An interesting take on WEP cracking

[Ben Kurtz] is doing a little WEP cracking but in a bit of a different way than we’re used to. WEP cracking makes us think of war driving; driving around with your laptop open, looking for WiFi access points, and stopping to run some software when you find them. [Ben's] way is similar but different in one key way, he’s using an iPhone as the frontend.

This started as a way to find a use for some leftover equipment. He threw together a Linux box and loaded up Aircrack-ng, the software we often see used in penetration testing. To remove himself from shady-looking activities in public he coded a web interface using the Python package Turbogears. It uses screen, a program often used with SSH to run services concurrently in different terminals, with the option to disconnect without stopping the processes. Now it’s just a matter of parking the hardware near an AP, and doing the work in a browser on your mobile device. You can check out the script he wrote, as well as installation instructions, in his post linked above.

[Thanks Tech B.]

[Note: Banner image not directly related to this post]


  1. Bunny says:

    I used to do something similiar before the iPhone came out. Had a symbian phone with Wifi.and use putty for symbian. Would set up a ad-hoc network with another wireless card in my laptop. So the main wifi card was free to do what you wish.

    The ubiquity of SSH!

  2. Ib says:

    It is a very nice idea, however I thing this could have also been done with VNC.

  3. 404Usernotfound says:
  4. Kris Lee says:

    Those crooks never stop learing new tricks.

  5. Alex Rossie says:

    This is retarded.

  6. Maave says:

    404Usernotfound knows the real deal: do everything straight from the iPod, no laptop required.
    On that note, does anybody know of a similar setup for Android devices? All I see are a lot of “it would work but nobody ever compiled it” posts.

  7. Stealth- says:

    So, what, the computer system is the one doing the actual wireless data gathering from the AP? Seems a little useless to me, honestly. I mean, do people really think twice about someone on a laptop in a car? I know I wouldn’t.

    It is interesting, though.

  8. barry99705 says:

    Wardriving has nothing to do with cracking networks.

  9. pepep says:

    aircrack-ng installs directly on my nokia n900.. just sayin’.

  10. viperware says:

    Most people have no preconception of WEP cracking OR wardriving, so y’all have nothing to worry about.

  11. gjgj says:

    yep its retarded

    especially the newcommers who believe its gunna work by just loading up some tool

    if you dont have amplifiers and good antennas all you gonna capture is trash, fragments

    not to mention that for doing deauth attacks you have 2be close to the ap as well

  12. moo says:

    pff only reason i can think of using this is to not look to suspicious in front of peoples houses while cracking there wep or the more challenging wpa.

  13. Phil says:

    Neat and all that screen is, this is pretty trivial stuff. I’m surprised to see it here.

  14. anti says:

    How is this different from sshing into the laptop to do this? You could even restore a screen session from there!?

  15. strider_mt2k says:

    Shady is as shady does…

  16. yopo says:

    karma works on openwrt

  17. bilbao bob says:

    Google and now Apple already do this.

    Every Android device – well, a significant majority of them – is already setup to do something similar. Well, I’m exaggerating a bit, but you’d still be interested.

    When you use the data capacity of your phone, your phones equivalent of a mac address, along with your GPS coordinates AND a list of all the ESSIDs of the visible wifi networks in the area are uploaded regularly.

    It used to be that only the cellphone providers had this data. Now google and apple have it.

    If GPS isn’t available, the cell tower triangulation algorithms are used. As a distant third, they can use already mapped ESSIDs – and since this has been going on for a while, that map is already pretty darned complete.

    Why is this important? Because now google (and to a lesser extent but pulling up into the #2 spot in a hurry) has THE BEST AND MOST COMPLETE universal database of ip address to actual location mapping in the world.

    Oh, and your real identity information, even though that isn’t being openly sold. Yet.

    Rest assured – you’re already tagged, bagged and about to be slagged. I don’t actually know what slagging is, but for my purposes it means that you and all your relationships and interactions with other people will be available for instant recall and cross-reference.

    Is that totally cool, or what?
    The future is pretty damned rad!

  18. Jorge says:

    VNC client, ssh client, or native aircrack tools do this better, easier, and faster and have a higher coolness factor because you dont look like the chump that poorly reinvented the wheel poorly.

  19. Jorge says:

    lol said poorly twice. Now im the chump thats too tired to proof read so as not to make an ass of myself.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

Join 96,434 other followers