"A Kingdom for a program!"
Can something make a program for 'deep drill' scanning of wi-fi access points?
This program will be very useful!
Simple algoritm of deep drills of APs.
1. Scan a WiFi APs
2. Get list of unprotected APs
3. Trying to connect to (next) AP. If YES go to 4 if NO (MAC table protected) to 3 again.
4. If succesfully connected, trying to get IP (gateway, DNS) via DHCP.
5. If success, then ping by name any known good address (google.com for ex.), if fail go to 9.
6. If good ping, then trying to connect to 80 port.
7. If bad, trying to ping by IP. If 'ping-by-IP' good, then it's an AP with broken DNS but opened, set a known good DNS and ping by name again.
8. check content from 80 port, if got any 'ogin' or 'assword' word, then it's a password protected (usually 'non-free') AP, go to p.3. If no 'ogin' or 'assword', and google connected, then it's good free AP.
9. trying to set up a known IP's like 192.168.1.* (def.gw 192.168.1.1), 192.168.0.*, 10.0.0.* (or something else) and known good external DNSes (if it good open unprotected AP's without good DHCP it may helps), then go to 6.
10. write a good APs to list and display list to user (or automatically connecting and trying to get mail, renew rss feeds and so on).
Enhancement (already!): A history of past scans would be useful to speed up finding a usable AP which has been scanned (and known to work) in the past.
I'm really interested in something like this too.
I'm just about to start development with python and I will try to do something.
In theory, you can do all this with a shell script ..
If anyone wants to collaborate with me you can send me a message.
I would even add, if the network is encrypted with wpa/wpa2/wep try dictionary attack, if doesn't work and is wep try collecting IV's to guess the key.
but if it helps me getting a better WiFi-connection in the wild outdoors, me wantee.