For the past WLAN Professionals Conference in Phoenix, AZ (February 21-23, 2017), I collaborated with Brian Long for the development of a feature in Airtool to allow users to run a Python script for post processing capture files. The “Launch script” feature was demonstrated during Brian’s Ten Talk titled “Automating Wi-Fi Packet Analysis with Pyshark.”
The idea is pretty simple: after completing the capture, the user is presented with a dialog to choose a Python script for post processing the capture file. This Python script can do whatever you want. The only requirement for the script is to take as its first command line argument the path to a capture file so that Airtool can pass the path of the file when invoking the script.
In the original implementation of the “Launch script” feature, Airtool would launch a Terminal window and then run the script so that users could then inspect its output (if any). In Airtool 1.6, the feature was slightly modified to run the script in the background and save the script’s output to a text file. The name of the output file is the same as the original file ending with the .out extension. For example, the output file after running the script for airtool_2017-09-14_02.37.36.PM.pcap is airtool_2017-09-14_02.37.36.PM.pcap.out.
The reason behind this change was to make it easier to use the output as input to further analysis tasks or for troubleshooting and reporting. It also prevents Airtool from opening Terminal windows, which can be annoying under some circumstances. If the script doesn’t produce any output, that’s okay too. In this case, Airtool would only display any errors that may occur when running the script.
To launch a Python script from Airtool, go to Preferences > General and choose “Launch script” as an action to perform after saving the capture file. Then, when you do a capture and the capture is complete, a “Launch script” dialog will be presented. Choose the Python script you wish to run and click “Launch.”
By default, the dialog is automatically closed after the script finishes, but you can uncheck “Close this window after launching script” to run another script over the same capture file. If that’s the case, choose a different script and then click “Launch” again. When you’re done, simply close the dialog.
Below is a video showing how to use this feature to launch two scripts. The first one is a script I wrote to anonymize 802.11 Layer 2 information (dot11anonymizer.py), and the second one is a script that I also wrote based on a Bash script from Eric Garnel that takes a capture file and displays an HTML view of the frames in Safari (pcap2html.py).
Leave A Comment