Installing on Linux
First, some basic dependencies need to be installed.
sudo apt install build-essential cmake libusb-1.0-0-dev libpcap-dev git
sudo dnf install cmake automake gcc gcc-c++ kernel-devel git
sudo pacman -S base-devel cmake libpcap libusb git
git clone https://github.com/hak5/hak5-wifi-coconut
cd hak5-wifi-coconut
mkdir build
cd build
cmake ../
cmake will confirm that the required dependencies are available. Still in the
build directory, run make to compile the code:make
While still in the
build directory, finally, install the compiled programs:make install
This will install the wifi-coconut tool to the default path (
/usr/local/bin by default), and the rt2800usb firmware to /usr/local/share/.Running the
wifi_coconut tool requires root privileges, since it performs raw access to the USB devices. Run it via sudo: sudo wifi_coconut
Additionally, the
wifi_coconut tool takes several options to automate behavior:Usage: wifi_coconut [options]
By default, the wifi_coconut tool opens in interactive mode.
Universal options:
--disable-leds Go fully dark; don't enable any LEDs
--invert-leds Normally a Wi-Fi Coconut enables all the LEDs
and blinks during traffic; Invert only lights
when there is traffic.
--disable-blinking Disable blinking the LEDs on traffic
Non-interactive modes:
--no-display Don't display channel UI while logging
--wait Wait for a coconut to be found
--pcap=[fname] Log packets to a pcap file. If file is '-',
a pcap file will be echoed to stdout so that it can
be piped to other tools. --wait-for-coconut Wait for a coconut to be connected and identified
--list-coconuts List Wi-Fi Coconut devices and exit
--coconut-device=X If you have multiple Wi-Fi Coconuts, specify
which one to use
--enable-partial Enable a Wi-Fi Coconut even if not all the
radios have been identified.
--plain-dot11 Log plain 802.11 packets instead of radiotap
formatted packets with signal and channel
--quiet Disable most output
Output from the
wifi_coconut tool can be directly piped to other tools like tcpdump or tshark:sudo wifi_coconut --no-display --pcap=- | tcpdump -r -
or
sudo wifi_coconut --no-display --pcap=- | tshark -r -
After connecting the WiFi Coconut, you can look at the output of
lsusb to confirm that the radios have been found:% lsusb | grep '148f:5370'
Bus 007 Device 038: ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter
Bus 007 Device 035: ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter
Bus 007 Device 031: ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter
Bus 007 Device 027: ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter
Bus 007 Device 032: ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter
Bus 007 Device 028: ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter
Bus 007 Device 037: ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter
Bus 007 Device 034: ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter
Bus 007 Device 030: ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter
Bus 007 Device 026: ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter
Bus 007 Device 036: ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter
Bus 007 Device 033: ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter
Bus 007 Device 029: ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter
Bus 007 Device 024: ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter
If all the radios do not appear, check the output of
dmesg - you may need to run sudo dmesg depending on your Linux distribution.When running the
wifi_coconut tool or coconut capture with Kismet, root is required. Run the wifi_coconut tool with sudo, and install Kismet as suit-root or run it via sudo as well.