No Capture
Closed this issue · 52 comments
This look great but does this still work?
I am unable to capture anything and have tried with and without putting my wifi adapter in monitor mode.
Also is it possible log the captured data to a text file?
Hello @peterstavrou,
It should still work. Can you send me the output of:
tcpdump -l -I -i '+YOUR_INTERFACE+' -e -s 256 type mgt subtype probe-req
Also is it possible log the captured data to a text file?
I can add that feature
Regards
That would be awesome if you could add that feature.
Output is:
tcpdump -l -I -i 'wlan0mon' -e -s 256 type mgt subtype probe-req tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on wlan0mon, link-type IEEE802_11_RADIO (802.11 plus radiotap header), capture size 256 bytes
Is your interface tuned to 5GHz channels? I realized that when tunned to 5GHz channels you only will be able to listen to those channels, I need to update the channel hopping between 2.4 GHz and 5GHz. If you were tuned to 5GHz, can you try 2.4GHz?
Regards
I tried both and unable to capture anything.
I tried another script and it works but I really like the interface you created.
I also noticed that I get this error message that appears and quickly disappears.
Traceback (most recent call last): File "probeHunter.py", line 65, in <module> wigle = Wigle.wigle_location(groups.group(4), wigle_flag) TypeError: unbound method wigle_location() must be called with Wigle instance as first argument (got str instance instead)
Hello @peterstavrou, I am going to update and refactorize the code soon
Awesome! Can't wait! Thank you!
One last idea... It would be great if there was an option to label/name MAC addresses so it's easy to identify known devices.
Hello @peterstavrou,
The script was updated in 6f7b0e7.
Let me know if everything is working now.
Best regards
Thanks heaps!
I'm still unable to capture any packets though.
Perhaps it's a user issue? My steps:
airmon-ng check kill
airmon-ng start wlan0
python3 probeHunter.py --iface wlan0mon
I have also tried without putting wlan0 in monitor mode.
I have also tested other probe scripts and airodump-ng and they can capture data.
Same issue here, No capture.
I can see this flash for a second after starting the script:
Traceback (most recent call last):
File "probeHunter.py", line 92, in <module>
if wigle == 1:
NameError: name 'wigle' is not defined
Also, these keeps popping up while the script is running for all channels:
iwconfig: unknown command "channel 1"
iwconfig: unknown command "channel 2"
@miikkahoo Just fixed that in the latest commit. As per the iwconfig thing you mentioned. I don't have a linux at the moment, but as far as I know the following command for linux users should work to change which channel is the network interface tunned:
sudo iwconfig YOUR_INTERFACE channel CHANNEL
@peterstavrou @miikkahoo I was trying on MacOS and probably there are differences in the syntaxis while using tcpdump. Can you try the following command and let me know if worked for you?
tcpdump -i wlan0 --linktype=IEEE802_11 -e -s 256 type mgt subtype probe-resp or subtype probe-req
With that command I get.
tcpdump: IEEE802_11 is not one of the DLTs supported by this device
However, this works for me:
tcpdump -i wlan0 -e -s 256 type mgt subtype probe-resp or subtype probe-req
Alright, with the latest commit 86b00d3, should work right.
Let me know if everything's good now. In case that is not working, please paste a sample output of the command it worked for you.
Still no output from probe-hunter.
Below is an output sample:
tcpdump -i wlan0 -e -s 256 type mgt subtype probe-resp or subtype probe-req
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan0, link-type IEEE802_11_RADIO (802.11 plus radiotap header), capture size 256 bytes
21:35:53.611460 1.0 Mb/s 2412 MHz 11b -87dBm signal antenna 1 BSSID:34:e8:94:d0:9e:b6 (oui Unknown) DA:2c:33:7a:33:75:74 (oui Unknown) SA:34:e8:94:d0:9e:b6 (oui Unknown) Probe Response (TP-LINK_9EB7) [1.0* 2.0* 5.5* 11.0* 18.0 24.0 36.0 54.0 Mbit] CH: 1, PRIVACY[|802.11]
