new: wifi.recon now reports wifi.client.new and wifi.client.lost events

modules/events_view_wifi.go

@@ -44,7 +44,7 @@ func (s *EventsStream) viewWiFiApEvent(e session.Event) {
 }
 
 func (s *EventsStream) viewWiFiClientProbeEvent(e session.Event) {
-	probe := e.Data.(WiFiProbe)
+	probe := e.Data.(WiFiProbeEvent)
 	desc := ""
 	if probe.FromAlias != "" {
 		desc = fmt.Sprintf(" (%s)", probe.FromAlias)
@@ -86,6 +86,25 @@ func (s *EventsStream) viewWiFiHandshakeEvent(e session.Event) {
 		hand.File)
 }
 
+func (s *EventsStream) viewWiFiClientEvent(e session.Event) {
+	ce := e.Data.(WiFiClientEvent)
+	if e.Tag == "wifi.client.new" {
+		fmt.Fprintf(s.output, "[%s] [%s] new wifi client %s detected for %s (%s)\n",
+			e.Time.Format(eventTimeFormat),
+			tui.Green(e.Tag),
+			ce.Client.BSSID(),
+			tui.Bold(ce.AP.ESSID()),
+			tui.Dim(ce.AP.BSSID()))
+	} else if e.Tag == "wifi.client.lost" {
+		fmt.Fprintf(s.output, "[%s] [%s] wifi client %s disconnected from %s (%s)\n",
+			e.Time.Format(eventTimeFormat),
+			tui.Green(e.Tag),
+			ce.Client.BSSID(),
+			tui.Bold(ce.AP.ESSID()),
+			tui.Dim(ce.AP.BSSID()))
+	}
+}
+
 func (s *EventsStream) viewWiFiEvent(e session.Event) {
 	if strings.HasPrefix(e.Tag, "wifi.ap.") {
 		s.viewWiFiApEvent(e)
@@ -93,5 +112,9 @@ func (s *EventsStream) viewWiFiEvent(e session.Event) {
 		s.viewWiFiClientProbeEvent(e)
 	} else if e.Tag == "wifi.client.handshake" {
 		s.viewWiFiHandshakeEvent(e)
+	} else if e.Tag == "wifi.client.new" || e.Tag == "wifi.client.lost" {
+		s.viewWiFiClientEvent(e)
+	} else {
+		fmt.Fprintf(s.output, "[%s] [%s] %v\n", e.Time.Format(eventTimeFormat), tui.Green(e.Tag), e)
 	}
 }

modules/wifi_events.go

@@ -0,0 +1,27 @@
+package modules
+
+import (
+	"net"
+
+	"github.com/bettercap/bettercap/network"
+)
+
+type WiFiClientEvent struct {
+	AP     *network.AccessPoint
+	Client *network.Station
+}
+
+type WiFiProbeEvent struct {
+	FromAddr   net.HardwareAddr
+	FromVendor string
+	FromAlias  string
+	SSID       string
+	RSSI       int8
+}
+
+type WiFiHandshakeEvent struct {
+	File       string
+	NewPackets int
+	AP         net.HardwareAddr
+	Station    net.HardwareAddr
+}

modules/wifi_recon.go

@@ -17,32 +17,17 @@ import (
 
 var maxStationTTL = 5 * time.Minute
 
-type WiFiProbe struct {
-	FromAddr   net.HardwareAddr
-	FromVendor string
-	FromAlias  string
-	SSID       string
-	RSSI       int8
-}
-
-type WiFiHandshakeEvent struct {
-	File       string
-	NewPackets int
-	AP         net.HardwareAddr
-	Station    net.HardwareAddr
-}
-
 func (w *WiFiModule) stationPruner() {
 	w.reads.Add(1)
 	defer w.reads.Done()
 
-	log.Debug("WiFi stations pruner started.")
+	log.Debug("wifi stations pruner started.")
 	for w.Running() {
 		// loop every AP
 		for _, ap := range w.Session.WiFi.List() {
 			sinceLastSeen := time.Since(ap.LastSeen)
 			if sinceLastSeen > maxStationTTL {
-				log.Debug("Station %s not seen in %s, removing.", ap.BSSID(), sinceLastSeen)
+				log.Debug("station %s not seen in %s, removing.", ap.BSSID(), sinceLastSeen)
 				w.Session.WiFi.Remove(ap.BSSID())
 				continue
 			}
@@ -50,8 +35,13 @@ func (w *WiFiModule) stationPruner() {
 			for _, c := range ap.Clients() {
 				sinceLastSeen := time.Since(c.LastSeen)
 				if sinceLastSeen > maxStationTTL {
-					log.Debug("Client %s of station %s not seen in %s, removing.", c.String(), ap.BSSID(), sinceLastSeen)
+					log.Debug("client %s of station %s not seen in %s, removing.", c.String(), ap.BSSID(), sinceLastSeen)
 					ap.RemoveClient(c.BSSID())
+
+					w.Session.Events.Add("wifi.client.lost", WiFiClientEvent{
+						AP:     ap,
+						Client: c,
+					})
 				}
 			}
 		}
@@ -117,7 +107,7 @@ func (w *WiFiModule) discoverProbes(radiotap *layers.RadioTap, dot11 *layers.Dot
 		return
 	}
 
-	w.Session.Events.Add("wifi.client.probe", WiFiProbe{
+	w.Session.Events.Add("wifi.client.probe", WiFiProbeEvent{
 		FromAddr:   dot11.Address2,
 		FromVendor: network.ManufLookup(dot11.Address2.String()),
 		FromAlias:  w.Session.Lan.GetAlias(dot11.Address2.String()),
@@ -130,7 +120,16 @@ func (w *WiFiModule) discoverClients(radiotap *layers.RadioTap, dot11 *layers.Do
 	w.Session.WiFi.EachAccessPoint(func(bssid string, ap *network.AccessPoint) {
 		// packet going to this specific BSSID?
 		if packets.Dot11IsDataFor(dot11, ap.HW) {
-			ap.AddClient(dot11.Address2.String(), int(radiotap.ChannelFrequency), radiotap.DBMAntennaSignal)
+			bssid := dot11.Address2.String()
+			freq := int(radiotap.ChannelFrequency)
+			rssi := radiotap.DBMAntennaSignal
+
+			if station, isNew := ap.AddClientIfNew(bssid, freq, rssi); isNew {
+				w.Session.Events.Add("wifi.client.new", WiFiClientEvent{
+					AP:     ap,
+					Client: station,
+				})
+			}
 		}
 	})
 }

network/wifi_ap.go

@@ -59,7 +59,7 @@ func (ap *AccessPoint) RemoveClient(mac string) {
 	}
 }
 
-func (ap *AccessPoint) AddClient(bssid string, frequency int, rssi int8) *Station {
+func (ap *AccessPoint) AddClientIfNew(bssid string, frequency int, rssi int8) (*Station, bool) {
 	ap.Lock()
 	defer ap.Unlock()
 
@@ -71,13 +71,13 @@ func (ap *AccessPoint) AddClient(bssid string, frequency int, rssi int8) *Statio
 		s.RSSI = rssi
 		s.LastSeen = time.Now()
 
-		return s
+		return s, false
 	}
 
 	s := NewStation("", bssid, frequency, rssi)
 	ap.clients[bssid] = s
 
-	return s
+	return s, true
 }
 
 func (ap *AccessPoint) NumClients() int {