def setUp(self):
# 802.11 Management Frame
#
self.rawframe = "\x00\x00\x1c\x00\xef\x18\x00\x00\x9aK\x87\xae;\x00\x00\x00\x10\x02\x85\t\xa0\x00\xb5\x9d`\x00\x00\x18 \x00:\x01\x00\x18\xf8lvBp\x1a\x04T\xe3\x86\x00\x18\xf8lvB\x00\x081\x04\n\x00\x00\x18\xf8lvB\x00\x05ddwrt\x01\x08\x82\x84\x8b\x96$0Hl!\x02\n\x11$\x02\x01\x0e0\x14\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x08\x002\x04\x0c\x12\x18`\xdd\t\x00\x10\x18\x02\x00\x10\x00\x00\x00p\x97\x1cA"
self.radiotap_decoder = RadioTapDecoder()
radiotap = self.radiotap_decoder.decode(self.rawframe)
self.assertEqual(str(radiotap.__class__), "impacket.dot11.RadioTap")
self.dot11 = radiotap.child()
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
type = self.dot11.get_type()
self.assertEqual(type, Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(
subtype, Dot11Types.DOT11_SUBTYPE_MANAGEMENT_REASSOCIATION_REQUEST)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(
typesubtype,
Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_REASSOCIATION_REQUEST)
self.management_base = self.dot11.child()
self.assertEqual(str(self.management_base.__class__),
"impacket.dot11.Dot11ManagementFrame")
self.management_reassociation_request = self.management_base.child()
self.assertEqual(str(self.management_reassociation_request.__class__),
"impacket.dot11.Dot11ManagementReassociationRequest")
def setUp(self):
# 802.11 Management Frame
#
self.rawframe = "\x00\x00\x1c\x00\xef\x18\x00\x00\xe7\x8a\xec\xb8\x3b\x00\x00\x00\x10\x02\x85\x09\xa0\x00\xb5\x9d\x60\x00\x00\x18\xa0\x00\x3a\x01\x00\x18\xf8\x6c\x76\x42\x70\x1a\x04\x54\xe3\x86\x00\x18\xf8\x6c\x76\x42\x70\x92\x08\x00\xbf\x1b\xa3\xa8"
self.radiotap_decoder = RadioTapDecoder()
radiotap = self.radiotap_decoder.decode(self.rawframe)
self.assertEqual(str(radiotap.__class__), "impacket.dot11.RadioTap")
self.dot11 = radiotap.child()
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
type = self.dot11.get_type()
self.assertEqual(type, Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(subtype,
Dot11Types.DOT11_SUBTYPE_MANAGEMENT_DISASSOCIATION)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(
typesubtype,
Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_DISASSOCIATION)
self.management_base = self.dot11.child()
self.assertEqual(str(self.management_base.__class__),
"impacket.dot11.Dot11ManagementFrame")
self.management_disassociation = self.management_base.child()
self.assertEqual(str(self.management_disassociation.__class__),
"impacket.dot11.Dot11ManagementDisassociation")
def setUp(self):
# 802.11 Management Frame
#
self.rawframe = "\x00\x00\x1c\x00\xef\x18\x00\x00\xc0\xbb\xbc\xae;\x00\x00\x00\x10\x02\x85\t\xa0\x00\xba\x9ca\x00\x00\x1e0\x08:\x01p\x1a\x04T\xe3\x86\x00\x18\xf8lvB\x00\x18\xf8lvB\xe0g\x11\x04\x00\x00\x04\xc0\x01\x08\x82\x84\x8b\x96$0Hl2\x04\x0c\x12\x18`\xdd\t\x00\x10\x18\x02\x02\xf0\x00\x00\x00\xb3\xff\n\\"
self.radiotap_decoder = RadioTapDecoder()
radiotap = self.radiotap_decoder.decode(self.rawframe)
self.assertEqual(str(radiotap.__class__), "impacket.dot11.RadioTap")
self.dot11 = radiotap.child()
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
type = self.dot11.get_type()
self.assertEqual(type, Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(
subtype,
Dot11Types.DOT11_SUBTYPE_MANAGEMENT_REASSOCIATION_RESPONSE)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(
typesubtype,
Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_REASSOCIATION_RESPONSE)
self.management_base = self.dot11.child()
self.assertEqual(str(self.management_base.__class__),
"impacket.dot11.Dot11ManagementFrame")
self.management_reassociation_response = self.management_base.child()
self.assertEqual(
str(self.management_reassociation_response.__class__),
"impacket.dot11.Dot11ManagementReassociationResponse")
def setUp(self):
# 802.11 Management Frame
#
self.rawframe = "\x00\x00\x1c\x00\xef\x18\x00\x00\x39\x55\x6f\x05\x3c\x00\x00\x00\x10\x02\x85\x09\xa0\x00\xb8\x9d\x60\x00\x00\x1b\xb0\x00\x3a\x01\x00\x18\xf8\x6c\x76\x42\x70\x1a\x04\x54\xe3\x86\x00\x18\xf8\x6c\x76\x42\x30\xc8\x00\x00\x01\x00\x00\x00\xdd\x09\x00\x10\x18\x02\x00\x10\x00\x00\x00\x8a\x64\xe9\x3b"
self.radiotap_decoder = RadioTapDecoder()
radiotap = self.radiotap_decoder.decode(self.rawframe)
self.assertEqual(str(radiotap.__class__), "impacket.dot11.RadioTap")
self.dot11 = radiotap.child()
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
type = self.dot11.get_type()
self.assertEqual(type, Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(subtype,
Dot11Types.DOT11_SUBTYPE_MANAGEMENT_AUTHENTICATION)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(
typesubtype,
Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_AUTHENTICATION)
self.management_base = self.dot11.child()
self.assertEqual(str(self.management_base.__class__),
"impacket.dot11.Dot11ManagementFrame")
self.management_authentication = self.management_base.child()
self.assertEqual(str(self.management_authentication.__class__),
"impacket.dot11.Dot11ManagementAuthentication")
def setUp(self):
# 802.11 Management Frame
#
self.rawframe = '\x00\x00\x20\x00\x67\x08\x04\x00\x54\xc6\xb8\x24\x00\x00\x00\x00\x22\x0c\xda\xa0\x02\x00\x00\x00\x40\x01\x00\x00\x3c\x14\x24\x11\x80\x00\x00\x00\xff\xff\xff\xff\xff\xff\x06\x03\x7f\x07\xa0\x16\x06\x03\x7f\x07\xa0\x16\xb0\x77\x3a\x40\xcb\x26\x00\x00\x00\x00\x64\x00\x01\x05\x00\x0a\x66\x72\x65\x65\x62\x73\x64\x2d\x61\x70\x01\x08\x8c\x12\x98\x24\xb0\x48\x60\x6c\x03\x01\x24\x05\x04\x00\x01\x00\x00\x07\x2a\x55\x53\x20\x24\x01\x11\x28\x01\x11\x2c\x01\x11\x30\x01\x11\x34\x01\x17\x38\x01\x17\x3c\x01\x17\x40\x01\x17\x95\x01\x1e\x99\x01\x1e\x9d\x01\x1e\xa1\x01\x1e\xa5\x01\x1e\x20\x01\x00\xdd\x18\x00\x50\xf2\x02\x01\x01\x00\x00\x03\xa4\x00\x00\x27\xa4\x00\x00\x42\x43\x5e\x00\x62\x32\x2f\x00'
self.radiotap_decoder = RadioTapDecoder()
radiotap = self.radiotap_decoder.decode(self.rawframe)
self.assertEqual(str(radiotap.__class__), "impacket.dot11.RadioTap")
self.dot11 = radiotap.child()
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
type = self.dot11.get_type()
self.assertEqual(type, Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(subtype, Dot11Types.DOT11_SUBTYPE_MANAGEMENT_BEACON)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(typesubtype,
Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_BEACON)
self.management_base = self.dot11.child()
self.assertEqual(str(self.management_base.__class__),
"impacket.dot11.Dot11ManagementFrame")
self.management_beacon = self.management_base.child()
self.assertEqual(str(self.management_beacon.__class__),
"impacket.dot11.Dot11ManagementBeacon")
def setUp(self):
# 802.11 Management Frame
#
self.rawProbeResponseframe = '\x00\x00\x18\x00\x2e\x48\x00\x00\x00\x02\x85\x09\xa0\x00\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x00\x50\x00\x3a\x01\x00\x21\xfe\x39\x3f\x77\x00\x1b\x11\x32\x66\x23\x00\x1b\x11\x32\x66\x23\x20\x73\x7f\xa0\x22\xf8\x3f\x01\x00\x00\x64\x00\x11\x04\x00\x07\x66\x72\x65\x65\x62\x73\x64\x01\x08\x82\x84\x8b\x96\x24\x30\x48\x6c\x03\x01\x06\x2a\x01\x04\x2f\x01\x04\x32\x04\x0c\x12\x18\x60\xdd\x75\x00\x50\xf2\x04\x10\x4a\x00\x01\x10\x10\x44\x00\x01\x02\x10\x41\x00\x01\x00\x10\x3b\x00\x01\x03\x10\x47\x00\x10\x11\x4e\xf7\x46\xa9\xc6\xfb\x1d\x70\x1b\x00\x1b\x11\x32\x66\x23\x10\x21\x00\x06\x44\x2d\x4c\x69\x6e\x6b\x10\x23\x00\x07\x44\x49\x52\x2d\x33\x32\x30\x10\x24\x00\x07\x44\x49\x52\x2d\x33\x32\x30\x10\x42\x00\x08\x30\x30\x30\x30\x30\x30\x30\x30\x10\x54\x00\x08\x00\x06\x00\x50\xf2\x04\x00\x01\x10\x11\x00\x07\x44\x49\x52\x2d\x33\x32\x30\x10\x08\x00\x02\x00\x8e\xdd\x05\x00\x50\xf2\x05\x00\xdd\x09\x00\x10\x18\x02\x01\xf0\x00\x00\x00\xdd\x18\x00\x50\xf2\x01\x01\x00\x00\x50\xf2\x02\x01\x00\x00\x50\xf2\x02\x01\x00\x00\x50\xf2\x02\x00\x00'
self.radiotap_decoder = RadioTapDecoder()
radiotap = self.radiotap_decoder.decode(self.rawProbeResponseframe)
self.assertEqual(str(radiotap.__class__), "impacket.dot11.RadioTap")
self.dot11 = radiotap.child()
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
type = self.dot11.get_type()
self.assertEqual(type, Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(subtype,
Dot11Types.DOT11_SUBTYPE_MANAGEMENT_PROBE_RESPONSE)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(
typesubtype,
Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_PROBE_RESPONSE)
self.management_base = self.dot11.child()
self.assertEqual(str(self.management_base.__class__),
"impacket.dot11.Dot11ManagementFrame")
self.management_probe_response = self.management_base.child()
self.assertEqual(str(self.management_probe_response.__class__),
"impacket.dot11.Dot11ManagementProbeResponse")
def setUp(self):
# 802.11 Management Frame
#
self.rawframe='\x00\x00\x10\x00\x6e\x00\x00\x00\x00\x02\x94\x09\xa0\x00\x3a\x00\xc0\x00\x3a\x01\x00\x15\xaf\x64\xac\xbd\x00\x18\x39\xc1\xfc\xe2\x00\x18\x39\xc1\xfc\xe2\x20\x3b\x0f\x00'
self.radiotap_decoder = RadioTapDecoder()
radiotap=self.radiotap_decoder.decode(self.rawframe)
self.assertEqual(str(radiotap.__class__), "impacket.dot11.RadioTap")
self.dot11=radiotap.child()
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
type = self.dot11.get_type()
self.assertEqual(type,Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(subtype,Dot11Types.DOT11_SUBTYPE_MANAGEMENT_DEAUTHENTICATION)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(typesubtype,Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_DEAUTHENTICATION)
self.management_base=self.dot11.child()
self.assertEqual(str(self.management_base.__class__), "impacket.dot11.Dot11ManagementFrame")
self.management_deauthentication=self.management_base.child()
self.assertEqual(str(self.management_deauthentication.__class__), "impacket.dot11.Dot11ManagementDeauthentication")
def setUp(self):
self.RadioTapData=b'\x00\x00\x20\x00\x67\x08\x04\x00\x30\x03\x1a\x25\x00\x00\x00\x00\x22\x0c\xd9\xa0\x02\x00\x00\x00\x40\x01\x00\x00\x3c\x14\x24\x11\x08\x02\x00\x00\xff\xff\xff\xff\xff\xff\x06\x03\x7f\x07\xa0\x16\x00\x19\xe3\xd3\x53\x52\x90\x7f\xaa\xaa\x03\x00\x00\x00\x08\x06\x00\x01\x08\x00\x06\x04\x00\x01\x00\x19\xe3\xd3\x53\x52\xa9\xfe\xf7\x00\x00\x00\x00\x00\x00\x00\x43\x08\x0e\x36'
self.radiotap_decoder = RadioTapDecoder()
self.in0=self.radiotap_decoder.decode(self.RadioTapData)
self.in1=self.in0.child()
self.in2=self.in1.child()
self.in3=self.in2.child()
self.in4=self.in3.child()
self.in5=self.in4.child()
self.in6=self.in5.child()
def setUp(self):
# 802.11 Management Frame
#
self.rawframe = b"\x00\x00\x1c\x00\xef\x18\x00\x00jH\xfa\x00<\x00\x00\x00\x10\x02\x85\t\xa0\x00\xb9\x9e_\x00\x00" \
b"\x1b\x00\x00:\x01\x00\x18\xf8lvBp\x1a\x04T\xe3\x86\x00\x18\xf8lvBP\x8e1\x04\n\x00\x00\x05ddwrt" \
b"\x01\x08\x82\x84\x8b\x96$0Hl!\x02\n\x11$\x02\x01\x0e0\x14\x01\x00\x00\x0f\xac\x04\x01\x00\x00" \
b"\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x08\x002\x04\x0c\x12\x18`\xdd\t\x00\x10\x18\x02\x00\x10" \
b"\x00\x00\x00\xbf]o\xce"
self.radiotap_decoder = RadioTapDecoder()
radiotap = self.radiotap_decoder.decode(self.rawframe)
if PY2:
self.assertEqual(str(radiotap.__class__),
"impacket.dot11.RadioTap")
else:
self.assertEqual(str(radiotap.__class__),
"<class 'impacket.dot11.RadioTap'>")
self.dot11 = radiotap.child()
if PY2:
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
else:
self.assertEqual(str(self.dot11.__class__),
"<class 'impacket.dot11.Dot11'>")
type = self.dot11.get_type()
self.assertEqual(type, Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(
subtype, Dot11Types.DOT11_SUBTYPE_MANAGEMENT_ASSOCIATION_REQUEST)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(
typesubtype,
Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_ASSOCIATION_REQUEST)
self.management_base = self.dot11.child()
if PY2:
self.assertEqual(str(self.management_base.__class__),
"impacket.dot11.Dot11ManagementFrame")
else:
self.assertEqual(str(self.management_base.__class__),
"<class 'impacket.dot11.Dot11ManagementFrame'>")
self.management_association_request = self.management_base.child()
if PY2:
self.assertEqual(
str(self.management_association_request.__class__),
"impacket.dot11.Dot11ManagementAssociationRequest")
else:
self.assertEqual(
str(self.management_association_request.__class__),
"<class 'impacket.dot11.Dot11ManagementAssociationRequest'>")
def frame_handler(self, manager, worker_addr, frame_data):
"""
Inject probe response frames for every probe request frame.
"""
decoder = RadioTapDecoder()
decoder.decode(frame_data)
management_frame = decoder.get_protocol(dot11.Dot11ManagementFrame)
probe_req_frame = decoder.get_protocol(dot11.Dot11ManagementProbeRequest)
if not probe_req_frame:
return
ssid = probe_req_frame.get_ssid()
if not ssid: # Ignore broadcast SSID
return
station_address = management_frame.get_source_address()
print "Station: %s" % ":".join(map(lambda i: "%02X" % i, station_address))
print "SSID: %s" % ssid
frame = str()
# Radiotap
frame += "\x00\x00" # Version
frame += "\x0b\x00" # Header Length
frame += "\x04\x0c\x00\x00" # Presence Flags
frame += "\x6c" # Rate
frame += "\x0c" # TX Power
frame += "\x01" # Antenna
# Management Frame
frame += "\x50\x00" # Frame Control
frame += "\x31\x01" # Duration
frame += "".join(chr(i) for i in station_address) # Destination Address
frame += "\x00\xde\xad\xbe\xef\x00" # Source Address
frame += "\x00\xde\xad\xbe\xef\x00" # BSSID Address
frame += "\x00\x00" # Sequence Control
frame += "\x00\x00\x00\x00\x00\x00\x00\x00" # Timestamp
frame += "\x64\x00" # Beacon Interval
frame += "\x01\x04" # Capabilities
frame += "\x00%s%s" % (struct.pack("B", len(ssid)), ssid) # SSID
frame += "\x01\x08\x82\x84\x8b\x96\x24\x30\x48\x6c" # Supported Rates
frame += "\x03\x01\x0e" # DS parameter set
frame += "\xdd\x06\xfa\xfa\xfa\x00\xde\xad" # Vendor Specific
workers = manager.get_workers()
for worker in workers:
if worker.raw_mac_address() == worker_addr:
break
for iface in worker.interfaces_list():
manager.inject_data_from_worker_interface(worker.raw_mac_address(), iface.name(), frame)
def setUp(self):
# 802.11 Management Frame
#
self.rawframe = b"\x00\x00\x1c\x00\xef\x18\x00\x00\xc2L\xfa\x00<\x00\x00\x00\x10\x02\x85\t\xa0\x00\xb4\x9e_\x00\x00\x16\x10\x00:\x01p\x1a\x04T\xe3\x86\x00\x18\xf8lvB\x00\x18\xf8lvB\xf0\x02\x11\x04\x00\x00\x04\xc0\x01\x08\x82\x84\x8b\x96$0Hl2\x04\x0c\x12\x18`\xdd\t\x00\x10\x18\x02\x02\xf0\x00\x00\x00f%\xdf7"
self.radiotap_decoder = RadioTapDecoder()
radiotap = self.radiotap_decoder.decode(self.rawframe)
if PY2:
self.assertEqual(str(radiotap.__class__),
"impacket.dot11.RadioTap")
else:
self.assertEqual(str(radiotap.__class__),
"<class 'impacket.dot11.RadioTap'>")
self.dot11 = radiotap.child()
if PY2:
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
else:
self.assertEqual(str(self.dot11.__class__),
"<class 'impacket.dot11.Dot11'>")
type = self.dot11.get_type()
self.assertEqual(type, Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(
subtype, Dot11Types.DOT11_SUBTYPE_MANAGEMENT_ASSOCIATION_RESPONSE)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(
typesubtype,
Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_ASSOCIATION_RESPONSE)
self.management_base = self.dot11.child()
if PY2:
self.assertEqual(str(self.management_base.__class__),
"impacket.dot11.Dot11ManagementFrame")
else:
self.assertEqual(str(self.management_base.__class__),
"<class 'impacket.dot11.Dot11ManagementFrame'>")
self.management_association_response = self.management_base.child()
if PY2:
self.assertEqual(
str(self.management_association_response.__class__),
"impacket.dot11.Dot11ManagementAssociationResponse")
else:
self.assertEqual(
str(self.management_association_response.__class__),
"<class 'impacket.dot11.Dot11ManagementAssociationResponse'>")
def setUp(self):
# 802.11 Management Frame
#
self.rawProbeRequestframe = b'\x00\x00\x18\x00\x2e\x48\x00\x00\x00\x02\x85\x09\xa0\x00\xda\x01\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\xff\xff\xff\xff\xff\xff\x00\x23\x4d\x13\xf9\x1b\xff\xff\xff\xff\xff\xff\x90\x45\x00\x05\x64\x6c\x69\x6e\x6b\x01\x08\x02\x04\x0b\x16\x0c\x12\x18\x24\x32\x04\x30\x48\x60\x6c'
self.radiotap_decoder = RadioTapDecoder()
radiotap = self.radiotap_decoder.decode(self.rawProbeRequestframe)
if PY2:
self.assertEqual(str(radiotap.__class__),
"impacket.dot11.RadioTap")
else:
self.assertEqual(str(radiotap.__class__),
"<class 'impacket.dot11.RadioTap'>")
self.dot11 = radiotap.child()
if PY2:
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
else:
self.assertEqual(str(self.dot11.__class__),
"<class 'impacket.dot11.Dot11'>")
type = self.dot11.get_type()
self.assertEqual(type, Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(subtype,
Dot11Types.DOT11_SUBTYPE_MANAGEMENT_PROBE_REQUEST)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(
typesubtype,
Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_PROBE_REQUEST)
self.management_base = self.dot11.child()
if PY2:
self.assertEqual(str(self.management_base.__class__),
"impacket.dot11.Dot11ManagementFrame")
else:
self.assertEqual(str(self.management_base.__class__),
"<class 'impacket.dot11.Dot11ManagementFrame'>")
self.management_probe_request = self.management_base.child()
if PY2:
self.assertEqual(str(self.management_probe_request.__class__),
"impacket.dot11.Dot11ManagementProbeRequest")
else:
self.assertEqual(
str(self.management_probe_request.__class__),
"<class 'impacket.dot11.Dot11ManagementProbeRequest'>")
def __init__(self, args):
self.args = args
self.accessPoints = []
self.interface = args.interface
self.macAddress = args.source if is_valid_mac_address(
args.source) else None
self.filename = args.write
#
self.captured = []
self.channel = None
self.ap_dict = {}
self.clients_dict = {}
#
self.rtDecoder = RadioTapDecoder()
self.wps_parser = WPSParser()
def setUp(self):
# 802.11 Management Frame
#
self.rawframe="\x00\x00\x1c\x00\xef\x18\x00\x00\xc0\xbb\xbc\xae;\x00\x00\x00\x10\x02\x85\t\xa0\x00\xba\x9ca\x00\x00\x1e0\x08:\x01p\x1a\x04T\xe3\x86\x00\x18\xf8lvB\x00\x18\xf8lvB\xe0g\x11\x04\x00\x00\x04\xc0\x01\x08\x82\x84\x8b\x96$0Hl2\x04\x0c\x12\x18`\xdd\t\x00\x10\x18\x02\x02\xf0\x00\x00\x00\xb3\xff\n\\"
self.radiotap_decoder = RadioTapDecoder()
radiotap=self.radiotap_decoder.decode(self.rawframe)
self.assertEqual(str(radiotap.__class__), "impacket.dot11.RadioTap")
self.dot11=radiotap.child()
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
type = self.dot11.get_type()
self.assertEqual(type,Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(subtype,Dot11Types.DOT11_SUBTYPE_MANAGEMENT_REASSOCIATION_RESPONSE)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(typesubtype, Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_REASSOCIATION_RESPONSE)
self.management_base=self.dot11.child()
self.assertEqual(str(self.management_base.__class__), "impacket.dot11.Dot11ManagementFrame")
self.management_reassociation_response=self.management_base.child()
self.assertEqual(str(self.management_reassociation_response.__class__), "impacket.dot11.Dot11ManagementReassociationResponse")
def setUp(self):
# 802.11 Management Frame
#
self.rawframe="\x00\x00\x1c\x00\xef\x18\x00\x00\x9aK\x87\xae;\x00\x00\x00\x10\x02\x85\t\xa0\x00\xb5\x9d`\x00\x00\x18 \x00:\x01\x00\x18\xf8lvBp\x1a\x04T\xe3\x86\x00\x18\xf8lvB\x00\x081\x04\n\x00\x00\x18\xf8lvB\x00\x05ddwrt\x01\x08\x82\x84\x8b\x96$0Hl!\x02\n\x11$\x02\x01\x0e0\x14\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x08\x002\x04\x0c\x12\x18`\xdd\t\x00\x10\x18\x02\x00\x10\x00\x00\x00p\x97\x1cA"
self.radiotap_decoder = RadioTapDecoder()
radiotap=self.radiotap_decoder.decode(self.rawframe)
self.assertEqual(str(radiotap.__class__), "impacket.dot11.RadioTap")
self.dot11=radiotap.child()
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
type = self.dot11.get_type()
self.assertEqual(type,Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(subtype,Dot11Types.DOT11_SUBTYPE_MANAGEMENT_REASSOCIATION_REQUEST)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(typesubtype,Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_REASSOCIATION_REQUEST)
self.management_base=self.dot11.child()
self.assertEqual(str(self.management_base.__class__), "impacket.dot11.Dot11ManagementFrame")
self.management_reassociation_request=self.management_base.child()
self.assertEqual(str(self.management_reassociation_request.__class__), "impacket.dot11.Dot11ManagementReassociationRequest")
def setUp(self):
# 802.11 Management Frame
#
self.rawframe='\x00\x00\x20\x00\x67\x08\x04\x00\x54\xc6\xb8\x24\x00\x00\x00\x00\x22\x0c\xda\xa0\x02\x00\x00\x00\x40\x01\x00\x00\x3c\x14\x24\x11\x80\x00\x00\x00\xff\xff\xff\xff\xff\xff\x06\x03\x7f\x07\xa0\x16\x06\x03\x7f\x07\xa0\x16\xb0\x77\x3a\x40\xcb\x26\x00\x00\x00\x00\x64\x00\x01\x05\x00\x0a\x66\x72\x65\x65\x62\x73\x64\x2d\x61\x70\x01\x08\x8c\x12\x98\x24\xb0\x48\x60\x6c\x03\x01\x24\x05\x04\x00\x01\x00\x00\x07\x2a\x55\x53\x20\x24\x01\x11\x28\x01\x11\x2c\x01\x11\x30\x01\x11\x34\x01\x17\x38\x01\x17\x3c\x01\x17\x40\x01\x17\x95\x01\x1e\x99\x01\x1e\x9d\x01\x1e\xa1\x01\x1e\xa5\x01\x1e\x20\x01\x00\xdd\x18\x00\x50\xf2\x02\x01\x01\x00\x00\x03\xa4\x00\x00\x27\xa4\x00\x00\x42\x43\x5e\x00\x62\x32\x2f\x00'
self.radiotap_decoder = RadioTapDecoder()
radiotap=self.radiotap_decoder.decode(self.rawframe)
self.assertEqual(str(radiotap.__class__), "impacket.dot11.RadioTap")
self.dot11=radiotap.child()
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
type = self.dot11.get_type()
self.assertEqual(type,Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(subtype,Dot11Types.DOT11_SUBTYPE_MANAGEMENT_BEACON)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(typesubtype,Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_BEACON)
self.management_base=self.dot11.child()
self.assertEqual(str(self.management_base.__class__), "impacket.dot11.Dot11ManagementFrame")
self.management_beacon=self.management_base.child()
self.assertEqual(str(self.management_beacon.__class__), "impacket.dot11.Dot11ManagementBeacon")
def setUp(self):
# 802.11 Management Frame
#
self.rawframe="\x00\x00\x1c\x00\xef\x18\x00\x00\x39\x55\x6f\x05\x3c\x00\x00\x00\x10\x02\x85\x09\xa0\x00\xb8\x9d\x60\x00\x00\x1b\xb0\x00\x3a\x01\x00\x18\xf8\x6c\x76\x42\x70\x1a\x04\x54\xe3\x86\x00\x18\xf8\x6c\x76\x42\x30\xc8\x00\x00\x01\x00\x00\x00\xdd\x09\x00\x10\x18\x02\x00\x10\x00\x00\x00\x8a\x64\xe9\x3b"
self.radiotap_decoder = RadioTapDecoder()
radiotap=self.radiotap_decoder.decode(self.rawframe)
self.assertEqual(str(radiotap.__class__), "impacket.dot11.RadioTap")
self.dot11=radiotap.child()
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
type = self.dot11.get_type()
self.assertEqual(type,Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(subtype,Dot11Types.DOT11_SUBTYPE_MANAGEMENT_AUTHENTICATION)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(typesubtype,Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_AUTHENTICATION)
self.management_base=self.dot11.child()
self.assertEqual(str(self.management_base.__class__), "impacket.dot11.Dot11ManagementFrame")
self.management_authentication=self.management_base.child()
self.assertEqual(str(self.management_authentication.__class__), "impacket.dot11.Dot11ManagementAuthentication")
def setUp(self):
# 802.11 Management Frame
#
self.rawProbeResponseframe='\x00\x00\x18\x00\x2e\x48\x00\x00\x00\x02\x85\x09\xa0\x00\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x00\x50\x00\x3a\x01\x00\x21\xfe\x39\x3f\x77\x00\x1b\x11\x32\x66\x23\x00\x1b\x11\x32\x66\x23\x20\x73\x7f\xa0\x22\xf8\x3f\x01\x00\x00\x64\x00\x11\x04\x00\x07\x66\x72\x65\x65\x62\x73\x64\x01\x08\x82\x84\x8b\x96\x24\x30\x48\x6c\x03\x01\x06\x2a\x01\x04\x2f\x01\x04\x32\x04\x0c\x12\x18\x60\xdd\x75\x00\x50\xf2\x04\x10\x4a\x00\x01\x10\x10\x44\x00\x01\x02\x10\x41\x00\x01\x00\x10\x3b\x00\x01\x03\x10\x47\x00\x10\x11\x4e\xf7\x46\xa9\xc6\xfb\x1d\x70\x1b\x00\x1b\x11\x32\x66\x23\x10\x21\x00\x06\x44\x2d\x4c\x69\x6e\x6b\x10\x23\x00\x07\x44\x49\x52\x2d\x33\x32\x30\x10\x24\x00\x07\x44\x49\x52\x2d\x33\x32\x30\x10\x42\x00\x08\x30\x30\x30\x30\x30\x30\x30\x30\x10\x54\x00\x08\x00\x06\x00\x50\xf2\x04\x00\x01\x10\x11\x00\x07\x44\x49\x52\x2d\x33\x32\x30\x10\x08\x00\x02\x00\x8e\xdd\x05\x00\x50\xf2\x05\x00\xdd\x09\x00\x10\x18\x02\x01\xf0\x00\x00\x00\xdd\x18\x00\x50\xf2\x01\x01\x00\x00\x50\xf2\x02\x01\x00\x00\x50\xf2\x02\x01\x00\x00\x50\xf2\x02\x00\x00'
