def process_body(self, frame_ctrl, mgt_frame, data): """ Process Probe Response and Reassociation Response frames searching for CCX IEs. """ bssid = ieee80211.get_string_mac_address_from_array(mgt_frame.get_bssid()) if frame_ctrl.get_subtype() == ieee80211.TYPE_MGMT_SUBTYPE_REASSOCIATION_RESPONSE: reassociation_response = self.decoder.get_protocol(dot11.Dot11ManagementReassociationResponse) data = reassociation_response._get_element(ccx.CISCO_CCX_IE_IP_ADDRESS_ID) if data: if bssid not in self.__devices__: self.__devices__[bssid] = OrderedDict() ssid = reassociation_response._get_element(dot11.DOT11_MANAGEMENT_ELEMENTS.SSID) if ssid and self.SSID_KEY not in self.__devices__[bssid]: self.__devices__[bssid][self.SSID_KEY] = ssid aux = writer.get_device_information_dict(bssid.upper(), self.__module_name__, self.__devices__[bssid]) self.__output__.put(aux) if self.CTRL_IP_ADDR_KEY not in self.__devices__[bssid]: ccx95 = chr(ccx.CISCO_CCX_IE_IP_ADDRESS_ID) + chr(len(data)) + data self.__devices__[bssid][self.CTRL_IP_ADDR_KEY] = ccx.CiscoCCX95InformationElement(ccx95).get_ip_address() aux = writer.get_device_information_dict(bssid.upper(), self.__module_name__, self.__devices__[bssid]) self.__output__.put(aux) else: if frame_ctrl.get_subtype() == dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_BEACON: frame = self.decoder.get_protocol(dot11.Dot11ManagementBeacon) elif frame_ctrl.get_subtype() == dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_PROBE_RESPONSE: frame = self.decoder.get_protocol(dot11.Dot11ManagementProbeResponse) else: return security = ieee80211.get_security(frame) data = frame._get_element(ccx.CISCO_CCX_IE_DEVICE_NAME_ID) if bssid not in self.__devices__ and data: self.__devices__[bssid] = OrderedDict() ssid = frame.get_ssid().replace("\x00", "") self.__devices__[bssid][self.SSID_KEY] = ssid channel = frame.get_ds_parameter_set() if channel: self.__devices__[bssid][self.CHANNEL_KEY] = channel ccx85 = chr(ccx.CISCO_CCX_IE_DEVICE_NAME_ID) + chr(len(data)) + data device_name = ccx.CiscoCCX85InformationElement(ccx85).get_device_name() associated_clients = ccx.CiscoCCX85InformationElement(ccx85).get_associated_clients() self.__devices__[bssid][self.AP_NAME_KEY] = device_name self.__devices__[bssid][self.ASSOCIATED_CLIENTS_KEY] = associated_clients self.__devices__[bssid][self.SECURITY_KEY] = security aux = writer.get_device_information_dict(bssid.upper(), self.__module_name__, self.__devices__[bssid]) self.__output__.put(aux)
def process_body(self, mgt_frame, data): """ TODO: Documentation """ device_mac = ieee80211.get_string_mac_address_from_array(mgt_frame.get_source_address()) __data = self.process_airplay_data(data) if __data: if device_mac not in list(self.__devices__.keys()): if self.name_label in __data: info_items = dict() info_items['Name'] = __data[self.name_label] if self.class_label in __data: info_items['Class'] = __data[self.class_label] if self.country_label in __data: info_items['Country'] = __data[self.country_label] if self.service_request_label in __data: idx = 0 for item in __data[self.service_request_label]: info_items['Service Request %d' % idx] = repr(item) idx += 1 if self.service_response_label in __data: idx = 0 for item in __data[self.service_response_label]: info_items['Service Response %d' % idx] = repr(item) idx += 1 aux = writer.get_device_information_dict(device_mac.upper(), self.__module_name__, info_items) self.__output__.put(aux) # Apple Devices has MAC randomization, so we should use the device name to identify them. self.__devices__[device_mac] = __data[self.name_label]
