From c3fa522189dd3dc3997dee146e31e248467a7aa1 Mon Sep 17 00:00:00 2001
From: derv82 <derv82@gmail.com>
Date: Tue, 16 May 2017 21:08:43 -0400
Subject: [PATCH] Fixing WEP chopchop attack. Works, but needs more work...

---
 py/Aireplay.py  | 14 +++++++++-----
 py/AttackWEP.py | 15 ++++++++-------
 2 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/py/Aireplay.py b/py/Aireplay.py
index a2d7655..03a775b 100644
--- a/py/Aireplay.py
+++ b/py/Aireplay.py
@@ -68,12 +68,15 @@ class Aireplay(object):
 
         # TODO: set 'stdout' when creating process to store output to file.
         # AttackWEP will read file to get status of attack.
-        # E.g., chopchop will regex "(\d+)% done" to get percent complete.
+        # E.g., chopchop will regex "\(\s?(\d+)% done" to get percent complete.
         '''
-        from subprocess import PIPE
-        sout = PIPE
-        if '--chopchop' in cmd:
-            sout = open(Configuration.temp('chopchop'), 'w')
+        if not devnull and attack_type == WEPAttackType.chopchop:
+            sout = open(Configuration.temp('chopchop.out'), 'w')
+            # Output sample:
+            # Offset   70 (11% done) | xor = 7A | pt = 00 |   24 frames written in   409ms
+        else:
+            sout = Process.devnull()
+        serr = Process.devnull()
         '''
 
         self.pid = Process(cmd,
@@ -183,6 +186,7 @@ class Aireplay(object):
                     "Client_mac and Replay_File are required for arp replay")
             cmd.append('--arpreplay')
             cmd.extend(['-b', target.bssid])
+            cmd.extend(['-h', client_mac])
             cmd.extend(['-r', replay_file])
             cmd.extend(['-F']) # Automatically choose first packet
             cmd.extend(['-x', str(Configuration.wep_pps)])
diff --git a/py/AttackWEP.py b/py/AttackWEP.py
index 1f40924..6bcd4b8 100644
--- a/py/AttackWEP.py
+++ b/py/AttackWEP.py
@@ -156,17 +156,18 @@ class AttackWEP(Attack):
                                 # If .xor exists, run packetforge-ng to create .cap
                                 Color.pl('\n{+} {C}%s attack{W}' % attack_name +
                                         ' generated a {C}.xor file{W}, {G}forging...{W}')
-                                forge_file = Aireplay.forge_packet(xor_file,
+                                replay_file = Aireplay.forge_packet(xor_file,
                                                                    airodump_target.bssid,
                                                                    client_mac)
-                                if forge_file:
-                                    replay_file = forge_file
+                                if replay_file:
                                     Color.pl('{+} {C}forged packet{W},' +
                                              ' {G}replaying...{W}')
-                                    attack_name = 'forged arp replay'
-                                    aireplay = Aireplay(self.target, \
-                                                        'forgedreplay', \
-                                                        client_mac=client_mac, \
+                                    wep_attack_type = WEPAttackType("forgedreplay")
+                                    attack_name = "forgedreplay"
+                                    aireplay = Aireplay(self.target,
+                                                        'forgedreplay',
+                                                        client_mac=client_mac,
+                                                        devnull=True,
                                                         replay_file=replay_file)
                                     continue
                                 else: