alexandre/wifite2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Refactor WPA handshake capture

Browse Source 
TODO: Argument to ignore old handshakes
This commit is contained in:
derv82
2018-02-27 20:33:24 -05:00
parent 0c5558fb74
commit 562bf438bf
3 changed files with 99 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

173
py/AttackWPA.py
View File

@@ -34,6 +34,35 @@ class AttackWPA(Attack):
self.success = False self.success = False
return self.success return self.success
handshake = None
# Capture the handshake ("do it live!")
if handshake is None:
handshake = self.capture_handshake()
if handshake is None:
# Failed to capture handshake
self.success = False
return self.success
# Analyze handshake
Color.pl('\n{+} analysis of captured handshake file:')
handshake.analyze()
# Crack it
key = self.crack_handshake(handshake, Configuration.wordlist)
if key is None:
self.success = False
else:
self.crack_result = CrackResultWPA(bssid, essid, handshake.capfile, key)
self.crack_result.dump()
self.success = True
return self.success
def capture_handshake(self):
''' Returns captured or stored handshake, otherwise None '''
handshake = None
# First, start Airodump process # First, start Airodump process
with Airodump(channel=self.target.channel, with Airodump(channel=self.target.channel,
target_bssid=self.target.bssid, target_bssid=self.target.bssid,
@@ -48,93 +77,83 @@ class AttackWPA(Attack):
bssid = airodump_target.bssid bssid = airodump_target.bssid
essid = airodump_target.essid if airodump_target.essid_known else None essid = airodump_target.essid if airodump_target.essid_known else None
handshake = self.load_handshake(bssid=bssid, essid=essid)
if handshake: # Try to load existing handshake
Color.pl('\n\n{+} {G}using existing handshake found at %s{W}' % handshake.capfile) if Configuration.ignore_old_handshakes == False:
Color.pl('\n{+} {G}successfully loaded handshake{W}') handshake = self.load_handshake(bssid=bssid, essid=essid)
else: if handshake:
timeout_timer = Timer(Configuration.wpa_attack_timeout)
deauth_timer = Timer(Configuration.wpa_deauth_timeout)
while handshake is None and not timeout_timer.ended():
step_timer = Timer(1)
Color.clear_entire_line() Color.clear_entire_line()
Color.pattack("WPA", Color.pl('{+} found {G}existing handshake{W} for {C}%s{W}' % handshake.essid)
airodump_target, Color.pl('{+} from {C}%s{W}' % handshake.capfile)
"Handshake capture", return handshake
"Listening. (clients:{G}%d{W}, deauth:{O}%s{W}, timeout:{R}%s{W})" % (len(self.clients), deauth_timer, timeout_timer))
# Find .cap file timeout_timer = Timer(Configuration.wpa_attack_timeout)
cap_files = airodump.find_files(endswith='.cap') deauth_timer = Timer(Configuration.wpa_deauth_timeout)
if len(cap_files) == 0:
# No cap files yet
time.sleep(step_timer.remaining())
continue
cap_file = cap_files[0]
# Copy .cap file to temp for consistency while handshake is None and not timeout_timer.ended():
temp_file = Configuration.temp('handshake.cap.bak') step_timer = Timer(1)
copy(cap_file, temp_file) Color.clear_entire_line()
Color.pattack("WPA",
airodump_target,
"Handshake capture",
"Listening. (clients:{G}%d{W}, deauth:{O}%s{W}, timeout:{R}%s{W})" % (len(self.clients), deauth_timer, timeout_timer))
# Check cap file in temp for Handshake # Find .cap file
bssid = airodump_target.bssid cap_files = airodump.find_files(endswith='.cap')
essid = airodump_target.essid if airodump_target.essid_known else None if len(cap_files) == 0:
handshake = Handshake(temp_file, bssid=bssid, essid=essid) # No cap files yet
if handshake.has_handshake():
# We got a handshake
Color.pl('\n\n{+} {G}successfully captured handshake{W}')
break
# There is no handshake
handshake = None
# Delete copied .cap file in temp to save space
os.remove(temp_file)
# Look for new clients
airodump_target = self.wait_for_target(airodump)
for client in airodump_target.clients:
if client.station not in self.clients:
Color.clear_entire_line()
Color.pattack("WPA",
airodump_target,
