SSID Finder

It’s good to know how you play with a lower level of Ruby socket and see how powerful it’s. As I’ve experienced, it’s a matter of your knowledge about the protocol you’re about to play with. I’ve tried to achieve this mission using Packetfu gem, but it’s not protocol aware, yet. So I fired-up my Wireshark(filter: wlan.fc.type_subtype == 0x08) and start inspecting the wireless beacon structure and checked how to go even deeper with Ruby socket to lower level socket not just playing with TCP and UDP sockets.

The main task was

  • Go very low level socket(Layer 2)
  • Receive every single packet no matter what protocol is it
  • Receive packets as raw to process it as far as I learn from wireshark

I went through all mentioned references below and also I had a look at /usr/include/linux/if_ether.h which gave me an idea about ETH_P_ALL meaning and more. In addition, man socket was really helpful to me.

Note: The Network card interface must be set in monitoring mode, to do so (using airmon-ng)

  1. # Run you network car on monitoring mode
  2. airmon-ng start wls1
  4. # Check running monitoring interfaces
  5. airmon-ng
  1. #!/usr/bin/env ruby
  2. require 'socket'
  4. # Open a Soccket as (very low level), (receive as a Raw), (for every packet(ETH_P_ALL))
  5. socket = Socket.new(Socket::PF_PACKET, Socket::SOCK_RAW, 0x03_00)
  7. puts "\n\n"
  8. puts "       BSSID       |       SSID        "  
  9. puts "-------------------*-------------------"
  10. while true
  11.   # Capture the wire then convert it to hex then make it as an array
  12.   packet = socket.recvfrom(2048)[0].unpack('H*').join.scan(/../)
  13.   #
  14.   # The Beacon Packet Pattern:
  15.   # 1- The IEEE 802.11 Beacon frame starts with 0x08000000h, always!
  16.   # 2- The Beacon frame value located at the 10th to 13th byte
  17.   # 3- The number of bytes before SSID value is 62 bytes
  18.   # 4- The 62th byte is the SSID length which is followed by the SSID string
  19.   # 5- Transmitter(BSSID) or the AP MAC address which is located at 34 to 39 bytes 
  20.   #
  21.   if packet.size >= 62 && packet[9..12].join == "08000000"   # Make sure it's a Beacon frame
  22.     ssid_length = packet[61].hex - 1                         # Get the SSID's length
  23.     ssid  = [packet[62..(62 + ssid_length)].join].pack('H*') # Get the SSID 
  24.     bssid = packet[34..39].join(':').upcase                  # Get THE BSSID
  26.     puts " #{bssid}" + "    " + "#{ssid}"
  27.   end
  29. end

References - very useful!