1 00:00:00,870 --> 00:00:08,010 Welcome to another video of our wi fi pantsing series today we are going to write our first wireless 2 00:00:08,010 --> 00:00:11,430 tool to scan for wireless access points using Skype. 3 00:00:16,720 --> 00:00:20,680 In this script, the first line is to import all functions from Skype. 4 00:00:22,570 --> 00:00:26,050 The second is the variable of the interface we are using. 5 00:00:26,800 --> 00:00:37,900 Then inside our function from from Skype all we're looking for a class or a layer, the DOT 11 F.C., 6 00:00:37,900 --> 00:00:44,950 as in some other like with other people, it can be only DOT 11 without the fax. 7 00:00:45,850 --> 00:00:53,500 And once it's found, if we find this layer, we check of the frame has a type of zero and subtype of 8 00:00:53,500 --> 00:00:56,010 it, which you probably know by now. 9 00:00:56,020 --> 00:00:57,820 It's a beacon frame, right? 10 00:01:00,980 --> 00:01:04,220 If it's a bigger frame, then we print address number two. 11 00:01:11,940 --> 00:01:20,460 Which is the address of the transmitter or the access point and the SS Edek name, which is in the form 12 00:01:21,630 --> 00:01:26,880 the variable that we pass through to the function, that info. 13 00:01:28,410 --> 00:01:32,970 We also need to check of this Mac address is in our list or not here. 14 00:01:35,770 --> 00:01:39,220 So I don't keep printing the same access point over and over. 15 00:01:39,250 --> 00:01:46,870 We are only interested in new access points that we scanned the last line in the bottom, this one, 16 00:01:47,890 --> 00:01:54,610 we start the sniffer mode of Skype with two arguments, the interface we want to listen on and the function 17 00:01:54,610 --> 00:01:55,740 to run this one. 18 00:01:57,700 --> 00:02:05,750 You're probably wondering now what is EFM dot 11 t colon three dot info. 19 00:02:06,110 --> 00:02:06,480 Right. 20 00:02:07,660 --> 00:02:09,420 Let's actually see that in detail. 21 00:02:13,660 --> 00:02:23,680 First, let's stop and Skype will ensure this thing, the DOT 11 t is the channel number, but how did 22 00:02:23,680 --> 00:02:24,850 we get the channel number? 23 00:02:25,070 --> 00:02:27,660 Right now, let's look. 24 00:02:27,910 --> 00:02:34,930 Let's look inside the dot, 11 year old Ellers DOT 11 DLT. 25 00:02:36,700 --> 00:02:40,690 We have three fields I'd lin and info. 26 00:02:42,430 --> 00:02:45,370 The one we are interested in is the I.D. and info. 27 00:02:46,990 --> 00:02:52,060 If we look in Wireshark, which was just one second, let's open it. 28 00:02:57,120 --> 00:02:59,730 We will notice that the channel is in the deep set. 29 00:03:01,580 --> 00:03:02,990 Let's look forward to channel. 30 00:03:05,600 --> 00:03:08,540 This one adds parameter. 31 00:03:13,000 --> 00:03:22,780 OK, so we are looking for I.D. equal, the asset part, and the info will be our channel, the channel 32 00:03:22,780 --> 00:03:23,380 that we want. 33 00:03:25,510 --> 00:03:28,980 OK, let's capture some frames and see that ourselves. 34 00:03:31,120 --> 00:03:34,090 Let's configure our interface and how many frames we want to sniff. 35 00:03:43,590 --> 00:03:56,610 Raimes, we want to start, is gone, let's say seven frames, OK, now with some frames, we got seven 36 00:03:56,610 --> 00:04:00,240 friends here in the other because it's not DCP or ICMP or anything. 37 00:04:01,740 --> 00:04:08,670 Let's see if we have any got any LTE in them or frames of summary. 38 00:04:11,460 --> 00:04:13,430 OK, let's look. 39 00:04:14,460 --> 00:04:17,070 Seems like we don't have any data living here. 40 00:04:17,690 --> 00:04:21,890 OK, let's capture more, let's say 15. 41 00:04:26,990 --> 00:04:30,820 OK, we have some that 11 ality here, right? 42 00:04:31,560 --> 00:04:32,120 That's good. 43 00:04:32,930 --> 00:04:38,240 So the first frame, it has a bunch of dot 11 Alti here. 44 00:04:38,960 --> 00:04:39,740 OK, that's good. 45 00:04:39,750 --> 00:04:41,210 Let's open frame number zero. 46 00:04:44,820 --> 00:04:47,760 Up frames, not frame. 47 00:04:50,220 --> 00:04:55,750 Now let's look for the asset field, where is it? 48 00:04:56,130 --> 00:05:03,180 It should be next to the DOT 11 Alti, so we're looking for DOT 11 realty, followed by the asset. 49 00:05:10,300 --> 00:05:16,800 OK, I found it here, Dr. T, the idea is this said the length is one and four. 50 00:05:16,810 --> 00:05:18,380 Here is the challenge number. 51 00:05:19,030 --> 00:05:21,320 A challenge number is one, right? 52 00:05:21,580 --> 00:05:23,340 This is how we got our channel number. 53 00:05:24,450 --> 00:05:31,270 That's why we in our Python code, it has the colon three, because one, two, three. 54 00:05:31,270 --> 00:05:32,050 This is the third one. 55 00:05:32,050 --> 00:05:32,350 Right. 56 00:05:33,960 --> 00:05:39,040 OK, let's go back now and run our script. 57 00:05:44,710 --> 00:05:49,630 Good, we're getting some as a side by side and channels here, right? 58 00:05:50,230 --> 00:05:50,890 That was easy. 59 00:05:53,760 --> 00:05:54,400 That's it. 60 00:05:54,630 --> 00:05:57,660 Next time, we'll see how this is done in raw soccer. 61 00:05:57,870 --> 00:05:59,610 So we're not going to use scaping. 62 00:06:00,270 --> 00:06:01,510 That was just for this video. 63 00:06:03,000 --> 00:06:04,670 We have reached the end of this lesson. 64 00:06:04,680 --> 00:06:05,310 Thank you. 65 00:06:05,310 --> 00:06:07,290 And see you in the next one.