About TrackerJacker:
trackerjacker is a powerful security tool for WiFi wireless networks, similar to Nmap, that can help researchers map unconnected WiFi networks and track devices.
The tool implements its functionality based on IEEE 802.11 and supports network mapping and device tracking through the original 802.11.
Features
1. Support to identify all nearby WiFi networks, and view all devices connected to each network;
2. You can check which device in the target network occupies all the bandwidth;
3. When the target MAC address sends more than 100,000 bytes in a 30-second time window, it supports executing operation commands;
4. Support authentication for any device that sends more than 100,000 bytes in a 10-second time window;
5. Support to view each Dropcam in the target area;
6. When the signal strength of any MAC address is detected to exceed -40dBm, a warning message will be received.
7. Support to see when the target user appears nearby (based on the MAC address of the mobile device), and run commands to remind researchers;
8. Support custom plug-in development to run functional scripts to do something interesting every time a new Apple device appears nearby;
Recommended hardware devices
Panda PAU07 N600 Dual Band
Panda PAU09 N600 Dual Band
Alfa AWUS052NH Dual-Band 2x 5dBi
TP-Link N150
Tool Requirements:
Python 3
Scapy v2.5.0
Pymal >= V17.12.1
ruamel.yaml >= 0.15.35
Supported Platforms:
Linux(Ubuntu、Kali和RPi)
macOS
Tool installation
Since the tool is developed based on Python 3, we first need to install and configure the Python 3 environment on the local device.
Source code installation
Researchers can directly clone the source code of the project locally with the following command:
git clone https://github.com/calebmadrigal/trackerjacker.git
Then switch to the project directory and use the pip3 tool and the other dependencies provided by the project requirements.txt install the tool:
cd trackerjacker
pip3 install -r requirements.txt
Then run the tool installation script:
python setup.py
PyPI installation
pip3 install trackerjacker
Tool use
To view the tool's help messages:
trackerjacker -h
The current version of TrackerJacker supports two main modes of operation, map mode and track mode.
Map mapping mode is used
Map命令:
trackerjacker -i wlan1337 --map
By default, trackerjacker will output wifi_map.yaml file, which stores all nearby WiFi networks and all user information mapped by trackerjacker. wifi_map.yaml file is as follows:
TEST_SSID:
00:10:18:6b:7a:ea:
bssid: 00:10:18:6b:7a:ea
bytes: 5430
channels:
- 11
devices:
3c:07:71:15:f1:48:
bytes: 798
signal: 1
vendor: Sony Corporation
78:31:c1:7f:25:43:
bytes: 4632
signal: -52
vendor: Apple, Inc.
signal: -86
ssid: TEST_SSID
vendor: Broadcom
BRANSONS_WIFI:
90:48:9a:e3:58:25:
bssid: 90:48:9a:e3:58:25
bytes: 5073
channels:
- 1
devices:
01:00:5e:96:e1:89:
bytes: 476
signal: -62
vendor: ''
30:8c:fb:66:23:91:
bytes: 278
signal: -46
vendor: Dropcam
34:23:ba:1c:ba:e7:
bytes: 548
signal: 4
vendor: SAMSUNG ELECTRO-MECHANICS(THAILAND)
signal: -80
ssid: BRANSONS_WIFI
vendor: Hon Hai Precision Ind. Co.,Ltd.
hacker_network:
80:2a:a8:e5:de:92:
bssid: 80:2a:a8:e5:de:92
bytes: 5895
channels:
- 11
devices:
80:1f:02:e6:44:96:
bytes: 960
signal: -46
vendor: Edimax Technology Co. Ltd.
80:2a:a8:8a:ec:c8:
bytes: 472
signal: 4
vendor: Ubiquiti Networks Inc.
80:2a:a8:be:09:a9:
bytes: 5199
signal: 4
vendor: Ubiquiti Networks Inc.
d8:49:2f:7a:f0:8f:
bytes: 548
signal: 4
vendor: CANON INC.
signal: -46
ssid: hacker
vendor: Ubiquiti Networks Inc.
80:2a:a8:61:aa:2f:
bssid: 80:2a:a8:61:aa:2f
bytes: 5629
channels:
- 44
- 48
devices:
78:88:6d:4e:e2:c9:
bytes: 948
signal: -52
vendor: ''
e4:8b:7f:d4:cb:25:
bytes: 986
signal: -48
vendor: Apple, Inc.
signal: -48
ssid: null
vendor: Ubiquiti Networks Inc.
82:2a:a8:51:32:25:
bssid: 82:2a:a8:51:32:25
bytes: 3902
channels:
- 48
devices:
b8:e8:56:f5:a0:70:
bytes: 1188
signal: -34
vendor: Apple, Inc.
signal: -14
ssid: hacker
vendor: ''
82:2a:a8:fc:33:b6:
bssid: 82:2a:a8:fc:33:b6
bytes: 7805
channels:
- 10
- 11
- 12
devices:
78:31:c1:7f:25:43:
bytes: 4632
signal: -52
vendor: Apple, Inc.
