|
|
Post by xtr4nge on Aug 8, 2015 9:05:49 GMT
Stalker allows you to find if a device is present (macaddress) by a sound alert or log file. Command line usage: ./stalker.py -i INTERFACE -m MAC {options}Options: -i INTERFACE WLAN Interface (monitor mode required)
-m MAC MAC address to be stalked
-t TIME Target gone time (default 10 seconds)
-l LOG Log path (default ./stalker.log)
-h This help
 1. Start an interface from Menu->Config->Additional_Interfaces->Start to get mon0. (You can achieve this from the command line with: airmon-ng start wlan0 ) 2. Access Stalker module 3. Add the mac-address to be followed (and time to check if mac-address is gone, default 10 seconds) 4. Start Stalker module 5. Run airbase-ng -P mon0 -v (I will release ProbeAll module asap) |
|
|
|
Post by m3m0r3x on Sept 20, 2015 12:50:54 GMT
Hi xtr4nge,
I tested that module and it looked that it works just fine. I have given the module the MAC of my mobile. And when I just connected to the Fruityfi by Karma it was given an alert. So far so good. But exactly some seconds later the log (and the sound alert) says that the device is gone. then it works for a while but after a while, still connected to the FruityWiFiPi stalker says again the device is lost. I think I have to play with the target gone time.
By the way, I have a suggestion for this Plugin. Is it possible to build an option for this module to give a list of MACs?
best regards
mem
|
|
|
|
Post by xtr4nge on Sept 20, 2015 13:33:31 GMT
Hi m3m0r3x, Cool, good to know that somebody is playing with this module  The module works much better if you combine it with the following command: airbase-ng -P mon0 -vI have a module called ProbeAll (looks like I forget to release it) that basically execs the above command. I added the step-by-step into the first post. About the list of mac-address, yes it is possible, I can add the option regards, |
|
|
|
Post by silverse on Mar 31, 2016 9:15:06 GMT
Hi guys
Funny module. I have one question xtr4nger, it is obvios what do the module uses to find the device (Target present), but what happens to notify Target gone?
Reggards
|
|
|
|
Post by xtr4nge on Mar 31, 2016 10:33:37 GMT
Hi silverse, Check the video that I added (initial post) The log is telling you when target is present and when the target gone, also the sound is different when the target is not present anymore. you can change the time (check_time seconds) to check if the target is present or not anymore regards, |
|
|
|
Post by silverse on Mar 31, 2016 10:41:36 GMT
Hi, That video is private haha. I already know how to sep up the module and how to read the output. The problem is that the target device is still present and it outputs like this:  And this is the Wireshark capture during the same time of the monitoring interface:  * the new column is UTC time, but you can check the seconds that match with the module's output. Then, I do not know why it notifies "Target gone" without an evidence (or a envidence I am not seeing yet haha). Regards. |
|
|
|
Post by xtr4nge on Mar 31, 2016 11:03:51 GMT
Sorry about the video, I need to publish it =p
Did you you try with the mentioned option?
airbase-ng -P mon0 -v
The default checking time is 10 seconds, but if the device is not doing any probe request between those 10 seconds (and also not listened by the sniffer) will be marked as gone.
Try extending the time to 30 seconds (you can also use the script from the command line /usr/share/fruitywifi/www/modules/stalker/includes) to debug.
Also notice that if the device is already connected to an access point will be more difficult, but, changing the channel of your monitor interface (to the channel of the connected access point) will increase the possibilities.
regards,
|
|
|
|
Post by silverse on Mar 31, 2016 11:27:24 GMT
Hmmmm, I see. So the problem is that with a very small interval (lets say, 1 sec) after notifiying one probe the next notification will be "gone" as in that second it won't receive another probe... haha, silly me.
By the way, something that I can not verify is the sound alert. I have python-pyaudio installed, but the only way I have to know is pressing "refresh".
I will directly test pyaduio later, just in case.
I know that I am posting lots of questions, but I want to test most of the modules so... there will be more posts hahaha.
|
|
|
|
Post by xtr4nge on Mar 31, 2016 16:44:38 GMT
Hi silverse, No prob at all. Questions are welcome. I'm glad that you are playing with all the modules regards, |
|
