[PM] Hi, can you introduce yourself to our readers?
[JD] My name is Jarad Dingman, I am a 20 year old pen-tester, self professed hacker and a Mormon. I am employed by PrinterLogic as a QA tester intern. I am recently engaged and a student at Dixie State University in the CS program. I enjoy programming, hiking, and hacking. I have a pet ball python named ‘Boop le Snoot’ who happens to be the inspiration for the project.
[PM] Recently you released a tool called BoopSuite that is gaining some popularity on the internet. Can you tell us more about it?
[JD] BoopSuite is an upcoming suite of wireless tools developed in Python and named after my pet ball python. It features a tool to sniff traffic named boopsniff and a tool to put cards in and out of monitor mode named boop.
There are more tools coming:
1. a wifi-jammer which will be named boopstrike.
2. a deauth detector and counter attacker which will be called boopcoil.
There are also other tools created as I come up with other needs during engagements. Really, it is a personal project that makes my wireless engagements easier for me, as well as for others in my circles. Thus it has expanded to GitHub. Hopefully, it aids others and can be useful for their pen-testing attempts.
[PM] Can you tell us a little more about those two upcoming tools? And when can we should expect them?
[JD] So boopstrike will be a system for helping to capture handshakes by sending deauth packets to clients on a network, this will kick their connection and force them to reconnect thus allowing you to sniff their handshake. Or can be turned on to just deauth everyone for no reason. The use cases vary.
Boopcoil is interesting and actually hasn't been done before as far as I can tell, if I'm wrong I would love to see it. Anyway boopcoil will detect mass deauth and will subsequently fire up hundreds of clients which will really damage an attackers efforts as he will experience more and more lag. And eventually I will add code to send false eap packets and false eap replies which will corrupt attackers in their effort to sniff passwords. I got the idea while breaking into my offices WiFi as a demo, they asked for mitigation techniques and I was disheartened to say there was none. So I endeavored to be at least one of the first.
I hate to recite my previous answers but since my dev computer is fried it will take quite a bit longer to make those tools. So at this time I don't have a date but I'm hoping to have them both up and running in 3 months.
[PM] How did you come up with the idea of creating it?
[JD] I have used the aircrack suite for a long time and didn’t like some of its features. Thus I wanted to make it better for my particular uses, but at the time of the project the only languages I was familiar with were Python and VB. I started building it in Python with the library scapy several months ago and have just recently got it to a stable enough point where I felt confident in putting it online.
I took inspiration from the aircrack-ng suite but added some ideas that I would love to see implemented in aircrack.
- I added a GUI, which is still in development,
- a channel hopping kill-switch if a filter is specified but a channel isn’t,
- better packet capture files and less useless information displayed by default.
- Plus, my tool also supports the 5ghz frequency in a very easy way.
[PM] Do you have a favorite tool, that you use frequently or that you could recommend for our readers, aside from BoopSuite?
[JD] Well that's a hard one, a favorite tool for what? In my dash I keep nmap, nikto, aircrack-ng, thefatrat, wifijammer, and metasploit. I use Kali Linux as a daily os, which I know isn't recommended but I love it, thus my configuration also has an office suite, Clementine, rambox for work related communication, one of my tools for downloading music from YouTube called TheFeefer, atom, Vivaldi, among others. I hope that answers the question, it is so broad I could right a book to answer this question.
[PM] Is there a reason why you have chosen Python?
[JD] Mostly out of ease, but now that I have a background in C++, I have thought about translating it. However, that is a lot of work for the moment and with an upcoming wedding and the fact that my development computer got fried due to a static charge, I am unable to do so. I am working to raise the money but I am a struggling college student as college students almost always are. If I can raise the money to fix the computer then I might just do that.
[PM] Did you have any difficulties while developing BoopSuite?
[JD] Nothing major, other than losing my development computer to fate. Most of the documentation for scapy is for TCP/IP packets not network packets, not to mention there was a lot of obscure errors that were hard to diagnose, like people putting emoji’s in their wifi SSID. However, all good things take time and effort and, for the most part, I have accomplished whatever I set my mind to with this project.
The hardest part was putting it online and being told that it was worthless. I have had to develop a thicker skin to deal with people, which, in the long run, is a good thing.
[PM] The tool is quite new, but maybe you can tell us what is the future of it?
[JD] I want to make my pen-testing easier and for me that could be many different directions. Currently, the readme on my project lays a few ideas out but really I just want to make a tool that allows people to complete their goals in a timely fashion. Thus I have made my tool simple but as powerful as I can.
[PM] Do you think the ability to code your own tools is something every cybersecurity pro should possess?
[JD] I don’t think you can call yourself a cybersecurity pro without at least basic programming skills. If you use a tool without understanding how it works, that makes you a script kiddie. Simply put, I think everyone should learn programming. Programming teaches people how to think and create, it’s an amazing skill.
[PM] BoopSuite is useful for pentesters and cybersecurity specialists. In your opinion, what is the future of those professions?
[JD] Since moving to Dixie State I have seen more malware and ransomware than anywhere else. Soon people will realize just how real these threats are and at that point the demand for ethical hackers will skyrocket and hopefully create a safer online experience for everyone.
[PM] Can you show us an example how exactly it works?
Boop – putting a card in monitor mode and on channel
Boopsniff – during the actual running of the script:
Boopsniff_gui – During a sniffing session. In development:
Boopsniff – Captured a handshake:
Proof that the handshake was indeed captured and correctly guessed.
[PM] Thank you for the interview. Have you got any final thoughts? Is there anything you would like to add?
[JD] As a personal plug, if anyone wants to help get my development environment up and running there is a donation link on my README page. Also I love getting emails from people telling me how they used my tool so please email me and let me know. If anyone has suggestions I would also love to hear those. Finally, stay tuned as I have another project that I hope will be quite useful and innovative. Thank you for the interview and I hope I answered all your questions to the fullest. I am very grateful for the opportunity afforded me.
Boopsuite on github: https://github.com/M1ND-B3ND3R/BoopSuite/blob/master/README.md