War driving, also known as “WiFi sniffing” is the process of locating WiFi networks, and potentially viewing their traffic. You can find more notes on wardriving here on my gitbook.

The following sections will cover how to begin wardriving using an android device or a laptop that runs on Debian based linux distributions.

Android

This part is very simple, and it doesn’t take much at all. As long as you have a phone running android, you can install the Wigle WiFi Wardriving app. With this you can make an account on Wigle.net and keep track of your individual stats and uploads. Though that isn’t required, you can upload anonymously as well.

Starting

With the app open you can tap the X icon in the top right, and it will begin scanning and collecting the networks and bluetooth around you. image

Let this run as long as you desire, the longer it runs and the more it goes, the more you collect. When we’re done we can tap the WiFi Scanning looking symbol in the top right to stop scanning. image

When you’re ready to upload it all for processing, just tap the button that says UPLOAD TO WIGLE.NET in the top left. After that click the 3 lines in the top left and select uploads. Here you will see a timestamp of the year/month/day it was uploading and the status of it. image

From there it’s simple. You’ve done it, you’ve done some wardriving. Look around the app more, look at stats, rankings, map, news, etc.

Linux

For this you will need a couple things, like WiFi Adapters, and the Kismet software. A GPS Adapter and the GPSD software is not REQUIRED but will make it a lot more fun and adds the ability to see where you seen a specific WiFi.

Installing Kismet

I am running Debian but this also work on other linux distros. I will be covering how I did this on Debian and other Debian based distros but they have documentation on installing it from source.

As I am running Debian 12(Bookworm), we will run the following commands to install kismet

wget -O - https://www.kismetwireless.net/repos/kismet-release.gpg.key --quiet | gpg --dearmor | sudo tee /usr/share/keyrings/kismet-archive-keyring.gpg >/dev/null

echo 'deb [signed-by=/usr/share/keyrings/kismet-archive-keyring.gpg] https://www.kismetwireless.net/repos/apt/release/bookworm bookworm main' | sudo tee /etc/apt/sources.list.d/kismet.list >/dev/null

sudo apt update && sudo apt install -y kismet gpsd gpsd-clients gpsd-tools

From here we need any WiFi radio we can use, including the built in one. I myself have and recommend these adapters:

If you’re looking for GPS adapters, I also have the following, I primarily use the GlobalSat BU-353-S4

Setting up Kismet

Before we start, we should make a couple quick modifications. We can run kismet as normal and collect multiple things but if we’re going to be wardriving, we want to either add --override wardrive to the end of the command… OR we can add the wardrive settings to our /etc/kismet/kismet_site.conf file. This file will be our config and won’t be modified any time kismet updates.

In our kismet_site.conf file we want to add a source, as in a WiFi or bluetooth device, our GPS configuration if we are using a GPS dongle/adapter, and our wardriving settings.

I run with multiple adapters and a WiFi Coconut. We need to find the name of our sources first. To find these, and grab the name of it run:

ip a

image

We want to add that to our kismet_site.conf file.

image

GPS

If we have a GPS adapter and want to use that, we need to tell the system to use that, depending on your device it will be either dev/ttyUSB0 or /dev/ttyASM0 then set it with with gpsd.

The easiest way to find this is to run the following before and after plugging in your adapter:

ls /dev/tty*

image

After we have that we have gpsd use that device with:

gpsd /dev/ttyUSB0

and verify it’s working with

gpsmon

image

OR

cgps

image

Once we have that set, we can add our GPS into our kismet_site.conf file as well.

Now last of all, is to add the wardriving mode to our .conf file as well. We don’t HAVE to do this, we can simply just run

kismet --override wardrive

to run it in wardrive mode. But if we are going to be using it for wardriving by default, we can take the /etc/kismet/kismet_wardrive.conf and add that to our kismet_site.conf file. Either one is fine.

We can copy/paste the contents in there or run the following to automatically copy all the contents over:

cat /etc/kismet/kismet_wardrive.conf | sudo tee -a /etc/kismet/kismet_site.conf > /dev/null

So now our /etc/kismet/kismet_site.conf file should look like this image

With everything plugged in and on, we can now run kismet!

Running Kismet

Simply run

kismet

or if you didn’t add the wardrive.conf to your site.conf, run:

kismet --override wardrive

image

Then we’re wardriving! We can verify our everything by either watching the screen fill with info image

We can also go to the kismet GUI with http://localhost:2501

When first goin here it will ask you to set a username and password. But when we’re in, if you have GPS enabled you will see your coordinates in the top right. image

We can also see the WiFi sources we have enabled by going to to the 3 linesi nthe top left, and selecting Data Sources. image

You’re up and wardriving!

Post Capture

When you’ve finished your drive, youll have some files. image

You can take the .wiglecsv file, upload it into Wigle.net to your stats.

If we have GPS enabled and the info, we can convert the file into a KML File to be used with Google Earth. More info here.

kismetdb_to_kml --in some-kismet-log-file.kismet --out some-kml-file.kml

We are also able to convert the .kismet file to a .pcap file to be analyzed in Wireshark. Documentation on that can be found here.

kismetdb_to_pcap --in some-kismet-log.kismet --out some-pcap-log.pcapng

Conclusion

That’s how you wardrive!

Keep in mind when running this on a laptop, you’ll want to make sure you have a long enough battery, the ability to charge it and your power settings are correct. I take mine, make sure it does nothing when the laptop lid is closed and close it that way I consume as little battery as possible.

This is also 100% doable with a smaller machine, like a RaspberryPi or a Zimaboard, which are smaller and much more portable, but you still need to keep an eye on the battery, as well as have some extra steps in there such as auto launching, the ability to SSH/VNC into it while out if needed/wanted. There will be a guide on that coming soon to be on the lookout!