21:35:53.614848 1.0 Mb/s 2412 MHz 11b -87dBm signal antenna 1 BSSID:34:e8:94:d0:9e:b6 (oui Unknown) DA:2c:33:7a:33:75:74 (oui Unknown) SA:34:e8:94:d0:9e:b6 (oui Unknown) Probe Response (TP-LINK_9EB7) [1.0* 2.0* 5.5* 11.0* 18.0 24.0 36.0 54.0 Mbit] CH: 1, PRIVACY[|802.11]
21:35:53.721010 1.0 Mb/s 2412 MHz 11b -83dBm signal antenna 1 BSSID:34:e8:94:d0:9e:b6 (oui Unknown) DA:2c:33:7a:33:75:74 (oui Unknown) SA:34:e8:94:d0:9e:b6 (oui Unknown) Probe Response (TP-LINK_9EB7) [1.0* 2.0* 5.5* 11.0* 18.0 24.0 36.0 54.0 Mbit] CH: 1, PRIVACY[|802.11]
21:35:54.124719 1.0 Mb/s 2412 MHz 11b -87dBm signal antenna 1 BSSID:34:e8:94:d0:9e:b6 (oui Unknown) DA:2c:33:7a:33:75:74 (oui Unknown) SA:34:e8:94:d0:9e:b6 (oui Unknown) Probe Response (TP-LINK_9EB7) [1.0* 2.0* 5.5* 11.0* 18.0 24.0 36.0 54.0 Mbit] CH: 1, PRIVACY[|802.11]
21:35:57.688656 1.0 Mb/s 2412 MHz 11b -29dBm signal antenna 1 BSSID:14:91:82:c2:59:4f (oui Unknown) DA:44:34:a7:a0:6f:88 (oui Unknown) SA:14:91:82:c2:59:4f (oui Unknown) Probe Response (Home Network (Down)) [1.0* 2.0* 5.5* 11.0* 6.0 9.0 12.0 18.0 Mbit] CH: 1, PRIVACY[|802.11]
@peterstavrou This is probably because of differences of the output between Linux and MacOS. I am going to update the regular expression so it works with linux as well. Expect an update within 1 hour since I am finishing other things at the moment
@peterstavrou Actually, none of the output you sent is a probe request but a probe response. We don't want to track APs but devices around trying to connect to those APs. If tcpdump is not able to capture any probe request then the result from probe hunter is fine.
The results you were getting:
**Probe Response** (TP-LINK_9EB7)
@peterstavrou You should get something similar to:
12:22:04.724877 2200295551us tsft 1.0 Mb/s 2417 MHz 11g -76dBm signal -87dBm noise antenna 0 BSSID:Broadcast DA:Broadcast SA:aa:fe:38:0d:8c:ef (oui Unknown) Probe Request (MY_WIFI) [1.0 2.0 5.5 11.0 Mbit]
Sorry should have pasted that data instead.
Here is an example:
22:29:11.581279 1.0 Mb/s 2457 MHz 11b -83dBm signal antenna 1 BSSID:Broadcast DA:Broadcast SA:20:df:b9:20:f2:a8 (oui Unknown) Probe Request (Home Network (UP)) [1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 Mbit]
22:29:11.583221 1.0 Mb/s 2457 MHz 11b -83dBm signal antenna 1 BSSID:Broadcast DA:Broadcast SA:20:df:b9:20:f2:a8 (oui Unknown) Probe Request (Home Network (UP)) [1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 Mbit]
22:29:11.585170 1.0 Mb/s 2457 MHz 11b -83dBm signal antenna 1 BSSID:Broadcast DA:Broadcast SA:20:df:b9:20:f2:a8 (oui Unknown) Probe Request (Home Network (UP)) [1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 Mbit]
22:29:11.586974 1.0 Mb/s 2457 MHz 11b -83dBm signal antenna 1 BSSID:Broadcast DA:Broadcast SA:20:df:b9:20:f2:a8 (oui Unknown) Probe Request (Home Network (UP)) [1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 Mbit]
22:30:24.789092 1.0 Mb/s 2457 MHz 11b -89dBm signal antenna 1 BSSID:Broadcast DA:Broadcast SA:28:c6:3f:38:9a:e6 (oui Unknown) Probe Request () [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 Mbit]
22:32:39.661986 1.0 Mb/s 2457 MHz 11b -87dBm signal antenna 1 BSSID:Broadcast DA:Broadcast SA:7c:4f:b5:8f:66:c4 (oui Unknown) Probe Request (WiFiMe) [1.0 2.0 5.5 11.0 Mbit]
@peterstavrou Can you try latest commits? I fixed a couple things with the regular expression, hopefully that fixes everything for linux users
Still no capture.
I did notice a typo on line 80 though.
subtype has been written twice
256 type mgt subtype subtype probe-req
Even when I fixed it though there still wasn't any capture on the screen.
I then tested using the exact same line with tcpdump and I got some requests.
tcpdump -i wlan0mon -e -s 256 type mgt subtype probe-req
@peterstavrou Can you change a few things to check if there are any errors or exceptions?
On line 30, comment the following:
#os.system("clear")and then right after:
for row in iter(process.stdout.readline, b''):Add:
print(row)Let me know the output of that. If there is no output we would need to check wether any exception is thrown
I added the print(row) like this.
for row in iter(process.stdout.readline, b''):
print(row)
When i run:
python3 probeHunter.py --iface wlan0mon
After the adding the comment and print(row), the below just continues to repeat.