self.radiotap_decoder = RadioTapDecoder()
radiotap=self.radiotap_decoder.decode(self.rawProbeResponseframe)
self.assertEqual(str(radiotap.__class__), "impacket.dot11.RadioTap")
self.dot11=radiotap.child()
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
type = self.dot11.get_type()
self.assertEqual(type,Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(subtype,Dot11Types.DOT11_SUBTYPE_MANAGEMENT_PROBE_RESPONSE)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(typesubtype,Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_PROBE_RESPONSE)
self.management_base=self.dot11.child()
self.assertEqual(str(self.management_base.__class__), "impacket.dot11.Dot11ManagementFrame")
self.management_probe_response=self.management_base.child()
self.assertEqual(str(self.management_probe_response.__class__), "impacket.dot11.Dot11ManagementProbeResponse")
def __init__(self,
interface,
channel=None,
timeout=5,
output=None,
passive=False,
mac=None,
logfile=None):
self.interface = interface
self.channel = channel
self.timeout = timeout
self.output = output
self.passive = passive
self.mac = mac if is_valid_mac_address(mac) else None
self.logfile = logfile
#
self.aps = {}
self.wps_aps = {}
self.captured = []
self.probes_sent = []
self._stop = False
#
self.wps_parser = WPSParser()
self.rtDecoder = RadioTapDecoder()
# Initialize logger
self.logger = logging.getLogger('airlog')
self.logger.setLevel(logging.INFO)
# Console logging
ch = logging.StreamHandler()
ch.setLevel(logging.INFO)
formatter = coloredlogs.ColoredFormatter(
'[%(asctime)s] - %(levelname)s - %(message)s',
datefmt='%d.%m.%Y %H:%M:%S')
ch.setFormatter(formatter)
self.logger.addHandler(ch)
# Logging to file
if logfile is None:
return
fh = logging.FileHandler(logfile)
fh.setLevel(logging.DEBUG)
formatter = logging.Formatter('[%(asctime)s] - %(message)s',
datefmt='%d.%m.%Y %H:%M:%S')
fh.setFormatter(formatter)
self.logger.addHandler(fh)
def recv_pkts(hdr, data):
global lastexport
global ha
global pacchetticatturati
try:
#decodifica del pacchetto
radio = RadioTapDecoder().decode(data)
datadown = radio.get_body_as_string()
ethe = Dot11ControlDecoder().decode(datadown)
datadowndown = ethe.get_body_as_string()
decodedDataDownDown = DataDecoder().decode(datadowndown)
macS = (addressDecode(decodedDataDownDown))
s = type(radio.get_dBm_ant_signal())
time = datetime.datetime.now()
#aggiunta al dizionario
#controllo se il segnale ha un valore consistente, in caso contrario scarto
if (s is int):
signal = str(-(256 - radio.get_dBm_ant_signal())) + " dB"
t = (time, signal)
if (ha.has_key(macS)):
ha.get(macS).append(t)
else:
l = [t]
ha[macS] = l
pacchetticatturati = pacchetticatturati + 1
#esporta su file (thread in parallelo)
if ((time - lastexport).seconds > delay) & len(ha.keys()):
haexport = ha
ha = {}
lastexport = time
thread.start_new_thread(exporter, (haexport, ))
except KeyboardInterrupt:
raise
except struct.error:
pass #perche non lanciano eccezioni custom quelli di Impacket
except:
#per evitare che crashi qual'ora ci siano errori imprevisti, ne tengo traccia per il debug
global imprexc
_, exc_obj, exc_tb = sys.exc_info()
imprexc = (exc_obj, exc_tb.tb_lineno)
thread.start_new_thread(exporterException, (imprexc, ))
def recv_pkts(hdr, data):
global lastexport
global ha
try:
#decodifica del pacchetto
radio = RadioTapDecoder().decode(data)
datadown = radio.get_body_as_string()
ethe = Dot11ControlDecoder().decode(datadown)
datadowndown = ethe.get_body_as_string()
decodedDataDownDown = DataDecoder().decode(datadowndown)
ethMacS = [None] * 6
for i in range(0, 6):
#salto i primi 8 byte per ottenere il mac trasmittente
ethMacS[i] = hex(decodedDataDownDown.get_byte(8 + i))
macS = ':'.join(map(str, ethMacS))
s = type(radio.get_dBm_ant_signal())
time = datetime.datetime.now()
#aggiunta al dizionario
#controllo se il segnale ha un valore consistente, in caso contrario scarto
if (s is int):
signal = hex(radio.get_dBm_ant_signal())
t = (time, signal)
if (ha.has_key(macS)):
ha.get(macS).append(t)
else:
l = [t]
ha[macS] = l
#esporta su file (thread in parallelo)
if ((time - lastexport).seconds > delay) & len(ha.keys()):
haexport = ha
ha = {}
lastexport = time
thread.start_new_thread(exporter, (haexport, ))
except KeyboardInterrupt:
raise
except:
pass
def setUp(self):
self.RadioTapData=b'\x00\x00\x20\x00\x67\x08\x04\x00\x30\x03\x1a\x25\x00\x00\x00\x00\x22\x0c\xd9\xa0\x02\x00\x00\x00\x40\x01\x00\x00\x3c\x14\x24\x11\x08\x02\x00\x00\xff\xff\xff\xff\xff\xff\x06\x03\x7f\x07\xa0\x16\x00\x19\xe3\xd3\x53\x52\x90\x7f\xaa\xaa\x03\x00\x00\x00\x08\x06\x00\x01\x08\x00\x06\x04\x00\x01\x00\x19\xe3\xd3\x53\x52\xa9\xfe\xf7\x00\x00\x00\x00\x00\x00\x00\x43\x08\x0e\x36'
self.radiotap_decoder = RadioTapDecoder()
self.in0=self.radiotap_decoder.decode(self.RadioTapData)
self.in1=self.in0.child()
self.in2=self.in1.child()
self.in3=self.in2.child()
self.in4=self.in3.child()
self.in5=self.in4.child()
self.in6=self.in5.child()
def __init__(self, args):
self.args = args
self.accessPoints = []
self.interface = args.interface
self.macAddress = args.source if isValidMacAddress(args.source) else None
self.filename = args.write
self.wps_parser = WPSParser()
self.oui = OUI()
self.captured = []
self.iw = IW(self.args.interface)
self.iw.set_monitor()
self.ap_dict = {}
self.clients_dict = {}
self.rtDecoder = RadioTapDecoder()
def frame_handler(self, manager, worker_addr, frame_data):
"""
Inject probe response frames for every probe request frame.
"""
decoder = RadioTapDecoder()
decoder.decode(frame_data)
management_frame = decoder.get_protocol(dot11.Dot11ManagementFrame)
probe_req_frame = decoder.get_protocol(
dot11.Dot11ManagementProbeRequest)
if not probe_req_frame:
return
ssid = probe_req_frame.get_ssid()
if not ssid: # Ignore broadcast SSID
return
station_address = management_frame.get_source_address()
print "Station: %s" % ":".join(
map(lambda i: "%02X" % i, station_address))
print "SSID: %s" % ssid
frame = str()
# Radiotap
frame += "\x00\x00" # Version
frame += "\x0b\x00" # Header Length
frame += "\x04\x0c\x00\x00" # Presence Flags
frame += "\x6c" # Rate
frame += "\x0c" # TX Power
frame += "\x01" # Antenna
# Management Frame
frame += "\x50\x00" # Frame Control
frame += "\x31\x01" # Duration
frame += "".join(chr(i)
for i in station_address) # Destination Address
frame += "\x00\xde\xad\xbe\xef\x00" # Source Address
frame += "\x00\xde\xad\xbe\xef\x00" # BSSID Address
frame += "\x00\x00" # Sequence Control
frame += "\x00\x00\x00\x00\x00\x00\x00\x00" # Timestamp
frame += "\x64\x00" # Beacon Interval
frame += "\x01\x04" # Capabilities
frame += "\x00%s%s" % (struct.pack("B", len(ssid)), ssid) # SSID
frame += "\x01\x08\x82\x84\x8b\x96\x24\x30\x48\x6c" # Supported Rates
frame += "\x03\x01\x0e" # DS parameter set
frame += "\xdd\x06\xfa\xfa\xfa\x00\xde\xad" # Vendor Specific
workers = manager.get_workers()
for worker in workers:
if worker.raw_mac_address() == worker_addr:
break
for iface in worker.interfaces_list():
manager.inject_data_from_worker_interface(worker.raw_mac_address(),
iface.name(), frame)
def setUp(self):
# 802.11 Management Frame
#
self.rawframe = b"\x00\x00\x1c\x00\xef\x18\x00\x00jH\xfa\x00<\x00\x00\x00\x10\x02\x85\t\xa0\x00\xb9\x9e_\x00\x00" \
b"\x1b\x00\x00:\x01\x00\x18\xf8lvBp\x1a\x04T\xe3\x86\x00\x18\xf8lvBP\x8e1\x04\n\x00\x00\x05ddwrt" \
b"\x01\x08\x82\x84\x8b\x96$0Hl!\x02\n\x11$\x02\x01\x0e0\x14\x01\x00\x00\x0f\xac\x04\x01\x00\x00" \
b"\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x08\x002\x04\x0c\x12\x18`\xdd\t\x00\x10\x18\x02\x00\x10" \
b"\x00\x00\x00\xbf]o\xce"
self.radiotap_decoder = RadioTapDecoder()
radiotap=self.radiotap_decoder.decode(self.rawframe)
if PY2:
self.assertEqual(str(radiotap.__class__), "impacket.dot11.RadioTap")
else:
self.assertEqual(str(radiotap.__class__), "<class 'impacket.dot11.RadioTap'>")
self.dot11=radiotap.child()
if PY2:
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
else:
self.assertEqual(str(self.dot11.__class__), "<class 'impacket.dot11.Dot11'>")
type = self.dot11.get_type()
self.assertEqual(type,Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(subtype,Dot11Types.DOT11_SUBTYPE_MANAGEMENT_ASSOCIATION_REQUEST)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(typesubtype,Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_ASSOCIATION_REQUEST)
self.management_base=self.dot11.child()
if PY2:
self.assertEqual(str(self.management_base.__class__), "impacket.dot11.Dot11ManagementFrame")
else:
self.assertEqual(str(self.management_base.__class__), "<class 'impacket.dot11.Dot11ManagementFrame'>")
self.management_association_request=self.management_base.child()
if PY2:
self.assertEqual(str(self.management_association_request.__class__), "impacket.dot11.Dot11ManagementAssociationRequest")
else:
self.assertEqual(str(self.management_association_request.__class__), "<class 'impacket.dot11.Dot11ManagementAssociationRequest'>")
def setUp(self):
# 802.11 Management Frame
#
self.rawframe=b"\x00\x00\x1c\x00\xef\x18\x00\x00\xe7\x8a\xec\xb8\x3b\x00\x00\x00\x10\x02\x85\x09\xa0\x00\xb5\x9d\x60\x00\x00\x18\xa0\x00\x3a\x01\x00\x18\xf8\x6c\x76\x42\x70\x1a\x04\x54\xe3\x86\x00\x18\xf8\x6c\x76\x42\x70\x92\x08\x00\xbf\x1b\xa3\xa8"
self.radiotap_decoder = RadioTapDecoder()
radiotap=self.radiotap_decoder.decode(self.rawframe)
if PY2:
self.assertEqual(str(radiotap.__class__), "impacket.dot11.RadioTap")
else:
self.assertEqual(str(radiotap.__class__), "<class 'impacket.dot11.RadioTap'>")
self.dot11=radiotap.child()
if PY2:
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
else:
self.assertEqual(str(self.dot11.__class__), "<class 'impacket.dot11.Dot11'>")
type = self.dot11.get_type()
self.assertEqual(type,Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(subtype,Dot11Types.DOT11_SUBTYPE_MANAGEMENT_DISASSOCIATION)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(typesubtype,Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_DISASSOCIATION)
self.management_base=self.dot11.child()
if PY2:
self.assertEqual(str(self.management_base.__class__), "impacket.dot11.Dot11ManagementFrame")
else:
self.assertEqual(str(self.management_base.__class__), "<class 'impacket.dot11.Dot11ManagementFrame'>")
self.management_disassociation=self.management_base.child()
if PY2:
self.assertEqual(str(self.management_disassociation.__class__), "impacket.dot11.Dot11ManagementDisassociation")
else:
self.assertEqual(str(self.management_disassociation.__class__), "<class 'impacket.dot11.Dot11ManagementDisassociation'>")
def setUp(self):
# 802.11 Management Frame
#
self.rawframe=b"\x00\x00\x1c\x00\xef\x18\x00\x00\xc2L\xfa\x00<\x00\x00\x00\x10\x02\x85\t\xa0\x00\xb4\x9e_\x00\x00\x16\x10\x00:\x01p\x1a\x04T\xe3\x86\x00\x18\xf8lvB\x00\x18\xf8lvB\xf0\x02\x11\x04\x00\x00\x04\xc0\x01\x08\x82\x84\x8b\x96$0Hl2\x04\x0c\x12\x18`\xdd\t\x00\x10\x18\x02\x02\xf0\x00\x00\x00f%\xdf7"
self.radiotap_decoder = RadioTapDecoder()
radiotap=self.radiotap_decoder.decode(self.rawframe)
if PY2:
self.assertEqual(str(radiotap.__class__), "impacket.dot11.RadioTap")
else:
self.assertEqual(str(radiotap.__class__), "<class 'impacket.dot11.RadioTap'>")
self.dot11=radiotap.child()
if PY2:
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
else:
self.assertEqual(str(self.dot11.__class__), "<class 'impacket.dot11.Dot11'>")
type = self.dot11.get_type()
self.assertEqual(type,Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(subtype,Dot11Types.DOT11_SUBTYPE_MANAGEMENT_ASSOCIATION_RESPONSE)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(typesubtype,Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_ASSOCIATION_RESPONSE)
self.management_base=self.dot11.child()
if PY2:
self.assertEqual(str(self.management_base.__class__), "impacket.dot11.Dot11ManagementFrame")
else:
self.assertEqual(str(self.management_base.__class__), "<class 'impacket.dot11.Dot11ManagementFrame'>")
self.management_association_response=self.management_base.child()
if PY2:
self.assertEqual(str(self.management_association_response.__class__), "impacket.dot11.Dot11ManagementAssociationResponse")
else:
self.assertEqual(str(self.management_association_response.__class__), "<class 'impacket.dot11.Dot11ManagementAssociationResponse'>")
def __init__(self, interface, channel=None, timeout=5, output=None, passive=False, mac=None, logfile=None):
self.interface = interface
self.channel = channel
self.timeout = timeout
self.output = output
self.passive = passive
self.mac = mac if is_valid_mac_address(mac) else None
self.logfile = logfile
#
self.aps = {}
self.wps_aps = {}
self.captured = []
self.probes_sent = []
self._stop = False
#
self.wps_parser = WpsParser()
self.rtDecoder = RadioTapDecoder()
# Initialize logger
self.logger = logging.getLogger('airlog')
self.logger.setLevel(logging.INFO)
# Console logging
ch = logging.StreamHandler()
ch.setLevel(logging.INFO)
formatter = coloredlogs.ColoredFormatter('[%(asctime)s] - %(levelname)s - %(message)s',
datefmt='%d.%m.%Y %H:%M:%S')
ch.setFormatter(formatter)
self.logger.addHandler(ch)
# Logging to file
if logfile is None:
return
fh = logging.FileHandler(logfile)
fh.setLevel(logging.DEBUG)
formatter = logging.Formatter('[%(asctime)s] - %(message)s', datefmt='%d.%m.%Y %H:%M:%S')
fh.setFormatter(formatter)
self.logger.addHandler(fh)
def setUp(self):
# 802.11 Management Frame
#
self.rawProbeRequestframe=b'\x00\x00\x18\x00\x2e\x48\x00\x00\x00\x02\x85\x09\xa0\x00\xda\x01\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\xff\xff\xff\xff\xff\xff\x00\x23\x4d\x13\xf9\x1b\xff\xff\xff\xff\xff\xff\x90\x45\x00\x05\x64\x6c\x69\x6e\x6b\x01\x08\x02\x04\x0b\x16\x0c\x12\x18\x24\x32\x04\x30\x48\x60\x6c'
self.radiotap_decoder = RadioTapDecoder()
radiotap=self.radiotap_decoder.decode(self.rawProbeRequestframe)
if PY2:
self.assertEqual(str(radiotap.__class__), "impacket.dot11.RadioTap")
else:
self.assertEqual(str(radiotap.__class__), "<class 'impacket.dot11.RadioTap'>")
self.dot11=radiotap.child()
if PY2:
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
else:
self.assertEqual(str(self.dot11.__class__), "<class 'impacket.dot11.Dot11'>")
type = self.dot11.get_type()
self.assertEqual(type,Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(subtype,Dot11Types.DOT11_SUBTYPE_MANAGEMENT_PROBE_REQUEST)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(typesubtype,Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_PROBE_REQUEST)
self.management_base=self.dot11.child()
if PY2:
self.assertEqual(str(self.management_base.__class__), "impacket.dot11.Dot11ManagementFrame")
else:
self.assertEqual(str(self.management_base.__class__), "<class 'impacket.dot11.Dot11ManagementFrame'>")
self.management_probe_request=self.management_base.child()
if PY2:
self.assertEqual(str(self.management_probe_request.__class__), "impacket.dot11.Dot11ManagementProbeRequest")
else:
self.assertEqual(str(self.management_probe_request.__class__), "<class 'impacket.dot11.Dot11ManagementProbeRequest'>")
class TestDot11ManagementReassociationResponseFrames(unittest.TestCase):
def setUp(self):
# 802.11 Management Frame
#
self.rawframe = b"\x00\x00\x1c\x00\xef\x18\x00\x00\xc0\xbb\xbc\xae;\x00\x00\x00\x10\x02\x85\t\xa0\x00\xba\x9ca\x00\x00\x1e0\x08:\x01p\x1a\x04T\xe3\x86\x00\x18\xf8lvB\x00\x18\xf8lvB\xe0g\x11\x04\x00\x00\x04\xc0\x01\x08\x82\x84\x8b\x96$0Hl2\x04\x0c\x12\x18`\xdd\t\x00\x10\x18\x02\x02\xf0\x00\x00\x00\xb3\xff\n\\"
self.radiotap_decoder = RadioTapDecoder()
radiotap = self.radiotap_decoder.decode(self.rawframe)
if PY2:
self.assertEqual(str(radiotap.__class__),
"impacket.dot11.RadioTap")
else:
self.assertEqual(str(radiotap.__class__),
"<class 'impacket.dot11.RadioTap'>")
self.dot11 = radiotap.child()
if PY2:
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
else:
self.assertEqual(str(self.dot11.__class__),
"<class 'impacket.dot11.Dot11'>")
type = self.dot11.get_type()
self.assertEqual(type, Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(
subtype,
Dot11Types.DOT11_SUBTYPE_MANAGEMENT_REASSOCIATION_RESPONSE)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(
typesubtype,
Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_REASSOCIATION_RESPONSE)
self.management_base = self.dot11.child()
if PY2:
self.assertEqual(str(self.management_base.__class__),
"impacket.dot11.Dot11ManagementFrame")
else:
self.assertEqual(str(self.management_base.__class__),
"<class 'impacket.dot11.Dot11ManagementFrame'>")
self.management_reassociation_response = self.management_base.child()
if PY2:
self.assertEqual(
str(self.management_reassociation_response.__class__),
"impacket.dot11.Dot11ManagementReassociationResponse")
else:
self.assertEqual(
str(self.management_reassociation_response.__class__),
"<class 'impacket.dot11.Dot11ManagementReassociationResponse'>"
)
def test_01(self):
'Test Header and Tail Size field'
self.assertEqual(self.management_base.get_header_size(), 22)
self.assertEqual(self.management_base.get_tail_size(), 0)
self.assertEqual(
self.management_reassociation_response.get_header_size(), 33)
self.assertEqual(
self.management_reassociation_response.get_tail_size(), 0)
def test_02(self):
'Test Duration field'
self.assertEqual(self.management_base.get_duration(), 0x013a)
self.management_base.set_duration(0x1234)
self.assertEqual(self.management_base.get_duration(), 0x1234)
def test_03(self):
'Test Destination Address field'
addr = self.management_base.get_destination_address()
self.assertEqual(addr.tolist(), [0x70, 0x1a, 0x04, 0x54, 0xe3, 0x86])
addr[0] = 0x12
addr[5] = 0x34
self.management_base.set_destination_address(addr)
self.assertEqual(
self.management_base.get_destination_address().tolist(),
[0x12, 0x1a, 0x04, 0x54, 0xe3, 0x34])
def test_04(self):
'Test Source Address field'
addr = self.management_base.get_source_address()
self.assertEqual(addr.tolist(), [0x00, 0x18, 0xF8, 0x6C, 0x76, 0x42])
addr[0] = 0x12
addr[5] = 0x34
self.management_base.set_source_address(addr)
self.assertEqual(self.management_base.get_source_address().tolist(),
[0x12, 0x18, 0xF8, 0x6C, 0x76, 0x34])
def test_05(self):
'Test BSSID Address field'
addr = self.management_base.get_bssid()
self.assertEqual(addr.tolist(), [0x00, 0x18, 0xF8, 0x6C, 0x76, 0x42])
addr[0] = 0x12
addr[5] = 0x34
self.management_base.set_bssid(addr)
self.assertEqual(self.management_base.get_bssid().tolist(),
[0x12, 0x18, 0xF8, 0x6C, 0x76, 0x34])
def test_06(self):
'Test Sequence control field'
self.assertEqual(self.management_base.get_sequence_control(), 0x67e0)
self.management_base.set_sequence_control(0x1234)
self.assertEqual(self.management_base.get_sequence_control(), 0x1234)
def test_07(self):
'Test Fragment number field'
self.assertEqual(self.management_base.get_fragment_number(), 0x00)
self.management_base.set_fragment_number(0xF1) # Es de 4 bit
self.assertEqual(self.management_base.get_fragment_number(), 0x01)
def test_08(self):
'Test Sequence number field'
self.assertEqual(self.management_base.get_sequence_number(), 1662)
self.management_base.set_sequence_number(0xF234) # Es de 12 bit
self.assertEqual(self.management_base.get_sequence_number(), 0x0234)
def test_09(self):
'Test Management Frame Data field'
frame_body = b"\x11\x04\x00\x00\x04\xc0\x01\x08\x82\x84\x8b\x96$0Hl2\x04\x0c\x12\x18`\xdd\t\x00\x10\x18\x02\x02\xf0\x00\x00\x00"
self.assertEqual(self.management_base.get_frame_body(), frame_body)
def test_10(self):
'Test Management Reassociation Response Capabilities field'
self.assertEqual(
self.management_reassociation_response.get_capabilities(), 0x0411)
self.management_reassociation_response.set_capabilities(0x4321)
self.assertEqual(
self.management_reassociation_response.get_capabilities(), 0x4321)
def test_11(self):
'Test Management Reassociation Response Status Code field'
self.assertEqual(
self.management_reassociation_response.get_status_code(), 0x0000)
self.management_reassociation_response.set_status_code(0x4321)
self.assertEqual(
self.management_reassociation_response.get_status_code(), 0x4321)
def test_12(self):
'Test Management Reassociation Response Association ID field'
self.assertEqual(
self.management_reassociation_response.get_association_id(),
0xc004)
self.management_reassociation_response.set_association_id(0x4321)
self.assertEqual(
self.management_reassociation_response.get_association_id(),
0x4321)
def test_13(self):
'Test Management Reassociation Response Supported_rates getter/setter methods'
self.assertEqual(
self.management_reassociation_response.get_supported_rates(),
(0x82, 0x84, 0x8b, 0x96, 0x24, 0x30, 0x48, 0x6c))
self.assertEqual(
self.management_reassociation_response.get_supported_rates(
human_readable=True),
(1.0, 2.0, 5.5, 11.0, 18.0, 24.0, 36.0, 54.0))
self.management_reassociation_response.set_supported_rates(
(0x12, 0x98, 0x24, 0xb0, 0x48, 0x60))
self.assertEqual(
self.management_reassociation_response.get_supported_rates(),
(0x12, 0x98, 0x24, 0xb0, 0x48, 0x60))
self.assertEqual(
self.management_reassociation_response.get_supported_rates(
human_readable=True), (9.0, 12.0, 18.0, 24.0, 36.0, 48.0))
self.assertEqual(
self.management_reassociation_response.get_header_size(), 33 - 2)
def test_14(self):
'Test Management Vendor Specific getter/setter methods'
self.assertEqual(
self.management_reassociation_response.get_vendor_specific(),
[(b"\x00\x10\x18", b"\x02\x02\xf0\x00\x00\x00")])
self.management_reassociation_response.add_vendor_specific(
b"\x00\x00\x40", b"\x04\x04\x04\x04\x04\x04")
self.assertEqual(
self.management_reassociation_response.get_vendor_specific(), [
(b"\x00\x10\x18", b"\x02\x02\xf0\x00\x00\x00"),
(b"\x00\x00\x40", b"\x04\x04\x04\x04\x04\x04"),
])
self.assertEqual(
self.management_reassociation_response.get_header_size(), 33 + 11)
class WpsScanner(object):
def __init__(self,
interface,
channel=None,
timeout=5,
output=None,
passive=False,
mac=None,
logfile=None):
self.interface = interface
self.channel = channel
self.timeout = timeout
self.output = output
self.passive = passive
self.mac = mac if is_valid_mac_address(mac) else None
self.logfile = logfile
#
self.aps = {}
self.wps_aps = {}
self.captured = []
self.probes_sent = []
self._stop = False
#
self.wps_parser = WPSParser()
self.rtDecoder = RadioTapDecoder()
# Initialize logger
self.logger = logging.getLogger('airlog')
self.logger.setLevel(logging.INFO)
# Console logging
ch = logging.StreamHandler()
ch.setLevel(logging.INFO)
formatter = coloredlogs.ColoredFormatter(
'[%(asctime)s] - %(levelname)s - %(message)s',
datefmt='%d.%m.%Y %H:%M:%S')
ch.setFormatter(formatter)
self.logger.addHandler(ch)
# Logging to file
if logfile is None:
return
fh = logging.FileHandler(logfile)
fh.setLevel(logging.DEBUG)
formatter = logging.Formatter('[%(asctime)s] - %(message)s',
datefmt='%d.%m.%Y %H:%M:%S')
fh.setFormatter(formatter)
self.logger.addHandler(fh)
def set_mode(self, mode):
if OSX:
return
self.logger.debug('Enabling %s mode on %s' % (mode, self.interface))
os.system('ifconfig %s down' % self.interface)
os.system('iwconfig %s mode %s' % (self.interface, mode))
os.system('ifconfig %s up' % self.interface)
def enable_monitor(self):
self.set_mode('monitor')
# return subprocess.Popen('ifconfig %s down && iw %s set type monitor && ifconfig %s up' %
# (self.interface, self.interface, self.interface), shell=True).communicate()
def set_channel(self, channel):
if LINUX:
os.system('iwconfig %s channel %s' % (self.interface, channel))
elif OSX:
subprocess.call(['sudo', AIRPORT, '--channel=' + str(channel)])
# os.system('%s %s --channel=%s' % (AIRPORT ,self.interface, channel))
def signal_handler(self, frame, code):
