SniffAir – An Open-Source Framework for Wireless Security Assessments

BSidesLV 2017

Presented by: Steven Darracott, Matthew Eidelberg
Date: Tuesday July 25, 2017
Time: 18:30 - 18:55
Location: Breaking Ground

SniffAir is an open-source wireless security framework. Its primary purpose is to provide pentesters, systems admins, or others eager about wireless security a way to collect, manage, and analyze wireless traffic. SniffAir was born out of the hassle of managing large or multiple pcap files while thoroughly cross- examining and analyzing the traffic, looking for potential security flaws or malicious traffic.
We created SniffAir to collect all the traffic broadcasted, grouping them by Client or Access Point. SniffAir can be instructed to parse the information based on rules created by the user. These rules help define the scope. Using these rules, SniffAir moves the in-scope data to a new set of tables, allowing the framework to compare against the original table for anomalies. The user can then perform queries, which display the information required in a clear and concise manner – perfect for facilitating attacks.

Matthew Eidelberg

Matthew Eidelberg is a husband, father, and security fanatic. Matthew currently works as a Security Consultant on Optiv’s Attack and Penetration team. He has a passion for wireless, malware, red teaming and spends his free time taking things apart. @Tyl0us on Twitter

Steven Darracott

Steven is currently employed by Optiv Security Inc. as a Security Consultant on the Attack and Penetration team where he performs numerous wireless security assessments annually.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats