def cap_hccap(essid, f):
caps, header = load_savefile(f)
packets = caps.packets
if type(essid) is str:
essid = bytearray(essid.encode('ascii'))
bssid = find_bssid(essid, packets)
i = 0
while True:
try:
if binascii.unhexlify(packets[i][1].packet)[32:34] == b'\x88\x8e' and binascii.unhexlify(packets[i][1].packet)[39:41] == b'\x00\x8a':
if binascii.unhexlify(packets[i][1].packet)[10:16] == bssid:
break
i += 1
except IndexError:
break
j = i + 1
while binascii.unhexlify(packets[j][1].packet)[32:34] != b'\x88\x8e':
j += 1
from time import time
f_out = "handshake_" + essid.decode('ascii') + "_" + str(time()) + ".hccap"
fff = open(f_out, 'wb')
write_cap_hccap(essid, [binascii.unhexlify(packets[i][1].packet), binascii.unhexlify(packets[j][1].packet)], fff)
fff.close()
elif type(essid) is int:
i = 0
while True:
try:
t = (packets[i][1].packet)
if binascii.unhexlify(packets[i][1].packet)[32:34] == b'\x88\x8e' and binascii.unhexlify(packets[i][1].packet)[39:41] == b'\x00\x8a':
bssid = binascii.unhexlify(packets[i][1].packet)[10:16]
essid = find_essid(bssid, packets)
if essid != 0 and essid != 1:
j = i + 1
while binascii.unhexlify(packets[j][1].packet)[32:34] != b'\x88\x8e':
j += 1
from time import time
f_out = "handshake_" + essid.decode('ascii') + "_" + str(time()) + ".hccap"
fff = open(f_out, 'wb')
write_cap_hccap(essid, [binascii.unhexlify(packets[i][1].packet), binascii.unhexlify(packets[j][1].packet)], fff)
fff.close()
elif essid == 0:
print("essid for bssid " + str(bssid) + " not found\n")
i += 1
except IndexError:
break
except:
f = open("dictionary.txt", "r")
passphraseQ = Queue()
for passphrase in f.read().split("\n"):
passphraseQ.put(passphrase)
f.close()
try:
usersMac
SSID
readFile
except NameError:
print "missing args, requirs: -m (AP mac address) -s (SSID) -r (PCAP filename)"
exit(2)
try:
caps, header = load_savefile(open(readFile))
except IOError:
print "Error reading file"
exit(2)
if header.ll_type != 1 and header.ll_type != 105:
print "unsupported linklayer type, only supports ethernet and 802.11"
exit(2)
clients = {}
if header.ll_type == 105:
for packet in caps.packets:
auth = packet[1].raw()[32:34]
if auth == "\x88\x8e":
AP = packet[1].raw()[16:22]
dest = packet[1].raw()[4:10]
source = packet[1].raw()[10:16]
for passphrase in f.read().split('\n'):
passphraseQ.put(passphrase)
f.close()
# argument missing?
try:
usersMac
SSID
readFile
except NameError:
print "missing args, requires: -m (AP mac address) -s (SSID) -r (PCAP filename)"
exit(2)
# wrong file format
try:
caps, header = load_savefile(open(readFile))
except IOError:
print "Error reading file"
exit(2)
# LINKTYPE_ETHERNET = 1; LINKTYPE_IEEE802_11 = 105
# https://www.tcpdump.org/linktypes.html
# https://community.cisco.com/t5/wireless-mobility-documents/802-11-sniffer-capture-analysis-wpa-wpa2-with-psk-or-eap/ta-p/3116990
if header.ll_type != 1 and header.ll_type != 105:
print "unsupported linklayer type, only supports ethernet and 802.11"
exit(2)
clients = {}
if header.ll_type == 105:
# analyze 802.11 packet
for packet in caps.packets:
auth = packet[1].raw()[32:34]
def monitor(dump, interface, path):
packet_index = -1
error_index = 0
flag = False
print "\n" + dump + " file is being investigated\n"
try:
while True:
try:
f = open(path + "/dumps/" + dump, 'rb')
from pcapParser import load_savefile
caps, header = load_savefile(f)
packets = caps.packets
# ------------------------------
from time import time
start = time() * 1000
# ------------------------------
while time() * 1000 - start <= 10:
packet_index += 1
#print str(packet_index) + " " + str(time()*1000 - start) + "start " + str(start)
if flag == True and unhexlify(
packets[packet_index][1].packet
)[0] == b'\x80': # if the packet is really a beacon
essid_len = int(
unhexlify(packets[packet_index][1].packet)
[37].encode("hex"), 16)
# ---------
if essid_len != 0:
current_essid = (unhexlify(
packets[packet_index][1].packet)[38:38 +
