802.11 Massive Monitoring: WiWo

ID N0WHERE:45820
Type n0where
Reporter N0where
Modified 2015-09-05T01:29:52


wiwo is a distributed 802.11 monitoring and injecting system that was designed to be simple and scalable, in which all workers (nodes) can be managed by a Python framework

802.11 Massive Monitoring: WiWo 802.11 Massive Monitoring: WiWo

Building the worker


Install necessary requirements.

$ sudo apt-get install build-essential git subversion libpcap-dev gawk zlib1g-dev libncurses5-dev ccache


Download wiwo source code.

$ git clone https://github.com/CoreSecurity/wiwo.git

Download and extract OpenWrt SDK, in this case we are going to build the worker for OpenWrt Barrier Breaker (ar71xx). For other versions of OpenWrt or architectures visit http://downloads.openwrt.org/ .

$ wget http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/OpenWrt-SDK-ar71xx-for-linux-x86_64-gcc-4.8-linaro_uClibc-
$ tar xjf OpenWrt-SDK-ar71xx-for-linux-x86_64-gcc-4.8-linaro_uClibc-

Copy the worker code to the package directory and build it.

$ cd OpenWrt-SDK-ar71xx-for-linux-x86_64-gcc-4.8-linaro_uClibc-
$ cp -r ../wiwo/worker/ package/
$ make

Install worker package.

$ ls bin/ar71xx/packages/base/
Packages  Packages.gz  worker_0.1_ar71xx.ipk
$ scp bin/ar71xx/packages/base/worker_0.1_ar71xx.ipk root@
$ ssh root@
openwrt$ opkg install /tmp/worker_0.1_ar71xx.ipk

802.11 Massive Monitoring: WiWo 802.11 Massive Monitoring: WiWo

Building OpenWrt image


Download and extract OpenWrt ImageBuilder, in this case we are going to build an image of OpenWrt Barrier Breaker for architecture ar71xx. For other versions of OpenWrt or architectures visit http://downloads.openwrt.org/ .

$ wget http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/OpenWrt-ImageBuilder-ar71xx_generic-for-linux-x86_64.tar.bz2
$ tar jxf OpenWrt-ImageBuilder-ar71xx_generic-for-linux-x86_64.tar.bz2

Copy the worker package to the Image Builder package directory.

$ cd OpenWrt-ImageBuilder-ar71xx_generic-for-linux-x86_64/
$ cp ../OpenWrt-SDK-ar71xx-for-linux-x86_64-gcc-4.8-linaro_uClibc- packages/base/

The OpenWrt worker image customize some configuration files to have a plugn’play worker and a device that only is going to be used as a _ wiwo worker _ , if the device is going to be use in other ways customization to this files are needed.

The following files are going to be customize.

  • /etc/rc.local (execution of the worker binary on startup)
  • /etc/config/wireless (setting wireless interfaces to monitor mode by default)
  • /etc/config/network (setting ethernet interfaces without IP address)

In this document we are going to create this configuration files for TP-Link MR3020 and TP-Link MR3040 . This files change between devices, if you are building for other please verify the necessary content.

$ mkdir -p files/etc/config
$ cat > files/etc/rc.local
# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.

# Flush all ip addresses from eth0 interface.
ip addr flush dev eth0

sleep 5

/bin/worker eth0 &

exit 0

$ cat > files/etc/config/network
config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr ''
        option netmask ''

config globals 'globals'
        option ula_prefix 'fdbc:37cb:b05c::/48'

config interface 'lan'
        option ifname 'eth0'
        option force_link '1'
        option type 'bridge'
        option proto 'static'
        option ipaddr ''
        option netmask ''

$ cat > files/etc/config/wireless
config wifi-device  radio0
        option type     mac80211
        option channel  11
        option hwmode   11g
        option path     'platform/ar933x_wmac'
        option htmode   HT20

config wifi-iface
        option device   radio0
        option network  lan
        option mode     monitor


Replace the DEFAULT_PACKAGES.router value on include/target.mk as show below, this line removes unnecessary packages and includes the worker package.

DEFAULT_PACKAGES.router:=dnsmasq iptables ip6tables ppp ppp-mod-pppoe kmod-ipt-nathelper firewall odhcpd odhcp6c


To get a list of the supported profiles for this image builder, we execute the following.

$ make info
    TP-LINK TL-MR3020
    Packages: kmod-usb-core kmod-usb2 kmod-ledtrig-usbdev
    TP-LINK TL-MR3040
    Packages: kmod-usb-core kmod-usb2 kmod-ledtrig-usbdev

Build the OpenWrt worker image for TP-LINK TL-MR3020.

$ make image FILES=files/ PROFILE=TLMR3020

Flash the OpenWrt image to the device, if we have a device that has the TP-LINK firmware we use the openwrt-ar71xx-generic-tl-mr3020-v1-squashfs-factory.bin image, if we already have installed an OpenWrt image we use sysupgade command.

$ ls bin/ar71xx/openwrt-ar71xx-generic-tl-mr3020-v1-squashfs-*
$ scp bin/ar71xx/openwrt-ar71xx-generic-tl-mr3020-v1-squashfs-sysupgrade.bin root@
$ ssh root@
openwrt$ sysupgrade -n -v /tmp/openwrt-ar71xx-generic-tl-mr3020-v1-squashfs-sysupgrade.bin

Finally we have a _ wiwo worker _ , we can now test it using the _ wiwo manager _ .

802.11 Massive Monitoring: WiWo 802.11 Massive Monitoring: WiWo 802.11 Massive Monitoring: WiWo

Manager requirements

The manager is a multi-platform python application which allows users to interact with wiwo workers. This application requires pcapy 0.10.9 and the last available version of the impacket framework, this one has to be downloaded from the github repository.

To help users match this requirements we show below how to do this on Ubuntu.


The first option is to download the last release of pcapy (0.10.9) and build it for your platform. It’s a pretty straight forward process, but could be a little tricky on Windows. The second option is to download a binary version from this repository


The manager requires to use the last version, today it’s only available from the impacket repository .

Source && Download

802.11 Massive Monitoring: WiWo download 802.11 Massive Monitoring: WiWo 802.11 Massive Monitoring: WiWo