7c:dd:90:fe:b4:87:
bytes: 423223
signal: 4
vendor: Shenzhen Ogemray Technology Co., Ltd.
80:2a:a8:be:09:a9:
bytes: 5199
signal: 4
vendor: Ubiquiti Networks Inc.
signal: -62
ssid: null
vendor: ''
It is important to note that this YAML file can be used directly or as input to other tool scripts for parsing.
Trace mode + command trigger
The tracking mode allows us to specify the MAC address of the device to be tracked, and if the specified device exceeds the threshold (defined by bytes), it can be set with the parameter "--threshold 4000":
trackerjacker --track -m 3c:2e:ff:31:32:59 --threshold 4000 --trigger-command "./alert.sh" --channels-to-monitor 10,11,12,44
Using monitor mode interface: wlan1337
Monitoring channels: {10, 11, 12, 44}
[@] Device (3c:2e:ff:31:32:59) threshold hit: 4734
[@] Device (3c:2e:ff:31:32:59) threshold hit: 7717
[@] Device (3c:2e:ff:31:32:59) threshold hit: 7124
[@] Device (3c:2e:ff:31:32:59) threshold hit: 8258
[@] Device (3c:2e:ff:31:32:59) threshold hit: 8922
Tracking Mode + Foxhunt Plugin
trackerjacker -i wlan1337 --track --trigger-plugin foxhunt
The output information is as follows:
POWER DEVICE ID VENDOR
======= ================= ================================
-82dBm 1c:1b:68:35:c6:5d ARRIS Group, Inc.
-84dBm fc:3f:db:ed:e9:8e Hewlett Packard
-84dBm dc:0b:34:7a:11:63 LG Electronics (Mobile Communications)
-84dBm 94:62:69:af:c3:64 ARRIS Group, Inc.
-84dBm 90:48:9a:34:15:65 Hon Hai Precision Ind. Co.,Ltd.
-84dBm 64:00:6a:07:48:13 Dell Inc.
-84dBm 00:30:44:38:76:c8 CradlePoint, Inc
-86dBm 44:1c:a8:fc:c0:53 Hon Hai Precision Ind. Co.,Ltd.
-86dBm 18:16:c9:c0:3b:75 Samsung Electronics Co.,Ltd
-86dBm 01:80:c2:62:9e:36
-86dBm 01:00:5e:11:90:47
-86dBm 00:24:a1:97:68:83 ARRIS Group, Inc.
-88dBm f8:2c:18:f8:f3:aa 2Wire Inc
-88dBm 84:a1:d1:a6:34:08
It is important to note that foxhunt is a built-in plugin, and we can also use the same plugin API to define and use our own plugins.
Tracking mode + plugin triggering
$ trackerjacker --track -m 3c:2e:ff:31:32:59 --threshold 10 --trigger-plugin examples/plugin_example1.py --channels-to-monitor 10,11,12,44 --trigger-cooldown 1
Using monitor mode interface: wlan1337
Monitoring channels: {10, 11, 12, 44}
[@] Device (device 3c:2e:ff:31:32:59) threshold hit: 34 bytes
3c:2e:ff:31:32:59 seen at: [1521926768.756529]
[@] Device (device 3c:2e:ff:31:32:59) threshold hit: 11880 bytes
3c:2e:ff:31:32:59 seen at: [1521926768.756529, 1521926769.758929]
[@] Device (device 3c:2e:ff:31:32:59) threshold hit: 18564 bytes
3c:2e:ff:31:32:59 seen at: [1521926768.756529, 1521926769.758929, 1521926770.7622838]
Tool configuration
trackerjacker.py -c my_config.json
Here's a sample my_config.json configuration file:
{
"iface": "wlan1337",
"devices_to_watch": {"5f:cb:53:1c:8a:2c": 1000, "32:44:1b:d7:a1:5b": 2000},
"aps_to_watch": {"c6:23:ef:33:cc:a2": 500},
"threshold_window": 10,
"channels_to_monitor": [1, 6, 11, 52],
"channel_switch_scheme": "round_robin"
}
Enable/disable the monitor mode for the interface
To enable Monitor Mode:
trackerjacker --monitor-mode-on -i wlan0
To disable Monitor Mode:
trackerjacker --monitor-mode-off -i wlan0mon
Set the adapter channel
trackerjacker --set-channel 11 -i wlan0
License Agreement
The development and release of this project is under an open source license.
Project address
trackerjacker:https://github.com/calebmadrigal/trackerjacker
Resources
https://pypi.python.org/pypi/trackerjacker