+-------------+------------+-----+------+--------+--------------------+
| Freq. (MHz) | Pow. (dBm) | MAC | SSID | Vendor | Coords. (Lat-Long) |
+-------------+------------+-----+------+--------+--------------------+
+-------------+------------+-----+------+--------+--------------------+
| Freq. (MHz) | Pow. (dBm) | MAC | SSID | Vendor | Coords. (Lat-Long) |
+-------------+------------+-----+------+--------+--------------------+
+-------------+------------+-----+------+--------+--------------------+
| Freq. (MHz) | Pow. (dBm) | MAC | SSID | Vendor | Coords. (Lat-Long) |
+-------------+------------+-----+------+--------+--------------------+
Same issue. Absolutely love the code and have been looking for something like this since snoopy-ng went away. Please let me know how to support.
Info
Running Kali Linux on a VM
Linux android 5.4.0-kali2-amd64 #1 SMP Debian 5.4.8-1kali1 (2020-01-06) x86_64 GNU/Linux
wifi card ralink rt5327 works with airodump just fine.
Tried arimon-ng (which works with airodump) and tried starting fresh and using iwconfig to put the iface into monitor mode. Both times just get the table with no info. Beyond that output from the tcpdump after running for 20min in a clouded room.
tcpdump -l -I -v -i wlan0 -e -s 256 type mgt subtype probe-req tcpdump: listening on wlan0, link-type IEEE802_11_RADIO (802.11 plus radiotap header), capture size 256 bytes ^C 0 packets captured 0 packets received by filter 0 packets dropped by kernel
Hello @edlovesiraq,
I haven't had time yet to check it yet, howver if you send me a working command of tcpdump for Linux and the output I will be able to update it right away.
The following should work on Linux but I haven't had time to try it yet:
ifconfig wlan0 down
iwconfig wlan0 mode monitor
ifconfig wlan0 up
sudo tcpdump -i wlan0 -e -s 256 type mgt subtype probe-req
ok, i changed out the wifi card and now i'm getting probe requests when using tcpdump output was:
root@android:~/Probe-Hunter# tcpdump -i wlan0 -e -s 256 type mgt subtype probe-req tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on wlan0, link-type IEEE802_11_RADIO (802.11 plus radiotap header), capture size 256 bytes 12:22:31.336930 1.0 Mb/s 2412 MHz 11b -69dBm signal antenna 1 BSSID:Broadcast DA:Broadcast SA:48:c7:96:4c:3c:8d (oui Unknown) Probe Request (McCormick) [1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 Mbit] 12:22:31.357607 1.0 Mb/s 2412 MHz 11b -71dBm signal antenna 1 BSSID:Broadcast DA:Broadcast SA:48:c7:96:4c:3c:8d (oui Unknown) Probe Request (McCormick) [1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 Mbit] 12:22:31.377937 1.0 Mb/s 2412 MHz 11b -73dBm signal antenna 1 BSSID:Broadcast DA:Broadcast SA:48:c7:96:4c:3c:8d (oui Unknown) Probe Request (McCormick) [1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 Mbit] 12:22:31.419281 1.0 Mb/s 2412 MHz 11b -71dBm signal antenna 1 BSSID:Broadcast DA:Broadcast SA:48:c7:96:4c:3c:8d (oui Unknown) Probe Request (McCormick) [1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 Mbit] ^C 4 packets captured 4 packets received by filter 0 packets dropped by kernel 2 packets dropped by interface
but still nothing showing when i run probeHunter.py except the blank table. Same problem as Peter
Hello @edlovesiraq,
Thanks for debugging that. Can you try doing this now:
#os.system("clear")and then right after:
for row in iter(process.stdout.readline, b''):Add:
print(row)This way we can see what goes into the script, since it should take one probe request at a time.
As per your questions before, there are many features I want to implement and the ones you have mentioned are great features. Once this problem is sorted out I will work on them.
Best regards
ok, it's definitely running tcpdump successfully. When I ran the program, nothing was on the screen. When I ctr+c out, I had to ctr+c twice and I've printed what came from that minus thousands of blank spaces in between 'Exiting, please wait...' and 'Bye! ;)'
`root@android:~/Probe-Hunter# python3 probeHunter2.py --iface wlan0
^[[B
^C13:11:10.134198 1.0 Mb/s 2412 MHz 11b -79dBm signal antenna 1 BSSID:Broadcast DA:Broadcast SA:d2:23:ad:75:46:ea (oui Unknown) Probe Request () [1.0 2.0 5.5 11.0 Mbit]
13:11:27.666599 1.0 Mb/s 2412 MHz 11b -79dBm signal antenna 1 BSSID:Broadcast DA:Broadcast SA:bc:98:df:3a:d8:43 (oui Unknown) Probe Request () [1.0 2.0 5.5 11.0 Mbit]
13:11:27.686516 1.0 Mb/s 2412 MHz 11b -79dBm signal antenna 1 BSSID:Broadcast DA:Broadcast SA:bc:98:df:3a:d8:43 (oui Unknown) Probe Request () [1.0 2.0 5.5 11.0 Mbit]
Bye! ;)
Exiting, please wait...
