Refactor WPA handshake capture
TODO: Argument to ignore old handshakes
This commit is contained in:
derv82
@@ -34,6 +34,35 @@ class AttackWPA(Attack):
|
|||||||
self.success = False
|
self.success = False
|
||||||
return self.success
|
return self.success
|
||||||
|
|
||||||
|
handshake = None
|
||||||
|
|
||||||
|
# Capture the handshake ("do it live!")
|
||||||
|
if handshake is None:
|
||||||
|
handshake = self.capture_handshake()
|
||||||
|
|
||||||
|
if handshake is None:
|
||||||
|
# Failed to capture handshake
|
||||||
|
self.success = False
|
||||||
|
return self.success
|
||||||
|
|
||||||
|
# Analyze handshake
|
||||||
|
Color.pl('\n{+} analysis of captured handshake file:')
|
||||||
|
handshake.analyze()
|
||||||
|
|
||||||
|
# Crack it
|
||||||
|
key = self.crack_handshake(handshake, Configuration.wordlist)
|
||||||
|
if key is None:
|
||||||
|
self.success = False
|
||||||
|
else:
|
||||||
|
self.crack_result = CrackResultWPA(bssid, essid, handshake.capfile, key)
|
||||||
|
self.crack_result.dump()
|
||||||
|
self.success = True
|
||||||
|
return self.success
|
||||||
|
|
||||||
|
def capture_handshake(self):
|
||||||
|
''' Returns captured or stored handshake, otherwise None '''
|
||||||
|
handshake = None
|
||||||
|
|
||||||
# First, start Airodump process
|
# First, start Airodump process
|
||||||
with Airodump(channel=self.target.channel,
|
with Airodump(channel=self.target.channel,
|
||||||
target_bssid=self.target.bssid,
|
target_bssid=self.target.bssid,
|
||||||
@@ -48,12 +77,16 @@ class AttackWPA(Attack):
|
|||||||
|
|
||||||
bssid = airodump_target.bssid
|
bssid = airodump_target.bssid
|
||||||
essid = airodump_target.essid if airodump_target.essid_known else None
|
essid = airodump_target.essid if airodump_target.essid_known else None
|
||||||
handshake = self.load_handshake(bssid=bssid, essid=essid)
|
|
||||||
|
|
||||||
|
# Try to load existing handshake
|
||||||
|
if Configuration.ignore_old_handshakes == False:
|
||||||
|
handshake = self.load_handshake(bssid=bssid, essid=essid)
|
||||||
if handshake:
|
if handshake:
|
||||||
Color.pl('\n\n{+} {G}using existing handshake found at %s{W}' % handshake.capfile)
|
Color.clear_entire_line()
|
||||||
Color.pl('\n{+} {G}successfully loaded handshake{W}')
|
Color.pl('{+} found {G}existing handshake{W} for {C}%s{W}' % handshake.essid)
|
||||||
else:
|
Color.pl('{+} from {C}%s{W}' % handshake.capfile)
|
||||||
|
return handshake
|
||||||
|
|
||||||
timeout_timer = Timer(Configuration.wpa_attack_timeout)
|
timeout_timer = Timer(Configuration.wpa_attack_timeout)
|
||||||
deauth_timer = Timer(Configuration.wpa_deauth_timeout)
|
deauth_timer = Timer(Configuration.wpa_deauth_timeout)
|
||||||
|
|
||||||
@@ -113,28 +146,14 @@ class AttackWPA(Attack):
|
|||||||
time.sleep(step_timer.remaining())
|
time.sleep(step_timer.remaining())
|
||||||
continue # Handshake listen+deauth loop
|
continue # Handshake listen+deauth loop
|
||||||
|
|
||||||
if not handshake:
|
if handshake is None:
|
||||||
# No handshake, attack failed.
|
# No handshake, attack failed.
|
||||||
Color.pl("\n{!} {O}WPA handshake capture {R}FAILED:{O} Timed out after %d seconds" % (Configuration.wpa_attack_timeout))
|
Color.pl("\n{!} {O}WPA handshake capture {R}FAILED:{O} Timed out after %d seconds" % (Configuration.wpa_attack_timeout))
|
||||||
self.success = False
|
return handshake
|
||||||
return self.success
|
else:
|
||||||
|
|
||||||
# Save copy of handshake to ./hs/
|
# Save copy of handshake to ./hs/
|
||||||
self.save_handshake(handshake)
|
self.save_handshake(handshake)
|
||||||
|
return handshake
|
||||||
# Print analysis of handshake file
|
|
||||||
Color.pl('\n{+} analysis of captured handshake file:')
|
|
||||||
handshake.analyze()
|
|
||||||
|
|
||||||
# Try to crack handshake
|
|
||||||
key = self.crack_handshake(handshake, Configuration.wordlist)
|
|
||||||
if key is None:
|
|
||||||
self.success = False
|
|
||||||
else:
|
|
||||||
self.crack_result = CrackResultWPA(bssid, essid, handshake.capfile, key)
|
|
||||||
self.crack_result.dump()
|
|
||||||
self.success = True
|
|
||||||
return self.success
|
|
||||||
|
|
||||||
def crack_handshake(self, handshake, wordlist):
|
def crack_handshake(self, handshake, wordlist):
|
||||||
'''Tries to crack a handshake. Returns WPA key if found, otherwise None.'''
|
'''Tries to crack a handshake. Returns WPA key if found, otherwise None.'''
|
||||||
|
|||||||
@@ -62,6 +62,7 @@ class Configuration(object):
|
|||||||
Configuration.wpa_attack_timeout = 500 # Wait time before failing
|
Configuration.wpa_attack_timeout = 500 # Wait time before failing
|
||||||
Configuration.wpa_handshake_dir = "hs" # Dir to store handshakes
|
Configuration.wpa_handshake_dir = "hs" # Dir to store handshakes
|
||||||
Configuration.wpa_strip_handshake = False # Strip non-handshake packets
|
Configuration.wpa_strip_handshake = False # Strip non-handshake packets
|
||||||
|
Configuration.ignore_old_handshakes = False # Always fetch a new handshake
|
||||||
|
|
||||||
# Default dictionary for cracking
|
# Default dictionary for cracking
|
||||||
Configuration.wordlist = None
|
Configuration.wordlist = None
|
||||||
|
|||||||
@@ -85,10 +85,10 @@ class Scanner(object):
|
|||||||
return False
|
return False
|
||||||
|
|
||||||
for target in self.targets:
|
for target in self.targets:
|
||||||
if bssid and bssid.lower() == target.bssid.lower():
|
if bssid and target.bssid and bssid.lower() == target.bssid.lower():
|
||||||
self.target = target
|
self.target = target
|
||||||
break
|
break
|
||||||
if essid and essid.lower() == target.essid.lower():
|
if essid and target.essid and essid.lower() == target.essid.lower():
|
||||||
self.target = target
|
self.target = target
|
||||||
break
|
break
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user