From f8f9bb70b6b84b7c21bb2d212331b489fd96f99f Mon Sep 17 00:00:00 2001 From: Matias Barcenas Date: Mon, 23 Apr 2018 00:19:14 -0500 Subject: [PATCH] Captive Portal target tracking implemented. --- attacks/Captive Portal/attack.sh | 99 +++++++++++++++++++++++------ attacks/Handshake Snooper/attack.sh | 3 +- 2 files changed, 83 insertions(+), 19 deletions(-) diff --git a/attacks/Captive Portal/attack.sh b/attacks/Captive Portal/attack.sh index eb10938..fda71f2 100755 --- a/attacks/Captive Portal/attack.sh +++ b/attacks/Captive Portal/attack.sh @@ -24,6 +24,8 @@ CaptivePortalGatewayNetwork=${CaptivePortalGatewayAddress%.*} # ============== < Captive Portal Subroutines > ============== # # ============================================================ # captive_portal_unset_jammer_interface() { + CaptivePortalJammerInterfaceOriginal="" + if [ ! "$CaptivePortalJammerInterface" ]; then return 1; fi CaptivePortalJammerInterface="" @@ -38,20 +40,18 @@ captive_portal_unset_jammer_interface() { captive_portal_set_jammer_interface() { if [ "$CaptivePortalJammerInterface" ]; then return 0; fi - - if [ ! "$CaptivePortalUninitializedJammerInterface" ]; then + if [ ! "$CaptivePortalJammerInterfaceOriginal" ]; then echo "Running get jammer interface." > $FLUXIONOutputDevice if ! fluxion_get_interface attack_targetting_interfaces \ "$CaptivePortalJammerInterfaceQuery"; then echo "Failed to get jammer interface" > $FLUXIONOutputDevice return 1 fi - local selectedInterface=$FluxionInterfaceSelected - else - local selectedInterface=$CaptivePortalUninitializedJammerInterface - unset CaptivePortalUninitializedJammerInterface + CaptivePortalJammerInterfaceOriginal=$FluxionInterfaceSelected fi + local selectedInterface=$CaptivePortalJammerInterfaceOriginal + if ! fluxion_allocate_interface $selectedInterface; then echo "Failed to allocate jammer interface" > $FLUXIONOutputDevice return 2 @@ -71,6 +71,8 @@ captive_portal_ap_interfaces() { } captive_portal_unset_ap_interface() { + CaptivePortalAccessPointInterfaceOriginal="" + if [ ! "$CaptivePortalAccessPointInterface" ]; then return 1; fi if [ "$CaptivePortalAccessPointInterface" = \ "${CaptivePortalJammerInterface}v" ]; then @@ -86,19 +88,18 @@ captive_portal_unset_ap_interface() { captive_portal_set_ap_interface() { if [ "$CaptivePortalAccessPointInterface" ]; then return 0; fi - if [ ! "$CaptivePortalUninitializedAccessPointInterface" ]; then + if [ ! "$CaptivePortalAccessPointInterfaceOriginal" ]; then echo "Running get ap interface." > $FLUXIONOutputDevice if ! fluxion_get_interface captive_portal_ap_interfaces \ "$CaptivePortalAccessPointInterfaceQuery"; then echo "Failed to get ap interface" > $FLUXIONOutputDevice return 1 fi - local selectedInterface=$FluxionInterfaceSelected - else - local selectedInterface=$CaptivePortalUninitializedAccessPointInterface - unset CaptivePortalUninitializedAccessPointInterface + CaptivePortalAccessPointInterfaceOriginal=$FluxionInterfaceSelected fi + local selectedInterface=$CaptivePortalAccessPointInterfaceOriginal + if ! fluxion_allocate_interface $selectedInterface; then echo "Failed to allocate ap interface" > $FLUXIONOutputDevice return 2 @@ -140,9 +141,15 @@ function captive_portal_unset_ap_service() { } function captive_portal_set_ap_service() { - if [ "$CaptivePortalAPService" ]; then return 0; fi + if [ "$CaptivePortalAPService" ]; then + if ! type -t ap_service_start; then + # AP Service: Load the service's helper routines. + source "lib/ap/$CaptivePortalAPService.sh" + fi + return 0 + fi if ! interface_is_wireless "$CaptivePortalAccessPointInterface"; then - return 0; + return 0 fi captive_portal_unset_ap_service @@ -205,9 +212,15 @@ captive_portal_unset_authenticator() { captive_portal_set_authenticator() { if [ "$CaptivePortalAuthenticatorMode" ]; then - echo "Captive