WarFlying Drone: Hunt Down WiFi Devices from the Air | HakByte
We took a look at building one of these rigs from scratch and also analyzed wardriving data gathered from the esp8266 using a python data visualization tool called jupyter notebook, but to take this a step further, we wanted to see how well this war driving rig would perform For gathering aerial wifi, reconnaissance data so on a random vacation trip in missoula cody and i soldered together the raw components from the esp8266 war driving rig and strapped it to the bottom of his drone, then set out on an aerial reconnaissance flight as a simple experiment. Cody had my friend christian and i set up two wi fi access points on our phones to see if they could be precisely detected and located from the air on this episode were gon na dive deeper into analyzing war driving data through python and visualize. The results of our experiment through jupyter notebook to follow along with todays video all youre gon na need, is a computer with a web browser and also the warflying data set that you can download from the link in the description below this. Video was sponsored by pcboa, who offers amazing pcb manufacturing to quickly and easily bring your pcb projects to life check out pcbway.com to learn more about their pcb 3d printing and cnc services. So this is the raw data that was generated from the war driving rig and you can download this as a csv file from my github repository, which you can find over at github.
com alexland esp8266 wardriving. So you can find both that dataset and also the jupyter notebook script were going to be using today, which you can find under the jupyter notebook scripts folder now once youre here, you can just go ahead and click on the following python: notebook file, which is missoula Warflight 0821, 2021 and then you can go ahead and just click on the open in collab badge near the top of the page. So this should open you up in a google collaboratory runtime session and in order to get started with this script, all you have to do is just import. The data set were going to be working with by clicking on this folder icon and then uploading a file that you have on your computer locally. So, of course, im going to go with the missoulawarflight.csv file and once this uploads to our runtime session were ready to start parsing and cleaning the data. So, as you can see, this is uploaded to our runtime session, so im going to go ahead and get started with the actual jupyter notebook. So in this first cell here we start by importing the csv file by using a data, parsing library called pandas, and after importing the csv file, you can see that we have detected a little over 5200 different wi fi networks over the course of our war flying Session now, some of these networks were detected before we actually took off and also after the drone landed.
So this probably contains a lot of extraneous data that we dont want to include in our actual experiment. So, in order to filter out this extraneous data in the following code cell ive added the following time threshold here that allows us to use a pandas function to sort out data that was spotted outside of the following time boundary. So if any wi fi access points were detected before the drone actually took off or after the drone landed, then we go ahead and just delete this data from our data set. So after running this code cell, you can see we come down to just under 2. 000 wi fi access point entries with a total of 341 unique wi fi networks. Pandas makes it really easy for us to organize and clean data, as well as visualize the raw information that we were able to capture on these wireless devices. For example, their signal, strength, encryption or even gps coordinates being able to physically correlate. This data with pinpoints on a map will allow us to better visualize the information we captured, as well as determine the location of vulnerable wifi devices or other interesting wi fi anomalies. Using a mapping, library called folium and also some other built in features like markers and marker clusters, i was able to create the following map that allows us to see the density of wi fi networks in general geographical vicinities. So you can see by zooming in on some of these clusters were able to see the density of wi fi networks in these areas and also information about them.
Just by clicking on one of the clusters and selecting any of these points to view information about these networks, which in this case we can see, will yield their ssid so folio makes it really easy to create feature maps like this and also visualize geographical data. Now, in order to create this map, all i had to do was simply import. The data set we generated from the previous code cell and construct a map, viewing area that simply fits all of our data points into view. By averaging the latitude and longitude of all the spotted wifi access points, now, after constructing the viewing area, we can go ahead and visualize data by calling different functions from the folium library. You can see that the first function i use is the following: polyline function, which i used to simply plot out our war flying route by grabbing the latitude and longitude of every single wifi network that was spotted within our data set and then just drawing a line Between them now, you can see i also iterate over every network that was spotted within our data set and then simply just append. All of these data points to the following cluster object, which is a built in feature from folium that allows us to group um certain markers by a characteristic which in this case, would be their geographical location. So folium automatically handles this for us and just by appending it to the following network cluster and overlaying.
