diff --git a/caplets/wpa_handshake.cap b/caplets/wpa_handshake.cap new file mode 100644 index 00000000..b5095006 --- /dev/null +++ b/caplets/wpa_handshake.cap @@ -0,0 +1,31 @@ +# swag prompt for wifi +set $ {by}{fw}{env.iface.name}{reset} {bold}ยป {reset} + +# Sniff EAPOL frames ( WPA handshakes ) and save them to a pcap file. +set net.sniff.verbose true +set net.sniff.filter ether proto 0x888e +set net.sniff.output wpa.pcap +net.sniff on + +# since we need to capture the handshake, we can't hop +# through channels but we need to stick to the one we're +# interested in otherwise the sniffer might lose packets. +set wifi.recon.channel 1 + +wifi.recon on + +# uncomment to recon clients of a specific AP given its BSSID +# wifi.recon DE:AD:BE:EF:DE:AD + +events.clear +clear + +# now just deauth clients and wait ^_^ +# +# Example: +# +# wifi.deauth AP-BSSID-HERE +# +# This will deauth every client for this specific access point, +# you can put it as ticker.commands to have the ticker module +# periodically deauth clients :D diff --git a/modules/net_sniff_context.go b/modules/net_sniff_context.go index ef63c0a8..bb219e39 100644 --- a/modules/net_sniff_context.go +++ b/modules/net_sniff_context.go @@ -8,7 +8,6 @@ import ( "github.com/evilsocket/bettercap-ng/log" "github.com/evilsocket/bettercap-ng/session" - "github.com/google/gopacket/layers" "github.com/google/gopacket/pcap" "github.com/google/gopacket/pcapgo" ) @@ -78,7 +77,7 @@ func (s *Sniffer) GetContext() (error, *SnifferContext) { } ctx.OutputWriter = pcapgo.NewWriter(ctx.OutputFile) - ctx.OutputWriter.WriteFileHeader(65536, layers.LinkTypeEthernet) + ctx.OutputWriter.WriteFileHeader(65536, ctx.Handle.LinkType()) } return nil, ctx diff --git a/modules/net_sniff_parsers.go b/modules/net_sniff_parsers.go index cb66d3d1..f96237f5 100644 --- a/modules/net_sniff_parsers.go +++ b/modules/net_sniff_parsers.go @@ -5,6 +5,7 @@ import ( "github.com/evilsocket/bettercap-ng/core" "github.com/evilsocket/bettercap-ng/log" + "github.com/evilsocket/bettercap-ng/packets" "github.com/google/gopacket" "github.com/google/gopacket/layers" @@ -85,33 +86,54 @@ func unkParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) { } } -func mainParser(pkt gopacket.Packet, verbose bool) bool { - nlayer := pkt.NetworkLayer() - if nlayer == nil { - log.Debug("Missing network layer skipping packet.") - return false +func dot11Parser(radiotap *layers.RadioTap, dot11 *layers.Dot11, pkt gopacket.Packet, verbose bool) { + if verbose == true { + NewSnifferEvent( + pkt.Metadata().Timestamp, + "802.11", + "-", + "-", + SniffData{ + "Size": len(pkt.Data()), + }, + "%v", + dot11, + ).Push() } - - if nlayer.LayerType() != layers.LayerTypeIPv4 { - log.Debug("Unexpected layer type %s, skipping packet.", nlayer.LayerType()) - return false - } - - ip := nlayer.(*layers.IPv4) - - tlayer := pkt.TransportLayer() - if tlayer == nil { - log.Debug("Missing transport layer skipping packet.") - return false - } - - if tlayer.LayerType() == layers.LayerTypeTCP { - tcpParser(ip, pkt, verbose) - } else if tlayer.LayerType() == layers.LayerTypeUDP { - udpParser(ip, pkt, verbose) - } else { - unkParser(ip, pkt, verbose) - } - - return true +} + +func mainParser(pkt gopacket.Packet, verbose bool) bool { + // simple networking sniffing mode? + nlayer := pkt.NetworkLayer() + if nlayer != nil { + if nlayer.LayerType() != layers.LayerTypeIPv4 { + log.Debug("Unexpected layer type %s, skipping packet.", nlayer.LayerType()) + return false + } + + ip := nlayer.(*layers.IPv4) + + tlayer := pkt.TransportLayer() + if tlayer == nil { + log.Debug("Missing transport layer skipping packet.") + return false + } + + if tlayer.LayerType() == layers.LayerTypeTCP { + tcpParser(ip, pkt, verbose) + } else if tlayer.LayerType() == layers.LayerTypeUDP { + udpParser(ip, pkt, verbose) + } else { + unkParser(ip, pkt, verbose) + } + return true + } + + // are we sniffing in monitor mode? + if ok, radiotap, dot11 := packets.Dot11Parse(pkt); ok == true { + dot11Parser(radiotap, dot11, pkt, verbose) + return true + } + + return false }