قالب وردپرس درنا توس
Home / Tips and Tricks / How to Set Up a MacOS System for Wi-Fi Packets «Null Byte :: WonderHowTo

How to Set Up a MacOS System for Wi-Fi Packets «Null Byte :: WonderHowTo



MacOS is not known as an ideal operating system for hacking without customization, but it includes native tools that allow easy control of the Wi-Fi radio for packet sniffing. Changing channels, scanning for access points, and even capturing packets can be done from the command line. We use aliasing to set some simple commands for simple native packet capture on a MacOS system.

MacOS built in tools

If you can not download or install new tools on a MacBook or other macOS computer, you are capturing packets or performing WLAN scans does not seem to be easy. In fact, while there are terminal commands to do this, they are incredibly long and not very intuitive for beginners. For example, to perform a simple WLAN scan for nearby access points, the command is as follows:

  /System/Library/PrivateFrameworks/Apple8021
1.framework/Versions/Current/Resources/airport -s

This command Es is not easy to remember, but instead we can drastically shorten it by mapping the most useful commands for Wi-Fi scanning and sniffing to shorter, more memorable commands. Among the available commands, scanning the current connection for available details, scanning for nearby access points, changing the current Wi-Fi channel, and starting a packet capture session are the most important.

Using Wireshark on MacOS

While Wireshark is the default tool for packet capture, but there are some limitations that still require you to get into the macOS terminal commands. Because Wireshark can not set the channel where the card is in a MacOS computer, it can only listen in on a channel that allows your laptop to connect to a network; This is quite annoying since by default only the traffic directed to your computer is displayed.

If you change some settings in Wireshark, you can begin to see all the traffic on a particular channel. However, this does not appear. You can snoop on channels that you do not have a network to. To fix this, we need to use a macOS tool to set the channel manually so that we can switch between channels based on the result of a scan of nearby APs.

What You Need [19659003] These commands should work on most macOS systems, even if they have not been fully updated. Because they are built-in system tools, you do not have to download anything to get them up and running. If you are using a MacBook Air, Pro, or other Apple device running macOS with a wireless card, these commands should work. You must be able to execute commands as sudo, as most of these commands require administrator access.

Step 1: Create an Alias ​​

To create an alias, we first edit our Terminal Bash profile. This allows us to map lengthy or complicated commands that we often use for smaller commands. To do this, open a new terminal window and type the following:

  nano .bash_profile 

This command opens a text file that resembles the following:

  # Setting PATH for Python 3.6
# The original version is saved in .bash_profile.pysave
PATH = "/ Library / Frameworks / Python.framework / Versions / 3.6 / bin: $ {PATH}"
export PATH 

Underneath you can add aliases. How do they work? The anatomy of a bash alias looks like this:

  alias (NameOfAlias) = ​​& # 39; (TheCommandsYouWantTheAliasToRun) & # 39; 

Write and text our first alias

Useful Aliases for AP Discovery

19659003] To begin with, we will use a command to scan the area and make a list of all in the To give near APs. This includes information we need to locate and capture a wireless target network. With this scan, we can compare the name of a network with the channel on which it is broadcasting, the BSSID of nearby networks, the signal strength, and the type of security used on the network.

All this information is handy for targeting near networks or deciding which channel to channel to. To perform this scan, we need to type the following command into a terminal window:

  sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s 

I prefer to shorten this an alias named scanarea for quick access. To create this alias, enter nano .bash_profile and then add the following code at the end of the text document:

  alias scanarea = & # 39; sudo / System / Library / PrivateFrameworks / Apple80211.framework / Versions / Current / Resources / airport -s 

Press Ctrl-X to close the text file by typing Y to save the changes, if you are asked. To test the alias, quit your terminal program and reopen it. After restarting your terminal window, you should now be able to see the alias there by entering aka in a terminal window.

Now you should be able to enter scanarea in a Terminal window, type in your password and see a list of all nearby Wi-Fi networks.

