diff --git a/_example/functions.js b/_example/functions.js index ffaee6c2..99a9a7e1 100644 --- a/_example/functions.js +++ b/_example/functions.js @@ -22,7 +22,9 @@ function onDeauthentication(event) { 'Reason: ' + data.reason + "\n" + 'Address1: ' + data.address1 + "\n" + 'Address2: ' + data.address2 + "\n" + - 'Address3: ' + data.address3; + 'Address3: ' + data.address3 + "\n" + 'AP:\n' + JSON.stringify(data.ap, null, 2); + // send to telegram bot sendMessage(message); diff --git a/modules/wifi/wifi_events.go b/modules/wifi/wifi_events.go index b5a3982e..1fbe8cde 100644 --- a/modules/wifi/wifi_events.go +++ b/modules/wifi/wifi_events.go @@ -10,11 +10,12 @@ type ClientEvent struct { } type DeauthEvent struct { - RSSI int8 `json:"rssi"` - Address1 string `json:"address1"` - Address2 string `json:"address2"` - Address3 string `json:"address3"` - Reason string `json:"reason"` + RSSI int8 `json:"rssi"` + AP *network.AccessPoint `json:"ap"` + Address1 string `json:"address1"` + Address2 string `json:"address2"` + Address3 string `json:"address3"` + Reason string `json:"reason"` } type ProbeEvent struct { diff --git a/modules/wifi/wifi_recon.go b/modules/wifi/wifi_recon.go index 0288f93c..c407d965 100644 --- a/modules/wifi/wifi_recon.go +++ b/modules/wifi/wifi_recon.go @@ -202,11 +202,20 @@ func (mod *WiFiModule) discoverDeauths(radiotap *layers.RadioTap, dot11 *layers. reason = deauth.Reason.String() } + // trigger events only if the deauth is coming from an AP we know of + source := dot11.Address1.String() + ap, found := mod.Session.WiFi.Get(source) + if !found { + mod.Debug("skipping deauth frame from %s", source) + return + } + mod.Debug("deauth radio %#v", radiotap) mod.Session.Events.Add("wifi.deauthentication", DeauthEvent{ RSSI: radiotap.DBMAntennaSignal, - Address1: dot11.Address1.String(), + AP: ap, + Address1: source, Address2: dot11.Address2.String(), Address3: dot11.Address3.String(), Reason: reason,