def test_new_packet(self):
"""
Tests the 'new_packet' method.
"""
config = Config()
new_packets = Queue()
sniffer = PacketSniffer(config, new_packets)
self.assertEqual(sniffer.new_packets.qsize(), 0)
packet = RadioTap() \
/ Dot11(
addr1="ff:ff:ff:ff:ff:ff",
addr2="aa:bb:cc:11:22:33",
addr3="dd:ee:ff:11:22:33"
) \
/ Dot11ProbeReq() \
/ Dot11Elt(
info="Test"
)
sniffer.new_packet(packet)
self.assertEqual(sniffer.new_packets.qsize(), 1)
ProbeRequestParser.parse(sniffer.new_packets.get(timeout=1))
def get_rsn_information(self, essid):
rsnInfo = None
sendp(RadioTap() / Dot11(addr1=self.bssid,
addr2=self.source_mac,
addr3=self.bssid,
SC=self.__fixSC__(),
subtype=4) / Dot11ProbeReq() /
Dot11Elt(ID=0, info=essid) /
Dot11Elt(ID=1, info='\x82\x84\x0b\x16\x24\x30\x48\x6c') /
Dot11Elt(ID=50, info='\x0c\x12\x18\x60'),
iface=self.interface,
verbose=False)
self.sequence += 1
sniff(iface=self.interface,
store=0,
timeout=self.timeout,
stop_filter=self.__stopfilter__)
if self.lastpacket is None or not self.lastpacket.haslayer(
Dot11ProbeResp):
return None
probeResp = self.lastpacket.getlayer(Dot11ProbeResp)
tmp = probeResp.getlayer(Dot11Elt)
while tmp:
if tmp.fields.get('ID') == 48:
rsnInfo = tmp
break
else:
tmp = tmp.payload
if rsnInfo is None:
rsnInfo = '' # Did not find rsnInfo in probe response.
else:
rsnInfo = build_rsn_data(parse_rsn_data(rsnInfo.info))
rsnInfo = '\x30' + chr(len(rsnInfo)) + rsnInfo
return rsnInfo
def getRSNInformation(self, essid):
sendp(RadioTap() / Dot11(addr1=self.bssid,
addr2=self.source_mac,
addr3=self.bssid,
SC=self.__unfuckupSC__(),
subtype=4) / Dot11ProbeReq() /
Dot11Elt(ID=0, info=essid) /
Dot11Elt(ID=1, info='\x82\x84\x0b\x16\x24\x30\x48\x6c') /
Dot11Elt(ID=50, info='\x0c\x12\x18\x60'),
iface=self.interface,
verbose=False)
self.sequence += 1
sniff(iface=self.interface,
store=0,
timeout=self.timeout,
stop_filter=self.__stopfilter__)
if self.lastpacket == None or not self.lastpacket.haslayer(
'Dot11ProbeResp'):
return None
probeResp = self.lastpacket.getlayer(Dot11ProbeResp)
tmp = probeResp.getlayer(Dot11Elt)
while tmp:
if tmp.fields.get('ID') == 48:
rsnInfo = tmp
break
else:
tmp = tmp.payload
if rsnInfo == None:
rsnInfo = '' # we didn't find it in the probe response, so we'll return an empty string
else:
rsnInfo = parseRSNData(rsnInfo.info)
rsnInfo = buildRSNData(rsnInfo)
rsnInfo = '\x30' + chr(len(rsnInfo)) + rsnInfo
return rsnInfo
def send_probe_req(self, bssid, essid):
"""Send a probe request to the specified AP"""
src = RandMAC() if self.mac is None else self.mac
self.logger.info(
'[!] Sending Broadcast Probe Request: SRC=[%s] -> BSSID: %s ESSID: %s'
% (src, bssid, essid))
param = Dot11ProbeReq()
essid = Dot11Elt(ID='SSID', info=essid)
rates = Dot11Elt(ID='Rates', info="\x03\x12\x96\x18\x24\x30\x48\x60")
dsset = Dot11Elt(ID='DSset', info='\x01')
pkt = RadioTap() / Dot11(
type=0,
subtype=4,
addr1='ff:ff:ff:ff:ff:ff',
addr2=src,
addr3='ff:ff:ff:ff:ff:ff') / param / essid / rates / dsset
try:
sendp(pkt, verbose=0)
except:
return
# raise
#
print("Probing network '%s (%s)'\n" % (bssid, essid))
try:
# Build a probe request packet with a SSID and a WPS information element
dst = mac2str(bssid)
src = mac2str("ff:ff:ff:ff:ff:ff")
packet = Dot11(addr1=dst, addr2=src, addr3=dst) / Dot11ProbeReq()
packet = packet / Dot11Elt(
ID=0, len=len(essid), info=essid) / Dot11Elt(
ID=221,
len=9,
info="%s\x10\x4a\x00\x01\x10" % self.wps_parser.WPS_ID)
