Run Airmon-ng from VM without external “USB Wireless card”

Note: Updated post read here.

Most people run Penetration testing distros using virtualization softwares like VMware or Virtual Box. But the major drawback of these softwares is that they cannot give the guest system direct access to host’s wifi card. No matter how you connect your host system to any network, guest syetem is always connected using ethernet. So to use softwares like Airmon-ng, which are wireless pentesting tools, cannot be used from virtualized environment. So to use wireless tools there are two existing solutions; either system has to boot on bare metal or just use an extra USB Wireless card. To save you extra cost, this is an unique solution explained in this post.

Enter Docker! Docker is a Virtualization software, which virtualizes your Operating system. While other virtualization softwares like VMware or Virtal Box virtualize computer system hardware. Docker project was mainly started to provide a solution, for Linux applications to run in independent opertional environment. Read more about docker here.

So for using Airmon-ng and Kali we will setup a docker image. As you install Kali directly into VMware or Virtual Box right from the ISO file, we will be making Kali image of our own by downloading packages directly from server.

Install docker for your system

Docker Terms Explanation

  • Docker Image : It is the basic set of files, which contain all the downloaded and installed packages, files, etc. It is very similar to VMware image(which is also set of files containing configurations of VM, file system, etc).
  • Docker Container: It is the Docker image in action. So from one docker image we can spawn multiple containers.

More explanation about Docker image and container you can find in stackoverflow question.

Note: In this following post “$" prompt denotes your local system and “root@user:/#" prompt denotes docker container system.

Setting up Kali Base Image

Get the Kali Base Image builder script from Git

$ git clone https://github.com/docker-linux/kali
$ cd kali/

Start Building Base Image

$ sudo sh build-kali.sh

Open Kali docker image

$ sudo docker run -it linux/kali /bin/bash
root@user:/# 

Congrats your Kali base is ready.

Now install tools into your Kali Linux

root@user:/# apt-get install kali-linux
root@user:/# apt-get install kali-linux-wireless
root@user:/# apt-get install kali-linux-top10
root@user:/# exit

Other Kali Packages can be found over here.

Save the changes of your image

List running Containers

 $ sudo docker ps -a
 [sudo] password for user: 
 CONTAINER ID  IMAGE        COMMAND       CREATED          STATUS            PORTS   NAMES
 ca536972f412  linux/kali   "/bin/bash"   21 minutes ago   Up 21 minutes             romantic_goldstine   

As seen above it is a running container. Save changes made to image. That is commit changes made in container. This can be done as shown below. Notice the CONTAINER IDit is important.

$ sudo docker commit ca536972f412 kali:1

In above command the CONTAINER ID is used while commiting changes. Also the name kali is REPOSITORY name, you can name it anything. And the number 1 is a TAG, it also could be as you like. Now check out the images you have with following command.

 $ sudo docker images
 [sudo] password for user: 
 REPOSITORY   TAG      IMAGE ID        CREATED         VIRTUAL SIZE
 kali         1        9106e4c59cd6    19 hours ago    4.233 GB
 linux/kali   latest   0fb298549348    6 weeks ago     220.3 MB

As seen above there are two images; the base image linux/kali and the image kali in which changes were made. Now that everything is set up, it is ready with all the software, we just need to use our arsenal.

Start using Docker-Kali Image

$ sudo docker run -it --net="host" --privileged kali:1 /bin/bash
root@user:/#

--net="host" – container will share the host’s network stack and all interfaces from the host will be available to the container.
--privileged – Docker will enable to access to all devices on the host as well as set some configuration in AppArmor to allow the container nearly all the same access to the host as processes running outside containers on the host.
So this means that docker container will have access to host machine’s Network Stack as well as devices, this is the only feature which makes docker stand out of all Virtualization softwares.

using Airmon-ng

root@user:/# airmon-ng start wlan0
No interfering processes found
PHY    Interface  Driver  Chipset
phy0   wlan0      ath9k   Atheros Communications Inc. AR9485 Wireless Network Adapter (rev 01)
       (mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
       (mac80211 station mode vif disabled for [phy0]wlan0)

root@user:/# ifconfig

wlan0mon  Link encap:UNSPEC  HWaddr 40-F0-2F-57-3D-37-3A-35-00-00-00-00-00-00-00-00  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:18 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:3234 (3.1 KiB)  TX bytes:0 (0.0 B)

As seen above a new interface is created called as wlan0mon this is the monitoring interface.

root@user:/# airodump-ng wlan0mon

Now you may need new terminal to the running container this could be done as following, open new terminal and type in following

 $ sudo docker ps -a
 [sudo] password for user:
 CONTAINER ID  IMAGE   COMMAND      CREATED         STATUS        PORTS  NAMES
 d566052a8ec4  kali:1  "/bin/bash"  4 minutes ago   Up 4 minutes         ecstatic_bohr

 $ sudo docker exec -it ecstatic_bohr /bin/bash
 root@user:/#

Now you can do whatever you like further with this. And, finally, since wireless interface was put to monitoring mode we should stop monitoring before we exit continer. Doing this is important because the Guest OS will not get access to wireless card unless monitoring process by Docker container is not stopped.

root@user:/# airmon-ng stop wlan0mon
PHY	Interface	Driver		Chipset

phy0	wlan0mon	ath9k		Atheros Communications Inc. AR9485 Wireless Network Adapter (rev 01)
		(mac80211 station mode vif enabled on [phy0]wlan0)
		(mac80211 monitor mode vif disabled for [phy0]wlan0mon)
root@user:/# exit
$

So this is how you can run Airmon-ng or any Wireless Penetration Testing tool from your machine using docker, without any extra “USB Wireless card”.

References

Disclaimer: Please do comment or send e-mail at surajssd009005@gmail.com for things you do not understand, I will reply to your queries as soon as I can. Also if anything you find wrong please mention, I will be more than happy to make changes.

Advertisements

29 thoughts on “Run Airmon-ng from VM without external “USB Wireless card”

    1. Try the build step again, you need good internet connection to do that. If internet connection is stuttering it may stop downloading and build fails

      Like

  1. Hey , Really nice writeup. Have you been running docker in native Ubuntu environment ? Or via virtual machine ? I have tried using docker native image on Mac Os however if I check my interfaces I don’t get my OS wireless device : /

    root@default:/# ifconfig wlan0
    wlan0: error fetching interface information: Device not found

    Have you maybe had a similar problem/challenge 😀 ?

    Like

    1. Thanks for the praise. I have been running Docker on Ubuntu environment. Try doing $ ifconfig and look for wireless interface, maybe Mac has different names for wireless interface.

      Like

      1. Okay actually its retrieving packages but shows “sudo:docker:command not found” at the end

        SO what should I do to continue with installation?

        Like

  2. Hi Guys,

    Is anybody able to get wireless interface on OSX(Mac) working??
    Although the interface name in mine case is “en1” but I am not able to find it in kali, In fact IP itself is in other range. Please someone help me…

    ERPE, were you able to get it working?

    Liked by 1 person

  3. I got the good internet connection but failed the installation giving error has ” sudo: debootstrap: command not found
    Build failed! ”
    so please help me in getting installed…
    Thank you…!!!

    Like

      1. I tried doing the same from windows but could not get the wireless interface. It only showed the ethernet interfaces and one docker interface using ifconfig command. Did anyone find it out how can we use aircrack by this method from windows ?
        Thanks.

        Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s