security and penetration testing
>>
>> What I didn't see in that search was much about writing Python code or
>> particular modules. I imagine this might be because wardriving is a very
>> common term I'd associate with non-programmers who want to perform a
>> complex task without needing to write code. I refined the search on DuckDuckGo
>> to "python penetration testing wifi"<https://duckduckgo.com/?q=python+penetration+testing+wifi>and got some promising directions:
>>
>> - Fern <http://code.google.com/p/fern-wifi-cracker/> - "a Wireless
>> security auditing and attack software program written using the Python
>> Programming Language <http://www.python.org/> and the Python Qt GUI
>> library <http://www.riverbankcomputing.co.uk/software/pyqt/intro>, the
>> program is able to crack and recover WEP/WPA/WPS keys and also run other
>> network based attacks on wireless or ethernet based networks"
>> - Video: WLAN SSID Sniffer Using Raw Sockets in [10 Lines of] Python<http://www.securitytube.net/video/7275>
>>
>> If you don't want to go that far down the rabbit hole, you could watch this
>> shaky video of a monitor <https://www.youtube.com/watch?v=RVVaWoxHKJo>of a fellow describing, very amiably and I think very understandably, how
>> to use Python very simply to get information from kismet on a Raspberry Pi
>> (for your viewers, pleease use a tripod and share your code somewhere other
>> than Google Docs<https://docs.google.com/file/d/0B1i26IugaGQbZmJBb2pwT2JJSjg/edit>
>> ).
>>
>> As with all things, please use this information responsibly and write
>> tests for your code.
>>
>> Nick Bennett
>> nick at goggl.es
>>
>>
>> On Tue, Jan 28, 2014 at 10:02 AM, Adrian Buford <
>> technicallydebatable at gmail.com> wrote:
>>
>>> They collect the data but don't have options for export. I looked at the
>>> man pages for both. One had an export Option I couldn't get to work
>>>  On Jan 27, 2014 9:59 PM, "Adrian Buford" <
>>> technicallydebatable at gmail.com> wrote:
>>>
>>>> I'll research tonight and post how I branch off. Thank you.
>>>> On Jan 27, 2014 8:55 PM, "Daniel Peters" <danieltpeters at gmail.com>
>>>> wrote:
>>>>
>>>>> So, are you looking for how to implement this?  There's a few wifi
>>>>> sniffing tools on Linux, things like (off the top of my head...) wifilist
>>>>> and wavemon. wavemon in particular does all of that, you could see if any
>>>>> of these kinds of tools output in some kind of text format, and then do
>>>>> what you want with that?
>>>>>
>>>>>
>>>>> On Mon, Jan 27, 2014 at 6:58 PM, Adrian Buford <
>>>>> technicallydebatable at gmail.com> wrote:
>>>>>
>>>>>> Looking for assist on writing a Python based traffic analysis
>>>>>> script(s). I have the concept drawn but just started digging into coding.
>>>>>> Any help is appreciated.
>>>>>>
>>>>>> Point A > captures bssid,  mac, said, signal strength of AP(x) and
>>>>>> appends time stamp to logA
>>>>>>
>>>>>> Point B > does same and appends to logB
>>>>>>
>>>>>> Information is compared between logs and average Point A to Point B
>>>>>> time is generated based on signal threshold. AP(x) being any device that
>>>>>> can broadcast such signal. Cellular, mobile hot spot, CTA train (yes they
>>>>>> do). Idea came from using WigleWiFi this weekend. Was thinking of logging
>>>>>> via ssh connection to home server. I'm sure accuracy can be improved via
>>>>>> the great minds here. This idea isn't limited to two points. More points
>>>>>> will yield better accuracy.
>>>>>>
>>>>>> Enough ranting. Thank you. Any help is appreciated.
>>>>>>
>>>>>> _______________________________________________
>>>>>> Chicago mailing list
>>>>>> Chicago at python.org
>>>>>> https://mail.python.org/mailman/listinfo/chicago
>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Chicago mailing list
>>>>> Chicago at python.org
>>>>> https://mail.python.org/mailman/listinfo/chicago
>>>>>
>>>>>
>>> _______________________________________________
>>> Chicago mailing list
>>> Chicago at python.org
>>> https://mail.python.org/mailman/listinfo/chicago
>>>
>>>
>>
>> _______________________________________________
>> Chicago mailing list
>> Chicago at python.org
>> https://mail.python.org/mailman/listinfo/chicago
>>
>>
> _______________________________________________
> Chicago mailing list
> Chicago at python.org
> https://mail.python.org/mailman/listinfo/chicago
>
>


-- 
Best Regards,
Steve
Blogs: http://agilitynerd.com/  http://tech.agilitynerd.com/
Dog Agility Search: http://googility.com/
Dog Agility Courses: http://agilitycourses.com/
http://www.facebook.com/AgilityNerd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/chicago/attachments/20140128/e90ccb5f/attachment.html>


More information about the Chicago mailing list