Tuesday, February 22, 2011

Creating Wireless Recon Maps with Google Earth, Kismet, GPSD and Backtrack

Part of Wireless Assessments is always getting a visual view of your client set up. I am always looking for new ways to do this however the best way I have found is using a tool called GISkismet which was written by a guy I know named Jabra.  I was getting ready for work this week and I decided to write a quick article on how to do this. All the tools are open source and available on the backtrack 4 cd except Google earth which you must install.

The first thing to do is start our gps device:

root@bt:~#gpsd -N -n -D 3 /dev/ttyUSB0

NOTE: The -N option makes gpsd run n the foreground and the -D sets the debug level. This alows us to make sure the gps actually gets connected to the satellite.
Once we get our gps going we will want to get Kismet started:

1. Select it from the menu
2. Start the server

3. Start the client
4. Select yes to define a source wifi device for the packet capture
5. Enter the name of your interface, in my case it is wlan0

NOTE: Kismet puts your interface into monitor mode for you so the is no need to do it manually.
6. Close the server window and then you will be presented with the client interface of Kismet

You will need to make sure the gps data is working, you can check this on the Kismet client interface right under the list of access points. I normally capture for a good amount of time to get the most accurate possible gps data.
Kismet saves 5 different types of files by default, the one we are interested in is called the .netxml file:
Once we have made sure our file was properly created we can select GISKismet for the backtrack menu:
GISKismet created a database file using Sqlite so that multiple instances of data can be added. The following command will insert the data from the .netxml file into the database:
1root@bt:~# giskismet -x Kismet-20110221-08-56-26-1.netxml

Once we do that we can query our database at any time and output the results to a kml file which is what Google earth will accept:

1giskismet -q "select * from wireless" -o giskismet_demo.kml
Now lets open Google Earth from the Backtrack Menu: How to can be found here

Next go to File > Open and select our .kml file we just created:

Once Google Earth parses your data you will be taken to a aerial view of the source of your capture which maps out the access points around and color codes them based on encryption:

You can also click on each AP in the map and get more info about the access point like essid, bssid and a few other things. Well thats it, I hope this can help someone to make their wireless reporting a little easier.

thanks to my guru pureh@te from question-defense.com for this guide

No comments:

Post a Comment