Pentesting with Linux virtual machines WiFi bridge without hardware

Support and Discussion
1

Using WiFi in Linux Virtual Machine Without External Devices. This allows free access to tools for hobbyists looking to ensure the security of their servers residing on Windows or Mac operating systems are strong by pentesting their own servers from the outside.

You can use WiFi in your Linux virtual machine without any external devices. I have done so on my 2024 MacBook Air M3 Silicon tested on both Kali and Parrot Linux in a UTM virtual machine.

The communication problem can be solved by running an ngrok TCP tunnel inside of the virtual environment. By adding in ngrok, you can then capture TCP packets on the 802.11 frequency on the operating system and reroute them into your virtual environment.

System Architecture

The system will look a little like this:

macOS (has real WiFi)
    ↓
tcpdump locks en0 to channel 11
    ↓
captures live 802.11 radiotap frames
    ↓
pipes to netcat
    ↓
ngrok TCP tunnel (encrypted)
    ↓
Kali VM (listening)
    ↓
netcat writes to FIFO
    ↓
tcpreplay injects into virtual wlan0
    ↓
every Kali tool sees real monitor-mode traffic

## Prerequisites

### On macOS:

- tcpdump
- netcat (built-in)

### On Kali:

- ngrok CLI (https://ngrok.com)
- Netcat (built-in)
- tcpreplay (`sudo apt install tcpreplay`)

## Setting Up Virtual WiFi Receiver

You can set up a virtual WiFi receiver on your Kali system by running:

```bash
sudo modprobe mac80211_hwsim radios=1
iw dev

This will create a wlan0 channel in managed mode, allowing your virtual machine to understand that it is capturing TCP packets. It believes that it is receiving WiFi packets naturally in the same fashion that the operating system is.

Enabling Monitor Mode

You can flip Kali into monitor mode with these commands:

sudo nmcli device set wlan0 managed no
sudo ip link set wlan0 down
sudo iw dev wlan0 set type monitor
sudo ip link set wlan0 up
iw dev wlan0 info

Terminal Setup

Inside the Kali machine, you will set up 3 terminals.

Terminal 1: The FIFO Channel

mkfifo /tmp/radio.fifo
while true; do
  nc -lvkp 9000 >> /tmp/radio.fifo
done

Terminal 2: The TCP Replay Monitor

sudo tcpreplay --intf1 wlan0 --enable-radiotap /tmp/radio.fifo

Terminal 3: The ngrok TCP Tunnel

Download ngrok and set it up according to the website. The TCP tunnel does require extra steps during the setup, including adding rules to your config file for ngrok. You can follow the instructions on the TCP endpoint docs provided by ngrok.

Capturing and Transmitting Packets

Finally, you can capture and transmit the TCP packets on your operating system by using:

sudo tcpdump --monitor-mode --select-channels=11 -i en0 -c 500 -w /tmp/sniff.cap
cat /tmp/sniff.cap | nc 6.tcp.us-cal-1.ngrok.io 16039

Conclusion

This will allow you to choose the application which you wish to use the data being transmitted with. Now we are able to use applications like Wireshark or airodump-ng without the purchase of any external devices for your setup.