This is a Python script that anonymizes 802.11 Layer 2 information found in capture files. It supports the following 802.11 Layer 2 identifiable fields:
- MAC addresses (OUIs are preserved)
- SSID
- Alcatel, Arista, Aruba, Cisco, Extreme Networks, Fortinet, Huawei, MikroTik/Routerboard, Mist, Ruckus, and Zebra AP names (if present)
- HESSID (Hotspot 2.0)
- P2P Device ID (Wi-Fi Alliance P2P Specification)
- Device Name (WiFi Protected Setup)
- Model and serial number (Fortinet APs)
You need Python3 and Scapy.
python dot11anonymizer.py <input_file> [<input_file> ...]
where <input_file>
is a capture file that contains 802.11 frames with Radiotap headers.
The script generates a copy of the file ending with the suffix -anonymized.pcap
in the same location as the original file.
For example:
python dot11anonymizer.py ~/Desktop/mycapture.pcap
generates ~/Desktop/mycapture-anonymized.pcap
Since modifications to the frame will result in a different frame checksum, the script automatically fixes the FCS field for frames that originally had a good FCS. For frames that originally had a bad FCS, the script will set the FCS field to 0x00000000
to ensure that the FCS remains bad after any modifications.