Tuesday, September 16, 2008

Wardriving with the IPhone

I decided to see which apps were available for the IPhone to do a little Wardriving with and I was chuffed with what I found. Below are deteails on a few applications that I have found useful to do a little network exploration with.


The apps I'll discuss in this post are WiFiFoFum, WiFinder, Ping (Lite), Net Utility and Portscan. These tools are all available from the App Store and do not require you to jailbreak the IPhone. Which I thought was very nice.

First I used the IPhones native WiFi tool to see which networks I could see.

Currently I can just pick up the one access point. I can see that there is no padlock icon so I know it's not encrypted which is useful, but it doesn't tell me whether it's WPA or WEP which is quite useful to know. OK, lets see what I can discover with my fancy new apps.


I have used this app before on Windows Mobile and found the IPhone version to be very stable. I was quickly able to see that it had picked up another AP.

I really like the Radar as it allows me to easily see which points are nearest to me as I am moving around.

Using this WifiFoFum I was able to quickly able to see which AP's had encryption.

And then by clicking on the point i'm interested in I can see which type of encryption it is using.

OK, thats all very nice but If I want an easier way to see which AP's are using encryption as I am driving about I need something different.


Ok, so this app does similar stuff but it goes a little further.

As you can see from the screenshot above, open and closed networks are sorted in categories and the encryption type is listed. I found this is slightly better when driving. As you can see from the screenshot below it's pretty effective at detecting access points

Now what is happening here is when the application finds an open AP, it will connect through to a remote website and if it gets through you'll see a green check mark next the name.

After selecting an Access Point you are presented with some more details and given the option to connect.

You can of course opt to connect by selecting the Connect button as shown above and you will be on that wireless LAN.

Ping (Lite)

This is a free application that I find pretty useful. After bring the application up, you are presented with some pretty standard utilities.

The one I was interested in to start with was Ping Subnet. After running this I was presented with details of all hosts on the subnet that respond to ICMP requests.

It's pretty hard to see in the graphic above but responding hosts are colored green. Well this is great. So now I know who else is on the subnet, you know, on the safe & soft inside.

Oh, and a handy traceroute utility to maybe help get more details of the network infrastructure.

So, I want to take this one step further.

Net Utility

Now I have to change my focus to another site here but basically here I am able to use the port scan feature of Net Utility to see if the host has an open port. This will give you some idea of the role of the host and maybe the firewall rules or lack thereof.

and as we see it's open (obviously)

And then there is also the really handy whois utility too.

And another utility included with this tool is the IP Address Information. This will show you your IP address AND the wireless networks external IP address. Nice!


I found this utility and i thought I would update the post with it. It does basicaly what it says onthe tin. It port scans a host.

It has a few otions where you can set the ports, select a range or let it scan well known ports. And the speed of the scan can be adjusted. It's pretty basic but its the best out there that I have found.

I have tested this on a couple of devices and it seems okay. The option to guess the OS is just that, a guess. But it's not bad and it's fun.

Most of the utilities do have additional functionality on top of what I have shown here.

Change Log:
10-10-08 updated post with details of Portscan.


Mike said...

Great post. Thanks for pointing out those tools. The one thing I don't like about Wifinder and WiFiFoFum are that even though both can see wifi networks with hidden SSIDs, neither have a method to determine that SSID. This should be possible...

SynJunkie said...

I know what you mean. I guess if you were happy to jail break the iPhone you could get kismet on it but I'm not ready to do that just yet. If I do I'll be sure to blog about it.

Anonymous said...

do any of the WD apps have a faciltiy to save a log file that you can save and possibly use with other apps to plot netowrks in a given area/route, that would be awesome for wardriving

SynJunkie said...

There certainly is. See my other wardriving post for details on WiFiFofum which is the tool your looking for.


David Grant said...

You've got to check out yFy Network Finder if you want to do any war driving.


Anonymous said...

IMHO a very good app for scanning a network for hosts is called iNet! It also has other features such as Wake on Lan, PortScan (which isnt very effective), and ping!

Also, there are a ton of jailbreak command line tools out there as well such as nmap, of course telnet, tracert, ping, ssh, etc, and one of my favorites is pirni, an ARP spoofer!

And FTR I don't believe kismet has been ported to the iPhone just yet ;)
Aircrack has though! But no monitor mode, just the cracking portion...

George said...

Hey Syn, great post! These are great tools for unjailbroken, and jailbroken users for that matter...
I just wanted to point out that jailbreaking can give you lots of tools such as nmap, telnet, ping, ssh, Metasploit (yes even metasploit! ;)), pirni (an ARP spoofer), and others! Sadly, kismet isn't ported yet =(
One last thing, since you are in the UK, there is an app called iWep Pro used to launch dictionary attacks against many popular routers in the UK such as BTHomeHub!

SynJunkie said...

Thanks for the comments guys.

George - i'll be sure to check out iWep Pro, it sounds interesting

George said...

I think its jailbreak only though ;) I doubt apple would allow a cracking app
Here's the easiest jailbreak tool just if you need it =)