Wireless Attacks

Probequest – Toolkit For Playing With Wi-Fi Probe Requests

June 18, 2018
2 Min Read

Toolkit allowing to sniff and display the Wi-Fi probe requests passing near your wireless interface.

Probe requests are sent by a station to elicit information about access points, in particular to determine if an access point is present or not in the nearby environment. Some devices (mostly smartphones and tablets) use these requests to determine if one of the networks they have previously been connected to is in range, leaking personal information.

Further details are discussed in this paper.

Installation

pip3 install --upgrade probequest

Documentation
The project is documented here.

Usage
Enabling the monitor mode

To be able to sniff the probe requests, your Wi-Fi network interface must be set to monitor mode.

With ifconfig and iwconfig

sudo ifconfig <wireless interface> down
sudo iwconfig <wireless interface> mode monitor
sudo ifconfig <wireless interface> up

For example:

sudo ifconfig wlan0 down
sudo iwconfig wlan0 mode monitor
sudo ifconfig wlan0 up

With airmon-ng from aircrack-ng

To kill all the interfering processes:

sudo airmon-ng check kill

To enable the monitor mode:

sudo airmon-ng start <wireless interface>

For example:

sudo airmon-ng start wlan0

 

Command line arguments

Toolkit for Playing with Wi-Fi Probe Requests

usage: probequest [-h] [--debug] -i INTERFACE [--ignore-case]
                  [--mode {RAW,TUI}] [-o OUTPUT] [--version]
                  [-e ESSID [ESSID ...] | -r REGEX]
                  [--exclude EXCLUDE [EXCLUDE ...] | -s STATION [STATION ...]]

Named Arguments

--debug
debug mode
Default: False
-i, --interface
wireless interface to use (must be in monitor mode)
--ignore-case
ignore case distinctions in the regex pattern (default: false)
Default: False
--mode
Possible choices: RAW, TUI

set the mode to use

Default: RAW
-o, --output output file to save the captured data (CSV format)
--version show program’s version number and exit
-e, --essid ESSID of the APs to filter (space-separated list)
-r, --regex regex to filter the ESSIDs
--exclude MAC addresses of the stations to exclude (space-separated list)
-s, --station MAC addresses of the stations to filter (space-separated list)

Example of use

sudo probequest -i wlan0