1 00:00:00,070 --> 00:00:06,450 Everyone, welcome to another video of our wi fi pantheistic series, last time we learned how to write 2 00:00:06,450 --> 00:00:13,440 a simple python tool with the help of Skype to scan for wireless clients and get to, as I said, be 3 00:00:13,440 --> 00:00:15,090 a society and channel no. 4 00:00:15,210 --> 00:00:15,600 Right. 5 00:00:16,480 --> 00:00:19,200 Today, we are going to learn how to do the same. 6 00:00:19,200 --> 00:00:22,740 But using raw sockets, we're not going to use Skype today. 7 00:00:24,240 --> 00:00:25,890 All right, let's get started. 8 00:00:26,850 --> 00:00:32,790 Let's create a Python script and import all of these modules that you see here, since we are going 9 00:00:32,790 --> 00:00:36,270 to use all of them in this video and later videos as well. 10 00:00:38,250 --> 00:00:41,660 The next thing that we need to do is to create our socket. 11 00:00:43,320 --> 00:00:44,820 Let's create our socket first. 12 00:00:44,830 --> 00:00:51,180 I'm going to copy and paste it because I don't want this video to be long, so I'm just going to stick 13 00:00:51,180 --> 00:00:51,510 here. 14 00:00:54,660 --> 00:01:00,420 Do you remember how to create a socket from before, it's fine if you don't, this socket will be a 15 00:01:00,420 --> 00:01:01,180 little different. 16 00:01:01,230 --> 00:01:05,970 We need to use the socket that offenders or packet instead of offenders. 17 00:01:05,970 --> 00:01:13,410 KLEMET from before TSIPI And if you remember, the RF underscore packett allows us to send and receive 18 00:01:13,440 --> 00:01:15,120 raw packets through the kernel. 19 00:01:16,530 --> 00:01:22,020 The Hex zero zero zero three means that we want to capture all packets. 20 00:01:22,020 --> 00:01:25,350 We are interested in all of them, not just one or more few. 21 00:01:26,820 --> 00:01:32,210 Then we bind on the interface, which is the lens through Mond. 22 00:01:34,890 --> 00:01:39,870 Now we're going to start an infinite while loop to start receiving everything. 23 00:01:39,870 --> 00:01:45,630 And since we're only interested in the first part of the frame, we will use the first element of the 24 00:01:45,630 --> 00:01:48,030 list, which is the bracket zero. 25 00:01:49,200 --> 00:01:49,830 Here we go. 26 00:01:51,360 --> 00:01:56,700 Now if you remember from the slides, our subtype byte is number thirty six. 27 00:01:56,700 --> 00:02:01,110 Again, this could be another byte if you're using a different kind of wi fi adapter. 28 00:02:01,350 --> 00:02:02,800 I'm using tippling from now. 29 00:02:03,360 --> 00:02:07,800 So if you have an Alpha, it could be, I don't know, like a different number. 30 00:02:07,830 --> 00:02:09,240 Like, you have to look for that. 31 00:02:09,380 --> 00:02:10,540 You have to look it up yourself. 32 00:02:11,970 --> 00:02:20,870 So if byte number thirty six is equal to 80 in X, which is a beacon frame, that's where where we are 33 00:02:20,870 --> 00:02:21,340 looking for. 34 00:02:21,360 --> 00:02:21,630 Right. 35 00:02:22,440 --> 00:02:30,260 So if packets three six equal to 80 in Hex, we know now this is a beacon frame. 36 00:02:31,050 --> 00:02:31,860 What do we do now? 37 00:02:32,280 --> 00:02:37,260 Well, let's first unpack the header length because we will need it in a bit. 38 00:02:37,980 --> 00:02:44,550 The header length starts from the second byte to the fourth, but let's see that in one first. 39 00:02:52,260 --> 00:02:58,260 OK, let's go to the radio tab header length. 40 00:02:59,040 --> 00:03:02,100 This one, she is selected here. 41 00:03:04,770 --> 00:03:12,440 OK, the header length, this one, if you look at the bottom, it says bites two to three. 42 00:03:13,330 --> 00:03:19,030 I mean, if you count one, two, three, four. 43 00:03:19,030 --> 00:03:19,360 Right. 44 00:03:20,920 --> 00:03:29,710 So in our code, we needed to be from two to four, because if you're in the list, it will be when 45 00:03:29,710 --> 00:03:33,580 you say two, four to four basically means from the second to the third. 46 00:03:35,320 --> 00:03:36,980 OK, so let's do that. 47 00:03:39,430 --> 00:03:46,600 So, OK, we say here from the second to the fourth, but in Wireshark, let's let's take a look at 48 00:03:46,600 --> 00:03:51,600 it again, the header length here and it's selected. 49 00:03:53,410 --> 00:03:53,660 Yep. 50 00:03:53,920 --> 00:03:56,980 So this is zero one two. 51 00:03:57,580 --> 00:03:57,940 Right. 52 00:03:58,480 --> 00:04:01,780 So this is the second and this is the fourth. 53 00:04:02,590 --> 00:04:10,070 But if in Python, if you do two to four here, one, two, three, four. 54 00:04:10,090 --> 00:04:12,040 So it's basically the third and the fourth. 55 00:04:12,580 --> 00:04:16,200 But in Python, we need to do it this way. 56 00:04:16,630 --> 00:04:17,710 Two to four. 57 00:04:19,660 --> 00:04:25,990 So now we got our header length and some people might be asking why we need to have length. 58 00:04:26,240 --> 00:04:28,340 Yeah, we will get to that in a bit. 59 00:04:29,390 --> 00:04:34,330 Now, let's create another variable which has the beacon frame itself. 60 00:04:37,130 --> 00:04:45,260 So big Phryne Cool Pacard starts from the header length that we just got up until twenty four, adding 61 00:04:45,260 --> 00:04:55,880 twenty four bytes to the length that we got because the beacon frame starts from that byte number thirty 62 00:04:55,880 --> 00:04:58,910 six, which, which is actually the subtype byte. 63 00:04:58,910 --> 00:04:59,270 Right. 64 00:04:59,990 --> 00:05:04,440 So from byte number one to bite number thirty five is the radio tab. 65 00:05:05,570 --> 00:05:09,380 Now let's open Warshak again and take a look at the beacon frame. 66 00:05:14,370 --> 00:05:23,460 We can frame this one year, so this beacon frame from here, if we click on it again up until this 67 00:05:23,460 --> 00:05:33,330 F seven, which is fifty nine right now, the transmitter, which is the access point, the BSA side 68 00:05:33,330 --> 00:05:38,520 is the 20th byte of the beacon frame up to the 30 second byte. 69 00:05:39,360 --> 00:05:40,060 Let's see it again. 70 00:05:40,080 --> 00:05:42,390 Let's actually expand it first here. 71 00:05:42,390 --> 00:05:43,260 A transmitter. 72 00:05:46,430 --> 00:05:53,000 This one here, if we select it and go here and hover over the six eight index, it says here from forty 73 00:05:53,000 --> 00:05:55,270 six to fifty one, right. 74 00:05:56,270 --> 00:06:01,470 But since we have it in a variable like the actual beacon frame, so we are counting from zero. 75 00:06:02,390 --> 00:06:05,090 So if you count it, you count it on your own. 76 00:06:05,100 --> 00:06:10,940 Later you'll find that it's from the 20th but up to the 30 second byte. 77 00:06:11,990 --> 00:06:15,380 So we need to create a variable called a society. 78 00:06:15,380 --> 00:06:16,010 Come here. 79 00:06:16,700 --> 00:06:21,050 This is a vehicle beacon frame starts from the 20 to 30 second. 80 00:06:21,080 --> 00:06:26,450 This is the business idea, Mac address that we want now. 81 00:06:27,080 --> 00:06:31,850 Our side length is byte number seventy three, remember from before. 82 00:06:32,780 --> 00:06:38,240 So we get that and we store our as a side name from the next byte. 83 00:06:38,420 --> 00:06:41,560 Seventy four up to the length of the society. 84 00:06:41,570 --> 00:06:43,850 So let's get the length of the society first. 85 00:06:45,200 --> 00:06:55,430 Let's do try here and the length of this side we're doing, we're using four because we need to convert 86 00:06:55,470 --> 00:06:56,800 in packets. 87 00:06:56,810 --> 00:06:57,370 Seventy three. 88 00:06:57,380 --> 00:06:59,580 This is the length of this side. 89 00:07:00,350 --> 00:07:11,640 After that we say this is ID equal packet from seventy four up to seventy four plus the lane and the 90 00:07:11,700 --> 00:07:15,020 score of this side that we have here. 91 00:07:17,820 --> 00:07:29,970 OK, except I'll just say society is equal to a known unknown in society. 92 00:07:32,430 --> 00:07:40,470 Now, again, we check if the business side is not in our list, which we we haven't created yet, so 93 00:07:40,470 --> 00:07:44,970 a business called Last Equal, you're creating a list here. 94 00:07:48,330 --> 00:07:57,630 If we decide this, when we got here is not in the access point list, we added we appended to our list 95 00:07:57,900 --> 00:08:05,470 because we don't want to keep printing the access point over and over, and then we print our business 96 00:08:05,470 --> 00:08:05,770 aside. 97 00:08:05,820 --> 00:08:07,980 And as I said here. 98 00:08:09,690 --> 00:08:11,960 Right, OK, so far so good. 99 00:08:13,080 --> 00:08:13,770 Let's try. 100 00:08:19,300 --> 00:08:20,190 OK, nice. 101 00:08:20,190 --> 00:08:23,430 We got our business side and society here. 102 00:08:25,050 --> 00:08:28,050 OK, so far so good. 103 00:08:28,060 --> 00:08:32,600 But our Mac address, as you see it here, it doesn't look good. 104 00:08:32,610 --> 00:08:32,990 Right. 105 00:08:33,750 --> 00:08:34,620 Let's fix that. 106 00:08:37,050 --> 00:08:45,210 Let's go after the business side line here and add this one, which will format a little bit or make 107 00:08:45,210 --> 00:08:49,460 it like look like an actual business idea, like actual Mac address. 108 00:08:50,200 --> 00:08:51,030 Let's try again. 109 00:08:52,710 --> 00:08:55,190 OK, now it looks like a Mac address, right? 110 00:08:57,690 --> 00:08:59,290 That was all, I guess, for this video. 111 00:08:59,820 --> 00:09:02,190 I hope you enjoyed doing what Skype did. 112 00:09:02,190 --> 00:09:05,880 And Ross Orcharding, thank you for watching and see you in the next video.