As Cyber Security students, we wanted to tackle a project that would help progressively advance the security of our world. In this case, we are talking about wireless security. With millions of different networks being active every day, not all of them can be secure. The average person does not know if their network is fully secured, or if it is even protected from the outside world. In this instance, we created a program that would detect if your network is secured or unsecured.
What it does
Wi-Fi Stalker was designed to aggressively run tests on a Wi-Fi network to determine its security level. Upon execution of Wi-Fi Stalker, the program would take the network BSSID, which is captured by an Airodump scan, and start to gather information on that BSSID. The Google and WiGLE API's try and grab coordinate data of the network, then look for surrounding buildings in that area. However, it was to be used by a homeowner on their network, the program could detect if the network was within a household by utilizing the Zillow API. We also utilized Ekata's API to do Reverse Address searches on the networks we found. This in return could give us personal information, such as names, previous addresses, phone numbers, and even resident/employee information about a household, business, or major corporation if their networks are not secured properly.
How we built it
We built Wi-Fi Stalker with several different components. To start, we primarily used Kali Linux as our operating system. The project itself was written in Python and called upon several libraries and 4 different APIs. The API's that were called were Ekata API, which dug up historical information on a property, Google API, which determined the address from a set of coordinates, WiGLE API, which got coordinate data from the BSSID, and lastly, ZillowAPI which determined if the network was in a household or not.
Challenges we ran into
When creating Wi-Fi Stalker, we had some trouble getting all of the API's to work in sync with each other. However, after some debugging, we were finally able to get the API's to talk to one another. Until the Zillow API servers crashed during the middle of our project. Since the servers were still not up by sunrise, we decided to hold off on using the Zillow API.
Accomplishments that we're proud of
As a collective, we are very proud that we were able to create a project that can inform users of the security risks associated with their network, while also being very simple to use. We also feel very accomplished that we were able to detect that a BSSID was vulnerable to attack by running Wi-Fi Stalker against it.
What we learned
The biggest thing that we learned from this project was how hard it was to use an API. As Cyber Security students, we do not primarily focus on developing software or writing programs to this level. Learning how each API works was also a great benefit for us. Some of the APIs had documentation while others, such as WiGLE, had very little documentation which required us to dig deeper and figure out how to utilize the API. All in all, we all gained valuable knowledge that will help us in our future endeavors.
What's next for Wi-Fi Stalker
In the future, we plan on implementing a user interface for the project. With this, it would make using the program a lot easier and even go mobile for on-the-go reconnaissance.