misc: using script to detect karma attacks

2025-07-06 21:12:05 -07:00 · 2021-04-07 17:04:28 +02:00 · 2021-04-07 17:04:28 +02:00 · 6aa8f45d20
commit 6aa8f45d20
parent bfe307ffe6
2 changed files with 45 additions and 18 deletions
--- a/_example/example.js
+++ b/_example/example.js
@ -1,61 +1,86 @@
 require("config")
 require("telegram")
 var fakeESSID = random.String(16, 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ');
 var fakeBSSID = random.Mac()
 function onDeauthentication(event) {
-    var data = event.Data;
+    var data = event.data;
    var message = '🚨 Detected deauthentication frame:\n\n' +
-        'Time: ' + event.Time.String() + "\n" +
+        'Time: ' + event.time + "\n" +
        'GPS: lat=' + session.GPS.Latitude + " lon=" + session.GPS.Longitude + " updated_at=" + session.GPS.Updated.String() + "\n\n" +
-        'RSSI: ' + data.RSSI + "\n" +
+        'RSSI: ' + data.rssi + "\n" +
-        'Reason: ' + data.Reason + "\n" +
+        'Reason: ' + data.reason + "\n" +
-        'Address1: ' + data.Address1 + "\n" +
+        'Address1: ' + data.address1 + "\n" +
-        'Address2: ' + data.Address2 + "\n" +
+        'Address2: ' + data.address2 + "\n" +
-        'Address3: ' + data.Address3;
+        'Address3: ' + data.address3;
    // send to telegram bot
    sendMessage(message);
 }
 function onHandshake(event){
-    var data = event.Data;
+    var data = event.data;
    var what = 'handshake';
-    if(data.PMKID != null) {
+    if(data.pmkid != null) {
        what = "RSN PMKID";
-    } else if(data.Full) {
+    } else if(data.full) {
        what += " (full)";
-    } else if(hand.Half) {
+    } else if(hand.half) {
        what += " (half)";
    }
    var message = '💰 Captured ' + what + ':\n\n' +
-        'Time: ' + event.Time.String() + "\n" +
+        'Time: ' + event.time + "\n" +
        'GPS: lat=' + session.GPS.Latitude + " lon=" + session.GPS.Longitude + " updated_at=" + session.GPS.Updated.String() + "\n\n" +
-        'Station: ' + data.Station + "\n" +
+        'Station: ' + data.station + "\n" +
-        'AP: ' + data.AP;
+        'AP: ' + data.ap;
    // send to telegram bot
    sendMessage(message);
 }
 function onNewAP(event){
    var ap = event.data;
    if(ap.hostname == fakeESSID) {
        log("DETECTED KARMA ATTACK!!!");
        // TODO: add reporting
    }
 }
 function onAnyEvent(event){
    // if endpoint.new or endpoint.lost, clear the screen and show hosts
-    if( event.Tag.indexOf('endpoint.') === 0 ) {
+    if( event.tag.indexOf('endpoint.') === 0 ) {
        // run('clear; net.show');
    }
 }
-log("session script loaded");
+function onTick(event) {
    run('wifi.probe ' + fakeBSSID + ' ' + fakeESSID);
 }
 log("session script loaded, fake AP is " + fakeESSID);
 // create an empty ticker so we can run commands every few seconds
 run('set ticker.commands ""')
 run('set ticker.period 10')
 run('ticker on')
 // enable recon and probing of new hosts
 run('net.recon on');
 run('net.probe on');
 // enable wifi scanning
 run('set wifi.interface ' + wifiInterface);
 run('wifi.recon on');
 // send fake client probes every tick
 onEvent('tick', onTick);
 // register for wifi.deauthentication events
 onEvent('wifi.deauthentication', onDeauthentication);
 // register for wifi.client.handshake events
 onEvent('wifi.client.handshake', onHandshake);
 // register for wifi.ap.new events
 onEvent('wifi.ap.new', onNewAP);
 // register for any event
 onEvent(onAnyEvent);
--- a/modules/events_stream/events_view.go
+++ b/modules/events_stream/events_view.go
@ -127,7 +127,9 @@ func (mod *EventsStream) Render(output io.Writer, e session.Event) {
 		mod.viewSynScanEvent(output, e)
 	} else if e.Tag == "update.available" {
 		mod.viewUpdateEvent(output, e)
-	} else {
+	} else if strings.HasPrefix(e.Tag, "graph.") {
 		mod.viewGraphEvent(output, e)
 	} else if e.Tag != "tick" {
 		fmt.Fprintf(output, "[%s] [%s] %v\n", e.Time.Format(mod.timeFormat), tui.Green(e.Tag), e)
 	}
 }