def process_frame(self, frame_ctl, mgt_frame): """ Process Beacon and Probe Response frames searching for HP IE and storing information. """ device_mac = ieee80211.get_string_mac_address_from_array( mgt_frame.get_source_address()) if device_mac not in self.devices.keys(): self.devices[device_mac] = list() if frame_ctl.get_subtype() == ieee80211.TYPE_MGMT_SUBTYPE_PROBE_RESPONSE: _frame = self.decoder.get_protocol(dot11.Dot11ManagementProbeResponse) elif frame_ctl.get_subtype() == ieee80211.TYPE_MGMT_SUBTYPE_BEACON: _frame = self.decoder.get_protocol(dot11.Dot11ManagementBeacon) if _frame: ssid = _frame.get_ssid() channel = _frame.get_ds_parameter_set() security = ieee80211.get_security(_frame) for item in _frame.get_vendor_specific(): oui = item[0] if oui == self.hp_ie_oui: ie_data = item[1] info_items = OrderedDict() info_items['SSID'] = ssid info_items['Channel'] = channel info_items['Security'] = security self.process_hp_ie(ie_data, info_items) aux = writer.get_device_information_dict(device_mac.upper(), self.__module_name__, info_items) self.__output__.put(aux)
def process_frame(self, frame_ctl, mgt_frame): """ Process Probe Response frame searching for WPS IEs and printing the information. """ device_mac = ieee80211.get_string_mac_address_from_array( mgt_frame.get_source_address()) if device_mac not in self.devices.keys(): self.devices[device_mac] = list() if frame_ctl.get_subtype( ) == ieee80211.TYPE_MGMT_SUBTYPE_PROBE_RESPONSE: _frame = self.decoder.get_protocol( dot11.Dot11ManagementProbeResponse) if _frame: ssid = _frame.get_ssid() channel = _frame.get_ds_parameter_set() security = ieee80211.get_security(_frame) vs_list = _frame.get_vendor_specific() for item in vs_list: oui, data = item vs_type = data[0] length = struct.pack("B", len(oui + data)) raw_data = wps.WPSInformationElement.VENDOR_SPECIFIC_IE_ID + length + oui + data if oui == wps.WPSInformationElement.WPS_OUI and vs_type == wps.WPSInformationElement.WPS_OUI_TYPE: info_items = dict() if ssid: info_items['SSID'] = ssid if channel: info_items['Channel'] = channel info_items['Security'] = security ie = wps.WPSInformationElement(raw_data) for element in ie.get_elements(): k, v = element if all(c in string.printable for c in v): info_items[string.capwords(k)] = v else: info_items[string.capwords(k)] = repr(v) aux = writer.get_device_information_dict( device_mac.upper(), self.__module_name__, info_items) self.__output__.put(aux)
def process_body(self, mgt_frame, data): """ Process Probe Response frame searching for WPS and P2P IEs and storing information. """ device_mac = ieee80211.get_string_mac_address_from_array( mgt_frame.get_source_address()) probe_response_frame = self.decoder.get_protocol( dot11.Dot11ManagementProbeResponse) ssid = probe_response_frame.get_ssid() if not ssid: return if not ssid.startswith(self.WIFI_DIRECT_SSID): return if device_mac not in self.__devices__.keys(): self.__devices__[device_mac] = list() vs_list = probe_response_frame.get_vendor_specific() wps_ie_info = dict() p2p_ie_info = dict() channel = probe_response_frame.get_ds_parameter_set() for vs_element in vs_list: oui, data = vs_element vs_type = data[0] length = struct.pack("B", len(oui + data)) raw_data = wps.WPSInformationElement.VENDOR_SPECIFIC_IE_ID + length + oui + data if oui == wps.WPSInformationElement.WPS_OUI and vs_type == wps.WPSInformationElement.WPS_OUI_TYPE: ie = wps.WPSInformationElement(raw_data) for wps_element in ie.get_elements(): k, v = wps_element if all(c in string.printable for c in v): wps_ie_info[string.capwords(k)] = v else: wps_ie_info[string.capwords(k)] = repr(v) elif oui == p2p.P2PInformationElement.P2P_OUI and vs_type == p2p.P2PInformationElement.P2P_OUI_TYPE: ie = p2p.P2PInformationElement(raw_data) for p2p_element in ie.get_elements(): k, v = p2p_element if all(c in string.printable for c in v): p2p_ie_info[k] = v else: p2p_ie_info[k] = repr(v) if not p2p_ie_info: return info_items = OrderedDict() info_items['SSID'] = ssid if channel: info_items['Channel'] = channel for key, value in p2p_ie_info.items(): info_items['%s' % key] = value for key, value in wps_ie_info.items(): info_items['WPS %s' % key] = value aux = writer.get_device_information_dict(device_mac.upper(), self.__module_name__, info_items) self.__output__.put(aux)