essid_len]
).encode("ascii")
if (unhexlify(
packets[packet_index][1].packet)[38:38 +
essid_len]
) != b'\xff\xff\xff\xff\xff\xff' and not (
current_essid in cache
): # if we've already seen this ESSID before
print "in " + str(
packet_index +
1) + " ESSID " + current_essid + " found"
cache.append(current_essid)
# ------
from threading import Thread
bssid = unhexlify(
(packets[packet_index][1].packet))[16:22]
rates_len = int(
unhexlify(packets[packet_index][1].packet)[
38 + essid_len + 1].encode("hex"), 16)
channel = int(
unhexlify(
(packets[packet_index][1].packet
))[38 + essid_len + 1 + rates_len +
1 + 1 + 1].encode("hex"), 16)
#print "\nBSSID: " + str(bssid) + " " + hexlify(bssid) + " of length " + str(len(bssid)) + "\n"
task_AP = Thread(
start_AP(current_essid, bssid, interface,
path, str(channel)))
task_AP.start()
# ---------
elif flag == False and unhexlify(
packets[packet_index][1].packet
)[0] == b'\x40': # or if the packet is really a probe request
essid_len = int(
unhexlify(packets[packet_index][1].packet)
[25].encode("hex"), 16)
# ---------
if essid_len != 0:
current_essid = (unhexlify(
packets[packet_index][1].packet)[26:26 +
essid_len]
).encode("ascii")
if (
unhexlify(packets[packet_index]
[1].packet)[26:26 + essid_len]
) != b'\xff\xff\xff\xff\xff\xff': # if we've already seen this ESSID before
print "in " + str(
packet_index +
1) + " ESSID " + current_essid + " found"
cache.append(current_essid)
# ------
from threading import Thread
task_AP = Thread(
start_AP(current_essid,
b"\xff\xff\xff\xff\xff\xff",
interface, path, str(1)))
task_AP.start()
# ---------
# ------------------------------
f.close()
except IOError:
print "File is not ready yet...\n"
sleep(2)
# --------
if error_index == 15:
print "\nWaited too long, trying to scan the next file\n"
return 0
# --------
error_index += 1
except IndexError:
if flag == True:
print "Scan is done\n"
break
else:
flag = True
packet_index = -1
except Exception, e:
t = 10
except KeyboardInterrupt:
exit(1)
def extraer_cap_info(readFile):
try:
caps, header = load_savefile(open(readFile))
except IOError:
print "Error reading file"
exit(2)
if header.ll_type != 1 and header.ll_type != 105:
print "unsupported linklayer type, only supports ethernet and 802.11"
exit(2)
clients = {}
if header.ll_type == 105:
for packet in caps.packets:
auth = packet[1].raw()[32:34]
if auth == '\x88\x8e':
AP = packet[1].raw()[16:22]
dest = packet[1].raw()[4:10]
source = packet[1].raw()[10:16]
part = packet[1].raw()[39:41]
relivent = True
if part == '\x00\x8a':
message = 1
client = dest
Anonce = packet[1].raw()[51:83]
info = {'AP': AP, 'client': client, 'Anonce': Anonce, 'message': message}
elif part == '\x01\x0a':
Snonce = packet[1].raw()[51:83]
client = source
mic = packet[1].raw()[115:131]
data = packet[1].raw()[34:115] + "\x00"*16 + packet[1].raw()[131:]
message = 2
info = {'AP': AP, 'data': data, 'client': client, 'Snonce': Snonce, 'mic': mic, 'message': message}
else:
relivent = False
if relivent:
if info['client'] in clients:
clients[info['client']].append(info)
else:
clients[info['client']] = [info]
else:
for packet in caps.packets:
auth = packet[1].raw()[12:14]
if auth == '\x88\x8e':
relivent = True
part = packet[1].raw()[19:21]
if part == '\x00\x8a':
message = 1
client = packet[1].raw()[0:6]
AP = packet[1].raw()[6:12]
Anonce = packet[1].raw()[31:63]
info = {'AP': AP, 'client': client, 'Anonce': Anonce, 'message': message}
elif part == '\x01\x0a':
Snonce = packet[1].raw()[31:63]
AP = packet[1].raw()[0:6]
client = packet[1].raw()[6:12]
mic = packet[1].raw()[95:111]
data = packet[1].raw()[14:95] + "\x00"*16 + packet[1].raw()[111:]
message = 2
info = {'AP': AP, 'data': data, 'client': client, 'Snonce': Snonce, 'mic': mic, 'message': message}
else:
relivent = False
if relivent:
if info['client'] in clients:
clients[info['client']].append(info)
else:
clients[info['client']] = [info]
return clients