# print("Ctrl+C caught. Exiting..")
# sys.exit(-1)
try:
if query_yes_no("\nReally quit?"):
self.logger.info(
'Trying to quit correctly. Be patient please...')
self._stop = True
# self.save()
except KeyboardInterrupt:
self.logger.warning("Ok ok... Quitting without saving!")
sys.exit(1)
def get_security(self, pkt):
# Check for encrypted networks
capability = pkt.sprintf("{Dot11Beacon:%Dot11Beacon.cap%}\
{Dot11ProbeResp:%Dot11ProbeResp.cap%}")
p = pkt[Dot11Elt]
crypto = set()
while isinstance(p, Dot11Elt):
if p.ID == 48:
crypto.add("WPA2")
elif p.ID == 221 and p.info.startswith('\x00P\xf2\x01\x01\x00'):
crypto.add("WPA")
p = p.payload
if not crypto:
if 'privacy' in capability:
crypto.add("WEP")
else:
crypto.add("OPEN")
return '/'.join(crypto)
def handle_beacon(self, pkt):
"""Process 802.11 Beacon Frame for WPS IE."""
try:
rt = self.rtDecoder.get_protocol(dot11.RadioTap)
mgt = self.rtDecoder.get_protocol(dot11.Dot11ManagementFrame)
beacon = self.rtDecoder.get_protocol(dot11.Dot11ManagementBeacon)
bssid = get_addr_from_list(mgt.get_bssid())
essid = str(beacon.get_ssid())
freq = rt.get_channel()[0]
channel = frequencies_dict[freq]
enc = self.get_security(pkt)
vendor = get_vendor(bssid)
wps = self.wps_parser.has_wps(beacon.get_vendor_specific())
# Display and save discovered AP
if bssid in self.aps:
return
self.logger.info(
"[+] AP found! Channel: %02d ESSID: %s BSSID: %s Encryption: %s Vendor: %s WPS: %s"
% (int(channel), essid, bssid, enc, vendor, wps))
self.aps[bssid] = (int(channel), essid, enc, wps)
#
wi = self.wps_parser.parse_beacon(pkt)
print('WPSINFO', wi)
# ACTIVE MODE
# if wps and not self.passive and bssid not in self.probes_sent:
# self.send_probe_req(essid)
# # self.send_probe_req_2(essid)
# self.probes_sent.append(bssid)
except Exception as e:
print('Error while parsing beacon')
print(str(sys.exc_info()))
return None
def handle_probe_response(self, pkt):
"""Process 802.11 Probe Response Frame for WPS IE."""
try:
mgt = self.rtDecoder.get_protocol(dot11.Dot11ManagementFrame)
probe = self.rtDecoder.get_protocol(
dot11.Dot11ManagementProbeResponse)
bssid = get_addr_from_list(mgt.get_bssid())
essid = probe.get_ssid()
# If null byte in the SSID IE, its cloacked.
if essid is None or essid.find("\x00") != -1:
essid = "<No ssid>"
if bssid in self.aps:
return
rt = self.rtDecoder.get_protocol(dot11.RadioTap)
freq = rt.get_channel()[0]
channel = frequencies_dict[freq]
vendor = get_vendor(bssid)
vendorIEs = probe.get_vendor_specific()
wps = self.wps_parser.has_wps(vendorIEs)
# print 'checking wps info'
if self.wps_parser.has_wps(vendorIEs):
hexdump(vendorIEs)
# wpsInfo = self.wps_parser.parse_wps(vendorIEs)
if wpsInfo:
self.wps_aps[bssid] = wpsInfo
print("[%s] - [%s]\t%s'\nWPS Information" %
(bssid, essid, vendor))
for key, value in wpsInfo.items():
print("[WPSINFO] * %s: %s" % (key, repr(value)))
self.wps_parser.parse_probe_response(pkt)
enc = self.get_security(pkt)
self.aps[bssid] = (channel, essid, enc, wps)
self.logger.info(
'[+] AP discovered! ProbeResponse channel: %s ESSID: %s Encryption: %s WPS: %s Vendor: %s'
% (channel, _green(essid), _colorize_security(enc),
_colorize_wps(wps), _green(get_vendor(bssid))))
except Exception:
print('Error while parsing probe responsse')
print(str(sys.exc_info()))
return
@property
def scan_table(self):
x = PrettyTable([
'Channel', 'BSSID', 'ESSID', 'Security', 'Vendor', 'WPS',
'WPS Info'
])
x.align["ESSID"] = "l"
x.align["Vendor"] = "l"
for bssid in sorted(self.aps, key=lambda k: self.aps[k][0]):
channel, essid, enc, wps = self.aps[bssid]
wps_text = ''
wpsinfo = self.wps_aps[bssid] if bssid in self.wps_aps else None
if wpsinfo:
for key, value in wpsinfo.items():
wps_text += " %s: %s" % (key, repr(value))
x.add_row([
channel, bssid, essid,
_colorize_security(enc),
get_vendor(bssid),
_colorize_wps(wps), wps_text
])
return x
def pkt_handler(self, pkt):
try:
self.rtDecoder.decode(str(pkt))
except Exception:
self.logger.error('Error while decoding packet..')
print(sys.exc_info())
return
# Management frames
if pkt.type == 0:
# Probe response
if pkt.subtype == 5:
self.handle_probe_response(pkt)
# Beacon
elif pkt.subtype == 8:
self.handle_beacon(pkt)
def send_probe_req(self, bssid, essid):
"""Send a probe request to the specified AP"""
src = RandMAC() if self.mac is None else self.mac
self.logger.info(
'[!] Sending Broadcast Probe Request: SRC=[%s] -> BSSID: %s ESSID: %s'
% (src, bssid, essid))
param = Dot11ProbeReq()
essid = Dot11Elt(ID='SSID', info=essid)
rates = Dot11Elt(ID='Rates', info="\x03\x12\x96\x18\x24\x30\x48\x60")
dsset = Dot11Elt(ID='DSset', info='\x01')
pkt = RadioTap() / Dot11(
type=0,
subtype=4,
addr1='ff:ff:ff:ff:ff:ff',
addr2=src,
addr3='ff:ff:ff:ff:ff:ff') / param / essid / rates / dsset
try:
sendp(pkt, verbose=0)
except:
return
# raise
#
print("Probing network '%s (%s)'\n" % (bssid, essid))
try:
# Build a probe request packet with a SSID and a WPS information element
dst = mac2str(bssid)
src = mac2str("ff:ff:ff:ff:ff:ff")
packet = Dot11(addr1=dst, addr2=src, addr3=dst) / Dot11ProbeReq()
packet = packet / Dot11Elt(
ID=0, len=len(essid), info=essid) / Dot11Elt(
ID=221,
len=9,
info="%s\x10\x4a\x00\x01\x10" % self.wps_parser.WPS_ID)
# Send it!
send(packet, verbose=0)
# self.probedNets[bssid] = None
except Exception, e:
print 'Failure sending probe request to', essid, ':', e
class TestDot11ManagementProbeRequestFrames(unittest.TestCase):
def setUp(self):
# 802.11 Management Frame
#
self.rawProbeRequestframe=b'\x00\x00\x18\x00\x2e\x48\x00\x00\x00\x02\x85\x09\xa0\x00\xda\x01\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\xff\xff\xff\xff\xff\xff\x00\x23\x4d\x13\xf9\x1b\xff\xff\xff\xff\xff\xff\x90\x45\x00\x05\x64\x6c\x69\x6e\x6b\x01\x08\x02\x04\x0b\x16\x0c\x12\x18\x24\x32\x04\x30\x48\x60\x6c'
self.radiotap_decoder = RadioTapDecoder()
radiotap=self.radiotap_decoder.decode(self.rawProbeRequestframe)
if PY2:
self.assertEqual(str(radiotap.__class__), "impacket.dot11.RadioTap")
else:
self.assertEqual(str(radiotap.__class__), "<class 'impacket.dot11.RadioTap'>")
self.dot11=radiotap.child()
if PY2:
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
else:
self.assertEqual(str(self.dot11.__class__), "<class 'impacket.dot11.Dot11'>")
type = self.dot11.get_type()
self.assertEqual(type,Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(subtype,Dot11Types.DOT11_SUBTYPE_MANAGEMENT_PROBE_REQUEST)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(typesubtype,Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_PROBE_REQUEST)
self.management_base=self.dot11.child()
if PY2:
self.assertEqual(str(self.management_base.__class__), "impacket.dot11.Dot11ManagementFrame")
else:
self.assertEqual(str(self.management_base.__class__), "<class 'impacket.dot11.Dot11ManagementFrame'>")
self.management_probe_request=self.management_base.child()
if PY2:
self.assertEqual(str(self.management_probe_request.__class__), "impacket.dot11.Dot11ManagementProbeRequest")
else:
self.assertEqual(str(self.management_probe_request.__class__), "<class 'impacket.dot11.Dot11ManagementProbeRequest'>")
def test_01(self):
'Test Header and Tail Size field'
self.assertEqual(self.management_base.get_header_size(), 22)
self.assertEqual(self.management_base.get_tail_size(), 0)
self.assertEqual(self.management_probe_request.get_header_size(), 23)
self.assertEqual(self.management_probe_request.get_tail_size(), 0)
def test_02(self):
'Test Duration field'
self.assertEqual(self.management_base.get_duration(), 0x0000)
self.management_base.set_duration(0x1234)
self.assertEqual(self.management_base.get_duration(), 0x1234)
def test_03(self):
'Test Destination Address field'
addr=self.management_base.get_destination_address()
self.assertEqual(addr.tolist(), [0xFF,0xFF,0xFF,0xFF,0xFF,0xFF])
addr[0]=0x12
addr[5]=0x34
self.management_base.set_destination_address(addr)
self.assertEqual(self.management_base.get_destination_address().tolist(), [0x12,0xFF,0xFF,0xFF,0xFF,0x34])
def test_04(self):
'Test Source Address field'
addr=self.management_base.get_source_address()
self.assertEqual(addr.tolist(), [0x00,0x23,0x4d,0x13,0xf9,0x1b])
addr[0]=0x12
addr[5]=0x34
self.management_base.set_source_address(addr)
self.assertEqual(self.management_base.get_source_address().tolist(), [0x12,0x23,0x4d,0x13,0xf9,0x34])
def test_05(self):
'Test BSSID Address field'
addr=self.management_base.get_bssid()
self.assertEqual(addr.tolist(), [0xff,0xff,0xff,0xff,0xff,0xff])
addr[0]=0x12
addr[5]=0x34
self.management_base.set_bssid(addr)
self.assertEqual(self.management_base.get_bssid().tolist(), [0x12,0xff,0xff,0xff,0xff,0x34])
def test_06(self):
'Test Sequence control field'
self.assertEqual(self.management_base.get_sequence_control(), 0x4590)
self.management_base.set_sequence_control(0x1234)
self.assertEqual(self.management_base.get_sequence_control(), 0x1234)
def test_07(self):
'Test Fragment number field'
self.assertEqual(self.management_base.get_fragment_number(), 0x00)
self.management_base.set_fragment_number(0xF1) # Es de 4 bit
self.assertEqual(self.management_base.get_fragment_number(), 0x01)
def test_08(self):
'Test Sequence number field'
self.assertEqual(self.management_base.get_sequence_number(), 1113)
self.management_base.set_sequence_number(0xF234) # Es de 12 bit
self.assertEqual(self.management_base.get_sequence_number(), 0x0234)
def test_09(self):
'Test Management Frame Data field'
frame_body=b"\x00\x05\x64\x6c\x69\x6e\x6b\x01\x08\x02\x04\x0b\x16\x0c\x12\x18\x24\x32\x04\x30\x48\x60\x6c"
self.assertEqual(self.management_base.get_frame_body(), frame_body)
def test_10(self):
'Test Management ssid getter/setter methods'
act_ssid=b"dlink"
new_ssid=b"holala"
self.assertEqual(self.management_probe_request.get_ssid(), act_ssid)
self.management_probe_request.set_ssid(new_ssid)
self.assertEqual(self.management_probe_request.get_ssid(), new_ssid)
self.assertEqual(self.management_probe_request.get_header_size(), 23+len(new_ssid)-len(act_ssid))
def test_11(self):
'Test Management supported_rates getter/setter methods'
self.assertEqual(self.management_probe_request.get_supported_rates(), (0x02,0x04,0x0b,0x16,0x0c,0x12,0x18,0x24) )
self.assertEqual(self.management_probe_request.get_supported_rates(human_readable=True), (1.0, 2.0, 5.5, 11.0, 6.0, 9.0, 12.0, 18.0) )
self.management_probe_request.set_supported_rates((0x04,0x0b,0x16,0x0c,0x12,0x18))
self.assertEqual(self.management_probe_request.get_supported_rates(), (0x04,0x0b,0x16,0x0c,0x12,0x18))
self.assertEqual(self.management_probe_request.get_supported_rates(human_readable=True), (2.0, 5.5, 11.0, 6.0, 9.0, 12.0) )
self.assertEqual(self.management_probe_request.get_header_size(), 23-2)
class TestDot11ManagementBeaconFrames(unittest.TestCase):
def setUp(self):
# 802.11 Management Frame
#
self.rawframe='\x00\x00\x10\x00\x6e\x00\x00\x00\x00\x02\x94\x09\xa0\x00\x3a\x00\xc0\x00\x3a\x01\x00\x15\xaf\x64\xac\xbd\x00\x18\x39\xc1\xfc\xe2\x00\x18\x39\xc1\xfc\xe2\x20\x3b\x0f\x00'
self.radiotap_decoder = RadioTapDecoder()
radiotap=self.radiotap_decoder.decode(self.rawframe)
self.assertEqual(str(radiotap.__class__), "impacket.dot11.RadioTap")
self.dot11=radiotap.child()
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
type = self.dot11.get_type()
self.assertEqual(type,Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(subtype,Dot11Types.DOT11_SUBTYPE_MANAGEMENT_DEAUTHENTICATION)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(typesubtype,Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_DEAUTHENTICATION)
self.management_base=self.dot11.child()
self.assertEqual(str(self.management_base.__class__), "impacket.dot11.Dot11ManagementFrame")
self.management_deauthentication=self.management_base.child()
self.assertEqual(str(self.management_deauthentication.__class__), "impacket.dot11.Dot11ManagementDeauthentication")
def test_01(self):
'Test Header and Tail Size field'
self.assertEqual(self.management_base.get_header_size(), 22)
self.assertEqual(self.management_base.get_tail_size(), 0)
self.assertEqual(self.management_deauthentication.get_header_size(), 2)
self.assertEqual(self.management_deauthentication.get_tail_size(), 0)
def test_02(self):
'Test Duration field'
self.assertEqual(self.management_base.get_duration(), 0x013a)
self.management_base.set_duration(0x1234)
self.assertEqual(self.management_base.get_duration(), 0x1234)
def test_03(self):
'Test Destination Address field'
addr=self.management_base.get_destination_address()
self.assertEqual(addr.tolist(), [0x00,0x15,0xAF,0x64,0xAC,0xBD])
addr[0]=0x12
addr[5]=0x34
self.management_base.set_destination_address(addr)
self.assertEqual(self.management_base.get_destination_address().tolist(), [0x12,0x15,0xAF,0x64,0xAC,0x34])
def test_04(self):
'Test Source Address field'
addr=self.management_base.get_source_address()
self.assertEqual(addr.tolist(), [0x00,0x18,0x39,0xC1,0xFC,0xE2])
addr[0]=0x12
addr[5]=0x34
self.management_base.set_source_address(addr)
self.assertEqual(self.management_base.get_source_address().tolist(), [0x12,0x18,0x39,0xC1,0xFC,0x34])
def test_05(self):
'Test BSSID Address field'
addr=self.management_base.get_bssid()
self.assertEqual(addr.tolist(), [0x00,0x18,0x39,0xC1,0xFC,0xE2])
addr[0]=0x12
addr[5]=0x34
self.management_base.set_bssid(addr)
self.assertEqual(self.management_base.get_bssid().tolist(), [0x12,0x18,0x39,0xC1,0xFC,0x34])
def test_06(self):
'Test Sequence control field'
self.assertEqual(self.management_base.get_sequence_control(), 0x3b20)
self.management_base.set_sequence_control(0x1234)
self.assertEqual(self.management_base.get_sequence_control(), 0x1234)
def test_07(self):
'Test Fragment number field'
self.assertEqual(self.management_base.get_fragment_number(), 0x00)
self.management_base.set_fragment_number(0xF1) # Es de 4 bit
self.assertEqual(self.management_base.get_fragment_number(), 0x01)
def test_08(self):
'Test Sequence number field'
self.assertEqual(self.management_base.get_sequence_number(), 946)
self.management_base.set_sequence_number(0xF234) # Es de 12 bit
self.assertEqual(self.management_base.get_sequence_number(), 0x0234)
def test_09(self):
'Test Management Frame Data field'
frame_body="\x0f\x00"
self.assertEqual(self.management_base.get_frame_body(), frame_body)
def test_10(self):
'Test Management Reason Code field'
self.assertEqual(self.management_deauthentication.get_reason_code(), 0x000f)
self.management_deauthentication.set_reason_code(0x8765)
self.assertEqual(self.management_deauthentication.get_reason_code(), 0x8765)
class TestDot11ManagementReassociationRequestFrames(unittest.TestCase):
def setUp(self):
# 802.11 Management Frame
#
self.rawframe = b"\x00\x00\x1c\x00\xef\x18\x00\x00\x9aK\x87\xae;\x00\x00\x00\x10\x02\x85\t\xa0\x00\xb5\x9d`\x00\x00\x18 \x00:\x01\x00\x18\xf8lvBp\x1a\x04T\xe3\x86\x00\x18\xf8lvB\x00\x081\x04\n\x00\x00\x18\xf8lvB\x00\x05ddwrt\x01\x08\x82\x84\x8b\x96$0Hl!\x02\n\x11$\x02\x01\x0e0\x14\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x08\x002\x04\x0c\x12\x18`\xdd\t\x00\x10\x18\x02\x00\x10\x00\x00\x00p\x97\x1cA"
self.radiotap_decoder = RadioTapDecoder()
radiotap = self.radiotap_decoder.decode(self.rawframe)
if PY2:
self.assertEqual(str(radiotap.__class__),
"impacket.dot11.RadioTap")
else:
self.assertEqual(str(radiotap.__class__),
"<class 'impacket.dot11.RadioTap'>")
self.dot11 = radiotap.child()
if PY2:
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
else:
self.assertEqual(str(self.dot11.__class__),
"<class 'impacket.dot11.Dot11'>")
type = self.dot11.get_type()
self.assertEqual(type, Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(
subtype, Dot11Types.DOT11_SUBTYPE_MANAGEMENT_REASSOCIATION_REQUEST)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(
typesubtype,
Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_REASSOCIATION_REQUEST)
self.management_base = self.dot11.child()
if PY2:
self.assertEqual(str(self.management_base.__class__),
"impacket.dot11.Dot11ManagementFrame")
else:
self.assertEqual(str(self.management_base.__class__),
"<class 'impacket.dot11.Dot11ManagementFrame'>")
self.management_reassociation_request = self.management_base.child()
if PY2:
self.assertEqual(
str(self.management_reassociation_request.__class__),
"impacket.dot11.Dot11ManagementReassociationRequest")
else:
self.assertEqual(
str(self.management_reassociation_request.__class__),
"<class 'impacket.dot11.Dot11ManagementReassociationRequest'>")
def test_01(self):
'Test Header and Tail Size field'
self.assertEqual(self.management_base.get_header_size(), 22)
self.assertEqual(self.management_base.get_tail_size(), 0)
self.assertEqual(
self.management_reassociation_request.get_header_size(), 74)
self.assertEqual(self.management_reassociation_request.get_tail_size(),
0)
def test_02(self):
'Test Duration field'
self.assertEqual(self.management_base.get_duration(), 0x013a)
self.management_base.set_duration(0x1234)
self.assertEqual(self.management_base.get_duration(), 0x1234)
def test_03(self):
'Test Destination Address field'
addr = self.management_base.get_destination_address()
self.assertEqual(addr.tolist(), [0x00, 0x18, 0xF8, 0x6C, 0x76, 0x42])
addr[0] = 0x12
addr[5] = 0x34
self.management_base.set_destination_address(addr)
self.assertEqual(
self.management_base.get_destination_address().tolist(),
[0x12, 0x18, 0xF8, 0x6C, 0x76, 0x34])
def test_04(self):
'Test Source Address field'
addr = self.management_base.get_source_address()
self.assertEqual(addr.tolist(), [0x70, 0x1A, 0x04, 0x54, 0xE3, 0x86])
addr[0] = 0x12
addr[5] = 0x34
self.management_base.set_source_address(addr)
self.assertEqual(self.management_base.get_source_address().tolist(),
[0x12, 0x1A, 0x04, 0x54, 0xE3, 0x34])
def test_05(self):
'Test BSSID Address field'
addr = self.management_base.get_bssid()
self.assertEqual(addr.tolist(), [0x00, 0x18, 0xF8, 0x6C, 0x76, 0x42])
addr[0] = 0x12
addr[5] = 0x34
self.management_base.set_bssid(addr)
self.assertEqual(self.management_base.get_bssid().tolist(),
[0x12, 0x18, 0xF8, 0x6C, 0x76, 0x34])
def test_06(self):
'Test Sequence control field'
self.assertEqual(self.management_base.get_sequence_control(), 0x0800)
self.management_base.set_sequence_control(0x1234)
self.assertEqual(self.management_base.get_sequence_control(), 0x1234)
def test_07(self):
'Test Fragment number field'
self.assertEqual(self.management_base.get_fragment_number(), 0x00)
self.management_base.set_fragment_number(0xF1) # Es de 4 bit
self.assertEqual(self.management_base.get_fragment_number(), 0x01)
def test_08(self):
'Test Sequence number field'
self.assertEqual(self.management_base.get_sequence_number(), 128)
self.management_base.set_sequence_number(0xF234) # Es de 12 bit
self.assertEqual(self.management_base.get_sequence_number(), 0x0234)
def test_09(self):
'Test Management Frame Data field'
frame_body = b"1\x04\n\x00\x00\x18\xf8lvB\x00\x05ddwrt\x01\x08\x82\x84\x8b\x96$0Hl!\x02\n\x11$\x02\x01\x0e0\x14\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x08\x002\x04\x0c\x12\x18`\xdd\t\x00\x10\x18\x02\x00\x10\x00\x00\x00"
self.assertEqual(self.management_base.get_frame_body(), frame_body)
def test_10(self):
'Test Management Reassociation Request Capabilities field'
self.assertEqual(
self.management_reassociation_request.get_capabilities(), 0x0431)
self.management_reassociation_request.set_capabilities(0x4321)
self.assertEqual(
self.management_reassociation_request.get_capabilities(), 0x4321)
def test_11(self):
'Test Management Reassociation Request Listen Interval field'
self.assertEqual(
self.management_reassociation_request.get_listen_interval(),
0x000a)
self.management_reassociation_request.set_listen_interval(0x4321)
self.assertEqual(
self.management_reassociation_request.get_listen_interval(),
0x4321)
def test_12(self):
'Test Management Reassociation Request Current AP field'
addr = self.management_reassociation_request.get_current_ap()
self.assertEqual(addr.tolist(), [0x00, 0x18, 0xF8, 0x6C, 0x76, 0x42])
addr[0] = 0x12
addr[5] = 0x34
self.management_reassociation_request.set_current_ap(addr)
self.assertEqual(
