def send_association(STA, AP,elementTag = None): logger.info("sending an association request packet to " + AP.bssid + " (" + AP.essid + ") ..."); packet = generate_association_packet(STA, AP,elementTag); STA.send_packet(packet); logger.info("An association request packet was sent to " + AP.bssid + " (" + AP.essid + ") ...");
def assoc_process(self): logger.info("association process will start"); packet = radiotap / dot11 / AssocReq / Tagged_param; self.state = self.FAIL_COMMAND; self.STA.assoc_found = False; jobs = list(); result_queue = mp.Queue(); receive_process = mp.Process(target=self.__recv_assoc, args = (result_queue,) ); jobs.append(receive_process); send_process = mp.Process(target=self.__send_assoc,args=(packet,)) jobs.append(send_process) for job in jobs: job.start(); for job in jobs: job.join(); if result_queue.get(): self.state = self.SUCCESS_COMMAND; if (self.state == self.SUCCESS_COMMAND): logger.info("association process was successful") elif (self.state == self.FAIL_COMMAND): logger.error("association process was fail"); else: logger.error("Unexpected error has occured")
def send_qos_null_function_packet(_src_interface, _dst_interface, _FCField=0x01): logger.info("send a Null function (nodata) packet") packet = generate_qos_null_function_packet(_src_interface, _dst_interface, _FCField) _src_interface.send_packet(packet)
def generate_probe_request_packet(_sta_interface, _dst_interface, tagged_param): logger.info("generate a probe request packet packet") return _sta_interface.radiotap / Dot11( addr1=_dst_interface.mac_address, addr2=_sta_interface.mac_address, addr3=_dst_interface.mac_address, type=0, subtype=4) / Dot11ProbeReq() / tagged_param
def recv_association(STA, AP): logger.info("wait until I capture an authentication packet from " + AP.bssid + " (" + AP.essid + ") ..."); packets = STA.recv_packet(filter=lambda x: ( (x.haslayer(Dot11AssoResp))) and (x[Dot11].addr2 == AP.bssid) and (STA.is_packet_for_me(x))); if(len(packets) == 0): logger.error("cannot capture an authentication packet from " + AP.bssid + " (" + AP.essid + ") ..."); raise Exception("cannot capture an authentication packet packet from " + AP.bssid + " (" + AP.essid + ") ..."); return packets[0];
def send_authentication(STA, AP): logger.info("sending an authentication packet to " + AP.bssid + " (" + AP.essid + ") ...") packet = generate_authentication_packet(STA, AP) STA.send_packet(packet) logger.info("An authentication packet was sent to " + AP.bssid + " (" + AP.essid + ") ...")
def __check_assoc(self,packet): seen_receiver = packet[Dot11].addr1; seen_sender = packet[Dot11].addr2; seen_bssid = packet[Dot11].addr3; if (seen_receiver == self.STA.ifc_mac and seen_sender == self.AP.bssid and seen_bssid == self.AP.bssid): self.STA.assoc_found = True; logger.info("association packet was received") return self.STA.assoc_found
def recv_arp_response_packet(src, AP, IP_addr): logger.info("wait until I capture an arp response packet from " + IP_addr) packets = src.recv_packet(filter=lambda x: ((x.haslayer(ARP)) and (x[ ARP].op == OP_RESPONSE_CODE) and (x[ARP].psrc == IP_addr) and ( AP.is_packet_transmitted_by_me(x)) and (src.is_packet_for_me(x)))) if (len(packets) == 0): logger.error("cannot capture an arp response from " + AP.bssid + " (" + AP.essid + ") .") return return packets[0]
def arp_response_process(src, dst, AP): logger.info("An ARP response process starts") ## receive an arp request packet from dst. request_packet = recv_arp_request_packet(src, dst, AP) if (not request_packet): logger.error("cannot capture an ARP request packet") return response_packet = generate_arp_response_packet(src, AP, request_packet) src.send_packet(response_packet) logger.info("An ARP response process successfully finished")
def recv_arp_request_packet(src, dst, AP): logger.info("wait until I capture an arp request packet from " + dst.mac_address) packets = src.recv_packet(filter=lambda x: ((x.haslayer(ARP)) and (x[ ARP].op == OP_REQUEST_CODE) and (x[ARP].hwsrc == dst.mac_address) and ( AP.is_packet_transmitted_by_me(x)) and (src.is_packet_for_me(x)))) if (len(packets) == 0): logger.error("cannot capture an arp request from " + AP.bssid + " (" + AP.essid + ") .") return return packets[0]