This, on top of our map, you can see, were able to get an idea of what wi fi networks were spotted within certain geographical bounds, and we can also click on them to view information which, in this case, i have set to their ssids now. Finally, you can also see that i appended the following two markers to the map, which grabbed the first and last entry from our data set, which will let us see both the takeoff and also landing point of our drone. Now, taking a look at the map here, you can see that i assigned the following: color coded icons to the take off and landing location, and you might notice that this is quite a bit a ways from where we actually took off since codys drone died in A random field before we were able to actually recover it. You can see that this map gives us a basic overview of visualizing geographical data through folium, for instance, through letting us plot our wardriving route and overlaying. Various interesting data points on it now with some simple modification and data parsing. We can harness these visualization features in order to create a customized map targeting specific wi, fi devices or even other interesting feature. Specific map types like a generic heat map depicting network density. In order to target and plot specific wi fi devices, i set up the following known device list that allows us to target devices with known wi fi access point names which in our case is target 3 and being us mobile, which would be the names of the Networks that christian and i set up on our phones now in order to plot this on our map, all i had to do was simply iterate over every network detected from our data set and create a marker for networks where the ssid is equal to any of These known device values so taking a look at the map here, you can see that we spot target 3 in the exact geographical location that christian set up his phone at.
But if you take a look at bingus mobile, you might notice that we spot this in two different, distinct geographical locations, which is because cody didnt give me enough time to run into position before noticing that his drone was low on battery. Taking a look at the drone footage, you can actually see me start to run into position in the corner of the video where we detected the first instance of the bingus mobile network, as cody was first taking off now after flying a little further out, you can See me standing underneath this bridge at my designated location, which is almost exactly where we detected the second instance on the folium map. After making a loop around the park, we detect the second wi fi network target 3 at around 645 utc, where you can also see christian walking on a trail precisely where his phone was detected in the script. In the final map from this visualization demo were going to take a look at a feature that makes it easy for us to separate data into different layers on a map and see how we can use this in order to visualize wi fi security in the areas That we flew over using a function called feature group were able to group together geographical coordinates by attribute – and in this case im using this in order to group together different wifi networks by their encryption standards. So you can see that ive created a different feature group to correspond with web networks, wpa wpa2 and networks that are otherwise open or unsecured.
In order to add individual networks to these different feature groups, we can sort through our data set for each individual network. Take a look at the encryption type that its using and then go ahead and add it to the appropriate encryption type feature group with a unique, corresponding color marker. Now, after generating these different feature groups, we can go ahead and just add them all to our encryption map and taking a look at the rendered folio map, you can see that we have the following layer control option in the top right corner. That makes it really easy for us to create visual distinction between the different types of data that we picked up along our route. Now, taking a look at wep networks, you can see that we have three instances of this encryption type detected, which is pretty good since wep is a pretty archaic, standard, thats, fairly easy to crack. Now, taking a look at wpa, you can see that we have a single sad instance of this encryption type detected. But if we look at its successor, which is wpa2, youll notice, that this is by far the most prevalent encryption type that was detected along our war. Flying path followed closely by open and unsecured wi fi networks. Today we used python libraries like folium for more advanced wi fi reconnaissance techniques and were able to create a custom map showing us the exact location of the two test. Wi fi networks that we set up in just a three minute flight.
We were able to log around 2000 wi fi networks, which is about five entries per second, and while this only shows us wi, fi access points and not client devices. Well, take a look at implementing that functionality in future videos, possibly featuring the wi fi nugget. If you enjoyed todays video and want to help support the channel, you can check out our webstore over at hacat.com and pick up a wi fi nugget to follow along with future wi fi hacking related episodes. If you have any suggestions for upcoming videos or topics you want to see covered on, the channel feel free to drop a comment below or reach out to me on twitter alexland. As always, thank you for watching and well see you next time on hack five thanks for supporting hack, five find all our shows. Community and pen test products at hack5.org on todays episode of hackbyte were gon na explore aerial, wi fi reconnaissance data using python.