From 4c5a776f868d4a7184c84901edc7c3310b854463 Mon Sep 17 00:00:00 2001 From: evilsocket Date: Wed, 6 Feb 2019 11:38:28 +0100 Subject: [PATCH] new: wifi.recon now reports wifi.client.new and wifi.client.lost events --- modules/events_view_wifi.go | 25 +++++++++++++++++++++++- modules/wifi_events.go | 27 +++++++++++++++++++++++++ modules/wifi_recon.go | 39 ++++++++++++++++++------------------- network/wifi_ap.go | 6 +++--- 4 files changed, 73 insertions(+), 24 deletions(-) create mode 100644 modules/wifi_events.go diff --git a/modules/events_view_wifi.go b/modules/events_view_wifi.go index aa3aeecb..7e8ad92e 100644 --- a/modules/events_view_wifi.go +++ b/modules/events_view_wifi.go @@ -44,7 +44,7 @@ func (s *EventsStream) viewWiFiApEvent(e session.Event) { } func (s *EventsStream) viewWiFiClientProbeEvent(e session.Event) { - probe := e.Data.(WiFiProbe) + probe := e.Data.(WiFiProbeEvent) desc := "" if probe.FromAlias != "" { desc = fmt.Sprintf(" (%s)", probe.FromAlias) @@ -86,6 +86,25 @@ func (s *EventsStream) viewWiFiHandshakeEvent(e session.Event) { hand.File) } +func (s *EventsStream) viewWiFiClientEvent(e session.Event) { + ce := e.Data.(WiFiClientEvent) + if e.Tag == "wifi.client.new" { + fmt.Fprintf(s.output, "[%s] [%s] new wifi client %s detected for %s (%s)\n", + e.Time.Format(eventTimeFormat), + tui.Green(e.Tag), + ce.Client.BSSID(), + tui.Bold(ce.AP.ESSID()), + tui.Dim(ce.AP.BSSID())) + } else if e.Tag == "wifi.client.lost" { + fmt.Fprintf(s.output, "[%s] [%s] wifi client %s disconnected from %s (%s)\n", + e.Time.Format(eventTimeFormat), + tui.Green(e.Tag), + ce.Client.BSSID(), + tui.Bold(ce.AP.ESSID()), + tui.Dim(ce.AP.BSSID())) + } +} + func (s *EventsStream) viewWiFiEvent(e session.Event) { if strings.HasPrefix(e.Tag, "wifi.ap.") { s.viewWiFiApEvent(e) @@ -93,5 +112,9 @@ func (s *EventsStream) viewWiFiEvent(e session.Event) { s.viewWiFiClientProbeEvent(e) } else if e.Tag == "wifi.client.handshake" { s.viewWiFiHandshakeEvent(e) + } else if e.Tag == "wifi.client.new" || e.Tag == "wifi.client.lost" { + s.viewWiFiClientEvent(e) + } else { + fmt.Fprintf(s.output, "[%s] [%s] %v\n", e.Time.Format(eventTimeFormat), tui.Green(e.Tag), e) } } diff --git a/modules/wifi_events.go b/modules/wifi_events.go new file mode 100644 index 00000000..44138eb6 --- /dev/null +++ b/modules/wifi_events.go @@ -0,0 +1,27 @@ +package modules + +import ( + "net" + + "github.com/bettercap/bettercap/network" +) + +type WiFiClientEvent struct { + AP *network.AccessPoint + Client *network.Station +} + +type WiFiProbeEvent struct { + FromAddr net.HardwareAddr + FromVendor string + FromAlias string + SSID string + RSSI int8 +} + +type WiFiHandshakeEvent struct { + File string + NewPackets int + AP net.HardwareAddr + Station net.HardwareAddr +} diff --git a/modules/wifi_recon.go b/modules/wifi_recon.go index 93a8a60a..1d485c78 100644 --- a/modules/wifi_recon.go +++ b/modules/wifi_recon.go @@ -17,32 +17,17 @@ import ( var maxStationTTL = 5 * time.Minute -type