self.management_reassociation_request.get_current_ap().tolist(),
[0x12, 0x18, 0xF8, 0x6C, 0x76, 0x34])
def test_13(self):
'Test Management Reassociation Request Ssid getter/setter methods'
act_ssid = b"ddwrt"
new_ssid = b"holala"
self.assertEqual(self.management_reassociation_request.get_ssid(),
act_ssid)
self.management_reassociation_request.set_ssid(new_ssid)
self.assertEqual(self.management_reassociation_request.get_ssid(),
new_ssid)
self.assertEqual(
self.management_reassociation_request.get_header_size(), 74 + 1)
def test_14(self):
'Test Management Ressociation Request Supported_rates getter/setter methods'
self.assertEqual(
self.management_reassociation_request.get_supported_rates(),
(0x82, 0x84, 0x8b, 0x96, 0x24, 0x30, 0x48, 0x6c))
self.assertEqual(
self.management_reassociation_request.get_supported_rates(
human_readable=True),
(1.0, 2.0, 5.5, 11.0, 18.0, 24.0, 36.0, 54.0))
self.management_reassociation_request.set_supported_rates(
(0x12, 0x98, 0x24, 0xb0, 0x48, 0x60))
self.assertEqual(
self.management_reassociation_request.get_supported_rates(),
(0x12, 0x98, 0x24, 0xb0, 0x48, 0x60))
self.assertEqual(
self.management_reassociation_request.get_supported_rates(
human_readable=True), (9.0, 12.0, 18.0, 24.0, 36.0, 48.0))
self.assertEqual(
self.management_reassociation_request.get_header_size(), 74 - 2)
def test_15(self):
'Test Management Association Request RSN getter/setter methods'
self.assertEqual(
self.management_reassociation_request.get_rsn(),
b"\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x08\x00"
)
self.management_reassociation_request.set_rsn(
b"\xff\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x08\xff"
)
self.assertEqual(
self.management_reassociation_request.get_rsn(),
b"\xff\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x08\xff"
)
self.assertEqual(
self.management_reassociation_request.get_header_size(), 74)
def test_16(self):
'Test Management Vendor Specific getter/setter methods'
self.assertEqual(
self.management_reassociation_request.get_vendor_specific(),
[(b"\x00\x10\x18", b"\x02\x00\x10\x00\x00\x00")])
self.management_reassociation_request.add_vendor_specific(
b"\x00\x00\x40", b"\x04\x04\x04\x04\x04\x04")
self.assertEqual(
self.management_reassociation_request.get_vendor_specific(), [
(b"\x00\x10\x18", b"\x02\x00\x10\x00\x00\x00"),
(b"\x00\x00\x40", b"\x04\x04\x04\x04\x04\x04"),
])
self.assertEqual(
self.management_reassociation_request.get_header_size(), 74 + 11)
class TestDot11ManagementBeaconFrames(unittest.TestCase):
def setUp(self):
# 802.11 Management Frame
#
self.rawframe = '\x00\x00\x20\x00\x67\x08\x04\x00\x54\xc6\xb8\x24\x00\x00\x00\x00\x22\x0c\xda\xa0\x02\x00\x00\x00\x40\x01\x00\x00\x3c\x14\x24\x11\x80\x00\x00\x00\xff\xff\xff\xff\xff\xff\x06\x03\x7f\x07\xa0\x16\x06\x03\x7f\x07\xa0\x16\xb0\x77\x3a\x40\xcb\x26\x00\x00\x00\x00\x64\x00\x01\x05\x00\x0a\x66\x72\x65\x65\x62\x73\x64\x2d\x61\x70\x01\x08\x8c\x12\x98\x24\xb0\x48\x60\x6c\x03\x01\x24\x05\x04\x00\x01\x00\x00\x07\x2a\x55\x53\x20\x24\x01\x11\x28\x01\x11\x2c\x01\x11\x30\x01\x11\x34\x01\x17\x38\x01\x17\x3c\x01\x17\x40\x01\x17\x95\x01\x1e\x99\x01\x1e\x9d\x01\x1e\xa1\x01\x1e\xa5\x01\x1e\x20\x01\x00\xdd\x18\x00\x50\xf2\x02\x01\x01\x00\x00\x03\xa4\x00\x00\x27\xa4\x00\x00\x42\x43\x5e\x00\x62\x32\x2f\x00'
self.radiotap_decoder = RadioTapDecoder()
radiotap = self.radiotap_decoder.decode(self.rawframe)
self.assertEqual(str(radiotap.__class__), "impacket.dot11.RadioTap")
self.dot11 = radiotap.child()
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
type = self.dot11.get_type()
self.assertEqual(type, Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(subtype, Dot11Types.DOT11_SUBTYPE_MANAGEMENT_BEACON)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(typesubtype,
Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_BEACON)
self.management_base = self.dot11.child()
self.assertEqual(str(self.management_base.__class__),
"impacket.dot11.Dot11ManagementFrame")
self.management_beacon = self.management_base.child()
self.assertEqual(str(self.management_beacon.__class__),
"impacket.dot11.Dot11ManagementBeacon")
def test_01(self):
'Test Header and Tail Size field'
self.assertEqual(self.management_base.get_header_size(), 22)
self.assertEqual(self.management_base.get_tail_size(), 0)
self.assertEqual(self.management_beacon.get_header_size(), 116)
self.assertEqual(self.management_beacon.get_tail_size(), 0)
def test_02(self):
'Test Duration field'
self.assertEqual(self.management_base.get_duration(), 0x0000)
self.management_base.set_duration(0x1234)
self.assertEqual(self.management_base.get_duration(), 0x1234)
def test_03(self):
'Test Destination Address field'
addr = self.management_base.get_destination_address()
self.assertEqual(addr.tolist(), [0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF])
addr[0] = 0x12
addr[5] = 0x34
self.management_base.set_destination_address(addr)
self.assertEqual(
self.management_base.get_destination_address().tolist(),
[0x12, 0xFF, 0xFF, 0xFF, 0xFF, 0x34])
def test_04(self):
'Test Source Address field'
addr = self.management_base.get_source_address()
self.assertEqual(addr.tolist(), [0x06, 0x03, 0x7f, 0x07, 0xa0, 0x16])
addr[0] = 0x12
addr[5] = 0x34
self.management_base.set_source_address(addr)
self.assertEqual(self.management_base.get_source_address().tolist(),
[0x12, 0x03, 0x7f, 0x07, 0xa0, 0x34])
def test_05(self):
'Test BSSID Address field'
addr = self.management_base.get_bssid()
self.assertEqual(addr.tolist(), [0x06, 0x03, 0x7f, 0x07, 0xa0, 0x16])
addr[0] = 0x12
addr[5] = 0x34
self.management_base.set_bssid(addr)
self.assertEqual(self.management_base.get_bssid().tolist(),
[0x12, 0x03, 0x7f, 0x07, 0xa0, 0x34])
def test_06(self):
'Test Sequence control field'
self.assertEqual(self.management_base.get_sequence_control(), 0x77b0)
self.management_base.set_sequence_control(0x1234)
self.assertEqual(self.management_base.get_sequence_control(), 0x1234)
def test_07(self):
'Test Fragment number field'
self.assertEqual(self.management_base.get_fragment_number(), 0x00)
self.management_base.set_fragment_number(0xF1) # Es de 4 bit
self.assertEqual(self.management_base.get_fragment_number(), 0x01)
def test_08(self):
'Test Sequence number field'
self.assertEqual(self.management_base.get_sequence_number(), 1915)
self.management_base.set_sequence_number(0xF234) # Es de 12 bit
self.assertEqual(self.management_base.get_sequence_number(), 0x0234)
def test_09(self):
'Test Management Frame Data field'
frame_body = "\x3a\x40\xcb\x26\x00\x00\x00\x00\x64\x00\x01\x05\x00\x0a\x66\x72\x65\x65\x62\x73\x64\x2d\x61\x70\x01\x08\x8c\x12\x98\x24\xb0\x48\x60\x6c\x03\x01\x24\x05\x04\x00\x01\x00\x00\x07\x2a\x55\x53\x20\x24\x01\x11\x28\x01\x11\x2c\x01\x11\x30\x01\x11\x34\x01\x17\x38\x01\x17\x3c\x01\x17\x40\x01\x17\x95\x01\x1e\x99\x01\x1e\x9d\x01\x1e\xa1\x01\x1e\xa5\x01\x1e\x20\x01\x00\xdd\x18\x00\x50\xf2\x02\x01\x01\x00\x00\x03\xa4\x00\x00\x27\xa4\x00\x00\x42\x43\x5e\x00\x62\x32\x2f\x00"
self.assertEqual(self.management_base.get_frame_body(), frame_body)
def test_10(self):
'Test Management Beacon Timestamp field'
self.assertEqual(self.management_beacon.get_timestamp(),
0x0000000026CB403A)
self.management_beacon.set_timestamp(0x8765432101234567)
self.assertEqual(self.management_beacon.get_timestamp(),
0x8765432101234567)
def test_11(self):
'Test Management Beacon Interval field'
self.assertEqual(self.management_beacon.get_beacon_interval(), 0x0064)
self.management_beacon.set_beacon_interval(0x4321)
self.assertEqual(self.management_beacon.get_beacon_interval(), 0x4321)
def test_12(self):
'Test Management Beacon Capabilities field'
self.assertEqual(self.management_beacon.get_capabilities(), 0x0501)
self.management_beacon.set_capabilities(0x4321)
self.assertEqual(self.management_beacon.get_capabilities(), 0x4321)
def test_13(self):
'Test Management ssid getter/setter methods'
act_ssid = "freebsd-ap"
new_ssid = "holala"
self.assertEqual(self.management_beacon.get_ssid(), act_ssid)
self.management_beacon.set_ssid(new_ssid)
self.assertEqual(self.management_beacon.get_ssid(), new_ssid)
self.assertEqual(self.management_beacon.get_header_size(), 116 - 4)
def test_14(self):
'Test Management supported_rates getter/setter methods'
self.assertEqual(self.management_beacon.get_supported_rates(),
(0x8c, 0x12, 0x98, 0x24, 0xb0, 0x48, 0x60, 0x6c))
self.assertEqual(
self.management_beacon.get_supported_rates(human_readable=True),
(6.0, 9.0, 12.0, 18.0, 24.0, 36.0, 48.0, 54.0))
self.management_beacon.set_supported_rates(
(0x12, 0x98, 0x24, 0xb0, 0x48, 0x60))
self.assertEqual(self.management_beacon.get_supported_rates(),
(0x12, 0x98, 0x24, 0xb0, 0x48, 0x60))
self.assertEqual(
self.management_beacon.get_supported_rates(human_readable=True),
(9.0, 12.0, 18.0, 24.0, 36.0, 48.0))
self.assertEqual(self.management_beacon.get_header_size(), 116 - 2)
def test_15(self):
'Test Management DS Parameter Set getter/setter methods'
self.assertEqual(self.management_beacon.get_ds_parameter_set(), 36)
self.management_beacon.set_ds_parameter_set(40)
self.assertEqual(self.management_beacon.get_ds_parameter_set(), 40)
self.assertEqual(self.management_beacon.get_header_size(), 116)
def test_16(self):
'Test Management Vendor Specific getter/setter methods'
self.assertEqual(self.management_beacon.get_vendor_specific(), [(
"\x00\x50\xf2",
"\x02\x01\x01\x00\x00\x03\xa4\x00\x00\x27\xa4\x00\x00\x42\x43\x5e\x00\x62\x32\x2f\x00"
)])
self.management_beacon.add_vendor_specific("\x00\x00\x40",
"\x04\x04\x04\x04\x04\x04")
self.assertEqual(self.management_beacon.get_vendor_specific(), [
("\x00\x50\xf2",
"\x02\x01\x01\x00\x00\x03\xa4\x00\x00\x27\xa4\x00\x00\x42\x43\x5e\x00\x62\x32\x2f\x00"
),
("\x00\x00\x40", "\x04\x04\x04\x04\x04\x04"),
])
self.assertEqual(self.management_beacon.get_header_size(), 127)
#self._get_field(11, 1, 'ant, '<B') #self._get_field(12, 1, 'dbantsignal, '<B') #self._get_field(13, 1, 'dbantnoise, '<B') #self._get_field(14, 2, 'rxflags, '<H') ret = self.data self.present = None self.data = None self.pkt = None self.pos = None return ret parse_radiotap = RadioTapParser() decoder = RadioTapDecoder() headerSize = struct.calcsize(FMT_HEADER_80211) def handler2(hdr, pkt): #try: rtmeta = parse_radiotap(pkt) #print json.dumps(rtmeta) # Don't try to process packets with bad checksum if rtmeta['flags'] & FLAG_BAD_FCS: return rtap = pkt[:rtmeta['len']] frame = pkt[rtmeta['len']:] header = frame[:headerSize] body = frame[headerSize:] # FCS is last 4 bytes, but may be missing frameControl, dur, addr1, addr2, addr3, seq = struct.unpack(FMT_HEADER_80211, header)
class TestDot11ManagementProbeRequestFrames(unittest.TestCase):
def setUp(self):
# 802.11 Management Frame
#
self.rawProbeRequestframe=b'\x00\x00\x18\x00\x2e\x48\x00\x00\x00\x02\x85\x09\xa0\x00\xda\x01\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\xff\xff\xff\xff\xff\xff\x00\x23\x4d\x13\xf9\x1b\xff\xff\xff\xff\xff\xff\x90\x45\x00\x05\x64\x6c\x69\x6e\x6b\x01\x08\x02\x04\x0b\x16\x0c\x12\x18\x24\x32\x04\x30\x48\x60\x6c'
self.radiotap_decoder = RadioTapDecoder()
radiotap=self.radiotap_decoder.decode(self.rawProbeRequestframe)
if PY2:
self.assertEqual(str(radiotap.__class__), "impacket.dot11.RadioTap")
else:
self.assertEqual(str(radiotap.__class__), "<class 'impacket.dot11.RadioTap'>")
self.dot11=radiotap.child()
if PY2:
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
else:
self.assertEqual(str(self.dot11.__class__), "<class 'impacket.dot11.Dot11'>")
type = self.dot11.get_type()
self.assertEqual(type,Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(subtype,Dot11Types.DOT11_SUBTYPE_MANAGEMENT_PROBE_REQUEST)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(typesubtype,Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_PROBE_REQUEST)
self.management_base=self.dot11.child()
if PY2:
self.assertEqual(str(self.management_base.__class__), "impacket.dot11.Dot11ManagementFrame")
else:
self.assertEqual(str(self.management_base.__class__), "<class 'impacket.dot11.Dot11ManagementFrame'>")
self.management_probe_request=self.management_base.child()
if PY2:
self.assertEqual(str(self.management_probe_request.__class__), "impacket.dot11.Dot11ManagementProbeRequest")
else:
self.assertEqual(str(self.management_probe_request.__class__), "<class 'impacket.dot11.Dot11ManagementProbeRequest'>")
def test_01(self):
'Test Header and Tail Size field'
self.assertEqual(self.management_base.get_header_size(), 22)
self.assertEqual(self.management_base.get_tail_size(), 0)
self.assertEqual(self.management_probe_request.get_header_size(), 23)
self.assertEqual(self.management_probe_request.get_tail_size(), 0)
def test_02(self):
'Test Duration field'
self.assertEqual(self.management_base.get_duration(), 0x0000)
self.management_base.set_duration(0x1234)
self.assertEqual(self.management_base.get_duration(), 0x1234)
def test_03(self):
'Test Destination Address field'
addr=self.management_base.get_destination_address()
self.assertEqual(addr.tolist(), [0xFF,0xFF,0xFF,0xFF,0xFF,0xFF])
addr[0]=0x12
addr[5]=0x34
self.management_base.set_destination_address(addr)
self.assertEqual(self.management_base.get_destination_address().tolist(), [0x12,0xFF,0xFF,0xFF,0xFF,0x34])
def test_04(self):
'Test Source Address field'
addr=self.management_base.get_source_address()
self.assertEqual(addr.tolist(), [0x00,0x23,0x4d,0x13,0xf9,0x1b])
addr[0]=0x12
addr[5]=0x34
self.management_base.set_source_address(addr)
self.assertEqual(self.management_base.get_source_address().tolist(), [0x12,0x23,0x4d,0x13,0xf9,0x34])
def test_05(self):
'Test BSSID Address field'
addr=self.management_base.get_bssid()
self.assertEqual(addr.tolist(), [0xff,0xff,0xff,0xff,0xff,0xff])
addr[0]=0x12
addr[5]=0x34
self.management_base.set_bssid(addr)
self.assertEqual(self.management_base.get_bssid().tolist(), [0x12,0xff,0xff,0xff,0xff,0x34])
def test_06(self):
'Test Sequence control field'
self.assertEqual(self.management_base.get_sequence_control(), 0x4590)
self.management_base.set_sequence_control(0x1234)
self.assertEqual(self.management_base.get_sequence_control(), 0x1234)
def test_07(self):
'Test Fragment number field'
self.assertEqual(self.management_base.get_fragment_number(), 0x00)
self.management_base.set_fragment_number(0xF1) # Es de 4 bit
self.assertEqual(self.management_base.get_fragment_number(), 0x01)
def test_08(self):
'Test Sequence number field'
self.assertEqual(self.management_base.get_sequence_number(), 1113)
self.management_base.set_sequence_number(0xF234) # Es de 12 bit
self.assertEqual(self.management_base.get_sequence_number(), 0x0234)
def test_09(self):
'Test Management Frame Data field'
frame_body=b"\x00\x05\x64\x6c\x69\x6e\x6b\x01\x08\x02\x04\x0b\x16\x0c\x12\x18\x24\x32\x04\x30\x48\x60\x6c"
self.assertEqual(self.management_base.get_frame_body(), frame_body)
def test_10(self):
'Test Management ssid getter/setter methods'
act_ssid=b"dlink"
new_ssid=b"holala"
self.assertEqual(self.management_probe_request.get_ssid(), act_ssid)
self.management_probe_request.set_ssid(new_ssid)
self.assertEqual(self.management_probe_request.get_ssid(), new_ssid)
self.assertEqual(self.management_probe_request.get_header_size(), 23+len(new_ssid)-len(act_ssid))
def test_11(self):
'Test Management supported_rates getter/setter methods'
self.assertEqual(self.management_probe_request.get_supported_rates(), (0x02,0x04,0x0b,0x16,0x0c,0x12,0x18,0x24) )
self.assertEqual(self.management_probe_request.get_supported_rates(human_readable=True), (1.0, 2.0, 5.5, 11.0, 6.0, 9.0, 12.0, 18.0) )
self.management_probe_request.set_supported_rates((0x04,0x0b,0x16,0x0c,0x12,0x18))
self.assertEqual(self.management_probe_request.get_supported_rates(), (0x04,0x0b,0x16,0x0c,0x12,0x18))
self.assertEqual(self.management_probe_request.get_supported_rates(human_readable=True), (2.0, 5.5, 11.0, 6.0, 9.0, 12.0) )
self.assertEqual(self.management_probe_request.get_header_size(), 23-2)
class TestDot11ManagementAssociationResponseFrames(unittest.TestCase):
def setUp(self):
# 802.11 Management Frame
#
self.rawframe=b"\x00\x00\x1c\x00\xef\x18\x00\x00\xc2L\xfa\x00<\x00\x00\x00\x10\x02\x85\t\xa0\x00\xb4\x9e_\x00\x00\x16\x10\x00:\x01p\x1a\x04T\xe3\x86\x00\x18\xf8lvB\x00\x18\xf8lvB\xf0\x02\x11\x04\x00\x00\x04\xc0\x01\x08\x82\x84\x8b\x96$0Hl2\x04\x0c\x12\x18`\xdd\t\x00\x10\x18\x02\x02\xf0\x00\x00\x00f%\xdf7"
self.radiotap_decoder = RadioTapDecoder()
radiotap=self.radiotap_decoder.decode(self.rawframe)
if PY2:
self.assertEqual(str(radiotap.__class__), "impacket.dot11.RadioTap")
else:
self.assertEqual(str(radiotap.__class__), "<class 'impacket.dot11.RadioTap'>")
self.dot11=radiotap.child()
if PY2:
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
else:
self.assertEqual(str(self.dot11.__class__), "<class 'impacket.dot11.Dot11'>")
type = self.dot11.get_type()
self.assertEqual(type,Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(subtype,Dot11Types.DOT11_SUBTYPE_MANAGEMENT_ASSOCIATION_RESPONSE)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(typesubtype,Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_ASSOCIATION_RESPONSE)
self.management_base=self.dot11.child()
if PY2:
self.assertEqual(str(self.management_base.__class__), "impacket.dot11.Dot11ManagementFrame")
else:
self.assertEqual(str(self.management_base.__class__), "<class 'impacket.dot11.Dot11ManagementFrame'>")
self.management_association_response=self.management_base.child()
if PY2:
self.assertEqual(str(self.management_association_response.__class__), "impacket.dot11.Dot11ManagementAssociationResponse")
else:
self.assertEqual(str(self.management_association_response.__class__), "<class 'impacket.dot11.Dot11ManagementAssociationResponse'>")
def test_01(self):
'Test Header and Tail Size field'
self.assertEqual(self.management_base.get_header_size(), 22)
self.assertEqual(self.management_base.get_tail_size(), 0)
self.assertEqual(self.management_association_response.get_header_size(), 33)
self.assertEqual(self.management_association_response.get_tail_size(), 0)
def test_02(self):
'Test Duration field'
self.assertEqual(self.management_base.get_duration(), 0x013a)
self.management_base.set_duration(0x1234)
self.assertEqual(self.management_base.get_duration(), 0x1234)
def test_03(self):
'Test Destination Address field'
addr=self.management_base.get_destination_address()
self.assertEqual(addr.tolist(), [0x70,0x1a,0x04,0x54,0xe3,0x86])
addr[0]=0x12
addr[5]=0x34
self.management_base.set_destination_address(addr)
self.assertEqual(self.management_base.get_destination_address().tolist(), [0x12,0x1a,0x04,0x54,0xe3,0x34])
def test_04(self):
'Test Source Address field'
addr=self.management_base.get_source_address()
self.assertEqual(addr.tolist(), [0x00,0x18,0xF8,0x6C,0x76,0x42])
addr[0]=0x12
addr[5]=0x34
self.management_base.set_source_address(addr)
self.assertEqual(self.management_base.get_source_address().tolist(), [0x12,0x18,0xF8,0x6C,0x76,0x34])
def test_05(self):
'Test BSSID Address field'
addr=self.management_base.get_bssid()
self.assertEqual(addr.tolist(), [0x00,0x18,0xF8,0x6C,0x76,0x42])
addr[0]=0x12
addr[5]=0x34
self.management_base.set_bssid(addr)
self.assertEqual(self.management_base.get_bssid().tolist(), [0x12,0x18,0xF8,0x6C,0x76,0x34])
def test_06(self):
'Test Sequence control field'
self.assertEqual(self.management_base.get_sequence_control(), 0x02f0)
self.management_base.set_sequence_control(0x1234)
self.assertEqual(self.management_base.get_sequence_control(), 0x1234)
def test_07(self):
'Test Fragment number field'
self.assertEqual(self.management_base.get_fragment_number(), 0x00)
self.management_base.set_fragment_number(0xF1) # Es de 4 bit
self.assertEqual(self.management_base.get_fragment_number(), 0x01)
def test_08(self):
'Test Sequence number field'
self.assertEqual(self.management_base.get_sequence_number(), 47)
self.management_base.set_sequence_number(0xF234) # Es de 12 bit
self.assertEqual(self.management_base.get_sequence_number(), 0x0234)
def test_09(self):
'Test Management Frame Data field'
