WarWalking (2)

MacStumbler and iStumbler are active scanners sending out probe messages to the basestations and can therefore be detected easily. Moreover, they are not able to detect closed networks. So let us move up one step in the secrecy scale and get some passive network scanners running. The first one is KisMAC which instructs the Airport card to tune to a channel, listen a while, then tune to the next channel and so on. In this way KisMAC can detects networks without announcing its presence and can also find closed networks. More information can be found at the KisMAC documentation page. Installation is pretty straightforward : click on the KisMAC installer icon and after answering a few obvious questions you need to provide your Administer-login and password after which KisMAC is installed in your Applications-folder so also copy it to your dock. The reason why it needs admin privileges to run is that the Airport card cannot perform passive monitoring. So it swaps to open source Viha driver for your Airport-driver on startup and reinstalls the Airport driver on exit (that is, is everything goes well, sometimes you seem to have lost your Airport connection afterwards but no harm is done which cannot be solved by either checking in your SystemPreferences:Network or by a restart. So do not worry if you see that your Airport icon (as well as all your usual wireless access such as Internet and Mail) vanishes. Before you can perform a scan, you have to go to the KisMAC-Preferences and choose under Driver a capturing device (in some versions of KisMAC you have to specify Viha driver if you are running an Airport card, in others you have to go for the option Apple Airport Card,Passive mode. If you press the Scan button you are again asked for admin-password to perform the driver-switch (the same happens if you Quit KisMAC). The program gives a wealth of information which can be quite useful if you want to find out about possible interference of your ABS with other wireless sources. We will come back to some of these features later, a rather scary one is the ability to log raw 802.11 frames to a dump which can then be fed to Ethereal.

Okay, let us go one step further and try to get Kismet running. It seems to be an unwritten law in open source-software that the more potential harmful a program is, the more difficult it is to install, so installing Kismet is by no means trivial. Fortunately, Kismet is very well documented with a manual and a forum. First, we need the Viha Airport driver, that is we need Viha Wireless Tools 0.0.1a Binary Release. Go in Terminal to the Desktop-folder where you will find the Folder Viha-0.0.1a. Then type

mv Viha-0.0.1a/WiFi.framework/ /Library/Frameworks/

Next, we get the latest version of Kismet, that is kismet-3.0.1.tar.gz and get a kismet-3.0.1 folder on our Desktop. Use Terminal to go into this folder and type

./configure –disable-pcap –enable-viha; make

and the following process may last for a while. If you finally get a prompt, type

sudo make install

and the process will end with some warning messages :

If you have not done so already, read the README file and the FAQ file. Additional
documentation is in the docs/ directory. You MUST edit /usr/local/etc/kismet.conf
and configure Kismet for your system, or it will NOT run properly!
Kismet has NOT been installed suid-root. This means you will need to start
it as root. If you have no untrusted users on your system, it can be installed
as suid-root via ‘make suidinstall’. READ THE DOCUMENTATION BEFORE INSTALLING KISMET AS SUID-ROOT!”

Fine, so let us go to /usr/local/etc and change the following lines in kismet.conf

suiduser=lieven
source=viha,en1,Airport

(of course you have to replace lieven by your normal OSX login name). Further, in the file kismet_ui.conf replace the last line by

apm=false

Finally, you have to type in the Terminal

export TERM=xterm-color

and you should be done. To launch Kismet, type as your usual user (the one you specified in the kismet.conf file) in the Terminal

Kismet

and all will work. Again there is a switch of Airport to Viha driver (and if all works well also at the end). Often, the Airport card does not come up at the end in which case it is best to restart Kismet and Quit again (btw. you quit Kismet with capital Q). Then the Airport icon appears but it may be that you have to logon to your network again.

We wouldnt have done so much trouble if it were not that Kismet is a VERY powerfull application which can be used to Hack wireless networks. But if you think that KisMAC and Kismet are already scary, wait until next time when we deal with Ethereal…

Previous in series

Next in series