Portal authentication mode is already set, skipping!" \ - > $FLUXIONOutputDevice - return 0 + case "$CaptivePortalAuthenticatorMode" in + "hash") + if [ "$CaptivePortalHashPath" ]; then + echo "Captive Portal authentication mode is already set, skipping!" \ + > $FLUXIONOutputDevice + return 0 + fi + ;; + esac fi captive_portal_unset_authenticator @@ -277,7 +290,7 @@ captive_portal_set_authenticator() { captive_portal_run_certificate_generator() { xterm -bg "#000000" -fg "#CCCCCC" \ -title "Generating Self-Signed SSL Certificate" -e openssl req \ - -subj '/CN=captive.router.lan/O=CaptivePortal/OU=Networking/C=US' \ + -subj '/CN=captive.gateway.lan/O=CaptivePortal/OU=Networking/C=US' \ -new -newkey rsa:2048 -days 365 -nodes -x509 \ -keyout "$FLUXIONWorkspacePath/server.pem" \ -out "$FLUXIONWorkspacePath/server.pem" @@ -299,7 +312,10 @@ captive_portal_unset_certificate() { # Create Self-Signed SSL Certificate captive_portal_set_certificate() { - if [ "$CaptivePortalSSL" ]; then + if [ \ + "$CaptivePortalSSL" = "disabled" -o \ + "$CaptivePortalSSL" = "enabled" -a \ + -f "$FLUXIONWorkspacePath/server.pem" ]; then echo "Captive Portal SSL mode already set to $CaptivePortalSSL!" \ > $FLUXIONOutputDevice return 0 @@ -323,6 +339,18 @@ captive_portal_set_certificate() { return 0 fi + + # Check if we're restoring and we need to re-create certificate. + if [ "$CaptivePortalSSL" = "enabled" ]; then + if ! captive_portal_run_certificate_generator; then + fluxion_conditional_bail "cert-gen failed!" + return 2 + fi + CaptivePortalSSL="enabled" + return 0 + fi + + if [ "$FLUXIONAuto" ]; then CaptivePortalSSL="disabled" else @@ -1251,6 +1279,41 @@ prep_attack() { CaptivePortalState="Ready" } +load_attack() { + local -r configurationPath=$1 + + local configuration + readarray -t configuration < <(more "$configurationPath") + + CaptivePortalJammerInterfaceOriginal=${configuration[0]} + CaptivePortalAccessPointInterfaceOriginal=${configuration[1]} + CaptivePortalAPService=${configuration[2]} + CaptivePortalAuthenticatorMode=${configuration[3]} + CaptivePortalSSL=${configuration[4]} + CaptivePortalConnectivity=${configuration[5]} + CaptivePortalUserInterface=${configuration[6]} + + # Hash authenticator mode configuration. + CaptivePortalHashPath=${configuration[7]} +} + +save_attack() { + local -r configurationPath=$1 + + # Store/overwrite attack configuration for pause & resume. + # Order: JammerWI, APWI, APServ, AuthMode, SSL, Conn, UI + echo "$CaptivePortalJammerInterfaceOriginal" > "$configurationPath" + echo "$CaptivePortalAccessPointInterfaceOriginal" >> "$configurationPath" + echo "$CaptivePortalAPService" >> "$configurationPath" + echo "$CaptivePortalAuthenticatorMode" >> "$configurationPath" + echo "$CaptivePortalSSL" >> "$configurationPath" + echo "$CaptivePortalConnectivity" >> "$configurationPath" + echo "$CaptivePortalUserInterface" >> "$configurationPath" + + # Hash authenticator mode configuration. + echo "$CaptivePortalHashPath" >> "$configurationPath" +} + stop_attack() { # Attempt to find PIDs of any running authenticators. local authenticatorPID=$(ps a | grep -vE "xterm|grep" | grep captive_portal_authenticator.sh | awk '{print $1}') diff --git a/attacks/Handshake Snooper/attack.sh b/attacks/Handshake Snooper/attack.sh index 4788292..d000bb4 100755 --- a/attacks/Handshake Snooper/attack.sh +++ b/attacks/Handshake Snooper/attack.sh @@ -222,9 +222,10 @@ handshake_snooper_set_deauthenticator_identifier() { } handshake_snooper_unset_jammer_interface() { + HandshakeSnooperJammerInterfaceOriginal="" + if [ ! "$HandshakeSnooperJammerInterface" ]; then return 1; fi HandshakeSnooperJammerInterface="" - HandshakeSnooperJammerInterfaceOriginal="" # Check if we're automatically selecting the interface & skip # this one if so to take the user back properly.