frame_body=b"\x11\x04\x00\x00\x04\xc0\x01\x08\x82\x84\x8b\x96$0Hl2\x04\x0c\x12\x18`\xdd\t\x00\x10\x18\x02\x02\xf0\x00\x00\x00"
self.assertEqual(self.management_base.get_frame_body(), frame_body)
def test_10(self):
'Test Management Association Response Capabilities field'
self.assertEqual(self.management_association_response.get_capabilities(), 0x0411)
self.management_association_response.set_capabilities(0x4321)
self.assertEqual(self.management_association_response.get_capabilities(), 0x4321)
def test_11(self):
'Test Management Association Response Status Code field'
self.assertEqual(self.management_association_response.get_status_code(), 0x0000)
self.management_association_response.set_status_code(0x4321)
self.assertEqual(self.management_association_response.get_status_code(), 0x4321)
def test_12(self):
'Test Management Association Response Association ID field'
self.assertEqual(self.management_association_response.get_association_id(), 0xc004)
self.management_association_response.set_association_id(0x4321)
self.assertEqual(self.management_association_response.get_association_id(), 0x4321)
def test_13(self):
'Test Management Association Response Supported_rates getter/setter methods'
self.assertEqual(self.management_association_response.get_supported_rates(), (0x82, 0x84, 0x8b, 0x96, 0x24, 0x30, 0x48, 0x6c))
self.assertEqual(self.management_association_response.get_supported_rates(human_readable=True), (1.0, 2.0, 5.5, 11.0, 18.0, 24.0, 36.0, 54.0))
self.management_association_response.set_supported_rates((0x12, 0x98, 0x24, 0xb0, 0x48, 0x60))
self.assertEqual(self.management_association_response.get_supported_rates(), (0x12, 0x98, 0x24, 0xb0, 0x48, 0x60))
self.assertEqual(self.management_association_response.get_supported_rates(human_readable=True), (9.0, 12.0, 18.0, 24.0, 36.0, 48.0))
self.assertEqual(self.management_association_response.get_header_size(), 33-2)
def test_14(self):
'Test Management Vendor Specific getter/setter methods'
self.assertEqual(self.management_association_response.get_vendor_specific(), [(b"\x00\x10\x18",b"\x02\x02\xf0\x00\x00\x00")])
self.management_association_response.add_vendor_specific(b"\x00\x00\x40", b"\x04\x04\x04\x04\x04\x04")
self.assertEqual(self.management_association_response.get_vendor_specific(),
[(b"\x00\x10\x18", b"\x02\x02\xf0\x00\x00\x00"),
(b"\x00\x00\x40", b"\x04\x04\x04\x04\x04\x04"),
])
self.assertEqual(self.management_association_response.get_header_size(), 33+11)
class TestDot11ManagementAuthenticationFrames(unittest.TestCase):
def setUp(self):
# 802.11 Management Frame
#
self.rawframe="\x00\x00\x1c\x00\xef\x18\x00\x00\x39\x55\x6f\x05\x3c\x00\x00\x00\x10\x02\x85\x09\xa0\x00\xb8\x9d\x60\x00\x00\x1b\xb0\x00\x3a\x01\x00\x18\xf8\x6c\x76\x42\x70\x1a\x04\x54\xe3\x86\x00\x18\xf8\x6c\x76\x42\x30\xc8\x00\x00\x01\x00\x00\x00\xdd\x09\x00\x10\x18\x02\x00\x10\x00\x00\x00\x8a\x64\xe9\x3b"
self.radiotap_decoder = RadioTapDecoder()
radiotap=self.radiotap_decoder.decode(self.rawframe)
self.assertEqual(str(radiotap.__class__), "impacket.dot11.RadioTap")
self.dot11=radiotap.child()
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
type = self.dot11.get_type()
self.assertEqual(type,Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(subtype,Dot11Types.DOT11_SUBTYPE_MANAGEMENT_AUTHENTICATION)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(typesubtype,Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_AUTHENTICATION)
self.management_base=self.dot11.child()
self.assertEqual(str(self.management_base.__class__), "impacket.dot11.Dot11ManagementFrame")
self.management_authentication=self.management_base.child()
self.assertEqual(str(self.management_authentication.__class__), "impacket.dot11.Dot11ManagementAuthentication")
def test_01(self):
'Test Header and Tail Size field'
self.assertEqual(self.management_base.get_header_size(), 22)
self.assertEqual(self.management_base.get_tail_size(), 0)
self.assertEqual(self.management_authentication.get_header_size(), 17)
self.assertEqual(self.management_authentication.get_tail_size(), 0)
def test_02(self):
'Test Duration field'
self.assertEqual(self.management_base.get_duration(), 0x013a)
self.management_base.set_duration(0x1234)
self.assertEqual(self.management_base.get_duration(), 0x1234)
def test_03(self):
'Test Destination Address field'
addr=self.management_base.get_destination_address()
self.assertEqual(addr.tolist(), [0x00,0x18,0xF8,0x6C,0x76,0x42])
addr[0]=0x12
addr[5]=0x34
self.management_base.set_destination_address(addr)
self.assertEqual(self.management_base.get_destination_address().tolist(), [0x12,0x18,0xF8,0x6C,0x76,0x34])
def test_04(self):
'Test Source Address field'
addr=self.management_base.get_source_address()
self.assertEqual(addr.tolist(), [0x70,0x1A,0x04,0x54,0xE3,0x86])
addr[0]=0x12
addr[5]=0x34
self.management_base.set_source_address(addr)
self.assertEqual(self.management_base.get_source_address().tolist(), [0x12,0x1A,0x04,0x54,0xE3,0x34])
def test_05(self):
'Test BSSID Address field'
addr=self.management_base.get_bssid()
self.assertEqual(addr.tolist(), [0x00,0x18,0xF8,0x6C,0x76,0x42])
addr[0]=0x12
addr[5]=0x34
self.management_base.set_bssid(addr)
self.assertEqual(self.management_base.get_bssid().tolist(), [0x12,0x18,0xF8,0x6C,0x76,0x34])
def test_06(self):
'Test Sequence control field'
self.assertEqual(self.management_base.get_sequence_control(), 0xc830)
self.management_base.set_sequence_control(0x1234)
self.assertEqual(self.management_base.get_sequence_control(), 0x1234)
def test_07(self):
'Test Fragment number field'
self.assertEqual(self.management_base.get_fragment_number(), 0x00)
self.management_base.set_fragment_number(0xF1) # Es de 4 bit
self.assertEqual(self.management_base.get_fragment_number(), 0x01)
def test_08(self):
'Test Sequence number field'
self.assertEqual(self.management_base.get_sequence_number(), 3203)
self.management_base.set_sequence_number(0xF234) # Es de 12 bit
self.assertEqual(self.management_base.get_sequence_number(), 0x0234)
def test_09(self):
'Test Management Frame Data field'
frame_body="\x00\x00\x01\x00\x00\x00\xdd\x09\x00\x10\x18\x02\x00\x10\x00\x00\x00"
self.assertEqual(self.management_base.get_frame_body(), frame_body)
def test_10(self):
'Test Management Frame Authentication Algorithm field'
self.assertEqual(self.management_authentication.get_authentication_algorithm(), 0x0000)
self.management_authentication.set_authentication_algorithm(0x8765)
self.assertEqual(self.management_authentication.get_authentication_algorithm(), 0x8765)
def test_11(self):
'Test Management Frame Authentication Sequence field'
self.assertEqual(self.management_authentication.get_authentication_sequence(), 0x0001)
self.management_authentication.set_authentication_sequence(0x8765)
self.assertEqual(self.management_authentication.get_authentication_sequence(), 0x8765)
def test_12(self):
'Test Management Frame Authentication Status field'
self.assertEqual(self.management_authentication.get_authentication_status(), 0x0000)
self.management_authentication.set_authentication_status(0x8765)
self.assertEqual(self.management_authentication.get_authentication_status(), 0x8765)
def test_13(self):
'Test Management Vendor Specific getter/setter methods'
self.assertEqual(self.management_authentication.get_vendor_specific(), [("\x00\x10\x18","\x02\x00\x10\x00\x00\x00")])
self.management_authentication.add_vendor_specific("\x00\x00\x40","\x04\x04\x04\x04\x04\x04")
self.assertEqual(self.management_authentication.get_vendor_specific(),
[("\x00\x10\x18","\x02\x00\x10\x00\x00\x00"),
("\x00\x00\x40","\x04\x04\x04\x04\x04\x04"),
])
self.assertEqual(self.management_authentication.get_header_size(), 28)
class WpsScanner(object):
def __init__(self, interface, channel=None, timeout=5, output=None, passive=False, mac=None, logfile=None):
self.interface = interface
self.channel = channel
self.timeout = timeout
self.output = output
self.passive = passive
self.mac = mac if is_valid_mac_address(mac) else None
self.logfile = logfile
#
self.aps = {}
self.wps_aps = {}
self.captured = []
self.probes_sent = []
self._stop = False
#
self.wps_parser = WpsParser()
self.rtDecoder = RadioTapDecoder()
# Initialize logger
self.logger = logging.getLogger('airlog')
self.logger.setLevel(logging.INFO)
# Console logging
ch = logging.StreamHandler()
ch.setLevel(logging.INFO)
formatter = coloredlogs.ColoredFormatter('[%(asctime)s] - %(levelname)s - %(message)s',
datefmt='%d.%m.%Y %H:%M:%S')
ch.setFormatter(formatter)
self.logger.addHandler(ch)
# Logging to file
if logfile is None:
return
fh = logging.FileHandler(logfile)
fh.setLevel(logging.DEBUG)
formatter = logging.Formatter('[%(asctime)s] - %(message)s', datefmt='%d.%m.%Y %H:%M:%S')
fh.setFormatter(formatter)
self.logger.addHandler(fh)
def set_mode(self, mode):
if OSX:
return
self.logger.debug('Enabling %s mode on %s' % (mode, self.interface))
os.system('ifconfig %s down' % self.interface)
os.system('iwconfig %s mode %s' % (self.interface, mode))
os.system('ifconfig %s up' % self.interface)
def enable_monitor(self):
self.set_mode('monitor')
# return subprocess.Popen('ifconfig %s down && iw %s set type monitor && ifconfig %s up' %
# (self.interface, self.interface, self.interface), shell=True).communicate()
def set_channel(self, channel):
if LINUX:
os.system('iwconfig %s channel %s' % (self.interface, channel))
elif OSX:
subprocess.call(['sudo', AIRPORT, '--channel=' + str(channel)])
# os.system('%s %s --channel=%s' % (AIRPORT ,self.interface, channel))
def signal_handler(self, frame, code):
# print("Ctrl+C caught. Exiting..")
# sys.exit(-1)
try:
if query_yes_no("\nReally quit?"):
self.logger.info('Trying to quit correctly. Be patient please...')
self._stop = True
# self.save()
except KeyboardInterrupt:
self.logger.warning("Ok ok... Quitting without saving!")
sys.exit(1)
def get_security(self, pkt):
# Check for encrypted networks
capability = pkt.sprintf("{Dot11Beacon:%Dot11Beacon.cap%}\
{Dot11ProbeResp:%Dot11ProbeResp.cap%}")
p = pkt[Dot11Elt]
crypto = set()
while isinstance(p, Dot11Elt):
if p.ID == 48:
crypto.add("WPA2")
elif p.ID == 221 and p.info.startswith('\x00P\xf2\x01\x01\x00'):
crypto.add("WPA")
p = p.payload
if not crypto:
if 'privacy' in capability:
crypto.add("WEP")
else:
crypto.add("OPEN")
return '/'.join(crypto)
def handle_beacon(self, pkt):
"""Process 802.11 Beacon Frame for WPS IE."""
try:
rt = self.rtDecoder.get_protocol(dot11.RadioTap)
mgt = self.rtDecoder.get_protocol(dot11.Dot11ManagementFrame)
beacon = self.rtDecoder.get_protocol(dot11.Dot11ManagementBeacon)
bssid = get_addr_from_list(mgt.get_bssid())
essid = str(beacon.get_ssid())
freq = rt.get_channel()[0]
channel = frequencies_dict[freq]
enc = self.get_security(pkt)
vendor = get_vendor(bssid)
wps = self.wps_parser.has_wps(beacon.get_vendor_specific())
# Display and save discovered AP
if bssid in self.aps:
return
self.logger.info("[+] AP found! Channel: %02d ESSID: %s BSSID: %s Encryption: %s Vendor: %s WPS: %s" %
(int(channel), essid, bssid, enc, vendor, wps))
self.aps[bssid] = (int(channel), essid, enc, wps)
#
# wi = self.wps_parser.parse_beacon(pkt)
# print('WPSINFO', wi)
# ACTIVE MODE
# if wps and not self.passive and bssid not in self.probes_sent:
# self.send_probe_req(essid)
# # self.send_probe_req_2(essid)
# self.probes_sent.append(bssid)
except Exception as e:
print('Error while parsing beacon')
print(str(sys.exc_info()))
return None
def handle_probe_response(self, pkt):
"""Process 802.11 Probe Response Frame for WPS IE."""
try:
mgt = self.rtDecoder.get_protocol(dot11.Dot11ManagementFrame)
probe = self.rtDecoder.get_protocol(dot11.Dot11ManagementProbeResponse)
bssid = get_addr_from_list(mgt.get_bssid())
essid = probe.get_ssid()
# If null byte in the SSID IE, its cloacked.
if essid is None or essid.find("\x00") != -1:
essid = "<No ssid>"
if bssid in self.aps:
return
rt = self.rtDecoder.get_protocol(dot11.RadioTap)
freq = rt.get_channel()[0]
channel = frequencies_dict[freq]
vendor = get_vendor(bssid)
vendorIEs = probe.get_vendor_specific()
wps = self.wps_parser.has_wps(vendorIEs)
# print 'checking wps info'
if self.wps_parser.has_wps(vendorIEs):
hexdump(vendorIEs)
wpsInfo = self.wps_parser.parse_wps(vendorIEs)
if wpsInfo:
self.wps_aps[bssid] = wpsInfo
print("[%s] - [%s]\t%s'\nWPS Information" % (bssid, essid, vendor))
for key, value in wpsInfo.items():
print("[WPSINFO] * %s: %s" % (key, repr(value)))
self.wps_parser.parse_probe_response(pkt)
enc = self.get_security(pkt)
self.aps[bssid] = (channel, essid, enc, wps)
self.logger.info(
'[+] AP discovered! ProbeResponse channel: %s ESSID: %s Encryption: %s WPS: %s Vendor: %s' %
(channel, _green(essid), _colorize_security(enc), _colorize_wps(wps), _green(get_vendor(bssid))))
except Exception:
print('Error while parsing probe responsse')
print(str(sys.exc_info()))
return
@property
def scan_table(self):
x = PrettyTable(['Channel', 'BSSID', 'ESSID', 'Security', 'Vendor', 'WPS', 'WPS Info'])
x.align["ESSID"] = "l"
x.align["Vendor"] = "l"
for bssid in sorted(self.aps, key=lambda k: self.aps[k][0]):
channel, essid, enc, wps= self.aps[bssid]
wps_text = ''
wpsinfo = self.wps_aps[bssid] if bssid in self.wps_aps else None
if wpsinfo:
for key, value in wpsinfo.items():
wps_text += " %s: %s" % (key, repr(value))
x.add_row([channel, bssid, essid, _colorize_security(enc), get_vendor(bssid), _colorize_wps(wps), wps_text])
return x
def pkt_handler(self, pkt):
try:
self.rtDecoder.decode(str(pkt))
except Exception:
self.logger.error('Error while decoding packet..')
print(sys.exc_info())
return
# Management frames
if pkt.type == 0:
# Probe response
if pkt.subtype == 5:
self.handle_probe_response(pkt)
# Beacon
elif pkt.subtype == 8:
self.handle_beacon(pkt)
def send_probe_req(self, bssid, essid):
"""Send a probe request to the specified AP"""
src = RandMAC() if self.mac is None else self.mac
self.logger.info('[!] Sending Broadcast Probe Request: SRC=[%s] -> BSSID: %s ESSID: %s' % (src, bssid, essid))
param = Dot11ProbeReq()
essid = Dot11Elt(ID='SSID', info=essid)
rates = Dot11Elt(ID='Rates', info="\x03\x12\x96\x18\x24\x30\x48\x60")
dsset = Dot11Elt(ID='DSset', info='\x01')
pkt = RadioTap() / Dot11(type=0, subtype=4, addr1='ff:ff:ff:ff:ff:ff', addr2=src,
addr3='ff:ff:ff:ff:ff:ff') / param / essid / rates / dsset
try:
sendp(pkt, verbose=0)
except:
return
print ("Probing network '%s (%s)'\n" % (bssid, essid))
try:
# Build a probe request packet with a SSID and a WPS information element
dst = mac2str(bssid)
src = mac2str("ff:ff:ff:ff:ff:ff")
packet = Dot11(addr1=dst, addr2=src, addr3=dst) / Dot11ProbeReq()
packet = packet / Dot11Elt(ID=0, len=len(essid), info=essid) / Dot11Elt(ID=221, len=9,
info="%s\x10\x4a\x00\x01\x10" % self.wps_parser.WPS_ID)
# Send it!
send(packet, verbose=0)
# self.probedNets[bssid] = None
except Exception, e:
print 'Failure sending probe request to', essid, ':', e
class TestDot11ManagementProbeResponseFrames(unittest.TestCase):
def setUp(self):
# 802.11 Management Frame
#
self.rawProbeResponseframe='\x00\x00\x18\x00\x2e\x48\x00\x00\x00\x02\x85\x09\xa0\x00\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x00\x50\x00\x3a\x01\x00\x21\xfe\x39\x3f\x77\x00\x1b\x11\x32\x66\x23\x00\x1b\x11\x32\x66\x23\x20\x73\x7f\xa0\x22\xf8\x3f\x01\x00\x00\x64\x00\x11\x04\x00\x07\x66\x72\x65\x65\x62\x73\x64\x01\x08\x82\x84\x8b\x96\x24\x30\x48\x6c\x03\x01\x06\x2a\x01\x04\x2f\x01\x04\x32\x04\x0c\x12\x18\x60\xdd\x75\x00\x50\xf2\x04\x10\x4a\x00\x01\x10\x10\x44\x00\x01\x02\x10\x41\x00\x01\x00\x10\x3b\x00\x01\x03\x10\x47\x00\x10\x11\x4e\xf7\x46\xa9\xc6\xfb\x1d\x70\x1b\x00\x1b\x11\x32\x66\x23\x10\x21\x00\x06\x44\x2d\x4c\x69\x6e\x6b\x10\x23\x00\x07\x44\x49\x52\x2d\x33\x32\x30\x10\x24\x00\x07\x44\x49\x52\x2d\x33\x32\x30\x10\x42\x00\x08\x30\x30\x30\x30\x30\x30\x30\x30\x10\x54\x00\x08\x00\x06\x00\x50\xf2\x04\x00\x01\x10\x11\x00\x07\x44\x49\x52\x2d\x33\x32\x30\x10\x08\x00\x02\x00\x8e\xdd\x05\x00\x50\xf2\x05\x00\xdd\x09\x00\x10\x18\x02\x01\xf0\x00\x00\x00\xdd\x18\x00\x50\xf2\x01\x01\x00\x00\x50\xf2\x02\x01\x00\x00\x50\xf2\x02\x01\x00\x00\x50\xf2\x02\x00\x00'
self.radiotap_decoder = RadioTapDecoder()
radiotap=self.radiotap_decoder.decode(self.rawProbeResponseframe)
self.assertEqual(str(radiotap.__class__), "impacket.dot11.RadioTap")
self.dot11=radiotap.child()
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
type = self.dot11.get_type()
self.assertEqual(type,Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(subtype,Dot11Types.DOT11_SUBTYPE_MANAGEMENT_PROBE_RESPONSE)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(typesubtype,Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_PROBE_RESPONSE)
self.management_base=self.dot11.child()
self.assertEqual(str(self.management_base.__class__), "impacket.dot11.Dot11ManagementFrame")
self.management_probe_response=self.management_base.child()
self.assertEqual(str(self.management_probe_response.__class__), "impacket.dot11.Dot11ManagementProbeResponse")
def test_01(self):
'Test Header and Tail Size field'
self.assertEqual(self.management_base.get_header_size(), 22)
self.assertEqual(self.management_base.get_tail_size(), 0)
self.assertEqual(self.management_probe_response.get_header_size(), 209)
self.assertEqual(self.management_probe_response.get_tail_size(), 0)
def test_02(self):
'Test Duration field'
self.assertEqual(self.management_base.get_duration(), 0x013a)
self.management_base.set_duration(0x1234)
self.assertEqual(self.management_base.get_duration(), 0x1234)
def test_03(self):
'Test Destination Address field'
addr=self.management_base.get_destination_address()
self.assertEqual(addr.tolist(), [0x00,0x21,0xFE,0x39,0x3F,0x77])
addr[0]=0x12
addr[5]=0x34
self.management_base.set_destination_address(addr)
self.assertEqual(self.management_base.get_destination_address().tolist(), [0x12,0x21,0xFE,0x39,0x3F,0x34])
def test_04(self):
'Test Source Address field'
addr=self.management_base.get_source_address()
self.assertEqual(addr.tolist(), [0x00,0x1B,0x11,0x32,0x66,0x23])
addr[0]=0x12
addr[5]=0x34
self.management_base.set_source_address(addr)
self.assertEqual(self.management_base.get_source_address().tolist(), [0x12,0x1B,0x11,0x32,0x66,0x34])
def test_05(self):
'Test BSSID Address field'
addr=self.management_base.get_bssid()
self.assertEqual(addr.tolist(), [0x00,0x1B,0x11,0x32,0x66,0x23])
addr[0]=0x12
addr[5]=0x34
self.management_base.set_bssid(addr)
self.assertEqual(self.management_base.get_bssid().tolist(), [0x12,0x1B,0x11,0x32,0x66,0x34])
def test_06(self):
'Test Sequence control field'
self.assertEqual(self.management_base.get_sequence_control(), 0x7320)
self.management_base.set_sequence_control(0x1234)
self.assertEqual(self.management_base.get_sequence_control(), 0x1234)
def test_07(self):
'Test Fragment number field'
self.assertEqual(self.management_base.get_fragment_number(), 0x00)
self.management_base.set_fragment_number(0xF1) # It's 4 bits long
self.assertEqual(self.management_base.get_fragment_number(), 0x01)
def test_08(self):
'Test Sequence number field'
self.assertEqual(self.management_base.get_sequence_number(), 1842)
self.management_base.set_sequence_number(0xF234) # It's 12 bits long
self.assertEqual(self.management_base.get_sequence_number(), 0x0234)
def test_09(self):
'Test Management Frame Data field'
frame_body="\x7f\xa0\x22\xf8\x3f\x01\x00\x00\x64\x00\x11\x04\x00\x07\x66\x72\x65\x65\x62\x73\x64\x01\x08\x82\x84\x8b\x96\x24\x30\x48\x6c\x03\x01\x06\x2a\x01\x04\x2f\x01\x04\x32\x04\x0c\x12\x18\x60\xdd\x75\x00\x50\xf2\x04\x10\x4a\x00\x01\x10\x10\x44\x00\x01\x02\x10\x41\x00\x01\x00\x10\x3b\x00\x01\x03\x10\x47\x00\x10\x11\x4e\xf7\x46\xa9\xc6\xfb\x1d\x70\x1b\x00\x1b\x11\x32\x66\x23\x10\x21\x00\x06\x44\x2d\x4c\x69\x6e\x6b\x10\x23\x00\x07\x44\x49\x52\x2d\x33\x32\x30\x10\x24\x00\x07\x44\x49\x52\x2d\x33\x32\x30\x10\x42\x00\x08\x30\x30\x30\x30\x30\x30\x30\x30\x10\x54\x00\x08\x00\x06\x00\x50\xf2\x04\x00\x01\x10\x11\x00\x07\x44\x49\x52\x2d\x33\x32\x30\x10\x08\x00\x02\x00\x8e\xdd\x05\x00\x50\xf2\x05\x00\xdd\x09\x00\x10\x18\x02\x01\xf0\x00\x00\x00\xdd\x18\x00\x50\xf2\x01\x01\x00\x00\x50\xf2\x02\x01\x00\x00\x50\xf2\x02\x01\x00\x00\x50\xf2\x02\x00\x00"
