Skip to main content

How to Wardrive: Know where to go

Inspired by others, and my goal of getting a golden WiGLE badge, I went wardriving for my birthday. I was hoping for 50k, and I ended up with just over 61k. I'm less than 80k away from my goal!

But how do you pick a place to wardrive, and how do you actually do it? The easiest way is to download WiGLE on an android phone, get some transportation, and be set on your way. But if you want more detail or some tips, keep reading. 

Avon Lady Method:

  1. Find a city within reasonable distance of travel
  2. Examine the results for the past few years of the area; do not use the overall coverage of all time. 
  3. Verify if the city is desirable for wardriving
    • Little coverage in the past few years
    • Most residential areas are not covered
  4. Use maps to search and define high density residential areas (i.e. apartments, town homes). 
  5. Create an order that allows for little overlapping and in a convenient driving pattern.
  6. Use landmarks around the city to define the internal roads
  7. Wardrive
  8. Profit ("internet points")

Evansville, IN

I picked this location because of its relative distance to me, and the fact it looked like stumblers haven't touched the area recently. Below shows a map of Evansville 2020 - 2023. So for the last two years this is the only progress than Evansville has made. It looks like most of the concentration is on major roads, with only a few residential areas defined.

Figure 1

Residential areas have multiple wifi devices per dwelling, so apartment complexes have a high density of wifi and bluetooth. Those places aren't well defined by the map, so I assumed I would get a lot of results there. 

But you can't just drive around and magically get yourself to where the map is bare. It takes some planning. I call this the Avon Lady Method. Avon ladies may blanket a neighborhood with their brochures, selecting high density areas to get the most clients. Shoutout to my mom. 

I pulled up Evansville on Google Maps and got to work. Printing out a couple of paper maps of Evansville, I matched up the roads to the results on Google Maps searching for apartments. I plotted some areas on the paper map to see where I was going to drive. I then wrote the order of the apartments to the path that I wanted.

Figure 2

The numbers at the top reference a part of the map. They aren't really important. After laying out the order of the results, I broke the lists up into different quadrants of the city. Then we went down the list crossing them off as we blanketed the residentially areas. 

This would get us isolated parts of the map, but what about the center? What about the business part of the city? Using Google Maps again, I zoomed out and picked the businesses than would get the pattern I wanted and put those in order too. I called these landmarks. 

Figure 3

The result got me the same amount of networks as all of 2021 and 2021 in Evansville. Removing all results by others, here's what the wardrive worked out to:

Figure 4

There's clumps and clusters on the map from the residential areas. Using the landmarks caused the outlining on the connected streets. Combining the two maps of Evansville yielded this result of total stumblers (including me) in 2020 - 2023:

Figure 5

Comparing this figure to figure 1 shows a significant coverage change and a much more covered city. Overall this was moderately successful. About 14 hours of wardriving yielded 60k-ish results. Evansville is not a big city, and wouldn't hold a candle to large cities like SF or NYC. These areas are well covered my many stumblers; there's less opportunity to find new networks. It's currently January 31st, and here's what's already been covered in the past 31 days: 

Figure 6

It's easy to see where the major cities are and how their coverage for this year has already been explored. That doesn't mean there's not still plenty of wardriving to be had, but it does mean there's less. These numbers could rival the 60k found in Evansville, but it would be a longer, harder trip. Look at SF's coverage, I see you stumblers. 

Next post, I'll talk about the devices I used and their individual results. You'll be shocked on how good cheap, old equipment can be! Thanks for reading; happy wardriving. 



Popular posts from this blog

Wardriving OSINT & SE

 Disclaimer: do NOT use this information to be a jerk. Don’t try to get the location of my examples, or you’re a big meanie. There's already a post out there about tracking people with wifi. It's helpful for those who use a hotspot or maybe a vehicle hotspot. I believe a personal device that broadcasts Bluetooth is more likely than a hotspot.  Tracking What wardriving can’t do = track people via Bluetooth devices Or shouldn’t be able to work. Most modern Bluetooth devices use MAC randomization, which changes the MAC address of the Bluetooth device at random. Even if you can track a device it may only be short-term, as it’ll change again.  But sometimes they don't turn over to a randomized MAC. Do what you will with that. If you want to see how easy it is to make a random MAC go here . But what if you only need a short-term answer? Better start stumblin’. Let’s forget the purpose of needing that MAC address long-term. With all MAC addresses, OUI can tell you what the

The big list of remote job openings

From a conversation in my Discord ; one member brought up a lot of the best remote jobs and job boards come from Twitter. This is a decentralized way of distributing information, which is better than not sharing the information but can be hard to find.  This list is not a replacement for that, but it's pretty close. Here's the master remote vacancy list for remote jobs in the United States. This job board is in no way just for IT jobs, there are all sorts of jobs from sales, teaching, upper management, data entry, design, customer service, and more. Take a look if you're looking for a new job.  Some Tips: Try searching the full row for the job in Google. There are better job boards where the job posting is more up to date; instead of using the link provided. Don't spam one company, make sure if you're using the shotgun approach, you aren't letting the companies you're applying for know that There's a lot of advice on how to get a job online. Some of you

Common techniques for accessing phishing attacks

Can't load the phishing site that you know is there? Here to do some incident response or some SOC tasks? If you’re attempting to respond to an incident or just investigate some phishing pages, you may find that they are inconsistently accessible. Fraudsters will make phishing sites less available to their non-targets to curb their detection. Here’s what to know about phishing attacks and how to access them. What is a fake 404 page? It’s pretty easy to make a fake 404 page to display. <html><head> <title>404 Not Found</title> </head><body><h1>Not Found</h1>                  <p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p>                    <hr>                    <address>Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Server at localhost Port 80                                <style>