gitea-mirror/ESP32Marauder
1
0
Fork 0
mirror of https://github.com/justcallmekoko/ESP32Marauder.git synced 2025-12-23 15:38:14 -08:00
Code Issues Packages Projects Releases Wiki Activity

AP obfuscation attack

Browse Source
This commit is contained in:
Just Call Me Koko
2022-06-18 03:22:13 -04:00
parent 2468abba22
commit 01b0520aec
4 changed files with 49 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
esp32_marauder/CommandLine.cpp
View File

@@ -199,7 +199,7 @@ void CommandLine::runCommand(String input) {
// AP Scan // AP Scan
if (cmd_args.get(0) == SCANAP_CMD) { if (cmd_args.get(0) == SCANAP_CMD) {
int full_sw = this->argSearch(&cmd_args, "-f"); int full_sw = -1;
#ifdef HAS_SCREEN #ifdef HAS_SCREEN
display_obj.clearScreen(); display_obj.clearScreen();
menu_function_obj.drawStatusBar(); menu_function_obj.drawStatusBar();

2
esp32_marauder/CommandLine.h
View File

@@ -71,7 +71,7 @@ const char PROGMEM HELP_UPDATE_CMD_A[] = "update -s";
const char PROGMEM HELP_UPDATE_CMD_B[] = "update -w"; const char PROGMEM HELP_UPDATE_CMD_B[] = "update -w";
// WiFi sniff/scan // WiFi sniff/scan
const char PROGMEM HELP_SCANAP_CMD[] = "scanap [-f]"; const char PROGMEM HELP_SCANAP_CMD[] = "scanap";
const char PROGMEM HELP_SNIFF_BEACON_CMD[] = "sniffbeacon"; const char PROGMEM HELP_SNIFF_BEACON_CMD[] = "sniffbeacon";
const char PROGMEM HELP_SNIFF_PROBE_CMD[] = "sniffprobe"; const char PROGMEM HELP_SNIFF_PROBE_CMD[] = "sniffprobe";
const char PROGMEM HELP_SNIFF_PWN_CMD[] = "sniffpwn"; const char PROGMEM HELP_SNIFF_PWN_CMD[] = "sniffpwn";