def arp_sender_process(STA, AP, Target): logger.info("ARP request process starts") ## generate an ARP request packet. arp_requested_packet = generate_arp_request_packet(STA, AP, Target.IP_address) ## initialization for multi-thread process. executor = futures.ThreadPoolExecutor(max_workers=2) ## recieve process (worker 1) recv_thread = executor.submit(recv_arp_response_packet, STA, AP, Target.IP_address) ## sender process (worker 2) logger.info("send an ARP request packet.") send_thread = executor.submit(STA.send_packet, arp_requested_packet) send_thread.result() response_packet = recv_thread.result() if (response_packet): logger.info("An ARP response packet was successfully received") logger.info("ARP massage: " + Target.IP_address + " is at " + response_packet[ARP].hwsrc) return response_packet else: logger.error("An ARP response DHCP offer packet was not received")
def recv_icmp_response_packet(src, dst, AP): logger.info("wait until I capture an arp request packet from " + dst.mac_address) packets = src.recv_packet(filter=lambda x: ( (x.haslayer(ICMP)) and (x[ICMP].type == ICMP_TYPE_RESPONSE) and (x[Dot11].addr3 == dst.mac_address) and (AP.is_packet_transmitted_by_me(x)) and (src.is_packet_for_me(x)))) if (len(packets) == 0): logger.error("cannot capture an arp request from " + AP.bssid + " (" + AP.essid + ") .") return return packets[0]
def recv_probe_response_packet(_src_interface, _dst_interface): logger.info("wait until I capture a probe response packet from " + _dst_interface.bssid + " (" + _dst_interface.essid + ") ...") packets = _src_interface.recv_packet( filter=lambda x: ((x.haslayer(Dot11ProbeResp)) and (x[Dot11].addr2 == _dst_interface.bssid) and (_src_interface.is_packet_for_me(x)))) if (len(packets) == 0): logger.error("cannot capture a probe response packet from " + _dst_interface.bssid + " (" + _dst_interface.essid + ") ...") raise Exception("cannot capture a probe response packet from " + _dst_interface.bssid + " (" + _dst_interface.essid + ") ...") return packets[0]
def probe_resq_resp_process(_src_interface, _dst_interface, tagged_param): logger.info("probe request/response process will start") ## initialization for multi-thread process. executor = futures.ThreadPoolExecutor(max_workers=2) ## sender process (worker 2) send_thread = executor.submit(send_probe_request_packet, _src_interface, _dst_interface, tagged_param) ## recieve process (worker 1) recv_thread = executor.submit(recv_probe_response_packet, _src_interface, _dst_interface) send_thread.result() response_packet = recv_thread.result() logger.info("Probe request/response process successfully finished") return response_packet
def association_process(STA, AP,elementTag = None): logger.info("association process will start"); ## initialization for multi-thread process. executor = futures.ThreadPoolExecutor(max_workers=2); ## recieve process (worker 1) recv_thread = executor.submit(recv_association, STA, AP); ## sender process (worker 2) send_thread = executor.submit(send_association, STA, AP,elementTag); send_thread.result(); response_packet = recv_thread.result(); if (response_packet[Dot11AssoResp].status == SUCCESS_STATE): logger.info("Association process successfully finished"); return response_packet; else: logger.error("Association process was fail");
def authentication_process(STA, AP): logger.info("authentication process will start") ## initialization for multi-thread process. executor = futures.ThreadPoolExecutor(max_workers=2) ## recieve process (worker 1) recv_thread = executor.submit(recv_authentication, STA, AP) ## sender process (worker 2) send_thread = executor.submit(send_authentication, STA, AP) send_thread.result() response_packet = recv_thread.result() if (response_packet[Dot11Auth].status == SUCCESS_STATE): logger.info("An authentication process successfully finished") return response_packet else: logger.error("An authentication process was fail")
