diff --git a/modules/events_stream/events_view_wifi.go b/modules/events_stream/events_view_wifi.go index 881c78eb..da9ab312 100644 --- a/modules/events_stream/events_view_wifi.go +++ b/modules/events_stream/events_view_wifi.go @@ -118,9 +118,24 @@ func (mod *EventsStream) viewWiFiClientEvent(output io.Writer, e session.Event) } } +func (mod *EventsStream) viewWiFiDeauthEvent(output io.Writer, e session.Event) { + deauth := e.Data.(wifi.DeauthEvent) + + fmt.Fprintf(output, "[%s] [%s] a1=%s a2=%s a3=%s reason=%s (%d dBm)\n", + e.Time.Format(mod.timeFormat), + tui.Green(e.Tag), + deauth.Address1, + deauth.Address2, + deauth.Address3, + tui.Bold(deauth.Reason), + deauth.RSSI) +} + func (mod *EventsStream) viewWiFiEvent(output io.Writer, e session.Event) { if strings.HasPrefix(e.Tag, "wifi.ap.") { mod.viewWiFiApEvent(output, e) + } else if e.Tag == "wifi.deauthentication" { + mod.viewWiFiDeauthEvent(output, e) } else if e.Tag == "wifi.client.probe" { mod.viewWiFiClientProbeEvent(output, e) } else if e.Tag == "wifi.client.handshake" { @@ -128,6 +143,6 @@ func (mod *EventsStream) viewWiFiEvent(output io.Writer, e session.Event) { } else if e.Tag == "wifi.client.new" || e.Tag == "wifi.client.lost" { mod.viewWiFiClientEvent(output, e) } else { - fmt.Fprintf(output, "[%s] [%s] %v\n", e.Time.Format(mod.timeFormat), tui.Green(e.Tag), e) + fmt.Fprintf(output, "[%s] [%s] %#v\n", e.Time.Format(mod.timeFormat), tui.Green(e.Tag), e) } } diff --git a/modules/wifi/wifi.go b/modules/wifi/wifi.go index 556e8c50..6da12fcd 100644 --- a/modules/wifi/wifi.go +++ b/modules/wifi/wifi.go @@ -661,6 +661,7 @@ func (mod *WiFiModule) Start() error { mod.discoverAccessPoints(radiotap, dot11, packet) mod.discoverClients(radiotap, dot11, packet) mod.discoverHandshakes(radiotap, dot11, packet) + mod.discoverDeauths(radiotap, dot11, packet) mod.updateInfo(dot11, packet) mod.updateStats(dot11, packet) } diff --git a/modules/wifi/wifi_events.go b/modules/wifi/wifi_events.go index 0a53f0ce..b5a3982e 100644 --- a/modules/wifi/wifi_events.go +++ b/modules/wifi/wifi_events.go @@ -9,6 +9,14 @@ type ClientEvent struct { Client *network.Station } +type DeauthEvent struct { + RSSI int8 `json:"rssi"` + Address1 string `json:"address1"` + Address2 string `json:"address2"` + Address3 string `json:"address3"` + Reason string `json:"reason"` +} + type ProbeEvent struct { FromAddr string `json:"mac"` FromVendor string `json:"vendor"` diff --git a/modules/wifi/wifi_recon.go b/modules/wifi/wifi_recon.go index c0c54f78..2c094934 100644 --- a/modules/wifi/wifi_recon.go +++ b/modules/wifi/wifi_recon.go @@ -150,3 +150,35 @@ func (mod *WiFiModule) discoverClients(radiotap *layers.RadioTap, dot11 *layers. } }) } + +func (mod *WiFiModule) discoverDeauths(radiotap *layers.RadioTap, dot11 *layers.Dot11, packet gopacket.Packet) { + if dot11.Type != layers.Dot11TypeMgmtDeauthentication { + return + } + + // ignore deauth frames that we sent + if radiotap.ChannelFrequency == 0 { + return + } + + deauthLayer := packet.Layer(layers.LayerTypeDot11MgmtDeauthentication) + if deauthLayer == nil { + return + } + + deauth, ok := deauthLayer.(*layers.Dot11MgmtDeauthentication) + reason := "?" + if ok { + reason = deauth.Reason.String() + } + + mod.Debug("deauth radio %#v", radiotap) + + mod.Session.Events.Add("wifi.deauthentication", DeauthEvent{ + RSSI: radiotap.DBMAntennaSignal, + Address1: dot11.Address1.String(), + Address2: dot11.Address2.String(), + Address3: dot11.Address3.String(), + Reason: reason, + }) +}