self.assertEqual(self.management_base.get_frame_body(), frame_body)
def test_10(self):
'Test Management Beacon Timestamp field'
self.assertEqual(self.management_probe_response.get_timestamp(), 0x0000013FF822A07F)
self.management_probe_response.set_timestamp(0x8765432101234567)
self.assertEqual(self.management_probe_response.get_timestamp(), 0x8765432101234567)
def test_11(self):
'Test Management Beacon Interval field'
self.assertEqual(self.management_probe_response.get_beacon_interval(), 0x0064)
self.management_probe_response.set_beacon_interval(0x4321)
self.assertEqual(self.management_probe_response.get_beacon_interval(), 0x4321)
def test_12(self):
'Test Management Beacon Capabilities field'
self.assertEqual(self.management_probe_response.get_capabilities(), 0x0411)
self.management_probe_response.set_capabilities(0x4321)
self.assertEqual(self.management_probe_response.get_capabilities(), 0x4321)
def test_13(self):
'Test Management ssid getter/setter methods'
act_ssid="freebsd"
new_ssid="holala"
self.assertEqual(self.management_probe_response.get_ssid(), act_ssid)
self.management_probe_response.set_ssid(new_ssid)
self.assertEqual(self.management_probe_response.get_ssid(), new_ssid)
self.assertEqual(self.management_probe_response.get_header_size(), 209-1)
def test_14(self):
'Test Management supported_rates getter/setter methods'
self.assertEqual(self.management_probe_response.get_supported_rates(), (0x82,0x84,0x8b,0x96,0x24,0x30,0x48,0x6c) )
self.assertEqual(self.management_probe_response.get_supported_rates(human_readable=True), (1.0, 2.0, 5.5, 11.0, 18.0, 24.0, 36.0, 54.0 ) )
self.management_probe_response.set_supported_rates((0x84,0x8b,0x96,0x24,0x30,0x48))
self.assertEqual(self.management_probe_response.get_supported_rates(), (0x84,0x8b,0x96,0x24,0x30,0x48) )
self.assertEqual(self.management_probe_response.get_supported_rates(human_readable=True), ( 2.0, 5.5, 11.0, 18.0, 24.0, 36.0 ) )
self.assertEqual(self.management_probe_response.get_header_size(), 209-2)
def test_15(self):
'Test Management DS Parameter Set getter/setter methods'
self.assertEqual(self.management_probe_response.get_ds_parameter_set(), 6 )
self.management_probe_response.set_ds_parameter_set(40)
self.assertEqual(self.management_probe_response.get_ds_parameter_set(), 40 )
self.assertEqual(self.management_probe_response.get_header_size(), 209)
def test_16(self):
'Test Management Vendor Specific getter/setter methods'
self.assertEqual(self.management_probe_response.get_vendor_specific(),
[("\x00\x50\xf2", "\x04\x10\x4a\x00\x01\x10\x10\x44\x00\x01\x02\x10\x41\x00\x01\x00\x10\x3b\x00\x01\x03\x10\x47\x00\x10\x11\x4e\xf7\x46\xa9\xc6\xfb\x1d\x70\x1b\x00\x1b\x11\x32\x66\x23\x10\x21\x00\x06\x44\x2d\x4c\x69\x6e\x6b\x10\x23\x00\x07\x44\x49\x52\x2d\x33\x32\x30\x10\x24\x00\x07\x44\x49\x52\x2d\x33\x32\x30\x10\x42\x00\x08\x30\x30\x30\x30\x30\x30\x30\x30\x10\x54\x00\x08\x00\x06\x00\x50\xf2\x04\x00\x01\x10\x11\x00\x07\x44\x49\x52\x2d\x33\x32\x30\x10\x08\x00\x02\x00\x8e"),
("\x00\x50\xf2", "\x05\x00"),
("\x00\x10\x18","\x02\x01\xf0\x00\x00\x00"),
("\x00\x50\xf2","\x01\x01\x00\x00\x50\xf2\x02\x01\x00\x00\x50\xf2\x02\x01\x00\x00\x50\xf2\x02\x00\x00"),
])
self.management_probe_response.add_vendor_specific("\x00\x00\x40","\x04\x04\x04\x04\x04\x04")
self.assertEqual(self.management_probe_response.get_vendor_specific(),
[("\x00\x50\xf2","\x04\x10\x4a\x00\x01\x10\x10\x44\x00\x01\x02\x10\x41\x00\x01\x00\x10\x3b\x00\x01\x03\x10\x47\x00\x10\x11\x4e\xf7\x46\xa9\xc6\xfb\x1d\x70\x1b\x00\x1b\x11\x32\x66\x23\x10\x21\x00\x06\x44\x2d\x4c\x69\x6e\x6b\x10\x23\x00\x07\x44\x49\x52\x2d\x33\x32\x30\x10\x24\x00\x07\x44\x49\x52\x2d\x33\x32\x30\x10\x42\x00\x08\x30\x30\x30\x30\x30\x30\x30\x30\x10\x54\x00\x08\x00\x06\x00\x50\xf2\x04\x00\x01\x10\x11\x00\x07\x44\x49\x52\x2d\x33\x32\x30\x10\x08\x00\x02\x00\x8e"),
("\x00\x50\xf2","\x05\x00"),
("\x00\x10\x18","\x02\x01\xf0\x00\x00\x00"),
("\x00\x50\xf2","\x01\x01\x00\x00\x50\xf2\x02\x01\x00\x00\x50\xf2\x02\x01\x00\x00\x50\xf2\x02\x00\x00"),
("\x00\x00\x40","\x04\x04\x04\x04\x04\x04"),
])
self.assertEqual(self.management_probe_response.get_header_size(), 209+6+3+2)
class TestDot11ManagementProbeResponseFrames(unittest.TestCase):
def setUp(self):
# 802.11 Management Frame
#
self.rawProbeResponseframe = b'\x00\x00\x18\x00\x2e\x48\x00\x00\x00\x02\x85\x09\xa0\x00\xb0\x01\x00\x00\x00\x00\x00\x00\x00\x00\x50\x00\x3a\x01\x00\x21\xfe\x39\x3f\x77\x00\x1b\x11\x32\x66\x23\x00\x1b\x11\x32\x66\x23\x20\x73\x7f\xa0\x22\xf8\x3f\x01\x00\x00\x64\x00\x11\x04\x00\x07\x66\x72\x65\x65\x62\x73\x64\x01\x08\x82\x84\x8b\x96\x24\x30\x48\x6c\x03\x01\x06\x2a\x01\x04\x2f\x01\x04\x32\x04\x0c\x12\x18\x60\xdd\x75\x00\x50\xf2\x04\x10\x4a\x00\x01\x10\x10\x44\x00\x01\x02\x10\x41\x00\x01\x00\x10\x3b\x00\x01\x03\x10\x47\x00\x10\x11\x4e\xf7\x46\xa9\xc6\xfb\x1d\x70\x1b\x00\x1b\x11\x32\x66\x23\x10\x21\x00\x06\x44\x2d\x4c\x69\x6e\x6b\x10\x23\x00\x07\x44\x49\x52\x2d\x33\x32\x30\x10\x24\x00\x07\x44\x49\x52\x2d\x33\x32\x30\x10\x42\x00\x08\x30\x30\x30\x30\x30\x30\x30\x30\x10\x54\x00\x08\x00\x06\x00\x50\xf2\x04\x00\x01\x10\x11\x00\x07\x44\x49\x52\x2d\x33\x32\x30\x10\x08\x00\x02\x00\x8e\xdd\x05\x00\x50\xf2\x05\x00\xdd\x09\x00\x10\x18\x02\x01\xf0\x00\x00\x00\xdd\x18\x00\x50\xf2\x01\x01\x00\x00\x50\xf2\x02\x01\x00\x00\x50\xf2\x02\x01\x00\x00\x50\xf2\x02\x00\x00'
self.radiotap_decoder = RadioTapDecoder()
radiotap = self.radiotap_decoder.decode(self.rawProbeResponseframe)
if PY2:
self.assertEqual(str(radiotap.__class__),
"impacket.dot11.RadioTap")
else:
self.assertEqual(str(radiotap.__class__),
"<class 'impacket.dot11.RadioTap'>")
self.dot11 = radiotap.child()
if PY2:
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
else:
self.assertEqual(str(self.dot11.__class__),
"<class 'impacket.dot11.Dot11'>")
type = self.dot11.get_type()
self.assertEqual(type, Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(subtype,
Dot11Types.DOT11_SUBTYPE_MANAGEMENT_PROBE_RESPONSE)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(
typesubtype,
Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_PROBE_RESPONSE)
self.management_base = self.dot11.child()
if PY2:
self.assertEqual(str(self.management_base.__class__),
"impacket.dot11.Dot11ManagementFrame")
else:
self.assertEqual(str(self.management_base.__class__),
"<class 'impacket.dot11.Dot11ManagementFrame'>")
self.management_probe_response = self.management_base.child()
if PY2:
self.assertEqual(str(self.management_probe_response.__class__),
"impacket.dot11.Dot11ManagementProbeResponse")
else:
self.assertEqual(
str(self.management_probe_response.__class__),
"<class 'impacket.dot11.Dot11ManagementProbeResponse'>")
def test_01(self):
'Test Header and Tail Size field'
self.assertEqual(self.management_base.get_header_size(), 22)
self.assertEqual(self.management_base.get_tail_size(), 0)
self.assertEqual(self.management_probe_response.get_header_size(), 209)
self.assertEqual(self.management_probe_response.get_tail_size(), 0)
def test_02(self):
'Test Duration field'
self.assertEqual(self.management_base.get_duration(), 0x013a)
self.management_base.set_duration(0x1234)
self.assertEqual(self.management_base.get_duration(), 0x1234)
def test_03(self):
'Test Destination Address field'
addr = self.management_base.get_destination_address()
self.assertEqual(addr.tolist(), [0x00, 0x21, 0xFE, 0x39, 0x3F, 0x77])
addr[0] = 0x12
addr[5] = 0x34
self.management_base.set_destination_address(addr)
self.assertEqual(
self.management_base.get_destination_address().tolist(),
[0x12, 0x21, 0xFE, 0x39, 0x3F, 0x34])
def test_04(self):
'Test Source Address field'
addr = self.management_base.get_source_address()
self.assertEqual(addr.tolist(), [0x00, 0x1B, 0x11, 0x32, 0x66, 0x23])
addr[0] = 0x12
addr[5] = 0x34
self.management_base.set_source_address(addr)
self.assertEqual(self.management_base.get_source_address().tolist(),
[0x12, 0x1B, 0x11, 0x32, 0x66, 0x34])
def test_05(self):
'Test BSSID Address field'
addr = self.management_base.get_bssid()
self.assertEqual(addr.tolist(), [0x00, 0x1B, 0x11, 0x32, 0x66, 0x23])
addr[0] = 0x12
addr[5] = 0x34
self.management_base.set_bssid(addr)
self.assertEqual(self.management_base.get_bssid().tolist(),
[0x12, 0x1B, 0x11, 0x32, 0x66, 0x34])
def test_06(self):
'Test Sequence control field'
self.assertEqual(self.management_base.get_sequence_control(), 0x7320)
self.management_base.set_sequence_control(0x1234)
self.assertEqual(self.management_base.get_sequence_control(), 0x1234)
def test_07(self):
'Test Fragment number field'
self.assertEqual(self.management_base.get_fragment_number(), 0x00)
self.management_base.set_fragment_number(0xF1) # It's 4 bits long
self.assertEqual(self.management_base.get_fragment_number(), 0x01)
def test_08(self):
'Test Sequence number field'
self.assertEqual(self.management_base.get_sequence_number(), 1842)
self.management_base.set_sequence_number(0xF234) # It's 12 bits long
self.assertEqual(self.management_base.get_sequence_number(), 0x0234)
def test_09(self):
'Test Management Frame Data field'
frame_body = b"\x7f\xa0\x22\xf8\x3f\x01\x00\x00\x64\x00\x11\x04\x00\x07\x66\x72\x65\x65\x62\x73\x64\x01\x08\x82\x84\x8b\x96\x24\x30\x48\x6c\x03\x01\x06\x2a\x01\x04\x2f\x01\x04\x32\x04\x0c\x12\x18\x60\xdd\x75\x00\x50\xf2\x04\x10\x4a\x00\x01\x10\x10\x44\x00\x01\x02\x10\x41\x00\x01\x00\x10\x3b\x00\x01\x03\x10\x47\x00\x10\x11\x4e\xf7\x46\xa9\xc6\xfb\x1d\x70\x1b\x00\x1b\x11\x32\x66\x23\x10\x21\x00\x06\x44\x2d\x4c\x69\x6e\x6b\x10\x23\x00\x07\x44\x49\x52\x2d\x33\x32\x30\x10\x24\x00\x07\x44\x49\x52\x2d\x33\x32\x30\x10\x42\x00\x08\x30\x30\x30\x30\x30\x30\x30\x30\x10\x54\x00\x08\x00\x06\x00\x50\xf2\x04\x00\x01\x10\x11\x00\x07\x44\x49\x52\x2d\x33\x32\x30\x10\x08\x00\x02\x00\x8e\xdd\x05\x00\x50\xf2\x05\x00\xdd\x09\x00\x10\x18\x02\x01\xf0\x00\x00\x00\xdd\x18\x00\x50\xf2\x01\x01\x00\x00\x50\xf2\x02\x01\x00\x00\x50\xf2\x02\x01\x00\x00\x50\xf2\x02\x00\x00"
self.assertEqual(self.management_base.get_frame_body(), frame_body)
def test_10(self):
'Test Management Beacon Timestamp field'
self.assertEqual(self.management_probe_response.get_timestamp(),
0x0000013FF822A07F)
self.management_probe_response.set_timestamp(0x8765432101234567)
self.assertEqual(self.management_probe_response.get_timestamp(),
0x8765432101234567)
def test_11(self):
'Test Management Beacon Interval field'
self.assertEqual(self.management_probe_response.get_beacon_interval(),
0x0064)
self.management_probe_response.set_beacon_interval(0x4321)
self.assertEqual(self.management_probe_response.get_beacon_interval(),
0x4321)
def test_12(self):
'Test Management Beacon Capabilities field'
self.assertEqual(self.management_probe_response.get_capabilities(),
0x0411)
self.management_probe_response.set_capabilities(0x4321)
self.assertEqual(self.management_probe_response.get_capabilities(),
0x4321)
def test_13(self):
'Test Management ssid getter/setter methods'
act_ssid = b"freebsd"
new_ssid = b"holala"
self.assertEqual(self.management_probe_response.get_ssid(), act_ssid)
self.management_probe_response.set_ssid(new_ssid)
self.assertEqual(self.management_probe_response.get_ssid(), new_ssid)
self.assertEqual(self.management_probe_response.get_header_size(),
209 - 1)
def test_14(self):
'Test Management supported_rates getter/setter methods'
self.assertEqual(self.management_probe_response.get_supported_rates(),
(0x82, 0x84, 0x8b, 0x96, 0x24, 0x30, 0x48, 0x6c))
self.assertEqual(
self.management_probe_response.get_supported_rates(
human_readable=True),
(1.0, 2.0, 5.5, 11.0, 18.0, 24.0, 36.0, 54.0))
self.management_probe_response.set_supported_rates(
(0x84, 0x8b, 0x96, 0x24, 0x30, 0x48))
self.assertEqual(self.management_probe_response.get_supported_rates(),
(0x84, 0x8b, 0x96, 0x24, 0x30, 0x48))
self.assertEqual(
self.management_probe_response.get_supported_rates(
human_readable=True), (2.0, 5.5, 11.0, 18.0, 24.0, 36.0))
self.assertEqual(self.management_probe_response.get_header_size(),
209 - 2)
def test_15(self):
'Test Management DS Parameter Set getter/setter methods'
self.assertEqual(self.management_probe_response.get_ds_parameter_set(),
6)
self.management_probe_response.set_ds_parameter_set(40)
self.assertEqual(self.management_probe_response.get_ds_parameter_set(),
40)
self.assertEqual(self.management_probe_response.get_header_size(), 209)
def test_16(self):
'Test Management Vendor Specific getter/setter methods'
self.assertEqual(self.management_probe_response.get_vendor_specific(
), [
(b"\x00\x50\xf2",
b"\x04\x10\x4a\x00\x01\x10\x10\x44\x00\x01\x02\x10\x41\x00\x01\x00\x10\x3b\x00\x01\x03\x10\x47\x00\x10\x11\x4e\xf7\x46\xa9\xc6\xfb\x1d\x70\x1b\x00\x1b\x11\x32\x66\x23\x10\x21\x00\x06\x44\x2d\x4c\x69\x6e\x6b\x10\x23\x00\x07\x44\x49\x52\x2d\x33\x32\x30\x10\x24\x00\x07\x44\x49\x52\x2d\x33\x32\x30\x10\x42\x00\x08\x30\x30\x30\x30\x30\x30\x30\x30\x10\x54\x00\x08\x00\x06\x00\x50\xf2\x04\x00\x01\x10\x11\x00\x07\x44\x49\x52\x2d\x33\x32\x30\x10\x08\x00\x02\x00\x8e"
),
(b"\x00\x50\xf2", b"\x05\x00"),
(b"\x00\x10\x18", b"\x02\x01\xf0\x00\x00\x00"),
(b"\x00\x50\xf2",
b"\x01\x01\x00\x00\x50\xf2\x02\x01\x00\x00\x50\xf2\x02\x01\x00\x00\x50\xf2\x02\x00\x00"
),
])
self.management_probe_response.add_vendor_specific(
b"\x00\x00\x40", b"\x04\x04\x04\x04\x04\x04")
self.assertEqual(self.management_probe_response.get_vendor_specific(
), [
(b"\x00\x50\xf2",
b"\x04\x10\x4a\x00\x01\x10\x10\x44\x00\x01\x02\x10\x41\x00\x01\x00\x10\x3b\x00\x01\x03\x10\x47\x00\x10\x11\x4e\xf7\x46\xa9\xc6\xfb\x1d\x70\x1b\x00\x1b\x11\x32\x66\x23\x10\x21\x00\x06\x44\x2d\x4c\x69\x6e\x6b\x10\x23\x00\x07\x44\x49\x52\x2d\x33\x32\x30\x10\x24\x00\x07\x44\x49\x52\x2d\x33\x32\x30\x10\x42\x00\x08\x30\x30\x30\x30\x30\x30\x30\x30\x10\x54\x00\x08\x00\x06\x00\x50\xf2\x04\x00\x01\x10\x11\x00\x07\x44\x49\x52\x2d\x33\x32\x30\x10\x08\x00\x02\x00\x8e"
),
(b"\x00\x50\xf2", b"\x05\x00"),
(b"\x00\x10\x18", b"\x02\x01\xf0\x00\x00\x00"),
(b"\x00\x50\xf2",
b"\x01\x01\x00\x00\x50\xf2\x02\x01\x00\x00\x50\xf2\x02\x01\x00\x00\x50\xf2\x02\x00\x00"
),
(b"\x00\x00\x40", b"\x04\x04\x04\x04\x04\x04"),
])
self.assertEqual(self.management_probe_response.get_header_size(),
209 + 6 + 3 + 2)
class TestDot11ManagementDisassociationFrames(unittest.TestCase):
def setUp(self):
# 802.11 Management Frame
#
self.rawframe = b"\x00\x00\x1c\x00\xef\x18\x00\x00\xe7\x8a\xec\xb8\x3b\x00\x00\x00\x10\x02\x85\x09\xa0\x00\xb5\x9d\x60\x00\x00\x18\xa0\x00\x3a\x01\x00\x18\xf8\x6c\x76\x42\x70\x1a\x04\x54\xe3\x86\x00\x18\xf8\x6c\x76\x42\x70\x92\x08\x00\xbf\x1b\xa3\xa8"
self.radiotap_decoder = RadioTapDecoder()
radiotap = self.radiotap_decoder.decode(self.rawframe)
if PY2:
self.assertEqual(str(radiotap.__class__),
"impacket.dot11.RadioTap")
else:
self.assertEqual(str(radiotap.__class__),
"<class 'impacket.dot11.RadioTap'>")
self.dot11 = radiotap.child()
if PY2:
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
else:
self.assertEqual(str(self.dot11.__class__),
"<class 'impacket.dot11.Dot11'>")
type = self.dot11.get_type()
self.assertEqual(type, Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(subtype,
Dot11Types.DOT11_SUBTYPE_MANAGEMENT_DISASSOCIATION)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(
typesubtype,
Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_DISASSOCIATION)
self.management_base = self.dot11.child()
if PY2:
self.assertEqual(str(self.management_base.__class__),
"impacket.dot11.Dot11ManagementFrame")
else:
self.assertEqual(str(self.management_base.__class__),
"<class 'impacket.dot11.Dot11ManagementFrame'>")
self.management_disassociation = self.management_base.child()
if PY2:
self.assertEqual(str(self.management_disassociation.__class__),
"impacket.dot11.Dot11ManagementDisassociation")
else:
self.assertEqual(
str(self.management_disassociation.__class__),
"<class 'impacket.dot11.Dot11ManagementDisassociation'>")
def test_01(self):
'Test Header and Tail Size field'
self.assertEqual(self.management_base.get_header_size(), 22)
self.assertEqual(self.management_base.get_tail_size(), 0)
self.assertEqual(self.management_disassociation.get_header_size(), 2)
self.assertEqual(self.management_disassociation.get_tail_size(), 0)
def test_02(self):
'Test Duration field'
self.assertEqual(self.management_base.get_duration(), 0x013a)
self.management_base.set_duration(0x1234)
self.assertEqual(self.management_base.get_duration(), 0x1234)
def test_03(self):
'Test Destination Address field'
addr = self.management_base.get_destination_address()
self.assertEqual(addr.tolist(), [0x00, 0x18, 0xF8, 0x6C, 0x76, 0x42])
addr[0] = 0x12
addr[5] = 0x34
self.management_base.set_destination_address(addr)
self.assertEqual(
self.management_base.get_destination_address().tolist(),
[0x12, 0x18, 0xF8, 0x6C, 0x76, 0x34])
def test_04(self):
'Test Source Address field'
addr = self.management_base.get_source_address()
self.assertEqual(addr.tolist(), [0x70, 0x1A, 0x04, 0x54, 0xE3, 0x86])
addr[0] = 0x12
addr[5] = 0x34
self.management_base.set_source_address(addr)
self.assertEqual(self.management_base.get_source_address().tolist(),
[0x12, 0x1A, 0x04, 0x54, 0xE3, 0x34])
def test_05(self):
'Test BSSID Address field'
addr = self.management_base.get_bssid()
self.assertEqual(addr.tolist(), [0x00, 0x18, 0xF8, 0x6C, 0x76, 0x42])
addr[0] = 0x12
addr[5] = 0x34
self.management_base.set_bssid(addr)
self.assertEqual(self.management_base.get_bssid().tolist(),
[0x12, 0x18, 0xF8, 0x6C, 0x76, 0x34])
def test_06(self):
'Test Sequence control field'
self.assertEqual(self.management_base.get_sequence_control(), 0x9270)
self.management_base.set_sequence_control(0x1234)
self.assertEqual(self.management_base.get_sequence_control(), 0x1234)
def test_07(self):
'Test Fragment number field'
self.assertEqual(self.management_base.get_fragment_number(), 0x00)
self.management_base.set_fragment_number(0xF1) # Es de 4 bit
self.assertEqual(self.management_base.get_fragment_number(), 0x01)
def test_08(self):
'Test Sequence number field'
self.assertEqual(self.management_base.get_sequence_number(), 2343)
self.management_base.set_sequence_number(0xF234) # Es de 12 bit
self.assertEqual(self.management_base.get_sequence_number(), 0x0234)
def test_09(self):
'Test Management Frame Data field'
frame_body = b"\x08\x00"
self.assertEqual(self.management_base.get_frame_body(), frame_body)
def test_10(self):
'Test Management Reason Code field'
self.assertEqual(self.management_disassociation.get_reason_code(),
0x0008)
self.management_disassociation.set_reason_code(0x8765)
self.assertEqual(self.management_disassociation.get_reason_code(),
0x8765)
class TestDot11ManagementAuthenticationFrames(unittest.TestCase):
def setUp(self):
# 802.11 Management Frame
#
self.rawframe = b"\x00\x00\x1c\x00\xef\x18\x00\x00\x39\x55\x6f\x05\x3c\x00\x00\x00\x10\x02\x85\x09\xa0\x00\xb8\x9d\x60\x00\x00\x1b\xb0\x00\x3a\x01\x00\x18\xf8\x6c\x76\x42\x70\x1a\x04\x54\xe3\x86\x00\x18\xf8\x6c\x76\x42\x30\xc8\x00\x00\x01\x00\x00\x00\xdd\x09\x00\x10\x18\x02\x00\x10\x00\x00\x00\x8a\x64\xe9\x3b"
self.radiotap_decoder = RadioTapDecoder()
radiotap = self.radiotap_decoder.decode(self.rawframe)
if PY2:
self.assertEqual(str(radiotap.__class__),
"impacket.dot11.RadioTap")
else:
self.assertEqual(str(radiotap.__class__),
"<class 'impacket.dot11.RadioTap'>")
self.dot11 = radiotap.child()
if PY2:
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
else:
self.assertEqual(str(self.dot11.__class__),
"<class 'impacket.dot11.Dot11'>")
type = self.dot11.get_type()
self.assertEqual(type, Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(subtype,
Dot11Types.DOT11_SUBTYPE_MANAGEMENT_AUTHENTICATION)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(
typesubtype,
Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_AUTHENTICATION)
self.management_base = self.dot11.child()
if PY2:
self.assertEqual(str(self.management_base.__class__),
"impacket.dot11.Dot11ManagementFrame")
else:
self.assertEqual(str(self.management_base.__class__),
"<class 'impacket.dot11.Dot11ManagementFrame'>")
self.management_authentication = self.management_base.child()
if PY2:
self.assertEqual(str(self.management_authentication.__class__),