def connect_to_open(): ifc_name = "wlx9cc9eb21fa6e" ifc_mac = "9c:c9:eb:21:fa:6e" STA = STA_Interface(ifc_name, ifc_mac) # AP = AP_Interface(bssid="18:ec:e7:5f:a2:04",essid = "Buffalo-A-A200-Open"); AP = AP_Interface(bssid="18:ec:e7:5f:a2:00", essid="Buffalo-G-A200-wpa2") # send_deauth_packet(STA,AP,reason=3); # send_disassoc_packet(STA,AP,reason=7); # send_qos_null_function_packet(STA,AP); """ beacon_packet = scan_beacon_packet(STA,AP); essid_tag = Dot11Elt(ID='SSID', info=AP.essid); rates_tag = Dot11Elt(ID='Rates', info=STA.dot11_rates); dsset_tag = Dot11Elt(ID='DSset', info='\x2c'); tagged_param = essid_tag / rates_tag / dsset_tag; probe_resq_resp_process(STA,AP,tagged_param); """ authentication_process(STA, AP) logger.info("------------------------------------") association_process(STA, AP) logger.info("------------------------------------") dis, off, req, ack = DHCP_cliend_process(STA, AP) # logger.info("------------------------------------"); server_ipaddr = [ option[1] for option in req[DHCP].options if option[0] == "server_id" ][0] AP_Interface = Interface(ip_address=server_ipaddr) # logger.info("------------------------------------") responce_packet = arp_sender_process(STA, AP, AP_Interface) AP_Interface.mac_address = responce_packet[ARP].hwsrc logger.info("------------------------------------") icmp_sender_process(STA=STA, AP=AP, Target_Interface=AP_Interface)
def icmp_sender_process(STA, AP, Target_Interface): logger.info("ICMP sender process (to " + Target_Interface.IP_address + ")") ## generate a ICMP request packet. icmp_packet = generate_icmp_request(STA, AP, Target_Interface) ## initialization for multi-thread process. executor = futures.ThreadPoolExecutor(max_workers=2) ## recieve process (worker 1) recv_thread = executor.submit(recv_icmp_response_packet, STA, Target_Interface, AP) ## sender process (worker 2) logger.info("send an ICMP request packet.") send_thread = executor.submit(STA.send_packet, icmp_packet) ## synchronization a = send_thread.result() response_packet = recv_thread.result() if (response_packet): logger.info("ICMP sender process (to " + Target_Interface.IP_address + ") has finished successsfully") return response_packet else: logger.error("ICMP sender process (to " + Target_Interface.IP_address + ") has failed.")
def generate_second_eap_packet(STA, AP, anonce, rsnInfo, retry_counter=0): logger.debug("generate a 2/4 hand-shake packet") Radiotap = STA.radiotap Dot11_Header = Dot11(addr1=AP.mac_address, addr2=STA.mac_address, addr3=AP.mac_address, FCfield=0x01, subtype=8, type=2) / Dot11QoS() llc_header = LLC(dsap=0xaa, ssap=0xaa, ctrl=0x03) snap_header = SNAP(OUI=0x000000, code=0x888e) snonce = generate_nonce(32) logger.info("generate pmk packet") pmk = generate_pmk_by_sha1(AP.essid, AP.password) logger.info("generate ptk packet") ptk = generate_ptk(pmk, mac2str(AP.mac_address), mac2str(STA.mac_address), anonce, snonce) logger.info("generate unicast keys") STA.keys = generate_unicast_keys(ptk) kck = STA.keys[0] eapol_header = generate_EAPOL_Header(snonce, key_information_=0x010a, replay_counter=retry_counter, kck=kck, KeyData=rsnInfo) eapol_packet = Radiotap / Dot11_Header / llc_header / snap_header / eapol_header return eapol_packet
def scan_beacon_packet(STA, AP): logger.info("Beacon scan process will start") logger.info("please wait until a beacon packet is scanned from " + AP.bssid + " (" + AP.essid + ") ...") packets = STA.recv_packet(filter=lambda x: ((x.haslayer(Dot11Beacon)) and ( x[Dot11].addr2 == AP.bssid) and (STA.is_packet_for_me(x)))) if (len(packets) == 0): logger.error("cannot scan a beacon packet from " + AP.bssid + " (" + AP.essid + ") ...") raise Exception("cannot scan a beacon packet from " + AP.bssid + " (" + AP.essid + ") ...") logger.info("Beacon scan process has finished") return packets[0]
def auto_receiver(STA, AP): taskContainer = []; try: while True: logger.info("waiting for a packet...") recv_packet = STA.recv_packet(filter=lambda x: (STA.is_packet_for_me(x) and (not x.haslayer(Dot11Beacon))),timeout = WAIT_TIME); if recv_packet: task_thread = Task_Thread(STA,AP,recv_packet[0]); taskContainer.append(task_thread); task_thread.start(); except KeyboardInterrupt: print("try Exec") logger.info("Interruption has occurred."); logger.info("Stop auto receiver process"); return; except Exception as e: from traceback import print_exc print_exc() logger.error("unexpected error has occurred."); logger.error("Stop auto receiver process");
