alexandre/wifite2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Refactor WPA handshake capture

Browse Source 
TODO: Argument to ignore old handshakes
This commit is contained in:
derv82
2018-02-27 20:33:24 -05:00
parent 0c5558fb74
commit 562bf438bf
3 changed files with 99 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
py/AttackWPA.py
View File

@@ -34,6 +34,35 @@ class AttackWPA(Attack):
self.success = False
return self.success
handshake = None
# Capture the handshake ("do it live!")
if handshake is None:
handshake = self.capture_handshake()
if handshake is None:
# Failed to capture handshake
self.success = False
return self.success
# Analyze handshake
Color.pl('\n{+} analysis of captured handshake file:')
handshake.analyze()
# Crack it
key = self.crack_handshake(handshake, Configuration.wordlist)
if key is None:
self.success = False
else:
self.crack_result = CrackResultWPA(bssid, essid, handshake.capfile, key)
self.crack_result.dump()
self.success = True
return self.success
def capture_handshake(self):
''' Returns captured or stored handshake, otherwise None '''
handshake = None
# First, start Airodump process
with Airodump(channel=self.target.channel,
target_bssid=self.target.bssid,
@@ -48,12 +77,16 @@ class AttackWPA(Attack):
bssid = airodump_target.bssid
essid = airodump_target.essid if airodump_target.essid_known else None
handshake = self.load_handshake(bssid=bssid, essid=essid)
# Try to load existing handshake
if Configuration.ignore_old_handshakes == False:
handshake = self.load_handshake(bssid=bssid, essid=essid)
if handshake:
Color.pl('\n\n{+} {G}using existing handshake found at %s{W}' % handshake.capfile)
Color.pl('\n{+} {G}successfully loaded handshake{W}')
else:
Color.clear_entire_line()
Color.pl('{+} found {G}existing handshake{W} for {C}%s{W}' % handshake.essid)
Color.pl('{+} from {C}%s{W}' % handshake.capfile)
return handshake
timeout_timer = Timer(Configuration.wpa_attack_timeout)
deauth_timer = Timer(Configuration.wpa_deauth_timeout)
@@ -113,28 +146,14 @@ class AttackWPA(Attack):
time.sleep(step_timer.remaining())
continue # Handshake listen+deauth loop
if not handshake:
if handshake is None:
# No handshake, attack failed.
Color.pl("\n{!} {O}WPA handshake capture {R}FAILED:{O} Timed out after %d seconds" % (Configuration.wpa_attack_timeout))
self.success = False
return self.success
return handshake
else:
# Save copy of handshake to ./hs/
self.save_handshake(handshake)
# Print analysis of handshake file
Color.pl('\n{+} analysis of captured handshake file:')
handshake.analyze()
# Try to crack handshake
key = self.crack_handshake(handshake, Configuration.wordlist)
if key is None:
self.success = False
else:
self.crack_result = CrackResultWPA(bssid, essid, handshake.capfile, key)
self.crack_result.dump()
self.success = True
return self.success
return handshake
def crack_handshake(self, handshake, wordlist):
'''Tries to crack a handshake. Returns WPA key if found, otherwise None.'''

1
py/Configuration.py
View File

@@ -62,6 +62,7 @@ class Configuration(object):
Configuration.wpa_attack_timeout = 500 # Wait time before failing
Configuration.wpa_handshake_dir = "hs" # Dir to store handshakes
Configuration.wpa_strip_handshake = False # Strip non-handshake packets
Configuration.ignore_old_handshakes = False # Always fetch a new handshake
# Default dictionary for cracking
Configuration.wordlist = None

4
py/Scanner.py
View File

@@ -85,10 +85,10 @@ class Scanner(object):
return False
for target in self.targets:
if bssid and bssid.lower() == target.bssid.lower():
if bssid and target.bssid and bssid.lower() == target.bssid.lower():
self.target = target
break
if essid and essid.lower() == target.essid.lower():
if essid and target.essid and essid.lower() == target.essid.lower():
self.target = target
break