"Handshake capture",
"Discovered new client: {G}%s{W}" % client.station)
Color.pl("")
self.clients.append(client.station)
# Send deauth to a client or broadcast
if deauth_timer.ended():
self.deauth(airodump_target)
# Restart timer
deauth_timer = Timer(Configuration.wpa_deauth_timeout)
# Sleep for at-most 1 second
time.sleep(step_timer.remaining()) time.sleep(step_timer.remaining())
continue # Handshake listen+deauth loop continue
cap_file = cap_files[0]
if not handshake: # Copy .cap file to temp for consistency
# No handshake, attack failed. temp_file = Configuration.temp('handshake.cap.bak')
Color.pl("\n{!} {O}WPA handshake capture {R}FAILED:{O} Timed out after %d seconds" % (Configuration.wpa_attack_timeout)) copy(cap_file, temp_file)
self.success = False
return self.success
# Save copy of handshake to ./hs/ # Check cap file in temp for Handshake
self.save_handshake(handshake) bssid = airodump_target.bssid
essid = airodump_target.essid if airodump_target.essid_known else None
handshake = Handshake(temp_file, bssid=bssid, essid=essid)
if handshake.has_handshake():
# We got a handshake
Color.pl('\n\n{+} {G}successfully captured handshake{W}')
break
# Print analysis of handshake file # There is no handshake
Color.pl('\n{+} analysis of captured handshake file:') handshake = None
handshake.analyze() # Delete copied .cap file in temp to save space
os.remove(temp_file)
# Try to crack handshake # Look for new clients
key = self.crack_handshake(handshake, Configuration.wordlist) airodump_target = self.wait_for_target(airodump)
if key is None: for client in airodump_target.clients:
self.success = False if client.station not in self.clients:
else: Color.clear_entire_line()
self.crack_result = CrackResultWPA(bssid, essid, handshake.capfile, key) Color.pattack("WPA",
self.crack_result.dump() airodump_target,
self.success = True "Handshake capture",
return self.success "Discovered new client: {G}%s{W}" % client.station)
Color.pl("")
self.clients.append(client.station)
# Send deauth to a client or broadcast
if deauth_timer.ended():
self.deauth(airodump_target)
# Restart timer
deauth_timer = Timer(Configuration.wpa_deauth_timeout)
# Sleep for at-most 1 second
time.sleep(step_timer.remaining())
continue # Handshake listen+deauth loop
if handshake is None:
# No handshake, attack failed.
Color.pl("\n{!} {O}WPA handshake capture {R}FAILED:{O} Timed out after %d seconds" % (Configuration.wpa_attack_timeout))
return handshake
else:
# Save copy of handshake to ./hs/
self.save_handshake(handshake)
return handshake
def crack_handshake(self, handshake, wordlist): def crack_handshake(self, handshake, wordlist):
'''Tries to crack a handshake. Returns WPA key if found, otherwise None.''' '''Tries to crack a handshake. Returns WPA key if found, otherwise None.'''

1
py/Configuration.py
View File

@@ -62,6 +62,7 @@ class Configuration(object):
Configuration.wpa_attack_timeout = 500 # Wait time before failing Configuration.wpa_attack_timeout = 500 # Wait time before failing
Configuration.wpa_handshake_dir = "hs" # Dir to store handshakes Configuration.wpa_handshake_dir = "hs" # Dir to store handshakes
Configuration.wpa_strip_handshake = False # Strip non-handshake packets Configuration.wpa_strip_handshake = False # Strip non-handshake packets
Configuration.ignore_old_handshakes = False # Always fetch a new handshake
# Default dictionary for cracking # Default dictionary for cracking
Configuration.wordlist = None Configuration.wordlist = None

4
py/Scanner.py
View File

@@ -85,10 +85,10 @@ class Scanner(object):
return False return False
for target in self.targets: for target in self.targets:
if bssid and bssid.lower() == target.bssid.lower(): if bssid and target.bssid and bssid.lower() == target.bssid.lower():
self.target = target self.target = target
break break
if essid and essid.lower() == target.essid.lower(): if essid and target.essid and essid.lower() == target.essid.lower():
self.target = target self.target = target
break break