new: wifi.client.probe.ap.filter and wifi.client.probe.sta.filter actions to filter wifi client probes

2025-08-19 21:13:18 -07:00 · 2019-09-28 17:43:07 +02:00 · 2019-09-28 17:43:07 +02:00 · caba6e1952
commit caba6e1952
parent 5ff8e3e4fa
2 changed files with 44 additions and 4 deletions
--- a/modules/wifi/wifi_recon.go
+++ b/modules/wifi/wifi_recon.go
@ -100,6 +100,11 @@ func (mod *WiFiModule) discoverProbes(radiotap *layers.RadioTap, dot11 *layers.D
 		return
 	}

+	clientSTA := network.NormalizeMac(dot11.Address2.String())
+	if mod.filterProbeSTA != nil && !mod.filterProbeSTA.MatchString(clientSTA) {
+		return
+	}
+
 	tot := len(req.Contents)
 	if tot < 3 {
 		return
@ -114,11 +119,16 @@ func (mod *WiFiModule) discoverProbes(radiotap *layers.RadioTap, dot11 *layers.D
 		return
 	}

+	apSSID := string(req.Contents[2 : 2+size])
+	if mod.filterProbeAP != nil && !mod.filterProbeAP.MatchString(apSSID) {
+		return
+	}
+
 	mod.Session.Events.Add("wifi.client.probe", ProbeEvent{
-		FromAddr:   dot11.Address2.String(),
-		FromVendor: network.ManufLookup(dot11.Address2.String()),
-		FromAlias:  mod.Session.Lan.GetAlias(dot11.Address2.String()),
-		SSID:       string(req.Contents[2 : 2+size]),
+		FromAddr:   clientSTA,
+		FromVendor: network.ManufLookup(clientSTA),
+		FromAlias:  mod.Session.Lan.GetAlias(clientSTA),
+		SSID:       apSSID,
 		RSSI:       radiotap.DBMAntennaSignal,
 	})
 }