pj4533 / wat

A simple packet sniffer in swift

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

wat - a simple packet sniffer in swift

wat is a very simple exploration of using the libpcap library on OSX via Swift through a command line interface.

Running

Just load in XCode6+, and build. Then run with sudo:

sudo ./wat

Initial output should look like this:

Opening device: en0
Datalink Name: IEEE802_11_RADIO
Datalink Description: 802.11 plus radiotap header

Hardcoded to en0 for now.

Also, I am focusing on the output of management and authentication packets (EAPOL), since the first task is getting the 4-way handshake supported for decrypting WPA2 traffic. (More details in the 'gotchas' section here.)

Notes

  • Function pointers in Swift - getting better with XCode6 beta4, but I had to go back to ObjectiveC for this
  • Found this code on Stack Overflow - very useful for low level byte manipulation in Swift:
    func read<T>(byteLocation: Int) -> T {
        let bytes = self.rawData.subdataWithRange(NSMakeRange(byteLocation, sizeof(T))).bytes
        return UnsafePointer<T>(bytes).memory
    }

Limitations

  • SSL - no proxy means no reading SSL, even when WPA/WPA2 is decrypted
  • For proper debugging of traffic, WPA/WPA2 traffic needs to be decrypted (given proper password) -- this code is nontrivial to figure out.
  • Focusing on IEEE802.11 plus radiotap, for now

Help & Links

If you want to help out, please fork and make some pull requests. Here are some links I found useful:

  • tcpdump - tcpdump source code & docs
  • Programming with libpcap - PDF of article from Hackin9 magazine in 2008. Very old, but nice to read some basics.
  • Radiotap docs - Explains the radiotap header - took me a while to figure this out. Basically, you just need the (variable) length

Contact

PJ Gray

License

wat is available under the MIT license. See the LICENSE file for more info.

About

A simple packet sniffer in swift

License:MIT License


Languages

Language:Swift 84.8%Language:Objective-C 15.2%