From aceda5940a145aaf4ddca98c1f83573cc424b78f Mon Sep 17 00:00:00 2001
From: Matias Barcenas <MPX.4132@Gmail.com>
Date: Sat, 28 Apr 2018 22:34:00 -0500
Subject: [PATCH] Fixed a potential resume attack inconsistency bug.

The Captive Portal attack verifies the restored hash is for fluxion's target.
---
 attacks/Captive Portal/attack.sh | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/attacks/Captive Portal/attack.sh b/attacks/Captive Portal/attack.sh
index 5e44318..3dd15ac 100755
--- a/attacks/Captive Portal/attack.sh	
+++ b/attacks/Captive Portal/attack.sh	
@@ -1300,6 +1300,18 @@ load_attack() {
 
   # Hash authenticator mode configuration.
   CaptivePortalHashPath=${configuration[7]}
+
+  # Target hash information for verification.
+  local -r targetHashSSID=${configuration[8]}
+  local -r targetHashMAC=${configuration[9]}
+
+  # Assure hash is relevant for fluxion's current target.
+  # If the hash is no longer relevant, clear to force reset.
+  if [ \
+    "$targetHashSSID" != "$FluxionTargetSSID" -o \
+    "$targetHashMAC" != "$FluxionTargetMAC" ]; then
+    CaptivePortalHashPath=""
+  fi
 }
 
 save_attack() {
@@ -1317,6 +1329,10 @@ save_attack() {
 
   # Hash authenticator mode configuration.
   echo "$CaptivePortalHashPath" >> "$configurationPath"
+
+  # Target to verify validity of hash on restore.
+  echo "$FluxionTargetSSID" >> "$configurationPath"
+  echo "$FluxionTargetMAC" >> "$configurationPath"
 }
 
 stop_attack() {