SnapDesk and beacon-sniffer: A System for Real-Time Beacon Frame Monitoring Using a Managed Mode Interface

Abstract

Client-server communication is increasingly critical in our interconnected world, making the integrity of wireless networks essential. Malicious actors can exploit vulnerabilities in Wi-Fi infrastructure through attacks such as Evil Twin Attacks, where rogue access points impersonate legitimate ones to intercept user data. A tool called Snappy attempts to address this threat by identifying nearby access points, but it suffers from several usability and reliability limitations.

This thesis proposes a more user-friendly and effective approach, building upon Snappy's core logic. It introduces two main components: a custom Linux kernel module called beacon-sniffer, and a Debian-based user-space application named SnapDesk. The beacon-sniffer module is injected into an existing Wi-Fi driver and captures beacon frames using a Wi-Fi interface in managed mode, eliminating the need for monitor mode or specialized hardware. The captured data is sent to SnapDesk, which analyzes the frames, stores relevant information in a database, and notifies the user when new or suspicious access points are detected.

Together, these components form an accessible and efficient platform for Evil Twin detection, improving on existing solutions by reducing complexity and enabling real-time alerts. This work lays the foundation for more robust and user-oriented wireless threat detection systems.

SnapDesk and beacon-sniffer can be found in the following github repository: https://github.com/Flopag/SnapDesk