|
|
@@ -8,6 +8,7 @@
|
|
|
import logging
|
|
|
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
|
|
|
from scapy.all import *
|
|
|
+from libwifi import *
|
|
|
import sys, socket, struct, time, subprocess, atexit, select
|
|
|
from datetime import datetime
|
|
|
|
|
|
@@ -140,74 +141,6 @@ def log(level, msg, color=None, showtime=True):
|
|
|
print (datetime.now().strftime('[%H:%M:%S] ') if showtime else " "*11) + COLORCODES.get(color, "") + msg + "\033[1;0m"
|
|
|
|
|
|
|
|
|
-#### Packet Processing Functions ####
|
|
|
-
|
|
|
-class MitmSocket(L2Socket):
|
|
|
- def __init__(self, **kwargs):
|
|
|
- super(MitmSocket, self).__init__(**kwargs)
|
|
|
-
|
|
|
- def send(self, p):
|
|
|
- # Hack: set the More Data flag so we can detect injected frames (and so clients stay awake longer)
|
|
|
- p[Dot11].FCfield |= 0x20
|
|
|
- L2Socket.send(self, RadioTap()/p)
|
|
|
-
|
|
|
- def _strip_fcs(self, p):
|
|
|
- # Scapy can't handle the optional Frame Check Sequence (FCS) field automatically
|
|
|
- if p[RadioTap].present & 2 != 0:
|
|
|
- rawframe = str(p[RadioTap])
|
|
|
- pos = 8
|
|
|
- while ord(rawframe[pos - 1]) & 0x80 != 0: pos += 4
|
|
|
-
|
|
|
- # If the TSFT field is present, it must be 8-bytes aligned
|
|
|
- if p[RadioTap].present & 1 != 0:
|
|
|
- pos += (8 - (pos % 8))
|
|
|
- pos += 8
|
|
|
-
|
|
|
- # Remove FCS if present
|
|
|
- if ord(rawframe[pos]) & 0x10 != 0:
|
|
|
- return Dot11(str(p[Dot11])[:-4])
|
|
|
-
|
|
|
- return p[Dot11]
|
|
|
-
|
|
|
- def recv(self, x=MTU):
|
|
|
- p = L2Socket.recv(self, x)
|
|
|
- if p == None or not Dot11 in p: return None
|
|
|
-
|
|
|
- # Hack: ignore frames that we just injected and are echoed back by the kernel
|
|
|
- if p[Dot11].FCfield & 0x20 != 0:
|
|
|
- return None
|
|
|
-
|
|
|
- # Strip the FCS if present, and drop the RadioTap header
|
|
|
- return self._strip_fcs(p)
|
|
|
-
|
|
|
- def close(self):
|
|
|
- super(MitmSocket, self).close()
|
|
|
-
|
|
|
-def dot11_get_seqnum(p):
|
|
|
- return p[Dot11].SC >> 4
|
|
|
-
|
|
|
-def dot11_get_iv(p):
|
|
|
- """Scapy can't handle Extended IVs, so do this properly ourselves (only works for CCMP)"""
|
|
|
- if Dot11WEP not in p:
|
|
|
- log(ERROR, "INTERNAL ERROR: Requested IV of plaintext frame")
|
|
|
- return 0
|
|
|
-
|
|
|
- wep = p[Dot11WEP]
|
|
|
- if wep.keyid & 32:
|
|
|
- return ord(wep.iv[0]) + (ord(wep.iv[1]) << 8) + (struct.unpack(">I", wep.wepdata[:4])[0] << 16)
|
|
|
- else:
|
|
|
- return ord(wep.iv[0]) + (ord(wep.iv[1]) << 8) + (ord(wep.iv[2]) << 16)
|
|
|
-
|
|
|
-def get_tlv_value(p, type):
|
|
|
- if not Dot11Elt in p: return None
|
|
|
- el = p[Dot11Elt]
|
|
|
- while isinstance(el, Dot11Elt):
|
|
|
- if el.ID == type:
|
|
|
- return el.info
|
|
|
- el = el.payload
|
|
|
- return None
|
|
|
-
|
|
|
-
|
|
|
#### Man-in-the-middle Code ####
|
|
|
|
|
|
class KRAckAttackFt():
|
Mathy Vanhoef