"impacket.dot11.Dot11ManagementAuthentication")
else:
self.assertEqual(
str(self.management_authentication.__class__),
"<class 'impacket.dot11.Dot11ManagementAuthentication'>")
def test_01(self):
'Test Header and Tail Size field'
self.assertEqual(self.management_base.get_header_size(), 22)
self.assertEqual(self.management_base.get_tail_size(), 0)
self.assertEqual(self.management_authentication.get_header_size(), 17)
self.assertEqual(self.management_authentication.get_tail_size(), 0)
def test_02(self):
'Test Duration field'
self.assertEqual(self.management_base.get_duration(), 0x013a)
self.management_base.set_duration(0x1234)
self.assertEqual(self.management_base.get_duration(), 0x1234)
def test_03(self):
'Test Destination Address field'
addr = self.management_base.get_destination_address()
self.assertEqual(addr.tolist(), [0x00, 0x18, 0xF8, 0x6C, 0x76, 0x42])
addr[0] = 0x12
addr[5] = 0x34
self.management_base.set_destination_address(addr)
self.assertEqual(
self.management_base.get_destination_address().tolist(),
[0x12, 0x18, 0xF8, 0x6C, 0x76, 0x34])
def test_04(self):
'Test Source Address field'
addr = self.management_base.get_source_address()
self.assertEqual(addr.tolist(), [0x70, 0x1A, 0x04, 0x54, 0xE3, 0x86])
addr[0] = 0x12
addr[5] = 0x34
self.management_base.set_source_address(addr)
self.assertEqual(self.management_base.get_source_address().tolist(),
[0x12, 0x1A, 0x04, 0x54, 0xE3, 0x34])
def test_05(self):
'Test BSSID Address field'
addr = self.management_base.get_bssid()
self.assertEqual(addr.tolist(), [0x00, 0x18, 0xF8, 0x6C, 0x76, 0x42])
addr[0] = 0x12
addr[5] = 0x34
self.management_base.set_bssid(addr)
self.assertEqual(self.management_base.get_bssid().tolist(),
[0x12, 0x18, 0xF8, 0x6C, 0x76, 0x34])
def test_06(self):
'Test Sequence control field'
self.assertEqual(self.management_base.get_sequence_control(), 0xc830)
self.management_base.set_sequence_control(0x1234)
self.assertEqual(self.management_base.get_sequence_control(), 0x1234)
def test_07(self):
'Test Fragment number field'
self.assertEqual(self.management_base.get_fragment_number(), 0x00)
self.management_base.set_fragment_number(0xF1) # Es de 4 bit
self.assertEqual(self.management_base.get_fragment_number(), 0x01)
def test_08(self):
'Test Sequence number field'
self.assertEqual(self.management_base.get_sequence_number(), 3203)
self.management_base.set_sequence_number(0xF234) # Es de 12 bit
self.assertEqual(self.management_base.get_sequence_number(), 0x0234)
def test_09(self):
'Test Management Frame Data field'
frame_body = b"\x00\x00\x01\x00\x00\x00\xdd\x09\x00\x10\x18\x02\x00\x10\x00\x00\x00"
self.assertEqual(self.management_base.get_frame_body(), frame_body)
def test_10(self):
'Test Management Frame Authentication Algorithm field'
self.assertEqual(
self.management_authentication.get_authentication_algorithm(),
0x0000)
self.management_authentication.set_authentication_algorithm(0x8765)
self.assertEqual(
self.management_authentication.get_authentication_algorithm(),
0x8765)
def test_11(self):
'Test Management Frame Authentication Sequence field'
self.assertEqual(
self.management_authentication.get_authentication_sequence(),
0x0001)
self.management_authentication.set_authentication_sequence(0x8765)
self.assertEqual(
self.management_authentication.get_authentication_sequence(),
0x8765)
def test_12(self):
'Test Management Frame Authentication Status field'
self.assertEqual(
self.management_authentication.get_authentication_status(), 0x0000)
self.management_authentication.set_authentication_status(0x8765)
self.assertEqual(
self.management_authentication.get_authentication_status(), 0x8765)
def test_13(self):
'Test Management Vendor Specific getter/setter methods'
self.assertEqual(self.management_authentication.get_vendor_specific(),
[(b"\x00\x10\x18", b"\x02\x00\x10\x00\x00\x00")])
self.management_authentication.add_vendor_specific(
b"\x00\x00\x40", b"\x04\x04\x04\x04\x04\x04")
self.assertEqual(self.management_authentication.get_vendor_specific(),
[
(b"\x00\x10\x18", b"\x02\x00\x10\x00\x00\x00"),
(b"\x00\x00\x40", b"\x04\x04\x04\x04\x04\x04"),
])
self.assertEqual(self.management_authentication.get_header_size(), 28)
class TestRadioTapDecoder(unittest.TestCase):
def setUp(self):
self.RadioTapData=b'\x00\x00\x20\x00\x67\x08\x04\x00\x30\x03\x1a\x25\x00\x00\x00\x00\x22\x0c\xd9\xa0\x02\x00\x00\x00\x40\x01\x00\x00\x3c\x14\x24\x11\x08\x02\x00\x00\xff\xff\xff\xff\xff\xff\x06\x03\x7f\x07\xa0\x16\x00\x19\xe3\xd3\x53\x52\x90\x7f\xaa\xaa\x03\x00\x00\x00\x08\x06\x00\x01\x08\x00\x06\x04\x00\x01\x00\x19\xe3\xd3\x53\x52\xa9\xfe\xf7\x00\x00\x00\x00\x00\x00\x00\x43\x08\x0e\x36'
self.radiotap_decoder = RadioTapDecoder()
self.in0=self.radiotap_decoder.decode(self.RadioTapData)
self.in1=self.in0.child()
self.in2=self.in1.child()
self.in3=self.in2.child()
self.in4=self.in3.child()
self.in5=self.in4.child()
self.in6=self.in5.child()
def test_00(self):
'Test RadioTap decoder'
if PY2:
self.assertEqual(str(self.in0.__class__), "impacket.dot11.RadioTap")
else:
self.assertEqual(str(self.in0.__class__), "<class 'impacket.dot11.RadioTap'>")
def test_01(self):
'Test Dot11 decoder'
if PY2:
self.assertEqual(str(self.in1.__class__), "impacket.dot11.Dot11")
else:
self.assertEqual(str(self.in1.__class__), "<class 'impacket.dot11.Dot11'>")
def test_02(self):
'Test Dot11DataFrame decoder'
if PY2:
self.assertEqual(str(self.in2.__class__), "impacket.dot11.Dot11DataFrame")
else:
self.assertEqual(str(self.in2.__class__), "<class 'impacket.dot11.Dot11DataFrame'>")
def test_03(self):
'Test LLC decoder'
if PY2:
self.assertEqual(str(self.in3.__class__), "impacket.dot11.LLC")
else:
self.assertEqual(str(self.in3.__class__), "<class 'impacket.dot11.LLC'>")
def test_04(self):
'Test SNAP decoder'
if PY2:
self.assertEqual(str(self.in4.__class__), "impacket.dot11.SNAP")
else:
self.assertEqual(str(self.in4.__class__), "<class 'impacket.dot11.SNAP'>")
# def test_05(self):
# 'Test ARP decoder'
# self.assertEqual(str(self.in5.__class__), "ImpactPacket.ARP")
# def test_05(self):
# 'Test Data decoder'
# self.assertEqual(str(self.in6.__class__), "ImpactPacket.Data")
def test_06(self):
'Test Protocol Finder'
p=self.radiotap_decoder.get_protocol(impacket.dot11.RadioTap)
if PY2:
self.assertEqual(str(p.__class__), "impacket.dot11.RadioTap")
else:
self.assertEqual(str(p.__class__), "<class 'impacket.dot11.RadioTap'>")
p=self.radiotap_decoder.get_protocol(impacket.dot11.Dot11)
if PY2:
self.assertEqual(str(p.__class__), "impacket.dot11.Dot11")
else:
self.assertEqual(str(p.__class__), "<class 'impacket.dot11.Dot11'>")
p=self.radiotap_decoder.get_protocol(impacket.dot11.Dot11DataFrame)
if PY2:
self.assertEqual(str(p.__class__), "impacket.dot11.Dot11DataFrame")
else:
self.assertEqual(str(p.__class__), "<class 'impacket.dot11.Dot11DataFrame'>")
p=self.radiotap_decoder.get_protocol(impacket.dot11.LLC)
if PY2:
self.assertEqual(str(p.__class__), "impacket.dot11.LLC")
else:
self.assertEqual(str(p.__class__), "<class 'impacket.dot11.LLC'>")
p=self.radiotap_decoder.get_protocol(impacket.dot11.SNAP)
if PY2:
self.assertEqual(str(p.__class__), "impacket.dot11.SNAP")
else:
self.assertEqual(str(p.__class__), "<class 'impacket.dot11.SNAP'>")
#p=self.radiotap_decoder.get_protocol(ImpactPacket.ARP)
#self.assertEqual(str(p.__class__), "ImpactPacket.ARP")
#p=self.radiotap_decoder.get_protocol(ImpactPacket.Data)
#self.assertEqual(str(p.__class__), "ImpactPacket.Data")
# When not found, None is returned
p=self.radiotap_decoder.get_protocol(impacket.dot11.Dot11WPA)
self.assertEqual(p, None)
class WpsScanner(object):
def __init__(self, args):
self.args = args
self.accessPoints = []
self.interface = args.interface
self.macAddress = args.source if isValidMacAddress(args.source) else None
self.filename = args.write
self.wps_parser = WPSParser()
self.oui = OUI()
self.captured = []
self.iw = IW(self.args.interface)
self.iw.set_monitor()
self.ap_dict = {}
self.clients_dict = {}
self.rtDecoder = RadioTapDecoder()
def signal_handler(self, frame, code):
print("Ctrl+C caught. Exiting..")
exit(-1)
def __getAddressFromList(self, bytes_list):
"Return a string of a MAC address on a bytes list."
return ":".join(map(lambda x: "%02X" % x, bytes_list))
def __getListFromAddress(self, address):
"Return a list from a MAC address string."
return map(lambda x: int(x, 16), address.split(":"))
def _packet_filter(self, pkt):
# wlan.fc.type == 0 Management frames
# wlan.fc.type == 1 Control frames
# wlan.fc.type == 2 Data frames
# wlan.fc.type_subtype == 0 Association request
# wlan.fc.type_subtype == 1 Association response
# wlan.fc.type_subtype == 2 Reassociation request
# wlan.fc.type_subtype == 3 Reassociation response
# wlan.fc.type_subtype == 4 Probe request
# wlan.fc.type_subtype == 5 Probe response
# wlan.fc.type_subtype == 8 Beacon
return True if pkt.haslayer(Dot11) and pkt.type == 0 else False
# return True if pkt.haslayer(Dot11) and pkt.type == 0 and pkt.subtype in [5, 8] else False
def _packet_handler(self, pkt):
"""Process 802.11 Packets."""
data = str(pkt)
try:
self.rtDecoder.decode(data)
beacon = self.rtDecoder.get_protocol(dot11.Dot11ManagementBeacon)
probe = self.rtDecoder.get_protocol(dot11.Dot11ManagementProbeResponse)
# Process Beacons and inject Probe Requests only when not passive
if beacon is not None:
self.handle_beacon(data)
elif probe is not None:
info = self.handle_probe_response(data)
if info:
bssid, essid = info[0], info[1]
vendor, wpsInfo = info[2], info[3]
result = "[%s] - [%s]\t%s'\nWPS Information\n" % (bssid, essid, vendor)
for key, value in wpsInfo.items():
result += " * %s: %s\n" % (key, repr(value))
result += "-" * 80 + "\n"
return result
elif pkt.haslayer(Dot11ProbeReq):
self.handle_probe_req(pkt)
except Exception as e:
# print('Error while processing packet')
# print(str(exc_info()))
return None
def handle_beacon(self, pkt):
"""Process 802.11 Beacon Frame for WPS IE."""
try:
self.rtDecoder.decode(pkt)
rt = self.rtDecoder.get_protocol(dot11.RadioTap)
channel = rt.get_channel()[0]
flags= rt.get_flags()
tsft = rt.get_tsft()
rate = rt.get_rate()
management = self.rtDecoder.get_protocol(dot11.Dot11ManagementFrame)
beacon = self.rtDecoder.get_protocol(dot11.Dot11ManagementBeacon)
bssid = self.__getAddressFromList(management.get_bssid())
essid = str(beacon.get_ssid())
vendor = self.oui.get_vendor(bssid)
if bssid not in self.ap_dict:
self.ap_dict[bssid] ={'essid':essid, 'channel':channel, 'clients':[],'vendor':vendor}
print(Fore.GREEN+'[+] New AP [%s] [%s] at %s vendor:%s TSFT: %s RATE: %s FLAGS: %s' % (bssid, essid, channel, vendor, tsft, rate,flags))
# ACTIVE MODE
if self.accessPoints.count(bssid) == 0 and self.wps_parser.has_wps(beacon.get_vendor_specific()):
# TODO: add injection
self.send_probe_req(essid, bssid,)
except Exception as e:
# print('Error while parsing beacon')
# print(str(exc_info()))
return None
# Probe requests from clients
def handle_probe_req(self, pkt):
if pkt.haslayer(Dot11ProbeReq) and '\x00' not in pkt[Dot11ProbeReq].info:
essid = pkt[Dot11ProbeReq].info
else:
essid = 'Hidden SSID'
client = pkt[Dot11].addr2
# if client in self.whitelist or essid in self.whitelist:
# TODO: add logging
# return
# New client
if client not in self.clients_dict:
self.clients_dict[client] = []
print(Fore.GREEN+'[!] New client: %s ' % client)
if essid not in self.clients_dict[client]:
self.clients_dict[client].append(essid)
print(Fore.GREEN+'[+] New ProbeRequest: from %s to %s' % (client, essid))
def handle_probe_response(self, pkt):
"""Process 802.11 Probe Response Frame for WPS IE."""
try:
self.rtDecoder.decode(pkt)
mgt = self.rtDecoder.get_protocol(dot11.Dot11ManagementFrame)
probe = self.rtDecoder.get_protocol(dot11.Dot11ManagementProbeResponse)
bssid = self.__getAddressFromList(mgt.get_bssid())
essid = probe.get_ssid()
# If null byte in the SSID IE, its cloacked.
if essid.find("\x00") != -1:
essid = "<No ssid>"
if bssid not in self.ap_dict:
self.rtDecoder.decode(pkt)
rt = self.rtDecoder.get_protocol(dot11.RadioTap)
channel = rt.get_channel()[0]
self.ap_dict[bssid] = {'essid':essid, 'channel':channel, 'clients':[],'vendor':self.oui.get_vendor(bssid)}
vendorIEs = probe.get_vendor_specific()
if self.wps_parser.has_wps(vendorIEs):
vendor = self.oui.get_vendor(bssid)
wpsInfo = self.wps_parser.parse_wps(vendorIEs)
return [bssid, essid, vendor, wpsInfo]
except Exception:
# print('Error while parsing probe responsse')
return None
def send_probe_req(self, essid, bssid, src=None):
if not self.args.active:
return
if src is None:
src = RandMAC()
print('[!] Sending 802.11 Probe Request: SRC=[%s] -> BSSID=[%s]\t(%s)' % (src, bssid, essid))
param = Dot11ProbeReq()
essid = Dot11Elt(ID='SSID',info=essid)
rates = Dot11Elt(ID='Rates',info="\x03\x12\x96\x18\x24\x30\x48\x60")
dsset = Dot11Elt(ID='DSset',info='\x01')
pkt = RadioTap()\
/Dot11(type=0, subtype=4, addr1=bssid, addr2=src, addr3=bssid)/param/essid/rates/dsset
try:
sendp(pkt, verbose=0)
except:
raise
def send_probe_req_2(self, src, ssid):
"""Return 802.11 Probe Request Frame."""
# Frame Control
frameControl = dot11.Dot11()
frameControl.set_version(0)
frameControl.set_type_n_subtype(dot11.Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_PROBE_REQUEST)
# Frame Control Flags
frameControl.set_fromDS(0)
frameControl.set_toDS(0)
frameControl.set_moreFrag(0)
frameControl.set_retry(0)
frameControl.set_powerManagement(0)
frameControl.set_moreData(0)
frameControl.set_protectedFrame(0)
frameControl.set_order(0)
# Management Frame
sequence = randint(0, 4096)
broadcast = [0xff, 0xff, 0xff, 0xff, 0xff, 0xff]
mngtFrame = dot11.Dot11ManagementFrame()
mngtFrame.set_duration(0)
mngtFrame.set_destination_address(broadcast)
mngtFrame.set_source_address(src)
mngtFrame.set_bssid(broadcast)
mngtFrame.set_fragment_number(0)
mngtFrame.set_sequence_number(sequence)
# Probe Request Frame
probeRequestFrame = dot11.Dot11ManagementProbeRequest()
probeRequestFrame.set_ssid(ssid)
probeRequestFrame.set_supported_rates([0x02, 0x04, 0x0b, 0x16])
# How is your daddy?
mngtFrame.contains(probeRequestFrame)
frameControl.contains(mngtFrame)
# return frameControl.get_packet()
# src = self.__getListFromAddress(self.args.source) if args.source is not None else self.__getListFromAddress(RandMAC())
# probe = self.__getProbeRequest(src, ssid)
return sendp(frameControl.get_packet(), iface=self.args.interface, verbose=0)
def start(self, timeout=10):
signal.signal(signal.SIGINT, self.signal_handler)
print("Press Ctrl+C to stop. Sniffing...")
print("-" * 80)
while True:
for x in [1,6,11,1,3,5,9,13]:
print(Fore.YELLOW+"[*] Switching channel to: %i" % x)
self.iw.set_channel(x)
self.captured.append(sniff(iface=self.interface, prn=self._packet_handler, lfilter=self._packet_filter, store=1, timeout=timeout))
class WpsScanner(object):
def __init__(self, args):
self.args = args
self.accessPoints = []
self.interface = args.interface
self.macAddress = args.source if is_valid_mac_address(
args.source) else None
self.filename = args.write
#
self.captured = []
self.channel = None
self.ap_dict = {}
self.clients_dict = {}
#
self.rtDecoder = RadioTapDecoder()
self.wps_parser = WPSParser()
def enable_monitor(self):
return subprocess.Popen(
'ifconfig %s down && iw %s set type monitor && ifconfig %s up' %
(self.interface, self.interface, self.interface),
shell=True).communicate()
def set_channel(self, channel, width=None):
cmd = 'iw %s set channel %s ' % (self.interface, channel)
self.channel = channel
if width is not None:
if width == 20:
cmd += 'HT20'
elif width == 40:
cmd += 'HT40+'
elif width == -40:
cmd += 'HT40-'
return subprocess.Popen(cmd, shell=True).communicate()
def signal_handler(self, frame, code):
print("Ctrl+C caught. Exiting...")
# TODO: add writing to pcap file
sys.exit(-1)
def __getAddressFromList(self, bytes_list):
"Return a string of a MAC address on a bytes list."
return ":".join(map(lambda x: "%02X" % x, bytes_list))
def __getListFromAddress(self, address):
"Return a list from a MAC address string."
return map(lambda x: int(x, 16), address.split(":"))
def _packet_filter(self, pkt):
# wlan.fc.type == 0 Management frames
# wlan.fc.type == 1 Control frames
# wlan.fc.type == 2 Data frames
# wlan.fc.type_subtype == 0 Association request
# wlan.fc.type_subtype == 1 Association response
# wlan.fc.type_subtype == 2 Reassociation request
# wlan.fc.type_subtype == 3 Reassociation response
# wlan.fc.type_subtype == 4 Probe request
# wlan.fc.type_subtype == 5 Probe response
# wlan.fc.type_subtype == 8 Beacon
return True if pkt.haslayer(Dot11) and pkt.type == 0 else False
# return True if pkt.haslayer(Dot11) and pkt.type == 0 and pkt.subtype in [5, 8] else False
def _packet_handler(self, pkt):
"""Process 802.11 Packets."""
data = str(pkt)
try:
self.rtDecoder.decode(data)
beacon = self.rtDecoder.get_protocol(dot11.Dot11ManagementBeacon)
probe = self.rtDecoder.get_protocol(
dot11.Dot11ManagementProbeResponse)
# Process Beacons and inject Probe Requests only when not passive
if beacon is not None:
self.handle_beacon(data)
elif probe is not None:
info = self.handle_probe_response(data)
if info:
bssid, essid = info[0], info[1]
vendor, wpsInfo = info[2], info[3]
result = "[%s] - [%s]\t%s'\nWPS Information\n" % (
bssid, essid, vendor)
for key, value in wpsInfo.items():
result += " * %s: %s\n" % (key, repr(value))
result += "-" * 80 + "\n"
return result
except Exception as e:
return None
def handle_beacon(self, pkt):
"""Process 802.11 Beacon Frame for WPS IE."""
try:
self.rtDecoder.decode(pkt)
rt = self.rtDecoder.get_protocol(dot11.RadioTap)
channel = rt.get_channel()[0]
flags = rt.get_flags()
tsft = rt.get_tsft()
rate = rt.get_rate()
management = self.rtDecoder.get_protocol(
dot11.Dot11ManagementFrame)
beacon = self.rtDecoder.get_protocol(dot11.Dot11ManagementBeacon)
bssid = self.__getAddressFromList(management.get_bssid())
essid = str(beacon.get_ssid())
vendor = get_vendor(bssid)
if bssid not in self.ap_dict:
self.ap_dict[bssid] = {
'essid': essid,
'channel': channel,
'clients': [],
'vendor': vendor
}
print(
Fore.GREEN +
'[+] New AP [%s] [%s] at %s vendor:%s TSFT: %s RATE: %s FLAGS: %s'
% (bssid, essid, channel, vendor, tsft, rate, flags))
# ACTIVE MODE
if self.accessPoints.count(bssid) == 0 and self.wps_parser.has_wps(
beacon.get_vendor_specific()):
# TODO: add injection
self.send_probe_req(
essid,
bssid,
)
except Exception as e:
# print('Error while parsing beacon')
# print(str(exc_info()))
return None
def handle_probe_response(self, pkt):
"""Process 802.11 Probe Response Frame for WPS IE."""
try:
self.rtDecoder.decode(pkt)
mgt = self.rtDecoder.get_protocol(dot11.Dot11ManagementFrame)
probe = self.rtDecoder.get_protocol(
dot11.Dot11ManagementProbeResponse)
bssid = self.__getAddressFromList(mgt.get_bssid())
essid = probe.get_ssid()
# If null byte in the SSID IE, its cloacked.
if essid.find("\x00") != -1:
essid = "<No ssid>"
if bssid not in self.ap_dict:
self.rtDecoder.decode(pkt)
rt = self.rtDecoder.get_protocol(dot11.RadioTap)
channel = rt.get_channel()[0]
self.ap_dict[bssid] = {
'essid': essid,
'channel': channel,
'clients': [],
'vendor': get_vendor(bssid)
}
vendorIEs = probe.get_vendor_specific()
if self.wps_parser.has_wps(vendorIEs):
vendor = get_vendor(bssid)
wpsInfo = self.wps_parser.parse_wps(vendorIEs)
return [bssid, essid, vendor, wpsInfo]
except Exception:
# print('Error while parsing probe responsse')
return None
def send_probe_req(self, essid, bssid, src=None):
if not self.args.active:
return
if src is None:
src = RandMAC()
print(
'[!] Sending 802.11 Probe Request: SRC=[%s] -> BSSID=[%s]\t(%s)' %
(src, bssid, essid))
param = Dot11ProbeReq()
essid = Dot11Elt(ID='SSID', info=essid)
rates = Dot11Elt(ID='Rates', info="\x03\x12\x96\x18\x24\x30\x48\x60")
dsset = Dot11Elt(ID='DSset', info='\x01')
pkt = RadioTap() \
/ Dot11(type=0, subtype=4, addr1=bssid, addr2=src, addr3=bssid) / param / essid / rates / dsset
try:
sendp(pkt, verbose=0)
except:
raise
def send_probe_req_2(self, src, ssid):
"""Return 802.11 Probe Request Frame."""
