Rubyfu
TwitterGithubNEW! Black Hat RubyBuy Me a Coffee
Search…
Primary version
Module 0x0 | Introduction
Contribution
Beginners
Required Gems
Module 0x1 | Basic Ruby Kung Fu
Module 0x2 | System Kung Fu
Module 0x3 | Network Kung Fu
Ruby Socket
SSL/TLS
SSID Finder
FTP
SSH
Email
Network Scanning
DNS
SNMP Enumeration
Packet Manipulation
Memcached
AMQP
Module 0x4 | Web Kung Fu
Module 0x5 | Exploitation Kung Fu
Module 0x6 | Forensic Kung Fu
Module 0x7 | OSINT Kung Fu
References
FAQs
Contributors
Powered By GitBook
SSID Finder
It's good to know how you play with a lower level of Ruby socket and see how powerful it's. As I've experienced, it's a matter of your knowledge about the protocol you're about to play with. I've tried to achieve this mission using Packetfu gem, but it's not protocol aware, yet. So I fired-up my Wireshark(filter: wlan.fc.type_subtype == 0x08) and start inspecting the wireless beacon structure and checked how to go even deeper with Ruby socket to lower level socket not just playing with TCP and UDP sockets.
The main task was
  • Go very low level socket(Layer 2)
  • Receive every single packet no matter what protocol is it
  • Receive packets as raw to process it as far as I learn from wireshark
I went through all mentioned references below and also I had a look at /usr/include/linux/if_ether.h which gave me an idea about ETH_P_ALL meaning and more. In addition, man socket was really helpful to me.
Note: The Network card interface must be set in monitoring mode, to do so (using airmon-ng)
1
# Run you network car on monitoring mode
2
airmon-ng start wls1
3
​
4
# Check running monitoring interfaces
5
airmon-ng
Copied!
1
#!/usr/bin/env ruby
2
require 'socket'
3
​
4
# Open a Soccket as (very low level), (receive as a Raw), (for every packet(ETH_P_ALL))
5
socket = Socket.new(Socket::PF_PACKET, Socket::SOCK_RAW, 0x03_00)
6
​
7
puts "\n\n"
8
puts " BSSID | SSID "
9
puts "-------------------*-------------------"
10
while true
11
# Capture the wire then convert it to hex then make it as an array
12
packet = socket.recvfrom(2048)[0].unpack('H*').join.scan(/../)
13
#
14
# The Beacon Packet Pattern:
15
# 1- The IEEE 802.11 Beacon frame starts with 0x08000000h, always!
16
# 2- The Beacon frame value located at the 10th to 13th byte
17
# 3- The number of bytes before SSID value is 62 bytes
18
# 4- The 62th byte is the SSID length which is followed by the SSID string
19
# 5- Transmitter(BSSID) or the AP MAC address which is located at 34 to 39 bytes
20
#
21
if packet.size >= 62 && packet[9..12].join == "08000000" # Make sure it's a Beacon frame
22
ssid_length = packet[61].hex - 1 # Get the SSID's length
23
ssid = [packet[62..(62 + ssid_length)].join].pack('H*') # Get the SSID
24
bssid = packet[34..39].join(':').upcase # Get THE BSSID
25
​
26
puts " #{bssid}" + " " + "#{ssid}"
27
end
28
​
29
end
Copied!
References - very useful!
Previous
SSL/TLS
Next
FTP
Last modified 3yr ago
Copy link