Two small, self‑contained proofs‑of‑concept for denial‑of‑service attacks against the Parrot Bebop 2 drone:

1. bebop_udp_flood.py – ARNetwork UDP flood on port 54321
2. bebop_auto_deauth.sh – automated Wi‑Fi deauthentication of the Bebop AP

⚠️ Legal / Ethical Disclaimer
These tools are for authorized security testing, research, and education only.
Do not use them against drones or networks that you do not own or have explicit written permission to test.
You are solely responsible for complying with local laws and your institution’s policies.

This script uses Scapy to flood the Bebop’s ARNetwork UDP port (default 192.168.42.1:54321) with high‑rate packets, aiming to disrupt the controller’s video/control link.

• Configurable:
  • target IP / port
  • total packet count
  • rate (packets per second)
  • payload size range
  • random vs fixed payload
• Rate‑controlled sending loop to avoid pegging your own CPU
• Progress updates every 10% of the run

• Python 3
• Scapy

On Kali:

sudo apt update
sudo apt install python3-scapy

sudo python3 bebop_udp_flood.py \
  -t 192.168.42.1 \
  -p 54321 \
  -n 20000 \
  -r 200 \
  --min-size 500 \
  --max-size 1500

Key arguments:

• -t / --target-ip – target IP (default 192.168.42.1)
• -p / --target-port – target UDP port (default 54321)
• -n / --count – number of packets (default 10000)
• -r / --rate – packets per second (default 100)
• --min-size / --max-size – payload size range in bytes
• --no-rand – use fixed A bytes instead of random payload

Demo idea (lab/CTF):

1. Connect Bebop and controller normally; show live video stream.
2. Start a Wireshark capture on your attacking host.
3. Run the UDP flood with a moderate rate.
4. Observe latency/jitter in ARNetwork traffic and video/control degradation.

This Bash script uses the aircrack‑ng suite to automatically discover clients on the Bebop’s AP and deauthenticate them.

1. Enables monitor mode on your wireless interface.
2. Runs airodump-ng scoped to the Bebop BSSID and channel.
3. Parses the CSV output to find all associated stations (controllers).
4. If stations are found:
   • Sends targeted deauth frames (aireplay-ng --deauth) to each client.
5. If no stations are found:
   • Falls back to broadcast deauth from the Bebop BSSID to all potential clients.

Result: the controller(s) drop their Wi‑Fi association with the drone, breaking the control/video link without touching higher‑layer protocols.

• aircrack-ng (provides airmon-ng, airodump-ng, aireplay-ng)

On Kali:

sudo apt update
sudo apt install aircrack-ng

Edit the variables at the top of bebop_auto_deauth.sh:

IFACE="wlan0"                   # base Wi‑Fi interface
BEBOP_BSSID="A0:14:3D:C2:A8:20" # Bebop AP MAC/BSSID
CHANNEL="10"                    # Bebop channel (from airodump/iwconfig)
DEAUTH_COUNT=0                  # 0 = continuous; >0 = finite burst

chmod +x bebop_auto_deauth.sh
./bebop_auto_deauth.sh

The script will:

• Switch your card to monitor mode
• Run discovery
• Start deauthing until you press Ctrl+C
• Cleanly restore your interface and NetworkManager

Demo idea (lab/CTF):

1. Start controller app and show that it is connected to Bebop2‑XXXXXX.
2. Run the script; watch the controller get repeatedly disconnected.
3. Show deauth frames and re‑association attempts in Wireshark/airodump.

parrot-bebop2-exploits/
├── bebop_udp_flood.py      # ARNetwork UDP DoS (Scapy)
├── bebop_auto_deauth.sh    # Wi‑Fi deauth automation (aircrack-ng)
└── README.md               # This file

• Always test at low rates first to understand the effect on the drone.
• Ensure the drone is flown in a safe, controlled environment or kept on the ground while you experiment.