As you may already know the Wardriving Bus Tour is one of the most popular activities every year at Ekoparty. After hopping on the
Due to popular demand this year we held two rounds instead of just one - the first one on Wednesday and another one on Friday.
On both occasions notebooks, cellphones and a Raspberry Pi were all used to record the wireless traffic. The locations were saved using a GPS module connected to the Raspberry Pi, and as a backup we used wigle on the cellphones.
This year it was Infobyte's turn to organize the activity, including a brief workshop.
The full tour on Wednesday included:
- A brief Workshop done at Konex (approx 30 mins)
- The wardriving excursion
On friday, the ship was "captured by pirates" and driven towards the Centro de Exposiciones y Convenciones de la Ciudad de Buenos Aires, were the Smart Cities Expo was being held. The exhibit included a section with electronic voting machines which some of the Ekoparty participants found extremely interesting. A review of the experience by Javier Smaldone can be found here (in Spanish).
As a starting point, we created a new Github repo, were you can find all the resources, including the slides for the workshop as a PDF file.
In order to centralize all the data we found, we decided to use Faraday, showing how to push its Plugins Engine to the limit.
In order to do so, we added three new Plugins to analyze open traffic for DNS and HTTP packets, generate a map of all the WiFis and generate statistics to quantify the security.
Open Traffic Plugin
The file import_dns_pcap.py will read all packets saved from Open WiFi networks. It will create vulnerabilities for non-encrypted cookies or authorization data.
The file import_wigle.py will create a vulnerability with Informational severity and attach a map as evidence. This plugin uses the Android SQLite database as input.
The file import_wardriving_pcap.py creates objects in Faraday according to the security settings of the networks found in a PCAP. Users will be able to see statistics in the Faraday Dashboard including how many networks are using wpa, wpa2, wep and open. It will create vulnerabilities for open and wep. If any of the PCAP files contain a 4way handshake it will also create a vulnerability.
Also, a vulnerability containing the top 10 probe requests found.
The next maps are the results of the wardriving.
The points in green correspond to secure WiFi, yellow are WPA and in red Open and WEP.
|Day 1 - Wednesday|
|Day 2 - Friday|
DashboardThe resulting Faraday Dashboard also shows an abridged version of the results.
|Statistics of the access points that were found. In total we captured 3623 access point, 2990 had WPA2 security, 427 only had WPA, 91 WEP and 23 Open.|
|Access points by Vendor. The chart shows the top 10 vendors. Other contains many other vendors but with low quantity each (less than 1%).|
Get the code for the Plugins from our Github repo here: https://github.com/infobyte/wardriving
We'd like to thank all of the workshop attendees and especially those who came with us on the Bus Tour! We hope to see you soon :)
The Infobyte Crew