|
Proximity v1.0
hot!
|
|
Hits: 68 |
|
Date added: 06/02/2007 |
|
Proximity monitors the proximity of your mobile phone or other bluetooth device and executes custom AppleScripts when the device goes out of range or comes into range of your computer. |
|
|
|
|
|
Python Raw Covert v0.1
|
|
Hits: 12 |
|
Date added: 12/10/2006 |
|
An enhancement of the Raw Covert tool that was released at ShmooCon2006. It is a covert channel over the 802.11 protocol. It uses valid control frames (ACK) for carrying the communication protocol. These frames are usually considered as non malicious and thus are not analyzed by most wireless IDS.
This tool enables a full-duplex communication between two pyrawcovert and thus make it possible to perform some interactive communications (ssh...) or file transfers (scp...) within this covert channel. |
|
|
|
|
|
|
Raw Covert v0.1
|
|
Hits: 18 |
|
Date added: 12/16/2006 |
|
A program that initiates a covert channel over IEEE 802.11 networks thanks to wireless raw injection.
It aims at encoding a covert channel in valid ACK frames in the RA address field. Using ACK frames has the advantage to be quite stealthy as they are considered harmless and thus are generally not analyzed by Wireless IDS. This kind of encoding is quite trivial, but should be extended using encryption...
Covert channel principles can be extended to encode anything between the lines in the IEEE 802.11 protocol (but not necessarily) and to achieve a reliable communication (shell, file transfer...). |
|
|
|
|
|
|
Raw Fake AP v0.2
|
|
Hits: 45 |
|
Date added: 12/19/2006 |
|
Aprogram that emulates IEEE 802.11 access points thanks to wireless raw injection.
It aims at creating/injecting both beacon and probe response frames in order to emulate valid IEEE 802.11 access points.
Infamous tools like Black Alchemy's Fake AP are using ifconfig/iwconfig to change wireless settings like BSSID, ESSID, channel and txpower. But unfortunately when using master mode, some IEEE 802.11 fields are mastered by the driver like the BSS timestamp, sequence number and (some) tagged parameters; and thus cannot be easily forged. E.g., an ESSID change (thanks to iwconfig) resets the BSS timestamp (thanks to Joshua Wright for this hint) giving the opportunity to any wireless IDS to catch a Fake AP easily.
This tool is able to fool both passive scanners (e.g. Kismet) and active scanners (e.g. XP SP2 WZC, NetStumbler) with some limitations (see below) . It can be used to disturb any (newbie) wardriver with some efficiency hiding real wireless networks (of course, this should be further enhanced thanks to a wider tool sending data, control and management frames in order to simulate a set of wireless networks). |
|
|
|
|
|
|
Raw Glue AP v0.1
|
|
Hits: 33 |
|
Date added: 12/15/2006 |
|
A program that catches wireless stations searching for preferred ESSIDs.
It aims at creating/injecting probe responses, authentication responses, association responses to wireless stations wanting to associate themselves to access points.
This tool catches probe requests, send back appropriate probe responses and then tries to catch authentication and association requests. This is a kind of Glue AP which purpose is to catch clients that are actively scanning for any ESSID. This method could be implemented in a Wireless IPS tool.
Any ESSID with both Null ESSID and pre-configured ESSID (which are usually preferred wireless networks in Wireless Zero Configuration) will be caught.
All this stuff is done in monitor mode and uses raw injection which seems to be a required if this method may be implemented in a Wireless IDS (that usually perform detection in monitor mode). |
|
|
|
