Issue #157: wifi.recon can now select one or multiple channels (comma separated) and show only the selected channels.

modules/wifi_recon.go

@@ -6,6 +6,7 @@ import (
 	"os"
 	"sort"
 	"strconv"
+	"strings"
 	"sync"
 	"time"
 
@@ -90,6 +91,10 @@ func NewWiFiRecon(s *session.Session) *WiFiRecon {
 		func(args []string) error {
 			w.ap = nil
 			w.stickChan = 0
+			var err error
+			if w.frequencies, err = network.GetSupportedFrequencies(w.Session.Interface.Name()); err != nil {
+				return err
+			}
 			return nil
 		}))
 
@@ -113,9 +118,38 @@ func NewWiFiRecon(s *session.Session) *WiFiRecon {
 		"",
 		"WiFi channel or empty for channel hopping."))
 
+	w.AddHandler(session.NewModuleHandler("wifi.recon.channel", `wifi\.recon\.channel[\s]*([0-9]+(?:[, ]+[0-9]+)*)?`,
+		"WiFi channels (comma separated) or empty for channel hopping.",
+		func(args []string) error {
+			newfrequencies := w.frequencies[:0]
+
+			if len(args) > 0 && args[0] != "" {
+				channels := strings.Split(args[0], ",")
+				for _, c := range channels {
+					trimmed := strings.Trim(c, " ")
+					channel, err := strconv.Atoi(trimmed)
+					if err != nil {
+						return err
+					}
+					newfrequencies = append(newfrequencies, chan2mhz(channel))
+				}
+			} else {
+				// No channels setted, retrieve frequencies supported by the card
+				if frequencies, err := network.GetSupportedFrequencies(w.Session.Interface.Name()); err != nil {
+					return err
+				} else {
+					newfrequencies = frequencies
+				}
+			}
+
+			w.frequencies = newfrequencies
+
+			return nil
+		}))
+
 	w.AddParam(session.NewIntParameter("wifi.hop.period",
 		"250",
-		"If channel hopping is enabled (empty wifi.recon.channel), this is the time in millseconds the algorithm will hop on every channel (it'll be doubled if both 2.4 and 5.0 bands are available)."))
+		"If channel hopping is enabled (empty wifi.recon.channel), this is the time in milliseconds the algorithm will hop on every channel (it'll be doubled if both 2.4 and 5.0 bands are available)."))
 
 	w.AddParam(session.NewBoolParameter("wifi.skip-broken",
 		"true",
@@ -136,7 +170,8 @@ func (w WiFiRecon) Author() string {
 	return "Gianluca Braga <matrix86@protonmail.com> && Simone Margaritelli <evilsocket@protonmail.com>>"
 }
 
-func (w *WiFiRecon) getRow(station *network.Station) []string {
+func (w *WiFiRecon) getRow(station *network.Station) ([]string, bool) {
+	include := false
 	sinceStarted := time.Since(w.Session.StartedAt)
 	sinceFirstSeen := time.Since(station.FirstSeen)
 
@@ -180,6 +215,13 @@ func (w *WiFiRecon) getRow(station *network.Station) []string {
 		recvd = humanize.Bytes(station.Received)
 	}
 
+	for _, frequencies := range w.frequencies {
+		if frequencies == station.Frequency {
+			include = true
+			break
+		}
+	}
+
 	if w.isApSelected() {
 		return []string{
 			fmt.Sprintf("%d dBm", station.RSSI),
@@ -189,7 +231,7 @@ func (w *WiFiRecon) getRow(station *network.Station) []string {
 			sent,
 			recvd,
 			seen,
-		}
+		}, include
 	} else {
 		// this is ugly, but necessary in order to have this
 		// method handle both access point and clients
@@ -212,7 +254,7 @@ func (w *WiFiRecon) getRow(station *network.Station) []string {
 			sent,
 			recvd,
 			seen,
-		}
+		}, include
 	}
 }
 
@@ -228,6 +270,18 @@ func mhz2chan(freq int) int {
 	return 0
 }
 
+func chan2mhz(channel int) int {
+	if channel <= 13 {
+		return ((channel - 1) * 5) + 2412
+	} else if channel == 14 {
+		return 2484
+	} else if channel <= 173 {
+		return ((channel - 7) * 5) + 5035
+	}
+
+	return 0
+}
+
 func (w *WiFiRecon) isApSelected() bool {
 	return w.ap != nil
 }
@@ -258,7 +312,9 @@ func (w *WiFiRecon) Show(by string) error {
 
 	rows := make([][]string, 0)
 	for _, s := range stations {
-		rows = append(rows, w.getRow(s))
+		if row, include := w.getRow(s); include == true {
+			rows = append(rows, row)
+		}
 	}
 	nrows := len(rows)
 