^CBye! ;)
Exiting, please wait...
Exception ignored in: <module 'threading' from '/usr/lib/python3.7/threading.py'>
Traceback (most recent call last):
File "/usr/lib/python3.7/threading.py", line 1307, in _shutdown
lock.acquire()
File "probeHunter2.py", line 23, in signal_handler
sys.exit(0)
SystemExit: 0`
The changes I made (might have messed up your instructions?)
ef print_data(): while run: table = AsciiTable(sorted(data, key=lambda x: x[3])) #os.system("clear") for row in iter(process.stdout.readline, b''): print(row) print(table.table+"\n\n") time.sleep(2)
let me try that again
def print_data():
while run:
table = AsciiTable(sorted(data, key=lambda x: x[3]))
#os.system("clear")
for ro in iter(process.stdout.readline, b' '):
print(row)
print(table.table+"\n\n")
time.sleep(2)@edlovesiraq How much time did you wait while the script was running? The probes printed in your case weren't included in the table because no SSID was probed Probe Request ().
Here is an example in my case:
19:26:31.560152 1835661073us tsft 1.0 Mb/s 2412 MHz 11g -82dBm signal -93dBm noise antenna 0 BSSID:Broadcast DA:Broadcast SA:84:c0:ef:10:XX:YY (oui Unknown) Probe Request (MOVISTAR_PLUS_XXXX) [1.0 2.0 5.5 11.0 Mbit]
19:26:31.600211 1835701152us tsft 1.0 Mb/s 2412 MHz 11g -81dBm signal -93dBm noise antenna 0 BSSID:Broadcast DA:Broadcast SA:84:c0:ef:10:XX:YY (oui Unknown) Probe Request (MOVISTAR_PLUS_XXXX) [1.0 2.0 5.5 11.0 Mbit]
+-------------+------------+-------------------+--------------------+-----------------------------+--------------------+
| Freq. (MHz) | Pow. (dBm) | MAC | SSID | Vendor | Coords. (Lat-Long) |
+-------------+------------+-------------------+--------------------+-----------------------------+--------------------+
| 2412 | -81 | 84:c0:ef:10:XX:YY | MOVISTAR_PLUS_XXXX | Samsung Electronics Co.,Ltd | Disabled |
+-------------+------------+-------------------+--------------------+-----------------------------+--------------------+
Changes:
for row in iter(process.stdout.readline, b''):
print(row)def print_data():
while run:
table = AsciiTable(sorted(data, key=lambda x: x[3]))
#os.system("clear")
print(table.table+"\n\n")
time.sleep(2)what line/where do i put the
for row in iter(process.stdout.readline, b''):
print(row)
I'll put it where you say and run it for ten minutes
@edlovesiraq actually it should work right away, in my case it starts logging after a couple of seconds. You just need to add print(row), but let me post the full script modified:
import re, os, sys, signal, threading, time, subprocess, argparse, itertools
from wigle import Wigle
from subprocess import Popen, PIPE
from colorclass import Color
from terminaltables import AsciiTable
channels = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 149, 153, 157, 161]
parser = argparse.ArgumentParser()
parser.add_argument("--iface", help='Interface to capture data', required=True)
args = parser.parse_args()
run = True
wigle_flag = False
if Wigle.AUTH == '':
wigle_flag = True
def signal_handler(sig, frame):
global run
run = False
print('Bye! ;)')
print('Exiting, please wait...')
