Fix tshark ssid discovery
This commit is contained in:
derv82
@@ -172,7 +172,7 @@ if __name__ == '__main__':
|
||||
w.main()
|
||||
except Exception, e:
|
||||
Color.pl('\n{!} {R}Error:{O} %s{W}' % str(e))
|
||||
if Configuration.verbose > 0:
|
||||
if Configuration.verbose > 0 or True:
|
||||
Color.pl('\n{!} {O}Full stack trace below')
|
||||
from traceback import format_exc
|
||||
Color.p('\n{!} ')
|
||||
|
||||
@@ -201,11 +201,11 @@ class Airodump(object):
|
||||
|
||||
if target.essid_len == 0:
|
||||
# Ignore empty/blank ESSIDs
|
||||
continue
|
||||
pass
|
||||
|
||||
if target.channel == "-1":
|
||||
# Ignore -1 channel
|
||||
continue
|
||||
pass
|
||||
|
||||
targets.append(target)
|
||||
return targets
|
||||
|
||||
@@ -15,7 +15,7 @@ class Attack(object):
|
||||
|
||||
def run(self):
|
||||
raise Exception("Unimplemented method: run")
|
||||
|
||||
|
||||
def wait_for_target(self, airodump):
|
||||
'''
|
||||
Waits for target to appear in airodump
|
||||
|
||||
@@ -38,8 +38,9 @@ class AttackWPA(Attack):
|
||||
output_file_prefix='wpa') as airodump:
|
||||
|
||||
Color.clear_line()
|
||||
Color.p('\r{+} {C}WPA-handshake attack{W}: ')
|
||||
Color.p('{O}waiting{W} for target to appear...')
|
||||
Color.pattack("WPA", self.target, "Handshake capture", "Waiting for target to appear...")
|
||||
#Color.p('\r{+} {C}WPA-handshake attack{W}: ')
|
||||
#Color.p('{O}waiting{W} for target to appear...')
|
||||
airodump_target = self.wait_for_target(airodump)
|
||||
|
||||
# Get client station MAC addresses
|
||||
@@ -55,9 +56,10 @@ class AttackWPA(Attack):
|
||||
while True:
|
||||
if not deauth_proc or deauth_proc.poll() != None:
|
||||
# Clear line only if we're not deauthing right now
|
||||
Color.p('\r%s\r' % (' ' * 90))
|
||||
Color.p('\r{+} {C}WPA-handshake attack{W}: ')
|
||||
Color.p('waiting for {C}handshake{W}...')
|
||||
Color.clear_line()
|
||||
Color.pattack("WPA", airodump_target, "Handshake capture", "Waiting for handshake...")
|
||||
#Color.p('\r{+} {C}WPA-handshake attack{W}: ')
|
||||
#Color.p('waiting for {C}handshake{W}...')
|
||||
|
||||
time.sleep(1)
|
||||
|
||||
@@ -97,8 +99,8 @@ class AttackWPA(Attack):
|
||||
airodump_target = self.wait_for_target(airodump)
|
||||
for client in airodump_target.clients:
|
||||
if client.station not in clients:
|
||||
Color.pl('\r{+} discovered {G}client{W}:' +
|
||||
' {C}%s{W}%s' % (client.station, ' ' * 10))
|
||||
Color.clear_line()
|
||||
Color.pl('\r{+} discovered new {G}client{W}: {C}%s{W}' % client.station)
|
||||
clients.append(client.station)
|
||||
|
||||
# Send deauth to a client or broadcast
|
||||
|
||||
@@ -82,8 +82,9 @@ class Color(object):
|
||||
[name] ESSID (MAC @ Pwr) Attack_Type: Progress
|
||||
e.g.: [WEP] Router2G (00:11:22 @ 23db) replay attack: 102 IVs
|
||||
'''
|
||||
essid = "{C}%s{W}" % target.essid if target.essid_known else "{O}unknown{W}"
|
||||
Color.p("\r{+} {G}%s{W} ({C}%s @ %sdb{W}) {G}%s {C}%s{W}: %s " % (
|
||||
target.essid, target.bssid, target.power, attack_type, attack_name, progress))
|
||||
essid, target.bssid, target.power, attack_type, attack_name, progress))
|
||||
|
||||
if __name__ == '__main__':
|
||||
Color.pl("{R}Testing{G}One{C}Two{P}Three{W}Done")
|
||||
|
||||
@@ -59,7 +59,8 @@ class Configuration(object):
|
||||
Configuration.wordlist = None
|
||||
wordlists = [
|
||||
'/usr/share/wfuzz/wordlist/fuzzdb/wordlists-user-passwd/passwds/phpbb.txt',
|
||||
'/usr/share/fuzzdb/wordlists-user-passwd/passwds/phpbb.txt'
|
||||
'/usr/share/fuzzdb/wordlists-user-passwd/passwds/phpbb.txt',
|
||||
'/usr/share/sqlmap/txt/wordlist.txt'
|
||||
]
|
||||
for wlist in wordlists:
|
||||
if os.path.exists(wlist):
|
||||
|
||||
@@ -90,22 +90,24 @@ class Handshake(object):
|
||||
cmd = [
|
||||
'tshark',
|
||||
'-r', self.capfile,
|
||||
'-R', 'wlan.fc.type_subtype == 0x08',
|
||||
'-R', 'wlan.fc.type_subtype == 0x08 || wlan.fc.type_subtype == 0x05',
|
||||
'-2', # tshark: -R without -2 is deprecated.
|
||||
'-n'
|
||||
]
|
||||
proc = Process(cmd, devnull=False)
|
||||
for line in proc.stdout().split('\n'):
|
||||
# Extract src, dst, and essid
|
||||
mac_regex = ('[a-zA-Z0-9]{2}:' * 6)[:-1]
|
||||
match = re.search('(%s) -> (%s).*.*SSID=(.*)$'
|
||||
match = re.search('(%s) [^ ]* (%s).*.*SSID=(.*)$'
|
||||
% (mac_regex, mac_regex), line)
|
||||
if match == None:
|
||||
# Line doesn't contain src, dst, ssid
|
||||
continue
|
||||
(src, dst, essid) = match.groups()
|
||||
if dst.lower() == "ff:ff:ff:ff:ff:ff": continue
|
||||
if self.bssid:
|
||||
# We know the BSSID, only return the ESSID for this BSSID.
|
||||
if self.bssid.lower() == src.lower():
|
||||
if self.bssid.lower() == src.lower() or self.bssid.lower() == dst.lower():
|
||||
essids.add((src, essid))
|
||||
else:
|
||||
# We do not know BSSID, add it.
|
||||
@@ -263,7 +265,7 @@ class Handshake(object):
|
||||
hit_Target = False
|
||||
else:
|
||||
# Line does not contain AccessPoint
|
||||
if hit_target and ', good,' in line:
|
||||
if hit_target and ', good' in line:
|
||||
bssid_essid_pairs.add( (current_bssid, current_essid) )
|
||||
return [x for x in bssid_essid_pairs]
|
||||
|
||||
|
||||
@@ -52,7 +52,7 @@ class Scanner(object):
|
||||
Color.p(
|
||||
'\r{+} scanning, found' +
|
||||
' {G}%d{W} target(s),' % target_count +
|
||||
' {G}%d{W} clients.' % client_count +
|
||||
' {G}%d{W} client(s).' % client_count +
|
||||
' {O}Ctrl+C{W} when ready')
|
||||
sleep(1)
|
||||
except KeyboardInterrupt:
|
||||
|
||||
Reference in New Issue
Block a user