About Custom Attack Scripts
Custom attack scripts are a part of a new system which simplifies adding new attacks to fluxion. It is, in essence, a method for developers to integrate new attacks quickly into fluxion without having to modify the fluxion executable.
The system offers the following services to new attack scripts:
- A systematic approach to adding new attacks to fluxion.
- Quick integration with fluxion by creating an "attack bundle."
- A method of accessing fluxion globals, such as target AP's ESSID, BSSID...
- A systematic method of operation, by requiring certain hook functions.
- A systematic method of attack abortion.
About Bundles
An attack bundle is just a fancy term for a directory containing an attack script. These attack bundles must meet specific requirements to function properly.
Attack Bundle Requirements:
- An attack script, and all assets excluding lib, must be within a directory (with optional subdirectories).
- The directory mentioned above must be named after the attack performed by the script.
- The bundle must contain an executable script at the root named "attack.sh," containing the attack.
- The bundle must contain a subdirectory at the root named "language" containing language scripts.
About Attack Scripts
The attack script (attack.sh in the bundle) is the primary script of the bundle. It is the only script in the bundle loaded directly by fluxion and must meet specific requirements to function properly.
Attack Script Requirements:
- The attack script (attack.sh) must implement four hook functions.
- prep_attack() - Must prepare the script for the attack, leaving it capable of executing start_attack().
- unprep_attack() - Must "unprepre," or undo what prep_attack() did, leaving it incapable of executing start_attack().
- start_attack() - Must start executing the attack in the background and return control to fluxion.
- stop_attack() - Must stop executing the attack, and all the processes start_attack may have started.
- [optional] attack_targetting_interfaces() - Must print a list of wireless interfaces (one per line) if the attack is targeted.
- [optional] attack_tracking_interfaces() - Must print a list of wireless interfaces (one per line) which can be used for target tracking.
- [optional] load_attack() - Must restore settings for attack from file at path passed (must also implement save_attack).
- [optional] save_attack() - Must save settings for attack to file at path passed (must also implement load_attack).
- Attacks may not call the functions above, either directly or indirectly, themselves.
- Attacks may not harm the host machine or its user, either directly or indirectly, in any way.
- Attacks must not deviate from these rules.
Additionally, good practice states custom attacks or any of its scripts must not modify fluxion globals, the fluxion executable, or any of its assets, directly or indirectly, in any way. The attack should only modify anything within its bundle, and within the fluxion workspace.
Attack Script Optionals:
- Once an attack has started and is running in the background, it may signal fluxion to stop the attack by sending it a SIGABRT signal (kill -s SIGABRT fluxPIDHere)
Note that fluxion's PID is always available via theoperator.
About Language Scripts:
Language scripts are required for every language available in fluxion. That means a script must exist in the attack's language directory for every script that exists under fluxion/language
Additionally, the language scripts must include extra meta information about the attack in the script's language, such as the attack's name in the language.
Language Script Requirements
- Language scripts must be named after a ISO 639-1 language code, must be executable and have the extension
.sh
- Language scripts must have a sensible translation for everything feasibly translatable in the attack.
- Language scripts must have a meta section within the first 3 lines of the language script.
- Language scripts must identify the attack natively within the meta section with the label
# native:
- Language scripts must describe the attack natively within the meta section with the label
# description:
FLUXION WIKI