sys.exit(0)
signal.signal(signal.SIGINT, signal_handler)
def print_data():
while run:
table = AsciiTable(sorted(data, key=lambda x: x[3]))
#os.system("clear")
print(table.table+"\n\n")
time.sleep(2)
def check_vendor(mac):
with open('macvendors.txt', 'r') as f:
for line in f:
l = line.split('\t')
if l[0].lower() in mac.replace(':', '') :
return l[1].strip()
return '-'
def signal_power(signal):
if signal <= -70:
return Color("{autored}"+str(signal)+"{/autored}")
elif signal > -70 and signal < -55:
return Color("{autoyellow}"+str(signal)+"{/autoyellow}")
else:
return Color("{autogreen}"+str(signal)+"{/autogreen}")
def hop_channel_mac():
for channel in itertools.cycle(channels):
if run == False:
break
try:
subprocess.run(["sudo", "/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport", "-c"+str(channel)])
except Exception as e:
pass
time.sleep(3)
def hop_channel_linux():
for channel in itertools.cycle(channels):
if run == False:
break
try:
subprocess.run(["sudo", "iwconfig" ,args.iface, "channel", channel])
except Exception as e:
pass
time.sleep(3)
data = []
registered = {}
data.append([Color("{autogreen}Freq. (MHz){/autogreen}"), Color("{autogreen}Pow. (dBm){/autogreen}"), Color("{autogreen}MAC{/autogreen}"), Color("{autogreen}SSID{/autogreen}"), Color("{autogreen}Vendor{/autogreen}"), Color("{autogreen}Coords. (Lat-Long){/autogreen}")])
if sys.platform == "darwin":
subprocess.run(["sudo", "/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport", "-z"])
process = Popen('tcpdump -l -I -i '+args.iface+' -e -s 256 type mgt subtype probe-req', bufsize=1, universal_newlines=True,
shell=True, stdout=PIPE, stderr=PIPE)
threading.Thread(target=hop_channel_mac).start()
elif sys.platform == "linux":
process = Popen('tcpdump -i '+args.iface+' -e -s 256 type mgt subtype probe-req', bufsize=1, universal_newlines=True,
shell=True, stdout=PIPE, stderr=PIPE)
threading.Thread(target=hop_channel_linux).start()
threading.Thread(target=print_data).start()
for row in iter(process.stdout.readline, b''):
print(row)
groups = re.search(".* Mb\/s (\d+) .* (-\d+)dBm signal .* SA:(\w{2}:\w{2}:\w{2}:\w{2}:\w{2}:\w{2}) .* Probe \w+ \(([^\)]+)\)", row.strip())
if groups != None:
signal = signal_power(int(groups.group(2)))
if not groups.group(4) in registered:
registered[groups.group(4)] = []
if not groups.group(3) in registered[groups.group(4)]:
registered[groups.group(4)].append(groups.group(3))
company = check_vendor(groups.group(3))
wigle = Wigle.wigle_location(groups.group(4), wigle_flag)
if wigle == 1:
wigle_flag = True
if wigle is 2 and not wigle_flag:
loc = '-'
elif wigle is None and not wigle_flag:
loc = '?+'
elif wigle_flag:
loc = 'Disabled'
else:
loc = str(wigle['trilat'])+', '+str(wigle['trilong'])
data.append([groups.group(1), signal, groups.group(3), groups.group(4), company, loc])
elif groups.group(3) in registered[groups.group(4)]:
for sublist in data:
if groups.group(3) in sublist:
sublist[1] = signalout is:
root@android:~/Probe-Hunter# python3 probeHunter2.py --iface wlan0
+-------------+------------+-----+------+--------+--------------------+
| Freq. (MHz) | Pow. (dBm) | MAC | SSID | Vendor | Coords. (Lat-Long) |
+-------------+------------+-----+------+--------+--------------------+
...
...
just repeats no info.
sorry man, let me know if I can try anything else.
Just wanted to say that I also tried the new code above and I get the same error (repeat + no info) as edlovesiraq
I haven't had time to look this myself, it should be easy to debug and fix this since it is just matter of tweaking little things. As soon as I have time I will check it myself.
Hello @edlovesiraq, just wanted to thank you for sponsoring me. I haven't had any other channel to communicate with you, so feel free to contact with me via email.
I had some issues lately and I couldn't check all this, as soon as I buy a new adapter for my alfa card I will be trying it and updating it for Linux compatibility.
Best regards
Hello @edlovesiraq ,
I did a PR with some changes that should fix your problem and improve the compatibility with linux. The main problem was in the arguments of subprocess.Popen(...) function.
Tell us if you are still having troubles with it.
Regards.
Latest PR (#2) from @KaoRz fixes the issue and adds linux compatibility. I also added auto monitor mode in the latest commit (030f682)
Will close the issue if this gets a positive feedback. Looking forward for your responses.
cc: @peterstavrou, @miikkahoo, @edlovesiraq
Thanks for your contribution @KaoRz
@mgp25, @KaoRz, et all.
Gents, thank you for your work on this project. I tried it this morning and it's still not working. I've tried several cards and conditions and made sure the AP's around it were mapped in wigle and uploaded to the wigle db.
First i just get the headers, the program appears to be working but nothing populates. Then I noticed something flashed on the screen. By using my phone to record it here is the error message that flashes for just 1 second then disappears.
Traceback (most recent call last): File "probeHunter.py", line 97, in <module> wigle = Wigle.wigle_location(groups.group(4), wigle_flag) File "/root/Probe-Hunter/wigle.py", line 26, in wigle_location res = json.loads(r.text) File "/usr/lib/python3.7/json/--init__.py", line 348, in loads return _default_decoder.decode(s) File "/usr/lib/python3.7/json/decoder.py", line 337, in decode obj, end = self.raw_decond(s, idx=_w(s, 0).end()) File "/usr/lib/python3.7/json/decoder.py", line 355, in raw_decode raise JSONDecodeError("Expecting value",s , err.value) from None json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
that's transcribed from a photo not actually the code.