@@ -310,13 +366,12 @@ func (w *WiFiRecon) Configure() error {
 
 	w.hopPeriod = time.Duration(hopPeriod) * time.Millisecond
 
-	if err, w.channel = w.IntParam("wifi.recon.channel"); err == nil {
+	// No channels setted, retrieve frequencies supported by the card
-		if err = network.SetInterfaceChannel(w.Session.Interface.Name(), w.channel); err != nil {
+	if len(w.frequencies) == 0 {
+		if w.frequencies, err = network.GetSupportedFrequencies(w.Session.Interface.Name()); err != nil {
 			return err
 		}
-		log.Info("WiFi recon active on channel %d.", w.channel)
+
-	} else {
-		w.channel = 0
 		// we need to start somewhere, this is just to check if
 		// this OS supports switching channel programmatically.
 		if err = network.SetInterfaceChannel(w.Session.Interface.Name(), 1); err != nil {
@@ -325,12 +380,6 @@ func (w *WiFiRecon) Configure() error {
 		log.Info("WiFi recon active with channel hopping.")
 	}
 
-	if frequencies, err := network.GetSupportedFrequencies(w.Session.Interface.Name()); err != nil {
-		return err
-	} else {
-		w.frequencies = frequencies
-	}
-
 	return nil
 }
 
@@ -454,7 +503,12 @@ func (w *WiFiRecon) discoverAccessPoints(radiotap *layers.RadioTap, dot11 *layer
 	if ok, ssid := packets.Dot11ParseIDSSID(packet); ok == true {
 		if isZeroBSSID(dot11.Address3) == false && isBroadcastBSSID(dot11.Address3) == false {
 			bssid := dot11.Address3.String()
-			frequency := int(radiotap.ChannelFrequency)
+			var frequency int
+			if found, channel := packets.Dot11ParseDSSet(packet); found {
+				frequency = chan2mhz(channel)
+			} else {
+				frequency = int(radiotap.ChannelFrequency)
+			}
 			w.Session.WiFi.AddIfNew(ssid, bssid, frequency, radiotap.DBMAntennaSignal)
 		}
 	}
@@ -544,10 +598,11 @@ func (w *WiFiRecon) channelHopper() {
 		// more channels, therefore we need to increase the time
 		// we hop on each one otherwise me lose information
 		if len(w.frequencies) > 14 {
-			delay = 500 * time.Millisecond
+			delay = delay * 2 * time.Millisecond
 		}
 
-		for _, frequency := range w.frequencies {
+		frequencies := w.frequencies
+		for _, frequency := range frequencies {
 			channel := mhz2chan(frequency)
 			// stick to the access point channel as long as it's selected
 			// or as long as we're deauthing on it

packets/dot11.go

@@ -66,6 +66,23 @@ func Dot11ParseIDSSID(packet gopacket.Packet) (bool, string) {
 	return false, ""
 }
 
+func Dot11ParseDSSet(packet gopacket.Packet) (bool, int) {
+	channel := 0
+	found := false
+	for _, layer := range packet.Layers() {
+		info, ok := layer.(*layers.Dot11InformationElement)
+		if ok == true {
+			if info.ID == layers.Dot11InformationElementIDDSSet {
+				channel, _ = Dot11InformationElementIDDSSetDecode(info.Info)
+				found = true
+				break
+			}
+		}
+	}
+
+	return found, channel
+}
+
 func Dot11ParseEncryption(packet gopacket.Packet, dot11 *layers.Dot11) (bool, string, string, string) {
 	var i uint16
 	enc := ""

packets/dot11_types.go

@@ -211,3 +211,11 @@ func Dot11InformationElementRSNInfoDecode(buf []byte) (rsn RSNInfo, err error) {
 
 	return
 }
+
+func Dot11InformationElementIDDSSetDecode(buf []byte) (channel int, err error) {
+	if err = canParse("DSSet.channel", buf, 1); err == nil {
+		channel = int(buf[0])
+	}
+
+	return
+}