def DHCP_request_ack_process(STA, AP, offer_packet): logger.info("DHCP request-ack process will start"); ## initialization for multi-thread process. executor = futures.ThreadPoolExecutor(max_workers=2); ## recieve process (worker 1) recv_thread = executor.submit(recv_dhcp_packet, STA, AP, ACK_MASSAGE); ## sender process (worker 2) logger.info("sending a DHCP request packet."); send_thread = executor.submit(STA.send_packet, offer_packet); send_thread.result(); response_packet = recv_thread.result(); extract_dhcp_massage_from_packet(response_packet); if (extract_dhcp_massage_from_packet(response_packet) == ACK_MASSAGE): logger.info("A DHCP Ack packet was successfully received"); return response_packet; else: logger.error("A DHCP Ack packet was not received");
def send_ack_packet(_src_interface, _dst_interface): logger.info("802.11 acknowledgement packet will send"); packet = generate_ack_packet(_src_interface,_dst_interface) _src_interface.send_packet(packet);
def generate_ack_packet(_sta_interface,_dst_interface): logger.info("generate 802.11 acknowledgement packet"); return _sta_interface.radiotap / Dot11(addr1=_dst_interface.mac_address, subtype=13, type=1) / Dot11Ack();
def set_IPaddress_TO_STA(STA, dhcp_offer_packet): logger.info("setting IP_information to STA..."); bootp_header = dhcp_offer_packet[BOOTP]; dhcp_header = dhcp_offer_packet[DHCP]; STA.IP_address = bootp_header.yiaddr; STA.subnet_mask = [option[1] for option in dhcp_header.options if option[0] == "subnet_mask"][0]; STA.dns_server = [option[1] for option in dhcp_header.options if option[0] == "name_server"][0]; STA.router = [option[1] for option in dhcp_header.options if option[0] == "router"][0]; STA.lease_time = [option[1] for option in dhcp_header.options if option[0] == "lease_time"][0]; logger.info(""); logger.info("obtained IP information is as follow"); logger.info("------------- obtain IP information --------------"); logger.info("IP addr: " + STA.IP_address); logger.info("subnet_mask: " + STA.subnet_mask); logger.info("router: " + STA.router); logger.info("DNS server:" + STA.dns_server); logger.info("lease_time:" + str(STA.lease_time)); logger.info("----------------------------------------------------");
def send_probe_request_packet(_src_interface, _dst_interface, tagged_param): packet = generate_probe_request_packet(_src_interface, _dst_interface, tagged_param) _src_interface.send_packet(packet) logger.info("send a probe request (SSID = " + _dst_interface.essid + ") packet")
def recv_dhcp_packet(STA,AP, dhcp_massage,xid=0x12345678): logger.info("wait until I capture a DHCP offer packet from DHCP server"); packets = STA.recv_packet(filter=lambda x: ((x.haslayer(DHCP))) and (extract_dhcp_massage_from_packet(x) == dhcp_massage) and (x[Dot11].addr2 == AP.bssid) and (STA.is_packet_for_me(x))); return packets[0]
def send_Null_Func(self, _FCField=0x01): logger.info("Null Function (nodata) packet will send") sendp(packet, iface=self.STA.ifc_name, verbose=0) logger.info("Null function (nodata) packet was sent")
def run(self): befMassage ="[No. "+str(self.id)+"] "; logger.info(befMassage+"I received a packet"); if (self.packet.haslayer(ARP) and self.packet[ARP].pdst== self.STA.IP_address and self.packet[ARP].op == OP_REQUEST_CODE): logger.info(befMassage+"The received packet is an ARP response packet"); response_packet = generate_arp_response_packet(self.STA, self.AP, self.packet); self.STA.send_packet(response_packet); logger.info(befMassage + "sent an ARP response packet successfully"); elif (self.packet.haslayer(ICMP) and (self.packet[ICMP].type == icmp.ICMP_TYPE_REQUEST)): logger.info(befMassage + "The received packet is an ICMP request packet"); response_packet = icmp.generate_icmp_response_packet(self.STA,self.AP,self.packet); self.STA.send_packet(response_packet); logger.info(befMassage + "sent an ICMP response packet successfully"); else: logger.info(befMassage+"not implement this packet ["+self.packet.summary()+"]"); logger.info("[No. " + str(self.id) + "] "+ "finish process");
def __send_assoc(self,_packet): logger.info("association packet will be sent"); sleep(0.4); sendp(_packet,iface=self.STA.ifc_name,verbose=0); logger.info("association packet was sent");