Then when I ctr+c out of the program after about 10 min i get:
+-------------+------------+-----+------+--------+--------------------+
| Freq. (MHz) | Pow. (dBm) | MAC | SSID | Vendor | Coords. (Lat-Long) |
+-------------+------------+-----+------+--------+--------------------+
^CBye! ;)
Exiting, please wait...
Exception ignored in: <module 'threading' from '/usr/lib/python3.7/threading.py'>
Traceback (most recent call last):
File "/usr/lib/python3.7/threading.py", line 1307, in _shutdown
lock.acquire()
File "probeHunter.py", line 23, in signal_handler
sys.exit(0)
SystemExit: 0
I then ran the tcp dump command again and that was working. One thought is a laptop in my house recently connected to a hidden network and may be probing for null, so that may be the error that flashes. But otherwise I named an ap something unique, connected to it, mapped it in wigle, and can see those probe request by my two devices that have connected to it when I run the tcpdump command. Sorry all i have is weak theory and no solutions. Any help is appreciated.
@edlovesiraq, Could you try it without the API key? I will check later why it's crashing there.
I was using the key unencoded with a : between the user and the token. Was that wrong?
Now that i removed the user:token from wigle.py porbeHunter.py starts up, puts my card into monitor mode (nice touch, btw!), and then nothing happens. Watched for 5 min, three times to make sure I wasn't missing an error screen flashing again and nothing. Even when I ctr c out of it I just get
`^CBye! ;)
Exiting, please wait...
[15:34:32] root@android:~/Probe-Hunter#
`
So then I decided instead of bugging you again I'd just try the base64 version of my user/token.
Same behavior. Displays the top of the chart, doesn't populate, no errors flash after 5 min, and then quits with just a Bye, Exiting, please wait....
I'm stumped.
@edlovesiraq yes, you should use it like this:
AUTH = 'Basic <base64>I have tested this on two different distros of linux and this is working nicely. Try enabling what we mentioned before in this issue:
for row in iter(process.stdout.readline, b''):
print(row)Just to debug the output of tcpdump. Keep in mind you will only see probe requests if there are devices making probes, you can try forcing a device to send probes by disconnecting a connecting the wifi network
Ok,
here's the output of the code with the debug line back in. It keeps repeating the top row every couple seconds then it kicked out tcp dump raw output and the bellow errors.
+-------------+------------+-----+------+--------+--------------------+
| Freq. (MHz) | Pow. (dBm) | MAC | SSID | Vendor | Coords. (Lat-Long) |
+-------------+------------+-----+------+--------+--------------------+
+-------------+------------+-----+------+--------+--------------------+
| Freq. (MHz) | Pow. (dBm) | MAC | SSID | Vendor | Coords. (Lat-Long) |
+-------------+------------+-----+------+--------+--------------------+
16:12:35.522976 54153549us tsft 1.0 Mb/s 2412 MHz 11b -90dBm signal -90dBm signal antenna 0 BSSID:Broadcast DA:Broadcast SA:0a:10:c9:17:b4:5e (oui Unknown) Probe Request () [1.0 2.0 5.5 11.0 Mbit]
16:12:36.145654 54775148us tsft 1.0 Mb/s 2412 MHz 11b -24dBm signal -24dBm signal antenna 0 BSSID:Broadcast DA:Broadcast SA:66:5d:b9:0d:dd:6b (oui Unknown) Probe Request () [1.0 2.0 5.5 11.0 Mbit]
16:12:36.165323 54795261us tsft 1.0 Mb/s 2412 MHz 11b -23dBm signal -23dBm signal antenna 0 BSSID:Broadcast DA:Broadcast SA:66:5d:b9:0d:dd:6b (oui Unknown) Probe Request () [1.0 2.0 5.5 11.0 Mbit]
16:12:36.292793 54923117us tsft 1.0 Mb/s 2412 MHz 11b -25dBm signal -25dBm signal antenna 0 BSSID:Broadcast DA:Broadcast SA:66:5d:b9:0d:dd:6b (oui Unknown) Probe Request () [1.0 2.0 5.5 11.0 Mbit]
