In addition to the airport utility the atheros-based wireless card in my Macbook Pro (haven't checked the newer models that are Broadcom-based) is fully compatible with pcap. This means that you can use tcpdump or wireshark to capture wirelessly. Make sure you set the capture mode to Radiotap so you get the radio info as well as the frame. According to my tests, though, pcap_inject does not work.
-J
On Jun 22, 2010, at 6:16 PM, Joshua Wright wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 6/22/2010 6:16 PM, Robin Wood wrote:
>> So, the general concensus has been to run the tools in a VM. KisMAC is
>> a good, but active, scanner and I should be able to compile some of
>> the other tools if I set the build environment up correctly.
>>
>> Looks like I'll be sticking to the VM, unfortunately that seems like
>> the answer for most things on a Mac, use it to control the VMs and do
>> the report writing but do all the real work in a VM.
>
> Johnny Cache, Vinnie Liu and I are just putting the finishing touches on
> Hacking Exposed Wireless, 2nd Edition. It's available for pre-order on
> Amazon, and should be shipping in the middle of July
> (http://amzn.to/d4D2SU). In this fully-revised book we present
> step-by-step help for implementing multiple attacks against 802.11,
> Bluetooth, ZigBee and DECT, with countermeasures for each attack.
>
> Pertinent to this discussion is Johnny's chapter "Bridging the Airgap on
> OS X" where he illustrated an example of compromising a remote OS X box
> and leveraging it to attack local wireless networks. In this discussion
> he talks about the OS X "airport" utility.
>
> The airport utility is located at
> /System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resour
ces/airport.
> In 10.6 systems, you can use this tool to initiate a monitor-mode
> packet capture saving to a libpcap file, as well as active scanning and
> other interesting functions. During a packet capture with the airport
> utility, the Airport icon on the task bar will turn into what we decided
> is the "Eye of Sauron".
>
> While Windows Vista and 7 have native monitor-mode support in drivers,
> there are no native tools, forcing us to rely on the NetMon package.
> Fortunately with OS X, we have the native airport utility.
>
> Some of Johnny's scripts and tools from this chapter have been put
> online at www.hackingexposedwireless.com. I'll continue to post
> materials there this week, as well as the free online chapters providing
> in-depth analysis of 802.11, Bluetooth (including attacks against
> Simple, Secure Pairing) and RF fundamentals.
>
> - -Josh
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkwhYFkACgkQapC4Te3oxYz7EwCeKC3wwjAGH9Qe4XMwcouEunlC
> 2isAnRqH1oTm6KbPc5TwMZeaSlFWdnHT
> =6Gzy
> -----END PGP SIGNATURE-----
-J
On Jun 22, 2010, at 6:16 PM, Joshua Wright wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 6/22/2010 6:16 PM, Robin Wood wrote:
>> So, the general concensus has been to run the tools in a VM. KisMAC is
>> a good, but active, scanner and I should be able to compile some of
>> the other tools if I set the build environment up correctly.
>>
>> Looks like I'll be sticking to the VM, unfortunately that seems like
>> the answer for most things on a Mac, use it to control the VMs and do
>> the report writing but do all the real work in a VM.
>
> Johnny Cache, Vinnie Liu and I are just putting the finishing touches on
> Hacking Exposed Wireless, 2nd Edition. It's available for pre-order on
> Amazon, and should be shipping in the middle of July
> (http://amzn.to/d4D2SU). In this fully-revised book we present
> step-by-step help for implementing multiple attacks against 802.11,
> Bluetooth, ZigBee and DECT, with countermeasures for each attack.
>
> Pertinent to this discussion is Johnny's chapter "Bridging the Airgap on
> OS X" where he illustrated an example of compromising a remote OS X box
> and leveraging it to attack local wireless networks. In this discussion
> he talks about the OS X "airport" utility.
>
> The airport utility is located at
> /System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resour
ces/airport.
> In 10.6 systems, you can use this tool to initiate a monitor-mode
> packet capture saving to a libpcap file, as well as active scanning and
> other interesting functions. During a packet capture with the airport
> utility, the Airport icon on the task bar will turn into what we decided
> is the "Eye of Sauron".
>
> While Windows Vista and 7 have native monitor-mode support in drivers,
> there are no native tools, forcing us to rely on the NetMon package.
> Fortunately with OS X, we have the native airport utility.
>
> Some of Johnny's scripts and tools from this chapter have been put
> online at www.hackingexposedwireless.com. I'll continue to post
> materials there this week, as well as the free online chapters providing
> in-depth analysis of 802.11, Bluetooth (including attacks against
> Simple, Secure Pairing) and RF fundamentals.
>
> - -Josh
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkwhYFkACgkQapC4Te3oxYz7EwCeKC3wwjAGH9Qe4XMwcouEunlC
> 2isAnRqH1oTm6KbPc5TwMZeaSlFWdnHT
> =6Gzy
> -----END PGP SIGNATURE-----
[ reply ]