Step 1: Build your capture rig
Solar Battery Pack, Pi, Alfa, Rock and Roll
xz -cd kali-2017.01-rpi2.img.xz | dd of=/dev/mmcblk0 bs=4M iflag=fullblock oflag=direct status=progress
You may need to install Kismet.
apt-get install kismet apt-get install gpsd gpsd-clients
Attach your gps puck.
Verify whether its /dev/ttyUSBx or /dev/ttyAMAx. Then something like this will work:
gpsd -b -N -D 3 -n -F /var/run/gpsd.sock /dev/ttyUSB0
service gpsd start cgps -s
GPSd Functioning as Expected
Step 2: Configure kismet to monitor the two 802.11b/g channels that will cover all US legal 2.4 frequencies.
Monitor on the arrows to cover all ‘legal’ US 2.4GHz frequency spreads
Add Source… Config Channel… Important Kismet Options
Channels Locked on 3 and 8 for War Driving
Step 3: Walk/Drive/Ride
At this point, you really want to gracefully exit out of Kismet. This will keep your resulting files in good shape for further analysis.
Step 4: Manipulate results and Upload
This repo will allow a very easy translation of your netxml files to a usable CSV for the last step.
git clone https://github.com/MichaelCaraccio/NetXML-to-CSV.git
Run the conversion tool:
python3 main.py file.netxml result.csv
Upload the results to maps.
Needly Pinned SSIDs and Lat/Long Output
In this case, business names have been redacted. The point here is the amount of information we leak from our wireless networks is too much. Open networks are everywhere. We all know the PSKs on some of these networks are way too short. Broadcasting an SSID name that matches your business in some way is a sure way to give away more information than you want to. Let’s take a step back from our lenses and ask ourselves, do we really need to provide open and free wireless access?
We have demonstrated the flaws in basic wireless design:
The only way to wireless correctly is with certificate validating supplicant configuration, strong user passwords and consistent testing and validation. Otherwise, your wireless is a threat.