  SSID BSSID RSSI CHANNEL HT CC SECURITY (auth / unicast / group)
BPS guest access 92: 2a: a8: 58: bf: 51 -86 132, + 1 Y - WPA2 (PSK / AES / AES)
BPS Mgmt 82: 2a: a8: 58: bf: 51-87 132, + 1 Y - WPA2 (PSK / AES / AES)
BWXLVS 54: 3d: 37: 7a: 1a: bc -85 56 US WPA2 (PSK / AES / AES)
attwifi 54: 3d: 37: 3a: 1a: bc -85 56 Y US NO
ALPHA FC: 0a: 81: 78: 16: C1 -83 11 Y US WPA2 (PSK / AES / AES)
_Travelers WiFi 00: 14: 06: 11: 4a: 40 -77 11 N - NO
BPS Guest Access 82: 2a: a8: 57: bf: 51 -83 11 Y - WPA2 (PSK / AES / AES)
DELTA fc: 0a: 81: 78: 16: c4 -82 11 Y US WPA2 (802.1x / AES / AES)
_LasVegas.Net HC 00: 14: 06: 11: 4a: 41 -77 11 N - NO
Caesars_Resorts fc: 0a: 81: 78: 16: c0 -83 11 Y US NO
ND BOH d0: 17: c2: eg: 99: b0 -81 10 Y - WPA2 (PSK / AES / AES)
HP Printer F2 Officejet Pro 8600 a4: 5d: 36: 43: a4: f2 -88 8 N - WPA2 (PSK / AES / AES)
BETA fc: 0a: 81: 78: 4a: 42 -68 6 Y US WPA2 (PSK / AES / AES)
DELTA fc: 0a: 81: 78: 42: c4 -64 6 Y US WPA2 (802.1x / AES / AES)
DELTA fc: 0a: 81: 78: 4a: 44-69 6 Y US WPA2 (802.1x / AES / AES)
Caesars_Resorts fc: 0a: 81: 78: 42: c0 -64 6 Y US NO
GAMMA fc: 0a: 81: 78: 42: c3 -64 6 Y US WPA2 (802.1x / AES / AES)
Caesars_Resorts fc: 0a: 81: 78: 4a: 40 -67 6 Y US NO
DIRECT-84-HP OfficeJet Pro 8720 30: e1: 71: d7: bc: 85 -74 6 Y - WPA2 (PSK / AES / AES)
Caesars_Resorts fc: 0a: 81: 78: 4a: 60 -86 1 Y US NO
GAMMA fc: 0a: 81: 78: 56: 53-74 1 Y US WPA2 (802.1x / AES / AES)
ALPHA fc: 0a: 81: 0d: 7c: 91-84 1 Y US WPA2 (PSK / AES / AES)
ALPHA fc: 0a: 81: 78: 40: 51 -73 1 year US WPA2 (PSK / AES / AES)
ALPHA fc: 0a: 81: 78: 56: 51 -68 1 Y US WPA2 (PSK / AES / AES) 

Reopen the bash profile and add the following code to indicate which channel the card is currently busy and information about the AP you are currently connected to.

  aka currentap = & # 39; sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport --getinfo & # 39; 

After When you save and close the file again, you should be able to open a new terminal window, and after restarting the terminal, type in currentap to get information about the current connection status of your device To get computers.

  currentap

agrCtlRSSI: 0
agrExtrissi: 0
agrCtlNoise: 0
agrExtNoise: 0
Status: Init
Operation mode:
Last TXRate: 0
max rate: 0
LastAssocStatus: 16
802.11 Auth: Open
Link authorization: none
BSSID: 0: 0: 0: 0: 0: 0
SSID:
MCS: -1
Channel: 4
Dell 2: ~ skickar $ currentap
agrCtlrSSI: -56
agrExtrissi: 0
agrCtlNoise: -93
agrExtNoise: 0
Status: running
Operation mode: Station
lastTxRate: 130
max rate: 144
lastAssocStatus: 0
802.11 Auth: Open
Link authorization: none
BSSID: fc: a: 81: 78: 40: 90
SSID: Caesars_Resorts
MCS: 15
channel: 149 

