Unlocking Wireless Networks: Kismet and Wardriving Explained

5Gmb...M2Ub

21 Oct 2023

121

What you’ll need to detect things in your local environment

If you’re a regular reader you might remember this article where we did a walk through on installing Kali on the Pi Zero to create a Kali-Pi to use for cyber research and discovery.
Today we’ll be taking a look at what you need to modify that setup to work as a wireless detection and War driving device on the go. It’ll take some additional hardware and configuration so lets get to it.

Note: If you prefer, you can use any old Linux Distro for this. We’ve simply chosen Kali as it comes equipped with the software and drivers we’ll need for this project. Feel free to pick Ubuntu or another version of Linux and roll your own experience however. It’s a great way of learning how to work with the command line effectively although it may be a little less plug and play.

What is Wardriving
Lets ask Chat GPT for a quick summary on Wardriving

Input: Explain the practice of Wardriving for me please.

Output: Wardriving is a practice involving the detection and mapping of wireless networks while moving through various locations. Typically conducted using a mobile device equipped with Wi-Fi capabilities, such as a laptop, smartphone, or tablet, Wardriving aims to identify both open and secured wireless networks and gather information about their signal strength, encryption methods, and other technical details.

Detection: Wardrivers use Wi-Fi scanning tools to detect nearby wireless networks and gather information about them. These tools identify networks by their Service Set Identifier (SSID) and provide details about the network’s security protocols, signal strength, and sometimes even the manufacturer of the router.
Mapping: The data collected during Wardriving can be used to create maps that show the locations of wireless networks. These maps can reveal the density of networks in different areas, which can be useful for planning network deployment or analyzing network usage trends.
Security Assessment: Wardriving can help identify potential security vulnerabilities in wireless networks. Unsecured or weakly secured networks are more susceptible to unauthorized access and data breaches. Wardrivers may emphasize the importance of securing networks to protect sensitive information.
Legal and Ethical Considerations: While Wardriving itself is not inherently illegal, using unauthorized access to networks or exploiting network vulnerabilities without permission is against the law and unethical. Ethical Wardrivers focus on responsible practices, avoiding any harmful activities.
Community Awareness: Wardriving can raise awareness about the prevalence of Wi-Fi networks and the importance of securing them. It encourages individuals and businesses to take measures to protect their networks and the data transmitted over them.

It’s important to note that while Wardriving is more mapping than hacking, you will still need to check the legalities around it that apply to your area.

Now we understand what Wardriving is let’s take a look at what we’ll need to get started.

Equipment List
Firstly, we’ll need our Pi Zero that we’ve already configured with Kali. While we’ve also had good success using Intel Nuc’s and Lenovo’s Tiny, you can pick any smart device to suit your situation. Some people even use a smart phone. You’ll simply need to be sure to understand that in heavily saturated environments, that a low powered computational device like the Pi Zero paired with a single Wi-Fi card may struggle to effectively detect everything within your local environment. It may take some experimentation to find out what works for your setup specifically.

We’ll also need a GPS module. USB connection is preferred. Bluetooth devices will work, but given we’ll be looking for Bluetooth devices as well we don’t want to overload Kismet with our own packets.

We’ll also need least one Wi-Fi card that’s able to be put in to monitor mode. We like the Alfa, although have also experimented with quite a few no name Wi-Fi cards with varying levels of success. The TPLink WN-722 gets a lot of recognition but in our experience it’s a bit too fiddly for a first card and there are better options for beginners to use.

Lastly, you’ll need a power source and your preferred method of accessing the Pi so you can use the Kismet Web interface. We mostly stick with an external monitor as that’s what works best for the current setup.
Kismet. Cold, Dark and ready for the addition of data sources. Source: Investigator515

Configuration
Boot Kali with your GPS connected. Once it’s up, bring up a terminal so we can get started.
Firstly, we’ll need to bring the interface down, switch it to monitor mode and then bring it back up. Using these commands should get you close, and don’t forget you’ll need root access to do so although we’ll typically avoid running Kismet with Sudo privileges.

sudo ip link set wlan0 down

sudo iw dev wlan0 set type monitor

sudo ip link set wlan0 up

We’ll also want to bring up the onboard Bluetooth. We can do so using this command:

sudo hciconfig hci0 up

If your Bluetooth hasn’t started on boot you can enable it using this command:

sudo systemctl enable bluetooth

Once your card is in monitor mode, we’ll need to start kismet.

kismet -c wlan0 hci0

If you’re successful you’ll see Kismet starting in the terminal, along with the web interface booting up. Point your browser to the Kismet interface to confirm the final setup. You’ll need to see:

GPS Data feeding into the web interface and displaying in the top left corner.
The primary Wi-Fi interface switched to Kismon detecting Wi-Fi stations.
The primary Bluetooth interface Hci0 detecting Bluetooth traffic.

And if you’re really keen, you can add a cheap RTL-SDR dongle and use it for aircraft detection at the same time.

Should you have any issues with your setup, you can access further configuration via the left menu on the web interface. You can also set detection and device colors, making it easier to sort devices by category, time and other sorting options.

Have an explore, see what you find. You should be running the current version of Kali, so you’ll be able to find plenty of extra resources should you need them and if, in the worst case scenario you break your system refreshing it is as easy as re flashing a new SD card.

The Kismet Web Interface is much snappier than the old terminal version. Source: Investigator515

Next Steps
So to recap at this point you should be detecting traffic via your various data sources. You should also have the Kismet web interface displaying your GPS location, and devices sorted by detection type and time.

If you’re at this point, you’ll be seeing at least a few devices depending on your network density. We’ll leave the analysis of the data for a future article, but it’s important to understand one other thing about Kismet.

In it’s current configuration it’s also be able to used as an extremely efficient Wireless Intrusion Detection System. This is because it will provide alerts should it detect things in it’s local environment.

Some of the alerts you can configure are:
Promiscuous (Monitor) mode wireless card detection,
Wi-Fi Deauth packets,
Authentication failures &
Rouge Access Points & Evil Twin attacks.

Like Wireshark, Kismet is an extremely effective tool for learning about wireless and networking protocols, device security and detection and Wi-Fi and Bluetooth protocols in general and is another step in the path towards being able to correctly monitor and secure your network in house.

If you’d like to learn more about Cyber Security generally, we’d recommend getting an account with Tryhackme. Learn about CyberSecurity and defensive strategies in a controlled environment with plenty of accessible resources. Check it out via this link

🌟 Enjoyed this article? Support our work and join the community! 🌟

💙 Support me on Ko-fi: Investigator515

📢 Join our Telegram channel for exclusive updates or.

🐦 Follow us on Twitter
🔗 Articles we think you’ll like: