قالب وردپرس درنا توس
Home / Tips and Tricks / How to Enable Monitor Mode and Packet Injection on the Raspberry Pi «Zero Byte :: WonderHowTo

How to Enable Monitor Mode and Packet Injection on the Raspberry Pi «Zero Byte :: WonderHowTo



The Raspberry Pi Zero W and Pi 3 Model B + have built-in Wi-Fi, Bluetooth Low Energy, and more than enough power to run Kali Linux. They sound like perfect all-in-one penetration test equipment, but the lack of support for monitor mode and packet injection usually meant buying a supported Wi-Fi adapter. It is now possible to use the monitoring mode on the integrated Wi-Fi chip with Nexmon.

The Need for Packet Injection and Monitoring Mode

There are many reasons why a wireless card can be used in monitor mode would be useful. The Wi-Fi card in a Raspberry Pi is not very good at doing anything other than making a basic Wi-Fi connection.

While some tools in Kali Linux may work with a card that does not support monitoring mode, this is more common if you want to find out that a tool you want to run does not work without it. Therefore, most hackers choose to purchase an external wireless network adapter with a USB port that offers more flexibility.

Picture of SADMIN / Null Byte

In the above example, the tiny Pi Zero W controls an almost twice as large Alfa AWUS036NHA antenna. While this impressive footprint is impressive for controlling such a stout antenna with a tiny device, it almost destroys the purpose of using a Pi Zero W, unless you try to hide the Pi in the antenna.

The Pi Zero W Wireless Card

The Raspberry Pi Zero W includes the same Broadcom BCM43438 chipset used by other Raspberry Pi models. The small chip contains a Wi-Fi radio, Bluetooth radio and can even receive FM radio. Despite these powerful capabilities, the chip is incredibly small, so the 1-inch Raspberry Pi Zero W can access Wi-Fi networks and use Bluetooth peripherals such as keyboards or mice.

Image of SADMIN / Null Byte

Due to the proliferation of the Broadcom BCM43438, the community's interest in monitoring mode support has grown steadily since its introduction. Nevertheless, the manufacturer never came to officially support the monitor mode, which limited the usefulness of the radio cards in Raspberry Pi devices.

For a hacker, this means that the Raspberry Pi is a Wi-Fi hacker. As a platform, only a part of an overall system needs to be considered, including a secondary adapter that supports monitoring mode and packet injection. In general, this is not too much compromise, as the Pi's internal antenna is normally used as a "command and control antenna" that allows for control of the stronger "offensive" network adapter.

Nexmon Community Support [19659003] While Broadcom never released a monitor mode patch, the community eventually received a patch. The Nexmon project is a firmware patch in C for the Broadcom / Cypress chips used in Raspberry Pi devices. An important note before using this patch is that it was developed by the community and does not have the same assurances that an official patch would imply, as stated in the Nexmon GitHub Repo Warning.

WARNING: Our software may damage your hardware and your warranty may be void! You use our tools at your own risk and responsibility! If you do not like these terms, do not use nexmon!

– Nexmon GitHub

Despite the warnings provided, Nexmon generally works very well with the supported cards. Not only does Nexmon support the chipset in the Raspberry Pi, but it can also be used for monitor mode in a variety of other wireless chips used in smartphones.

A list of chipsets supported by Nexmon. Image via Nexmon GitHub

Step 1: Setting up the Raspberry Pi with Nexmon

To get started, you need a Raspberry Pi running Kali Linux with a Nexmon supported chipset. Since all chipsets are supported at the moment, this should work with any Raspberry Pi model. As we look at the Raspberry Pi Zero W in this guide, you can follow any Pi model.

Image of SADMIN / Null Byte [19659025] Option 1: On a New Raspberry Pi

In the first scenario, we set up a Pi Zero W in which Kali Linux is not installed yet. This is perfect if you are setting up a Pi for the first time or otherwise working with a device that has no data to save. If you have an existing Pi setup to which you want to add Nexmon, I will cover these instructions in the next option.

The easiest way to activate Surveillance mode simply loads a Kali image with Nexmon already installed. One of my favorites is the Sticky Finger's Kali Pi image, which can be installed on any type of Raspberry Pi. To download the Kali Pi image of the Sticky Finger, select from the version that matches your Raspberry Pi model:

When the image is downloaded, use Etcher to flash the image onto the Pi's SD card, one of the easiest ways to prepare your SD card However, if you are running Windows, you can use Win32 Disk Imager to put your image on the card. On a Mac, you can also write a bootable SD image through a terminal using the following instructions:

Before you connect your SD card, run the following in a terminal that has a list of all connected to your system connected hard disks is displayed.

  df -h 

Connect your SD card, run the command again, and note the name of the file system of your SD card (this is the name that did not exist before). It should look like / dev / disk2s1, and you should be very careful not to mix it in the next steps as this could overwrite your hard drive.

Now use the dd command to load the potash image onto the map. First, use the following command to uninstall the partition so you can write to it, where X is the correct disk number.

  sudo diskutil unmount / dev / diskX 

Next, run the following command to load the image onto the SD card. If an "s" appears after the original volume number (for example, "rdisk2s1"), do not specify the "s" or the following number. So "Rdisk2s1" should look like "rdisk2". So it should look like this:

  sudo dd bs = 1m if = LocationOfKaliImage of = / dev / rdiskX 

Press . Enter to start the process and note that dd ] does not display any information on the screen unless an error has occurred or the operation is complete. To display the progress during the transmission, you can press Ctrl-T . Wait for the process to complete. You know that the process is complete when you see a transfer of the bytes transferred and the timing of the process.

When the process is complete, load the Pi with the SD card and follow the instructions to set up your server Reinstall Kali Linux and the top 10 tasks after installing Kali Linux

Option 2: Up an existing Raspberry Pi

To set up an existing Raspberry Pi, you must either sign in via SSH, connect a monitor and keyboard to log in, or use a connected computer. Make sure your Pi is connected to a Wi-Fi network and open a terminal window.

First, make sure you are root and change the directory to the right place:

  sudo su
cd / usr / local / src 

After changing the directory, download the latest version of the Re4son kernel to the directory.

  wget -O re4son-kernel_current.tar.xz https://re4son-kernel.com/download/re4son-kernel-current/ 

Next, extract the ones downloaded with the command tar File.

  tar -xJf re4son-kernel_current.tar.xz 

After the file has been extracted, change the file directories to the directory that has just been decompressed:

  cd re4son-kernel_4 * 

Finally install run the firmware patch by running the program install.sh .

  ./ install.sh [19659032] After completing the installation process, the Wi-Fi card on your Raspberry Pi should support the monitor mode. 

Step 2: Monitor Mode and Packet Injection Test

Now try setting your card to Monitor Mode. The Re4son kernel comes with its own utility that allows you to put the card into monitor mode with the following command.

  sudo mon0 up 

When this is done, your mon0 interface should now be enabled. You can listen to other Wi-Fi conversations and inject packets. You can confirm that the card is in monitor mode by running the following command. You can press Ctrl-C to stop the scan as soon as you have seen that the card can be scanned.

  airodump-ng mon0 

Next, use aireplay-ng to test the Pi's ability to inject packets. To do this, make sure you are near a Wi-Fi network to initiate packet injection. Then run the following command:

  aireplay-ng --test mon0 

If you see a result as below, it means that your Pi can support packet injection.

  aireplay-ng --test mon0
12:47:05 Waiting for Beacon-Frame (BSSID: AA: BB: CC: DD: EE) on Channel 7
12:47:05 Broadcast test requests are being tried ...
12:47:06 injection works!
12:47:07 1 AP found

12:47:07 Testing of inspection requests ...
12:47:07 AA: BB: CC: DD: EE - Channel: 7 - & # 39; Dobis & # 39;
12:47:08 Ping (min / avg / max): 0.891 ms / 15.899 ms / 32.832 ms Power: -21.72
12:47:08 29/30: 96% 

An All-in-One Package for Wi-Fi Hacking

The Raspberry Pi Zero W Sets the Bar for a Cost-Effective, Versatile Single-Board Computer The Nexmon added Community support allows a Pi Zero W to act as an all-in-one computer for Wi-Fi hacking. Having just one card on the board means you can not only control one Pi and attack with the same Wi-Fi card. However, there are many other clever ways to connect to a Pi, either through a serial cable or via Bluetooth. Make this configuration very useful.

I hope you have this guide to adding the monitoring mode to the Raspberry Pi Zero W! If you have questions about this Raspberry Pi Zero W tutorial or have a problem with Raspberry Pis in general, you can comment below or reach me on Twitter @KodyKinzie .

Do not Miss: Disable Security Cameras on Any Wireless Network with Aireplay-ng

Cover Picture of SADMIN / Zero Byte




Source link