Step 2: Use Wireshark & ​​Set AP Channel

Next, we can use aliasing to solve the problem of running Wireshark on a MacOS computer without being able to select the channel. To create a channel-changing alias, we can use the following scripts for each of the 13 channels available in 2.4GHz networks:

  aka setchannelto1 = 'sudo / System / Library / PrivateFrameworks /Apple80211.framework/Versions/Current/Resources / Airport - Channel = 2 & # 39;
aka setchannelto2 = & sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport --channel = 2 & # 39;
alias setchannelto3 = & sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport --channel = 3 & # 39;
aka setchannelto4 = & sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport --channel = 4 & # 39;
aka setchannelto5 = & sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport --channel = 5 & # 39;
alias setchannelto6 = & sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport --channel = 6 & # 39;
aka setchannelto7 = & sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport --channel = 7 & # 39;
alias setchannelto8 = & sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport --channel = 8 & # 39;
alias setchannelto9 = & sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport --channel = 9 & # 39;
alias setchannelto10 = & sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport --channel = 10 & # 39;
aka setchannelto11 = & sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport --channel = 11 & # 39;
alias setchannelto12 = & sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport --channel = 12 & # 39;
alias setchannelto13 = & sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport --channel = 13 & # 39; 

This command must not contain spaces, so we need to create a new alias for each channel our Wi-Fi card should go to.

Save this alias with Ctrl-X and then agree by typing Y . Exit your terminal session and reopen it to display the available command by typing alias in a new terminal window. Although this command is most useful, it probably also needs to be executed more than once.

To make sure this command works, disconnect the connection to each AP you are currently connected to. You may need to "forget" any nearby networks to do so by going to your advanced network settings. Once disconnected from any AP and the Wi-Fi card is turned on, try setting the channel to channel 4 by typing setchannelto4 in a terminal window. Then, execute currentap to find out which channel you are on.

  setchannelto4
current
agrCtlRSSI: 0
agrExtrissi: 0
agrCtlNoise: 0
agrExtNoise: 0
Status: Init
Operation mode:
Last TXRate: 0
max rate: 0
LastAssocStatus: 16
802.11 Auth: Open
Link authorization: none
BSSID: 0: 0: 0: 0: 0: 0
SSID:
MCS: -1
channel: 4 

If it is not the correct AP, turn your Wi-Fi card off and then on again, and run the command again. You may need to do this a few times, as MacOS tends to ignore this if it thinks it can connect to an access point in range.

When you run Wireshark, you should be able to see packets on the same channel; This means that you have successfully converted the WLAN card to the desired channel.

Step 3: Record Native Packages

Now that we've set the channel we're snooping on, you can tune it to your desired channel Next, we can snoop packets on that channel by going to our bash profile return and add the following alias:

  alias sniff = & sudo / usr / libexec / airportd en0 sniff & # 39; 

This command saves all observed packages to a .cap file, which you can open later in Wireshark for interpretation. After the alias is set and you have saved and closed the file, quit the terminal and reopen it to make the alias available.

Start sniffing packages by typing sniff in a terminal window. When done, press Ctrl-C to stop sniffing and save the captured packages in a .cap file.

  sniff
Capture 802.11 frames on en0.
Session stored in /tmp/airportSniffuwvwnx.cap.

Step 4: Open opened packages in Wireshark

If you have a .cap file that you want to open in Wireshark, the command is simple. With the name of your macOS capture file, you can open Wireshark to check captured packages if you have Wireshark installed or later on another device by typing the following command.

  wireshark -r / tmp / yourfilename .cap 

This will open the capture in Wireshark so that you can confirm that you are getting the capture you need and checking the intercepted packets.

Any MacOS System Can Be a Packet Capturing Node

MacOS Computers In many technical and creative business environments, it is common practice to use the built-in tools to your advantage, and you only have access to Receive packets from the networks in your area.

Using aliasing makes integrated commands shorter and more A hacker can create a simple workflow for detecting, reconciling, and capturing traffic from interesting networks. With these tactics, a macOS computer near your destination is everything you need to spy on local Wi-Fi communication.

I hope you enjoyed this guide to configuring an Apple computer to control the Wi-Fi card and sniff out Wi-Fi packets! If you have questions about this guide to working with macOS or have a comment, you can contact me at or on Twitter @KodyKinzie .

Miss: The Guide for Everyone How to Route Network Packages Over the Internet

Cover image of Kody / Null Byte




Source link