Viha MacOS X Wireless Tools 0.0.1a http://www.dopesquad.net/security ghandi ABOUT VIHA Viha is a project developing a suite of wireless auditing tools for MacOS X. So far, the only components developed are a custom AirPort driver for monitor mode packet capture, a framework for driver access and 802.11 packet deconstruction, and a command-line wireless network stumbler. Because OS X before 10.2 (Jaguar) doesn't allow us to dynamically unload/load the Apple AirPort driver, we require OS X 10.2 for now. This is a binary-only release for now, because I haven't decided on a license yet. The binary is free for non-commercial use. STUMBLER This is a completely passive command-line 802.11b/WiFi/AirPort network stumbler for Darwin/MacOS X. Other stumblers like NetStumbler and MacStumbler work by sending out lots of 802.11 Probe Request frames and are very noisy. The same information in a Probe Response frame is available in the Beacon frames that every 802.11 network is required to transmit (even closed networks). So, we just listen for these frames in Monitor Mode instead. Like the Ninja, we are invisible. The interface is really simple. Every time we receive a beacon frame with a BSSID (Basic Service Set Identifier, usually the MAC address of the base station or random for ad-hoc networks) that we haven't seen before, we print out a line. Each line reports the channel the network is on, the BSSID, whether the network is in infrastructure (AP) or ad-hoc (IBSS) mode, plaintext (PT) or WEP enabled, and the network name (SSID). Dig it: Channel | BSSID | AP/IBSS | PT/WEP | SSID ---------------------------------------------------------------------- 01 | 00:30:65:1e:14:76 | AP | PT | 'Apple Network 1e1476' ... INSTALLATION Copy WiFi.framework /Library/Frameworks and Stumbler to some bin directory (/usr/local/bin or ~/bin). RUNNING If it's in your path, just type 'Stumbler'. It will probably ask you for your password on the command-line (for sudo to load the kernel extension). TROUBLESHOOTING Q: Running Stumbler just gives me "Abort". A: That's MacOS X's friendly way of saying that Stumbler can't find a shared library that it needs. Make sure you copied WiFi.framework to /Library/Frameworks. Q: I'm done stumbling and now my AirPort doesn't work. You broke it! A: If something was running using the AirPort when you run Stumbler (Mail.app, perhaps), the extension loading script might have some trouble reloading the module. Try the following: % sudo /Library/Frameworks/WiFi.framework/Resources/driver.sh stop This will try to unload the WLanDriver extension again and reload the AirPort extension. CONTACT If you have any problems/suggestions/whatever: ghandi@mindless.com. CHANGES 0.0.1a - Bugfix to correct memory leak reproted by Michael Rossberg 0.0.1 - Initial release