SDR / Pentesting

Motivated by a recent issue on GitHub, I looked into using Scapy with my GNU Radio WLAN Transceiver.

Scapy is a Python packet manipulation tool that can be interesting for penetration testing. It can, for example, be used to create deauth frames or frames with random payload to fuzz a WLAN stack. Using Scapy in combination with the GNU Radio WLAN transceiver can be interesting since you can be sure that the frame is sent as is, i.e., that no chip/firmware/driver is mangling the payload.

To use Scapy, I extended the transmit flow graph with a Socket PDU block that is attached directly to the PHY.

In Python world, I use Scapy to create a WLAN beacon. Some fields are defined, some are set randomly by the Scapy’s fuzz function. (The CRC function is a very ugly hack…)