# Send it!
send(packet, verbose=0)
# self.probedNets[bssid] = None
except Exception, e:
print 'Failure sending probe request to', essid, ':', e
def test_fuzz_packets(self):
"""
Parses 1000 randomly-generated probe requests with the
'ProbeRequestParser.parse()' function.
"""
# pylint: disable=no-self-use
for i in range(0, 1000):
packet = RadioTap() / fuzz(Dot11() / Dot11ProbeReq() / Dot11Elt())
ProbeRequestParser.parse(packet)
def test_empty_essid(self):
"""
Creates a probe request packet with an empty ESSID field and parses
it with the 'ProbeRequestParser.parse()' function.
"""
packet = RadioTap() \
/ self.dot11_layer \
/ Dot11ProbeReq() \
/ Dot11Elt(
info=""
)
ProbeRequestParser.parse(packet)
def send_probe_req(essid):
interface = "wlp0s20u6mon"
bssid = get_hw_addr(interface)
source_mac = get_hw_addr(interface)
timeout = 1.5
sendp(
RadioTap()/
Dot11(addr1="ff:ff:ff:ff:ff:ff", addr2=source_mac, addr3=bssid, subtype=4)/
Dot11ProbeReq()/
Dot11Elt(ID=0, info=essid)/
Dot11Elt(ID=1, info='\x82\x84\x0b\x16\x24\x30\x48\x6c')/
Dot11Elt(ID=50, info='\x0c\x12\x18\x60'),
iface=interface,
verbose=True
)
sniff(iface=interface, store=0, timeout=timeout)
def new_packet(self):
"""
Adds a new fake packet to the queue to be processed.
"""
# pylint: disable=no-member
fake_probe_req = RadioTap() \
/ Dot11(
addr1="ff:ff:ff:ff:ff:ff",
addr2=self.fake.mac_address(),
addr3=self.fake.mac_address()
) \
/ Dot11ProbeReq() \
/ Dot11Elt(
info=self.fake.wifi_essid()
)
self.new_packets.put(fake_probe_req)
def __next__(self):
"""
Generator of fake Wi-Fi probe requests.
"""
# pylint: disable=no-member
if self._should_stop:
raise StopIteration
return RadioTap() \
/ Dot11(
addr1="ff:ff:ff:ff:ff:ff",
addr2=self._fake.mac_address(),
addr3=self._fake.mac_address()
) \
/ Dot11ProbeReq() \
/ Dot11Elt(
info=self._fake.wifi_essid()
)
def test_empty_essid(self):
"""
Creates a probe request packet with an empty ESSID field and parses
it with the 'ProbeRequestParser.parse()' function.
"""
# pylint: disable=no-self-use
packet = RadioTap() \
/ Dot11(
addr1="ff:ff:ff:ff:ff:ff",
addr2="aa:bb:cc:11:22:33",
addr3="dd:ee:ff:11:22:33"
) \
/ Dot11ProbeReq() \
/ Dot11Elt(
info=""
)
ProbeRequestParser.parse(packet)
def send_probe_req(self, essid, bssid, src=None):
if not self.args.active:
return
if src is None:
src = RandMAC()
print(
'[!] Sending 802.11 Probe Request: SRC=[%s] -> BSSID=[%s]\t(%s)' %
(src, bssid, essid))
param = Dot11ProbeReq()
essid = Dot11Elt(ID='SSID', info=essid)
rates = Dot11Elt(ID='Rates', info="\x03\x12\x96\x18\x24\x30\x48\x60")
dsset = Dot11Elt(ID='DSset', info='\x01')
pkt = RadioTap() \
/ Dot11(type=0, subtype=4, addr1=bssid, addr2=src, addr3=bssid) / param / essid / rates / dsset
try:
sendp(pkt, verbose=0)
except:
raise