# Frame Control
frameControl = dot11.Dot11()
frameControl.set_version(0)
frameControl.set_type_n_subtype(
dot11.Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_PROBE_REQUEST)
# Frame Control Flags
frameControl.set_fromDS(0)
frameControl.set_toDS(0)
frameControl.set_moreFrag(0)
frameControl.set_retry(0)
frameControl.set_powerManagement(0)
frameControl.set_moreData(0)
frameControl.set_protectedFrame(0)
frameControl.set_order(0)
# Management Frame
sequence = random.randint(0, 4096)
broadcast = [0xff, 0xff, 0xff, 0xff, 0xff, 0xff]
mngtFrame = dot11.Dot11ManagementFrame()
mngtFrame.set_duration(0)
mngtFrame.set_destination_address(broadcast)
mngtFrame.set_source_address(src)
mngtFrame.set_bssid(broadcast)
mngtFrame.set_fragment_number(0)
mngtFrame.set_sequence_number(sequence)
# Probe Request Frame
probeRequestFrame = dot11.Dot11ManagementProbeRequest()
probeRequestFrame.set_ssid(ssid)
probeRequestFrame.set_supported_rates([0x02, 0x04, 0x0b, 0x16])
# How is your daddy?
mngtFrame.contains(probeRequestFrame)
frameControl.contains(mngtFrame)
# return frameControl.get_packet()
# src = self.__getListFromAddress(self.args.source) if args.source is not None else self.__getListFromAddress(RandMAC())
# probe = self.__getProbeRequest(src, ssid)
return sendp(frameControl.get_packet(),
iface=self.args.interface,
verbose=0)
def start(self, timeout=10):
# Set signal handler
signal.signal(signal.SIGINT, self.signal_handler)
# Enable monitor
if 'mon' not in self.interface:
print("Enabling monitor interface on " + self.interface)
self.enable_monitor()
# Startinf to sniffer
print("Press Ctrl+C to stop. Sniffing...")
print("-" * 80)
while True:
for x in [1, 6, 11, 1, 3, 5, 9, 13]:
print(Fore.YELLOW + "[*] Switching channel to: %i" % x)
self.set_channel(x)
self.captured.extend(
sniff(iface=self.interface,
prn=self._packet_handler,
lfilter=self._packet_filter,
store=1,
timeout=timeout))
class TestDot11ManagementBeaconFrames(unittest.TestCase):
def setUp(self):
# 802.11 Management Frame
#
self.rawframe='\x00\x00\x20\x00\x67\x08\x04\x00\x54\xc6\xb8\x24\x00\x00\x00\x00\x22\x0c\xda\xa0\x02\x00\x00\x00\x40\x01\x00\x00\x3c\x14\x24\x11\x80\x00\x00\x00\xff\xff\xff\xff\xff\xff\x06\x03\x7f\x07\xa0\x16\x06\x03\x7f\x07\xa0\x16\xb0\x77\x3a\x40\xcb\x26\x00\x00\x00\x00\x64\x00\x01\x05\x00\x0a\x66\x72\x65\x65\x62\x73\x64\x2d\x61\x70\x01\x08\x8c\x12\x98\x24\xb0\x48\x60\x6c\x03\x01\x24\x05\x04\x00\x01\x00\x00\x07\x2a\x55\x53\x20\x24\x01\x11\x28\x01\x11\x2c\x01\x11\x30\x01\x11\x34\x01\x17\x38\x01\x17\x3c\x01\x17\x40\x01\x17\x95\x01\x1e\x99\x01\x1e\x9d\x01\x1e\xa1\x01\x1e\xa5\x01\x1e\x20\x01\x00\xdd\x18\x00\x50\xf2\x02\x01\x01\x00\x00\x03\xa4\x00\x00\x27\xa4\x00\x00\x42\x43\x5e\x00\x62\x32\x2f\x00'
self.radiotap_decoder = RadioTapDecoder()
radiotap=self.radiotap_decoder.decode(self.rawframe)
self.assertEqual(str(radiotap.__class__), "impacket.dot11.RadioTap")
self.dot11=radiotap.child()
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
type = self.dot11.get_type()
self.assertEqual(type,Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(subtype,Dot11Types.DOT11_SUBTYPE_MANAGEMENT_BEACON)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(typesubtype,Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_BEACON)
self.management_base=self.dot11.child()
self.assertEqual(str(self.management_base.__class__), "impacket.dot11.Dot11ManagementFrame")
self.management_beacon=self.management_base.child()
self.assertEqual(str(self.management_beacon.__class__), "impacket.dot11.Dot11ManagementBeacon")
def test_01(self):
'Test Header and Tail Size field'
self.assertEqual(self.management_base.get_header_size(), 22)
self.assertEqual(self.management_base.get_tail_size(), 0)
self.assertEqual(self.management_beacon.get_header_size(), 116)
self.assertEqual(self.management_beacon.get_tail_size(), 0)
def test_02(self):
'Test Duration field'
self.assertEqual(self.management_base.get_duration(), 0x0000)
self.management_base.set_duration(0x1234)
self.assertEqual(self.management_base.get_duration(), 0x1234)
def test_03(self):
'Test Destination Address field'
addr=self.management_base.get_destination_address()
self.assertEqual(addr.tolist(), [0xFF,0xFF,0xFF,0xFF,0xFF,0xFF])
addr[0]=0x12
addr[5]=0x34
self.management_base.set_destination_address(addr)
self.assertEqual(self.management_base.get_destination_address().tolist(), [0x12,0xFF,0xFF,0xFF,0xFF,0x34])
def test_04(self):
'Test Source Address field'
addr=self.management_base.get_source_address()
self.assertEqual(addr.tolist(), [0x06,0x03,0x7f,0x07,0xa0,0x16])
addr[0]=0x12
addr[5]=0x34
self.management_base.set_source_address(addr)
self.assertEqual(self.management_base.get_source_address().tolist(), [0x12,0x03,0x7f,0x07,0xa0,0x34])
def test_05(self):
'Test BSSID Address field'
addr=self.management_base.get_bssid()
self.assertEqual(addr.tolist(), [0x06,0x03,0x7f,0x07,0xa0,0x16])
addr[0]=0x12
addr[5]=0x34
self.management_base.set_bssid(addr)
self.assertEqual(self.management_base.get_bssid().tolist(), [0x12,0x03,0x7f,0x07,0xa0,0x34])
def test_06(self):
'Test Sequence control field'
self.assertEqual(self.management_base.get_sequence_control(), 0x77b0)
self.management_base.set_sequence_control(0x1234)
self.assertEqual(self.management_base.get_sequence_control(), 0x1234)
def test_07(self):
'Test Fragment number field'
self.assertEqual(self.management_base.get_fragment_number(), 0x00)
self.management_base.set_fragment_number(0xF1) # Es de 4 bit
self.assertEqual(self.management_base.get_fragment_number(), 0x01)
def test_08(self):
'Test Sequence number field'
self.assertEqual(self.management_base.get_sequence_number(), 1915)
self.management_base.set_sequence_number(0xF234) # Es de 12 bit
self.assertEqual(self.management_base.get_sequence_number(), 0x0234)
def test_09(self):
'Test Management Frame Data field'
frame_body="\x3a\x40\xcb\x26\x00\x00\x00\x00\x64\x00\x01\x05\x00\x0a\x66\x72\x65\x65\x62\x73\x64\x2d\x61\x70\x01\x08\x8c\x12\x98\x24\xb0\x48\x60\x6c\x03\x01\x24\x05\x04\x00\x01\x00\x00\x07\x2a\x55\x53\x20\x24\x01\x11\x28\x01\x11\x2c\x01\x11\x30\x01\x11\x34\x01\x17\x38\x01\x17\x3c\x01\x17\x40\x01\x17\x95\x01\x1e\x99\x01\x1e\x9d\x01\x1e\xa1\x01\x1e\xa5\x01\x1e\x20\x01\x00\xdd\x18\x00\x50\xf2\x02\x01\x01\x00\x00\x03\xa4\x00\x00\x27\xa4\x00\x00\x42\x43\x5e\x00\x62\x32\x2f\x00"
self.assertEqual(self.management_base.get_frame_body(), frame_body)
def test_10(self):
'Test Management Beacon Timestamp field'
self.assertEqual(self.management_beacon.get_timestamp(), 0x0000000026CB403A)
self.management_beacon.set_timestamp(0x8765432101234567)
self.assertEqual(self.management_beacon.get_timestamp(), 0x8765432101234567)
def test_11(self):
'Test Management Beacon Interval field'
self.assertEqual(self.management_beacon.get_beacon_interval(), 0x0064)
self.management_beacon.set_beacon_interval(0x4321)
self.assertEqual(self.management_beacon.get_beacon_interval(), 0x4321)
def test_12(self):
'Test Management Beacon Capabilities field'
self.assertEqual(self.management_beacon.get_capabilities(), 0x0501)
self.management_beacon.set_capabilities(0x4321)
self.assertEqual(self.management_beacon.get_capabilities(), 0x4321)
def test_13(self):
'Test Management ssid getter/setter methods'
act_ssid="freebsd-ap"
new_ssid="holala"
self.assertEqual(self.management_beacon.get_ssid(), act_ssid)
self.management_beacon.set_ssid(new_ssid)
self.assertEqual(self.management_beacon.get_ssid(), new_ssid)
self.assertEqual(self.management_beacon.get_header_size(), 116-4)
def test_14(self):
'Test Management supported_rates getter/setter methods'
self.assertEqual(self.management_beacon.get_supported_rates(), (0x8c,0x12,0x98,0x24,0xb0,0x48,0x60,0x6c) )
self.assertEqual(self.management_beacon.get_supported_rates(human_readable=True), (6.0, 9.0, 12.0, 18.0, 24.0, 36.0, 48.0, 54.0) )
self.management_beacon.set_supported_rates((0x12,0x98,0x24,0xb0,0x48,0x60))
self.assertEqual(self.management_beacon.get_supported_rates(), (0x12,0x98,0x24,0xb0,0x48,0x60) )
self.assertEqual(self.management_beacon.get_supported_rates(human_readable=True), ( 9.0, 12.0, 18.0, 24.0, 36.0, 48.0) )
self.assertEqual(self.management_beacon.get_header_size(), 116-2)
def test_15(self):
'Test Management DS Parameter Set getter/setter methods'
self.assertEqual(self.management_beacon.get_ds_parameter_set(), 36 )
self.management_beacon.set_ds_parameter_set(40)
self.assertEqual(self.management_beacon.get_ds_parameter_set(), 40 )
self.assertEqual(self.management_beacon.get_header_size(), 116)
def test_16(self):
'Test Management Vendor Specific getter/setter methods'
self.assertEqual(self.management_beacon.get_vendor_specific(), [("\x00\x50\xf2","\x02\x01\x01\x00\x00\x03\xa4\x00\x00\x27\xa4\x00\x00\x42\x43\x5e\x00\x62\x32\x2f\x00")])
self.management_beacon.add_vendor_specific("\x00\x00\x40","\x04\x04\x04\x04\x04\x04")
self.assertEqual(self.management_beacon.get_vendor_specific(),
[("\x00\x50\xf2","\x02\x01\x01\x00\x00\x03\xa4\x00\x00\x27\xa4\x00\x00\x42\x43\x5e\x00\x62\x32\x2f\x00"),
("\x00\x00\x40","\x04\x04\x04\x04\x04\x04"),
])
self.assertEqual(self.management_beacon.get_header_size(), 127)
class TestDot11ManagementReassociationRequestFrames(unittest.TestCase):
def setUp(self):
# 802.11 Management Frame
#
self.rawframe="\x00\x00\x1c\x00\xef\x18\x00\x00\x9aK\x87\xae;\x00\x00\x00\x10\x02\x85\t\xa0\x00\xb5\x9d`\x00\x00\x18 \x00:\x01\x00\x18\xf8lvBp\x1a\x04T\xe3\x86\x00\x18\xf8lvB\x00\x081\x04\n\x00\x00\x18\xf8lvB\x00\x05ddwrt\x01\x08\x82\x84\x8b\x96$0Hl!\x02\n\x11$\x02\x01\x0e0\x14\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x08\x002\x04\x0c\x12\x18`\xdd\t\x00\x10\x18\x02\x00\x10\x00\x00\x00p\x97\x1cA"
self.radiotap_decoder = RadioTapDecoder()
radiotap=self.radiotap_decoder.decode(self.rawframe)
self.assertEqual(str(radiotap.__class__), "impacket.dot11.RadioTap")
self.dot11=radiotap.child()
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
type = self.dot11.get_type()
self.assertEqual(type,Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(subtype,Dot11Types.DOT11_SUBTYPE_MANAGEMENT_REASSOCIATION_REQUEST)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(typesubtype,Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_REASSOCIATION_REQUEST)
self.management_base=self.dot11.child()
self.assertEqual(str(self.management_base.__class__), "impacket.dot11.Dot11ManagementFrame")
self.management_reassociation_request=self.management_base.child()
self.assertEqual(str(self.management_reassociation_request.__class__), "impacket.dot11.Dot11ManagementReassociationRequest")
def test_01(self):
'Test Header and Tail Size field'
self.assertEqual(self.management_base.get_header_size(), 22)
self.assertEqual(self.management_base.get_tail_size(), 0)
self.assertEqual(self.management_reassociation_request.get_header_size(), 74)
self.assertEqual(self.management_reassociation_request.get_tail_size(), 0)
def test_02(self):
'Test Duration field'
self.assertEqual(self.management_base.get_duration(), 0x013a)
self.management_base.set_duration(0x1234)
self.assertEqual(self.management_base.get_duration(), 0x1234)
def test_03(self):
'Test Destination Address field'
addr=self.management_base.get_destination_address()
self.assertEqual(addr.tolist(), [0x00,0x18,0xF8,0x6C,0x76,0x42])
addr[0]=0x12
addr[5]=0x34
self.management_base.set_destination_address(addr)
self.assertEqual(self.management_base.get_destination_address().tolist(), [0x12,0x18,0xF8,0x6C,0x76,0x34])
def test_04(self):
'Test Source Address field'
addr=self.management_base.get_source_address()
self.assertEqual(addr.tolist(), [0x70,0x1A,0x04,0x54,0xE3,0x86])
addr[0]=0x12
addr[5]=0x34
self.management_base.set_source_address(addr)
self.assertEqual(self.management_base.get_source_address().tolist(), [0x12,0x1A,0x04,0x54,0xE3,0x34])
def test_05(self):
'Test BSSID Address field'
addr=self.management_base.get_bssid()
self.assertEqual(addr.tolist(), [0x00,0x18,0xF8,0x6C,0x76,0x42])
addr[0]=0x12
addr[5]=0x34
self.management_base.set_bssid(addr)
self.assertEqual(self.management_base.get_bssid().tolist(), [0x12,0x18,0xF8,0x6C,0x76,0x34])
def test_06(self):
'Test Sequence control field'
self.assertEqual(self.management_base.get_sequence_control(), 0x0800)
self.management_base.set_sequence_control(0x1234)
self.assertEqual(self.management_base.get_sequence_control(), 0x1234)
def test_07(self):
'Test Fragment number field'
self.assertEqual(self.management_base.get_fragment_number(), 0x00)
self.management_base.set_fragment_number(0xF1) # Es de 4 bit
self.assertEqual(self.management_base.get_fragment_number(), 0x01)
def test_08(self):
'Test Sequence number field'
self.assertEqual(self.management_base.get_sequence_number(), 128)
self.management_base.set_sequence_number(0xF234) # Es de 12 bit
self.assertEqual(self.management_base.get_sequence_number(), 0x0234)
def test_09(self):
'Test Management Frame Data field'
frame_body="1\x04\n\x00\x00\x18\xf8lvB\x00\x05ddwrt\x01\x08\x82\x84\x8b\x96$0Hl!\x02\n\x11$\x02\x01\x0e0\x14\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x08\x002\x04\x0c\x12\x18`\xdd\t\x00\x10\x18\x02\x00\x10\x00\x00\x00"
self.assertEqual(self.management_base.get_frame_body(), frame_body)
def test_10(self):
'Test Management Reassociation Request Capabilities field'
self.assertEqual(self.management_reassociation_request.get_capabilities(), 0x0431)
self.management_reassociation_request.set_capabilities(0x4321)
self.assertEqual(self.management_reassociation_request.get_capabilities(), 0x4321)
def test_11(self):
'Test Management Reassociation Request Listen Interval field'
self.assertEqual(self.management_reassociation_request.get_listen_interval(), 0x000a)
self.management_reassociation_request.set_listen_interval(0x4321)
self.assertEqual(self.management_reassociation_request.get_listen_interval(), 0x4321)
def test_12(self):
'Test Management Reassociation Request Current AP field'
addr = self.management_reassociation_request.get_current_ap()
self.assertEqual(addr.tolist(), [0x00,0x18,0xF8,0x6C,0x76,0x42])
addr[0]=0x12
addr[5]=0x34
self.management_reassociation_request.set_current_ap(addr)
self.assertEqual(self.management_reassociation_request.get_current_ap().tolist(), [0x12,0x18,0xF8,0x6C,0x76,0x34])
def test_13(self):
'Test Management Reassociation Request Ssid getter/setter methods'
act_ssid="ddwrt"
new_ssid="holala"
self.assertEqual(self.management_reassociation_request.get_ssid(), act_ssid)
self.management_reassociation_request.set_ssid(new_ssid)
self.assertEqual(self.management_reassociation_request.get_ssid(), new_ssid)
self.assertEqual(self.management_reassociation_request.get_header_size(), 74+1)
def test_14(self):
'Test Management Ressociation Request Supported_rates getter/setter methods'
self.assertEqual(self.management_reassociation_request.get_supported_rates(), (0x82, 0x84, 0x8b, 0x96, 0x24, 0x30, 0x48, 0x6c))
self.assertEqual(self.management_reassociation_request.get_supported_rates(human_readable=True), (1.0, 2.0, 5.5, 11.0, 18.0, 24.0, 36.0, 54.0))
self.management_reassociation_request.set_supported_rates((0x12, 0x98, 0x24, 0xb0, 0x48, 0x60))
self.assertEqual(self.management_reassociation_request.get_supported_rates(), (0x12, 0x98, 0x24, 0xb0, 0x48, 0x60))
self.assertEqual(self.management_reassociation_request.get_supported_rates(human_readable=True), (9.0, 12.0, 18.0, 24.0, 36.0, 48.0))
self.assertEqual(self.management_reassociation_request.get_header_size(), 74-2)
def test_15(self):
'Test Management Association Request RSN getter/setter methods'
self.assertEqual(self.management_reassociation_request.get_rsn(), "\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x08\x00")
self.management_reassociation_request.set_rsn("\xff\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x08\xff")
self.assertEqual(self.management_reassociation_request.get_rsn(), "\xff\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x08\xff")
self.assertEqual(self.management_reassociation_request.get_header_size(), 74)
def test_16(self):
'Test Management Vendor Specific getter/setter methods'
self.assertEqual(self.management_reassociation_request.get_vendor_specific(), [("\x00\x10\x18","\x02\x00\x10\x00\x00\x00")])
self.management_reassociation_request.add_vendor_specific("\x00\x00\x40", "\x04\x04\x04\x04\x04\x04")
self.assertEqual(self.management_reassociation_request.get_vendor_specific(),
[("\x00\x10\x18", "\x02\x00\x10\x00\x00\x00"),
("\x00\x00\x40", "\x04\x04\x04\x04\x04\x04"),
])
self.assertEqual(self.management_reassociation_request.get_header_size(), 74+11)
class TestRadioTapDecoder(unittest.TestCase):
def setUp(self):
self.RadioTapData=b'\x00\x00\x20\x00\x67\x08\x04\x00\x30\x03\x1a\x25\x00\x00\x00\x00\x22\x0c\xd9\xa0\x02\x00\x00\x00\x40\x01\x00\x00\x3c\x14\x24\x11\x08\x02\x00\x00\xff\xff\xff\xff\xff\xff\x06\x03\x7f\x07\xa0\x16\x00\x19\xe3\xd3\x53\x52\x90\x7f\xaa\xaa\x03\x00\x00\x00\x08\x06\x00\x01\x08\x00\x06\x04\x00\x01\x00\x19\xe3\xd3\x53\x52\xa9\xfe\xf7\x00\x00\x00\x00\x00\x00\x00\x43\x08\x0e\x36'
self.radiotap_decoder = RadioTapDecoder()
self.in0=self.radiotap_decoder.decode(self.RadioTapData)
self.in1=self.in0.child()
self.in2=self.in1.child()
self.in3=self.in2.child()
self.in4=self.in3.child()
self.in5=self.in4.child()
self.in6=self.in5.child()
def test_00(self):
'Test RadioTap decoder'
if PY2:
self.assertEqual(str(self.in0.__class__), "impacket.dot11.RadioTap")
else:
self.assertEqual(str(self.in0.__class__), "<class 'impacket.dot11.RadioTap'>")
def test_01(self):
'Test Dot11 decoder'
if PY2:
self.assertEqual(str(self.in1.__class__), "impacket.dot11.Dot11")
else:
self.assertEqual(str(self.in1.__class__), "<class 'impacket.dot11.Dot11'>")
def test_02(self):
'Test Dot11DataFrame decoder'
if PY2:
self.assertEqual(str(self.in2.__class__), "impacket.dot11.Dot11DataFrame")
else:
self.assertEqual(str(self.in2.__class__), "<class 'impacket.dot11.Dot11DataFrame'>")
def test_03(self):
'Test LLC decoder'
if PY2:
self.assertEqual(str(self.in3.__class__), "impacket.dot11.LLC")
else:
self.assertEqual(str(self.in3.__class__), "<class 'impacket.dot11.LLC'>")
def test_04(self):
'Test SNAP decoder'
if PY2:
self.assertEqual(str(self.in4.__class__), "impacket.dot11.SNAP")
else:
self.assertEqual(str(self.in4.__class__), "<class 'impacket.dot11.SNAP'>")
# def test_05(self):
# 'Test ARP decoder'
# self.assertEqual(str(self.in5.__class__), "ImpactPacket.ARP")
# def test_05(self):
# 'Test Data decoder'
# self.assertEqual(str(self.in6.__class__), "ImpactPacket.Data")
def test_06(self):
'Test Protocol Finder'
p=self.radiotap_decoder.get_protocol(impacket.dot11.RadioTap)
if PY2:
self.assertEqual(str(p.__class__), "impacket.dot11.RadioTap")
else:
self.assertEqual(str(p.__class__), "<class 'impacket.dot11.RadioTap'>")
p=self.radiotap_decoder.get_protocol(impacket.dot11.Dot11)
if PY2:
self.assertEqual(str(p.__class__), "impacket.dot11.Dot11")
else:
self.assertEqual(str(p.__class__), "<class 'impacket.dot11.Dot11'>")
p=self.radiotap_decoder.get_protocol(impacket.dot11.Dot11DataFrame)
if PY2:
self.assertEqual(str(p.__class__), "impacket.dot11.Dot11DataFrame")
else:
self.assertEqual(str(p.__class__), "<class 'impacket.dot11.Dot11DataFrame'>")
p=self.radiotap_decoder.get_protocol(impacket.dot11.LLC)
if PY2:
self.assertEqual(str(p.__class__), "impacket.dot11.LLC")
else:
self.assertEqual(str(p.__class__), "<class 'impacket.dot11.LLC'>")
p=self.radiotap_decoder.get_protocol(impacket.dot11.SNAP)
if PY2:
self.assertEqual(str(p.__class__), "impacket.dot11.SNAP")
else:
self.assertEqual(str(p.__class__), "<class 'impacket.dot11.SNAP'>")
#p=self.radiotap_decoder.get_protocol(ImpactPacket.ARP)
#self.assertEqual(str(p.__class__), "ImpactPacket.ARP")
#p=self.radiotap_decoder.get_protocol(ImpactPacket.Data)
#self.assertEqual(str(p.__class__), "ImpactPacket.Data")
# When not found, None is returned
p=self.radiotap_decoder.get_protocol(impacket.dot11.Dot11WPA)
self.assertEqual(p, None)
class TestDot11ManagementDisassociationFrames(unittest.TestCase):
def setUp(self):
# 802.11 Management Frame
#
self.rawframe=b"\x00\x00\x1c\x00\xef\x18\x00\x00\xe7\x8a\xec\xb8\x3b\x00\x00\x00\x10\x02\x85\x09\xa0\x00\xb5\x9d\x60\x00\x00\x18\xa0\x00\x3a\x01\x00\x18\xf8\x6c\x76\x42\x70\x1a\x04\x54\xe3\x86\x00\x18\xf8\x6c\x76\x42\x70\x92\x08\x00\xbf\x1b\xa3\xa8"
self.radiotap_decoder = RadioTapDecoder()
radiotap=self.radiotap_decoder.decode(self.rawframe)
if PY2:
self.assertEqual(str(radiotap.__class__), "impacket.dot11.RadioTap")
else:
self.assertEqual(str(radiotap.__class__), "<class 'impacket.dot11.RadioTap'>")
self.dot11=radiotap.child()
if PY2:
self.assertEqual(str(self.dot11.__class__), "impacket.dot11.Dot11")
else:
self.assertEqual(str(self.dot11.__class__), "<class 'impacket.dot11.Dot11'>")
type = self.dot11.get_type()
self.assertEqual(type,Dot11Types.DOT11_TYPE_MANAGEMENT)
subtype = self.dot11.get_subtype()
self.assertEqual(subtype,Dot11Types.DOT11_SUBTYPE_MANAGEMENT_DISASSOCIATION)
typesubtype = self.dot11.get_type_n_subtype()
self.assertEqual(typesubtype,Dot11Types.DOT11_TYPE_MANAGEMENT_SUBTYPE_DISASSOCIATION)
self.management_base=self.dot11.child()
if PY2:
self.assertEqual(str(self.management_base.__class__), "impacket.dot11.Dot11ManagementFrame")
else:
self.assertEqual(str(self.management_base.__class__), "<class 'impacket.dot11.Dot11ManagementFrame'>")
self.management_disassociation=self.management_base.child()
if PY2:
self.assertEqual(str(self.management_disassociation.__class__), "impacket.dot11.Dot11ManagementDisassociation")
else:
self.assertEqual(str(self.management_disassociation.__class__), "<class 'impacket.dot11.Dot11ManagementDisassociation'>")
def test_01(self):
'Test Header and Tail Size field'
self.assertEqual(self.management_base.get_header_size(), 22)
self.assertEqual(self.management_base.get_tail_size(), 0)
self.assertEqual(self.management_disassociation.get_header_size(), 2)
self.assertEqual(self.management_disassociation.get_tail_size(), 0)
def test_02(self):
'Test Duration field'
self.assertEqual(self.management_base.get_duration(), 0x013a)
self.management_base.set_duration(0x1234)
self.assertEqual(self.management_base.get_duration(), 0x1234)
def test_03(self):
'Test Destination Address field'
addr=self.management_base.get_destination_address()
self.assertEqual(addr.tolist(), [0x00,0x18,0xF8,0x6C,0x76,0x42])
addr[0]=0x12
addr[5]=0x34
self.management_base.set_destination_address(addr)
self.assertEqual(self.management_base.get_destination_address().tolist(), [0x12,0x18,0xF8,0x6C,0x76,0x34])
def test_04(self):
'Test Source Address field'
addr=self.management_base.get_source_address()
self.assertEqual(addr.tolist(), [0x70,0x1A,0x04,0x54,0xE3,0x86])
addr[0]=0x12
addr[5]=0x34
self.management_base.set_source_address(addr)
self.assertEqual(self.management_base.get_source_address().tolist(), [0x12,0x1A,0x04,0x54,0xE3,0x34])
def test_05(self):
'Test BSSID Address field'
addr=self.management_base.get_bssid()
self.assertEqual(addr.tolist(), [0x00,0x18,0xF8,0x6C,0x76,0x42])
addr[0]=0x12
addr[5]=0x34
self.management_base.set_bssid(addr)
self.assertEqual(self.management_base.get_bssid().tolist(), [0x12,0x18,0xF8,0x6C,0x76,0x34])
def test_06(self):
'Test Sequence control field'
self.assertEqual(self.management_base.get_sequence_control(), 0x9270)
self.management_base.set_sequence_control(0x1234)
self.assertEqual(self.management_base.get_sequence_control(), 0x1234)
def test_07(self):
'Test Fragment number field'
self.assertEqual(self.management_base.get_fragment_number(), 0x00)
self.management_base.set_fragment_number(0xF1) # Es de 4 bit
self.assertEqual(self.management_base.get_fragment_number(), 0x01)
def test_08(self):
'Test Sequence number field'
self.assertEqual(self.management_base.get_sequence_number(), 2343)
self.management_base.set_sequence_number(0xF234) # Es de 12 bit
self.assertEqual(self.management_base.get_sequence_number(), 0x0234)
def test_09(self):
'Test Management Frame Data field'
frame_body=b"\x08\x00"
self.assertEqual(self.management_base.get_frame_body(), frame_body)
def test_10(self):
'Test Management Reason Code field'
self.assertEqual(self.management_disassociation.get_reason_code(), 0x0008)
self.management_disassociation.set_reason_code(0x8765)
self.assertEqual(self.management_disassociation.get_reason_code(), 0x8765)
