War-driving With Kismet & A GPS Receiver

War-driving With Kismet & A GPS Receiver

War-driving With Kismet & A GPS Receiver

Most of us rarely stop and think about all the data flying around us. I mean, we are literally living in a web, as if we were spiders. I know, dragons are cooler, but dragons don't live in webs so spiders it is.

Between businesses', homes, vehicles and mobile devices, there are publicly accessible APs everywhere. All brodcasting, to anyone..who wants to listen. Sure, they usually have WPA2/WPA3 encryption enabled, but we all know, WPA2 has never stopped everyone and as of now WPA3 can be popped too under certain circumstances.

A lot of small business always say "I just run a small business, they probably don't even know who we are. Why would they target us?"

Sure, some hackers target big companies, some target governments but most...most hackers are looking for the small to medium size businesses with low hanging fruit that they can easily attack, get in, get out and never be noticed. Less risk, less time, decent reward. Quick and easy, and on to the next target before they even know what hit them.

So today, we are going to talk about War-driving and identifying the devices around us. We should all be aware of how easy it is for someone with a little bit of time and dedication to identify and attack the networks we use everyday. And after our drive, we are even going to map them out to Google Earth.

We will take it further in future blogs but for now. Let's just start with War-driving and identifying the networks.

If you don't know what War-driving is let me explain. If you are just here for the quick tutorial, feel free to skip ahead a bit. War-driving is the act of identifying publicly accessible networks. You can do this with a laptop or cellphone and typically while driving down the road...I mean, I suppose you could War-bike, War-walk, War-jog? Ugh, you can jog, but I'm just take a little drive.

I've done the same thing I am going to show you today with as little as an Android cellphone and a bit of Python but that's a topic for another day.

I am going to assume that if you are still reading at this point that you either just want to see the juicy details on how this is done or you are here for the tutorial and already have your favorite flavor of Linux? Are you a Kali fan too? Additonally you will need a USB WiFi card or an internal WiFi card that supports monitor mode. You will also need a compatible GPS dongle. If you are here for the tutorial and don't have the hardware, you may just want to bookmark this page for later and get you a copy of Kali Linux and/or the hardware you need. I'll list those items for you below.

You don't have to use the items listed above, but you need to be sure the WiFi card supports monitor mode and that the GPS dongle is supported by GPSD. You can see the list of supported devices here.

Okay, so you got your Linux running in a VM and you got the hardware, let's get started.

First we need to install the required software. If you are running Kali Linux then you should already have Kismet, but we will double-check. If you are new to Kismet, Kismet is a wireless sniffer and monitor tool that we will use during our drive to identify publicly accessible networks.

From your Kali terminal let's run:

$ which kismet
/usr/bin/kismet


$ kismet --version
Kismet 2023-07-R1


$ sudo apt update
...


$ apt search kismet | grep kismet/kali-rolling
...

kismet/kali-rolling,now 2023.07.R1-0kali4 amd64 [installed]


Okay good, our Kismet is up to date. Let's install the other packages we need to include GPS data with our network scan. My Kali VM is a bit older than todays date and time, but I keep it up-to-date and as of now I needed to do an install.

$ sudo apt install gpsd gpsd-clients
...

Plug in your GPS device and WiFi card. I will assume you know how to connect your USB devices and make them accessible to VirtualBox or VMWare, or whichever you choose to use. If not, use the VirtualBox Navigation Menu and Select Devices -> USB -> Your Device Name. Don't forget to make both the Wifi card and GPS available.

Next, let us find our GPS device to start with.

$ dmesg | grep tty
...

$ lsusb
...

$ udevadm info -q all -a -n /dev/ttyACM0 | grep u-blox
...



Okay awesome, we know our GPS device is attached to /dev/ttyASM0.

Now, personally I prefer to run GPSD manually so that I know that it is only running when I want it to and so that I can monitor the applications output. So, let's stop the services. I have tried to disable them, but they always come back up after a reboot and once the GPS dongle is plugged back in to Kali. I'll have to circle back around to disabling them in a few. For now, let's just stop the services and continue.

$ sudo systemctl stop gpsd.socket
...

$ sudo systemctl stop gpsd.service
...

$ sudo gpsd -N -n -D 3 /dev/ttyACM0
...


You should now be seeing a bunch of data streaming to your terminal. Let's verify if we are communicating with the sats.

$ cgps -s
...

CGPS will should show you a bunch of data, including Latitude, Longitude, Altitude, Speed etc.. I'm not going to show a screenshot here but if you are seeing a valid lat and lng then your GPS is good to go! Go ahead and stop CGPS by pressing "q". Leave GPSD running in your other terminal. We still have a few more steps to go though.

We need to put our WiFi card into monitor mode. If you are allowing your Virtual Machine to access your Host machine's WiFi card then you may have to unplug your USB Alfa card run ifconfig or airmon-ng, then plug it back in and run it again to determine which device is the correct one.

$ sudo airmon-ng
...

$ sudo airmon-ng start wlan0
...

$ sudo airmon-ng
...


Perfect! Last step, before we can have some fun. We need to edit our Kismet conf and set our GPS configuration.

$ sudo vim /etc/kismet/kismet.conf

Search for GPS and uncomment the line shown in the screenshot and save the file. "gps=gpsd:host=localhost,port=2947"


Finally, let's startup Kismet, view our GUI and see some data.

$ sudo kismet -c wlan0mon
...

This will flood your terminal with a bunch of data, you should also start to see your GPSD terminal starting to spew some additional data as well. If so, that's a good thing.

Let's head on over to our Kismet GUI and see what we have going on.

Open your web browser and head on over to http://127.0.0.1:2501


If everything is working as expected, you should be capturing packets from any devices communicating over WiFi in your area. If you look in the upper right corner of Kismet's GUI, you should also see your latitude and longitude. Pretty sweet eh?!

Congratulations, you are now War-driving! But, what can we do with all this data Kismet is capturing for us? Well, once we are done with our drive let's exit our browser, click the Kismet terminal and press CTRL + C to stop the scan and also press CTRL + C on the GPSD terminal. We can close these out and start with a fresh terminal for this next part.

On this next phase of our recon, we are going to convert the .kismet database file that Kismet created for us to a KML file and import it to Google Earth, but we need to install it first.

Go ahead and download Google Earth here. If you are running Kali or Ubuntu you will be downloading a .deb file. Once downloaded you can proceed to install.

$ cd Downloads
$ sudo dpkg -i google-earth-pro-stable_7.3.6_amd64.deb


Google Earth should now be installed and you can find it but opening the Kali menu and searching for "Google", you should see Google Earth Pro appear. You can go ahead an open now if you wish.

Once Google Earth is open you can go ahead and turn on or off the Layers you want to include with your scan results. This often helps identify roads, parks, places, photos etc. with your scan results to give some more relative information since GPS is not 100% accurate.

Next, let's convert our .kismet file into a .kml file so that we can import our data.

$ kismetdb_to_kml -i /var/log/Kismet-20240223-22-53-53-1.kismet -o ~/Kismet-20240223-22-53-53-1.kml

Now, back in Google Earth we can import the KML. Go to File -> Import and select your .kml file you just created in your user's home directory.


Voilà, there you have it! All your results mapped into Google Earth with your additional layers of the locations you were driving.

In a future blog we will touch on some more advanced subjects such as filtering this data to only show Access Points and even have a little fun with captured authentication handshakes and Hashcat to crack WPA2 Access Point shared passwords. We will explore Hashcat instead of aircrack-ng, so that we can utilize our gaming GPUs and really put in some work!

Back to blog

Leave a comment

Please note, comments need to be approved before they are published.