16:12:36.779922 55409557us tsft 1.0 Mb/s 2412 MHz 11b -89dBm signal -89dBm signal antenna 0 BSSID:Broadcast DA:Broadcast SA:ea:b5:65:28:6c:3e (oui Unknown) Probe Request () [1.0 2.0 5.5 11.0 Mbit]
16:12:36.846162 55475964us tsft 1.0 Mb/s 2412 MHz 11b -90dBm signal -90dBm signal antenna 0 BSSID:Broadcast DA:Broadcast SA:f2:2a:09:4e:1f:02 (oui Unknown) Probe Request () [1.0 2.0 5.5 11.0 Mbit]
16:12:37.038540 55668997us tsft 1.0 Mb/s 2412 MHz 11b -85dBm signal -85dBm signal antenna 0 BSSID:Broadcast DA:Broadcast SA:66:5d:b9:0d:dd:6b (oui Unknown) Probe Request () [1.0 2.0 5.5 11.0 Mbit]
16:12:37.159965 55790366us tsft 1.0 Mb/s 2412 MHz 11b -79dBm signal -79dBm signal antenna 0 BSSID:Broadcast DA:Broadcast SA:66:5d:b9:0d:dd:6b (oui Unknown) Probe Request () [1.0 2.0 5.5 11.0 Mbit]
16:12:37.179969 55810304us tsft 1.0 Mb/s 2412 MHz 11b -78dBm signal -78dBm signal antenna 0 BSSID:Broadcast DA:Broadcast SA:66:5d:b9:0d:dd:6b (oui Unknown) Probe Request () [1.0 2.0 5.5 11.0 Mbit]
16:12:37.262257 55892291us tsft 1.0 Mb/s 2412 MHz 11b -82dBm signal -82dBm signal antenna 0 BSSID:Broadcast DA:Broadcast SA:66:5d:b9:0d:dd:6b (oui Unknown) Probe Request () [1.0 2.0 5.5 11.0 Mbit]
16:12:37.349509 55978820us tsft 1.0 Mb/s 2412 MHz 11b -26dBm signal -26dBm signal antenna 0 BSSID:Broadcast DA:Broadcast SA:66:5d:b9:0d:dd:6b (oui Unknown) Probe Request () [1.0 2.0 5.5 11.0 Mbit]
16:12:37.366862 55996473us tsft 1.0 Mb/s 2412 MHz 11b -20dBm signal -20dBm signal antenna 0 BSSID:Broadcast DA:Broadcast SA:66:5d:b9:0d:dd:6b (oui Unknown) Probe Request () [1.0 2.0 5.5 11.0 Mbit]
16:12:37.495399 56124900us tsft 1.0 Mb/s 2412 MHz 11b -26dBm signal -26dBm signal antenna 0 BSSID:Broadcast DA:Broadcast SA:66:5d:b9:0d:dd:6b (oui Unknown) Probe Request () [1.0 2.0 5.5 11.0 Mbit]
16:12:37.962246 56591655us tsft 1.0 Mb/s 2412 MHz 11b -76dBm signal -76dBm signal antenna 0 BSSID:Broadcast DA:Broadcast SA:66:5d:b9:0d:dd:6b (oui Unknown) Probe Request () [1.0 2.0 5.5 11.0 Mbit]
16:12:38.313677 56944053us tsft 1.0 Mb/s 2412 MHz 11b -85dBm signal -85dBm signal antenna 0 BSSID:Broadcast DA:Broadcast SA:66:5d:b9:0d:dd:6b (oui Unknown) Probe Request () [1.0 2.0 5.5 11.0 Mbit]
16:12:38.762709 57391166us tsft 1.0 Mb/s 2412 MHz 11b -89dBm signal -89dBm signal antenna 0 BSSID:Broadcast DA:Broadcast SA:a4:8d:3b:e1:3f:19 (oui Unknown) Probe Request (HOME-3792) [1.0 2.0 5.5 11.0 Mbit][|802.11]
Traceback (most recent call last):
File "probeHunter3.py", line 96, in <module>
wigle = Wigle.wigle_location(groups.group(4), wigle_flag)
File "/root/Probe-Hunter/wigle.py", line 26, in wigle_location
res = json.loads(r.text)
File "/usr/lib/python3.7/json/__init__.py", line 348, in loads
return _default_decoder.decode(s)
File "/usr/lib/python3.7/json/decoder.py", line 337, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib/python3.7/json/decoder.py", line 355, in raw_decode
raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
+-------------+------------+-----+------+--------+--------------------+
| Freq. (MHz) | Pow. (dBm) | MAC | SSID | Vendor | Coords. (Lat-Long) |
+-------------+------------+-----+------+--------+--------------------+
+-------------+------------+-----+------+--------+--------------------+
| Freq. (MHz) | Pow. (dBm) | MAC | SSID | Vendor | Coords. (Lat-Long) |
+-------------+------------+-----+------+--------+--------------------+
+-------------+------------+-----+------+--------+--------------------+
| Freq. (MHz) | Pow. (dBm) | MAC | SSID | Vendor | Coords. (Lat-Long) |
+-------------+------------+-----+------+--------+--------------------+
^CBye! ;)
Exiting, please wait...