80
esp32_marauder/WiFiScan.cpp
View File

@@ -517,10 +517,10 @@ void WiFiScan::RunAPScan(uint8_t scan_mode, uint16_t color)
esp_wifi_start(); esp_wifi_start();
esp_wifi_set_promiscuous(true); esp_wifi_set_promiscuous(true);
esp_wifi_set_promiscuous_filter(&filt); esp_wifi_set_promiscuous_filter(&filt);
if (scan_mode == WIFI_SCAN_TARGET_AP_FULL) //if (scan_mode == WIFI_SCAN_TARGET_AP_FULL)
esp_wifi_set_promiscuous_rx_cb(&apSnifferCallbackFull); esp_wifi_set_promiscuous_rx_cb(&apSnifferCallbackFull);
else //else
esp_wifi_set_promiscuous_rx_cb(&apSnifferCallback); // esp_wifi_set_promiscuous_rx_cb(&apSnifferCallback);
esp_wifi_set_channel(set_channel, WIFI_SECOND_CHAN_NONE); esp_wifi_set_channel(set_channel, WIFI_SECOND_CHAN_NONE);
this->wifi_initialized = true; this->wifi_initialized = true;
initTime = millis(); initTime = millis();
@@ -1389,13 +1389,15 @@ void WiFiScan::apSnifferCallbackFull(void* buf, wifi_promiscuous_pkt_type_t type
ap.beacon = new LinkedList<char>(); ap.beacon = new LinkedList<char>();
for (int i = 0; i < len; i++) { //for (int i = 0; i < len; i++) {
ap.beacon->add(snifferPacket->payload[i]); // ap.beacon->add(snifferPacket->payload[i]);
} //}
ap.beacon->add(snifferPacket->payload[34]);
ap.beacon->add(snifferPacket->payload[35]);
//Serial.println("\nBeacon: "); Serial.print("\nBeacon: ");
/*for (int i = 0; i < len; i++) { for (int i = 0; i < ap.beacon->size(); i++) {
char hexCar[4]; char hexCar[4];
sprintf(hexCar, "%02X", ap.beacon->get(i)); sprintf(hexCar, "%02X", ap.beacon->get(i));
Serial.print(hexCar); Serial.print(hexCar);
@@ -1403,7 +1405,7 @@ void WiFiScan::apSnifferCallbackFull(void* buf, wifi_promiscuous_pkt_type_t type
Serial.print("\n"); Serial.print("\n");
else else
Serial.print(" "); Serial.print(" ");
}*/ }
access_points->add(ap); access_points->add(ap);
@@ -1867,49 +1869,53 @@ void WiFiScan::broadcastCustomBeacon(uint32_t current_time, AccessPoint custom_s
if (custom_ssid.beacon->size() == 0) if (custom_ssid.beacon->size() == 0)
return; return;
uint8_t new_packet[custom_ssid.beacon->size()];
for (int i = 0; i < custom_ssid.beacon->size(); i++) {
new_packet[i] = custom_ssid.beacon->get(i);
}
// Randomize SRC MAC // Randomize SRC MAC
new_packet[10] = new_packet[16] = random(256); // Randomize SRC MAC
new_packet[11] = new_packet[17] = random(256); packet[10] = packet[16] = random(256);
new_packet[12] = new_packet[18] = random(256); packet[11] = packet[17] = random(256);
new_packet[13] = new_packet[19] = random(256); packet[12] = packet[18] = random(256);
new_packet[14] = new_packet[20] = random(256); packet[13] = packet[19] = random(256);
new_packet[15] = new_packet[21] = random(256); packet[14] = packet[20] = random(256);
packet[15] = packet[21] = random(256);
//char ESSID[custom_ssid.essid.length() + 1] = {}; char ESSID[custom_ssid.essid.length() + 1] = {};
//custom_ssid.essid.toCharArray(ESSID, custom_ssid.essid.length() + 1); custom_ssid.essid.toCharArray(ESSID, custom_ssid.essid.length() + 1);
//int ssidLen = strlen(ESSID); int realLen = strlen(ESSID);
int ssidLen = random(realLen, 33);
int numSpace = ssidLen - realLen;
//int rand_len = sizeof(rand_reg); //int rand_len = sizeof(rand_reg);
//int fullLen = ssidLen; int fullLen = ssidLen;
//new_packet[37] = fullLen; packet[37] = fullLen;
// Insert my tag // Insert my tag
//for(int i = 0; i < ssidLen; i++) for(int i = 0; i < realLen; i++)
// new_packet[38 + i] = ESSID[i]; packet[38 + i] = ESSID[i];
for(int i = 0; i < numSpace; i++)
packet[38 + realLen + i] = 0x20;
///////////////////////////// /////////////////////////////
//new_packet[50 + fullLen] = set_channel; packet[50 + fullLen] = set_channel;
//uint8_t postSSID[13] = {0x01, 0x08, 0x82, 0x84, 0x8b, 0x96, 0x24, 0x30, 0x48, 0x6c, //supported rate uint8_t postSSID[13] = {0x01, 0x08, 0x82, 0x84, 0x8b, 0x96, 0x24, 0x30, 0x48, 0x6c, //supported rate
// 0x03, 0x01, 0x04 /*DSSS (Current Channel)*/ }; 0x03, 0x01, 0x04 /*DSSS (Current Channel)*/ };
// Add everything that goes after the SSID // Add everything that goes after the SSID
//for(int i = 0; i < 12; i++) //for(int i = 0; i < 12; i++)
// packet[38 + fullLen + i] = postSSID[i]; // packet[38 + fullLen + i] = postSSID[i];
packet[34] = custom_ssid.beacon->get(0);
packet[35] = custom_ssid.beacon->get(1);
esp_wifi_80211_tx(WIFI_IF_AP, new_packet, sizeof(new_packet), false); esp_wifi_80211_tx(WIFI_IF_AP, packet, sizeof(packet), false);
esp_wifi_80211_tx(WIFI_IF_AP, new_packet, sizeof(new_packet), false); esp_wifi_80211_tx(WIFI_IF_AP, packet, sizeof(packet), false);
esp_wifi_80211_tx(WIFI_IF_AP, new_packet, sizeof(new_packet), false); esp_wifi_80211_tx(WIFI_IF_AP, packet, sizeof(packet), false);
packets_sent = packets_sent + 3; packets_sent = packets_sent + 3;
} }
@@ -2805,8 +2811,10 @@ void WiFiScan::main(uint32_t currentTime)
} }
} }
else if ((currentScanMode == WIFI_ATTACK_AP_SPAM)) { else if ((currentScanMode == WIFI_ATTACK_AP_SPAM)) {
for (int i = 0; i < access_points->size(); i++) for (int i = 0; i < access_points->size(); i++) {
this->broadcastCustomBeacon(currentTime, access_points->get(i)); if (access_points->get(i).selected)
this->broadcastCustomBeacon(currentTime, access_points->get(i));
}
if (currentTime - initTime >= 1000) { if (currentTime - initTime >= 1000) {
initTime = millis(); initTime = millis();

6
esp32_marauder/configs.h
View File

@@ -4,14 +4,14 @@
#define POLISH_POTATO #define POLISH_POTATO
//#define MARAUDER_MINI #define MARAUDER_MINI
//#define MARAUDER_V4 //#define MARAUDER_V4
//#define MARAUDER_V6 //#define MARAUDER_V6
//#define MARAUDER_KIT //#define MARAUDER_KIT
//#define GENERIC_ESP32 //#define GENERIC_ESP32
#define MARAUDER_FLIPPER //#define MARAUDER_FLIPPER
#define MARAUDER_VERSION "v0.9.8" #define MARAUDER_VERSION "v0.9.9"
//// BUTTON DEFINITIONS //// BUTTON DEFINITIONS
#ifdef MARAUDER_MINI #ifdef MARAUDER_MINI