WiFiProbe struct { - FromAddr net.HardwareAddr - FromVendor string - FromAlias string - SSID string - RSSI int8 -} - -type WiFiHandshakeEvent struct { - File string - NewPackets int - AP net.HardwareAddr - Station net.HardwareAddr -} - func (w *WiFiModule) stationPruner() { w.reads.Add(1) defer w.reads.Done() - log.Debug("WiFi stations pruner started.") + log.Debug("wifi stations pruner started.") for w.Running() { // loop every AP for _, ap := range w.Session.WiFi.List() { sinceLastSeen := time.Since(ap.LastSeen) if sinceLastSeen > maxStationTTL { - log.Debug("Station %s not seen in %s, removing.", ap.BSSID(), sinceLastSeen) + log.Debug("station %s not seen in %s, removing.", ap.BSSID(), sinceLastSeen) w.Session.WiFi.Remove(ap.BSSID()) continue } @@ -50,8 +35,13 @@ func (w *WiFiModule) stationPruner() { for _, c := range ap.Clients() { sinceLastSeen := time.Since(c.LastSeen) if sinceLastSeen > maxStationTTL { - log.Debug("Client %s of station %s not seen in %s, removing.", c.String(), ap.BSSID(), sinceLastSeen) + log.Debug("client %s of station %s not seen in %s, removing.", c.String(), ap.BSSID(), sinceLastSeen) ap.RemoveClient(c.BSSID()) + + w.Session.Events.Add("wifi.client.lost", WiFiClientEvent{ + AP: ap, + Client: c, + }) } } } @@ -117,7 +107,7 @@ func (w *WiFiModule) discoverProbes(radiotap *layers.RadioTap, dot11 *layers.Dot return } - w.Session.Events.Add("wifi.client.probe", WiFiProbe{ + w.Session.Events.Add("wifi.client.probe", WiFiProbeEvent{ FromAddr: dot11.Address2, FromVendor: network.ManufLookup(dot11.Address2.String()), FromAlias: w.Session.Lan.GetAlias(dot11.Address2.String()), @@ -130,7 +120,16 @@ func (w *WiFiModule) discoverClients(radiotap *layers.RadioTap, dot11 *layers.Do w.Session.WiFi.EachAccessPoint(func(bssid string, ap *network.AccessPoint) { // packet going to this specific BSSID? if packets.Dot11IsDataFor(dot11, ap.HW) { - ap.AddClient(dot11.Address2.String(), int(radiotap.ChannelFrequency), radiotap.DBMAntennaSignal) + bssid := dot11.Address2.String() + freq := int(radiotap.ChannelFrequency) + rssi := radiotap.DBMAntennaSignal + + if station, isNew := ap.AddClientIfNew(bssid, freq, rssi); isNew { + w.Session.Events.Add("wifi.client.new", WiFiClientEvent{ + AP: ap, + Client: station, + }) + } } }) } diff --git a/network/wifi_ap.go b/network/wifi_ap.go index e278c542..c0be557d 100644 --- a/network/wifi_ap.go +++ b/network/wifi_ap.go @@ -59,7 +59,7 @@ func (ap *AccessPoint) RemoveClient(mac string) { } } -func (ap *AccessPoint) AddClient(bssid string, frequency int, rssi int8) *Station { +func (ap *AccessPoint) AddClientIfNew(bssid string, frequency int, rssi int8) (*Station, bool) { ap.Lock() defer ap.Unlock() @@ -71,13 +71,13 @@ func (ap *AccessPoint) AddClient(bssid string, frequency int, rssi int8) *Statio s.RSSI = rssi s.LastSeen = time.Now() - return s + return s, false } s := NewStation("", bssid, frequency, rssi) ap.clients[bssid] = s - return s + return s, true } func (ap *AccessPoint) NumClients() int {