Exception ignored in: <module 'threading' from '/usr/lib/python3.7/threading.py'>
Traceback (most recent call last):
File "/usr/lib/python3.7/threading.py", line 1307, in _shutdown
lock.acquire()
File "probeHunter3.py", line 23, in signal_handler
sys.exit(0)
SystemExit: 0
@edlovesiraq I see that you found a SSID HOME-3792 and right after the issue is thrown. We would need to know whats the response from wigle server. So in the wigle script, when we do:
res = json.loads(r.text)can you do this before:
print(r.text)ok, New error after doing that.
-------------+------------+-----+------+--------+--------------------+
| Freq. (MHz) | Pow. (dBm) | MAC | SSID | Vendor | Coords. (Lat-Long) |
+-------------+------------+-----+------+--------+--------------------+
+-------------+------------+-----+------+--------+--------------------+
| Freq. (MHz) | Pow. (dBm) | MAC | SSID | Vendor | Coords. (Lat-Long) |
+-------------+------------+-----+------+--------+--------------------+
16:25:49.696099 213899568us tsft 1.0 Mb/s 2412 MHz 11b -85dBm signal -85dBm signal antenna 0 BSSID:Broadcast DA:Broadcast SA:60:02:b4:b7:6e:c4 (oui Unknown) Probe Request (FiOS-TDQ0X_2GEXT) [1.0 2.0 5.5 11.0 Mbit]
Not Authorized
Traceback (most recent call last):
File "probeHunter3.py", line 96, in <module>
wigle = Wigle.wigle_location(groups.group(4), wigle_flag)
File "/root/Probe-Hunter/wigle.py", line 27, in wigle_location
res = json.loads(r.text)
File "/usr/lib/python3.7/json/__init__.py", line 348, in loads
return _default_decoder.decode(s)
File "/usr/lib/python3.7/json/decoder.py", line 337, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib/python3.7/json/decoder.py", line 355, in raw_decode
raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
+-------------+------------+-----+------+--------+--------------------+
| Freq. (MHz) | Pow. (dBm) | MAC | SSID | Vendor | Coords. (Lat-Long) |
+-------------+------------+-----+------+--------+--------------------+
+-------------+------------+-----+------+--------+--------------------+
| Freq. (MHz) | Pow. (dBm) | MAC | SSID | Vendor | Coords. (Lat-Long) |
+-------------+------------+-----+------+--------+--------------------+
+-------------+------------+-----+------+--------+--------------------+
| Freq. (MHz) | Pow. (dBm) | MAC | SSID | Vendor | Coords. (Lat-Long) |
+-------------+------------+-----+------+--------+--------------------+
^CBye! ;)
Exiting, please wait...
Exception ignored in: <module 'threading' from '/usr/lib/python3.7/threading.py'>
Traceback (most recent call last):
File "/usr/lib/python3.7/threading.py", line 1307, in _shutdown
lock.acquire()
File "probeHunter3.py", line 23, in signal_handler
sys.exit(0)
SystemExit: 0
@edlovesiraq the response from the server is `Not Authorized´. You are not using the correct auth token from wigle
@edlovesiraq Example of auth key:
Basic BUzlEZTEwOWU4NWQwOWaBu54NjM3YjdlZjdmZWjtHiZWU1NDVlN2RmZDllNnlK32zNmIzMjgyOGChI31=
+-------------+------------+-------------------+------------------+---------------------------+---------------------------+
| Freq. (MHz) | Pow. (dBm) | MAC | SSID | Vendor | Coords. (Lat-Long) |
+-------------+------------+-------------------+------------------+---------------------------+---------------------------+
| 2412 | -85 | 60:02:b4:b7:6e:c4 | FiOS-TDQ0X_2GEXT | Wistron Neweb Corporation | ?+ |
| 2412 | -77 | 48:a4:72:2f:35:be | Fios | - | - |
| 2412 | -85 | a4:8d:3b:e1:3f:19 | HOME-3792 | Vizio, Inc | - |
| 2412 | -83 | 5c:76:95:19:50:29 | MoeJoe_2.4 | - | 40.2xxyy -76.6xxyy |
| 2412 | -88 | 44:1c:12:88:72:33 | Terry | - | - |
| 2412 | -84 | c4:1c:ff:7e:8f:9b | xfinitywifi | Vizio, Inc | - |
+-------------+------------+-------------------+------------------+---------------------------+---------------------------+
^CBye! ;)
Exiting, please wait...
[16:38:03] root@android:~/Probe-Hunter#
GREAT SUCCESS!!!
THANK YOU GUYS SOO MUCH> YOU HAVE NO IDEA HOW MUCH TIME THIS WILL SAVE ME!
@edlovesiraq awesome! 😄 glad is working fine for everyone now! I will add a debug mode and some exceptions to detect this errors in the future.
Best regards