SSID Finder
It's good to know how you play with a lower level of Ruby socket and see how powerful it's. As I've experienced, it's a matter of your knowledge about the protocol you're about to play with. I've tried to achieve this mission using Packetfu gem, but it's not protocol aware, yet. So I fired-up my Wireshark(filter: wlan.fc.type_subtype == 0x08) and start inspecting the wireless beacon structure and checked how to go even deeper with Ruby socket to lower level socket not just playing with TCP and UDP sockets.
The main task was
    Go very low level socket(Layer 2)
    Receive every single packet no matter what protocol is it
    Receive packets as raw to process it as far as I learn from wireshark
I went through all mentioned references below and also I had a look at /usr/include/linux/if_ether.h which gave me an idea about ETH_P_ALL meaning and more. In addition, man socket was really helpful to me.
Note: The Network card interface must be set in monitoring mode, to do so (using airmon-ng)
1
# Run you network car on monitoring mode
2
airmon-ng start wls1
3
4
# Check running monitoring interfaces
5
airmon-ng
Copied!
1
#!/usr/bin/env ruby
2
require 'socket'
3
4
# Open a Soccket as (very low level), (receive as a Raw), (for every packet(ETH_P_ALL))
5
socket = Socket.new(Socket::PF_PACKET, Socket::SOCK_RAW, 0x03_00)
6
7
puts "\n\n"
8
puts " BSSID | SSID "
9
puts "-------------------*-------------------"
10
while true
11
# Capture the wire then convert it to hex then make it as an array
12
packet = socket.recvfrom(2048)[0].unpack('H*').join.scan(/../)
13
#
14
# The Beacon Packet Pattern:
15
# 1- The IEEE 802.11 Beacon frame starts with 0x08000000h, always!
16
# 2- The Beacon frame value located at the 10th to 13th byte
17
# 3- The number of bytes before SSID value is 62 bytes
18
# 4- The 62th byte is the SSID length which is followed by the SSID string
19
# 5- Transmitter(BSSID) or the AP MAC address which is located at 34 to 39 bytes
20
#
21
if packet.size >= 62 && packet[9..12].join == "08000000" # Make sure it's a Beacon frame
22
ssid_length = packet[61].hex - 1 # Get the SSID's length
23
ssid = [packet[62..(62 + ssid_length)].join].pack('H*') # Get the SSID
24
bssid = packet[34..39].join(':').upcase # Get THE BSSID
25
26
puts " #{bssid}" + " " + "#{ssid}"
27
end
28
29
end
Copied!
References - very useful!
Copy link