Ticket #466: airbase-ng-r1112-multi-essid-v0.03.patch
| File airbase-ng-r1112-multi-essid-v0.03.patch, 12.9 KB (added by hdm@…, 16 months ago) |
|---|
-
src/airbase-ng.c
58 58 #include <getopt.h> 59 59 #include <sys/file.h> 60 60 #include <fcntl.h> 61 #include <ctype.h> 61 62 62 63 #include "version.h" 63 64 #include "pcap.h" … … 196 197 " -Z type : same as -z, but for WPA2\n" 197 198 " -V type : fake EAPOL 1=MD5 2=SHA1 3=auto\n" 198 199 " -F prefix : write all sent and received frames into pcap file\n" 200 " -P : respond to all probes, even when specifying ESSIDs\n" 201 " -I interval : sets the beacon interval value in ms\n" 202 " -C seconds : enables beaconing of probed ESSID values (requires -P)\n" 199 203 "\n" 200 204 " Filter options:\n" 201 205 " --bssid MAC : BSSID to filter/use\n" … … 245 249 int weplen, crypt; 246 250 247 251 int f_essid; 252 int promiscuous; 253 int beacon_cache; 248 254 int channel; 249 255 int setWEP; 250 256 int quiet; 251 257 int mitm; 252 258 int external; 253 259 int hidden; 260 int interval; 254 261 int forceska; 255 262 int skalen; 256 263 int filter; … … 311 318 char *essid; 312 319 unsigned char len; 313 320 pESSID_t next; 321 time_t expire; 314 322 }; 315 323 316 324 typedef struct MAC_list* pMAC_t; … … 420 428 alarmed++; 421 429 } 422 430 423 int addESSID(char* essid, int len )431 int addESSID(char* essid, int len, int expiration) 424 432 { 425 pESSID_t cur = rESSID; 426 433 pESSID_t tmp; 434 pESSID_t cur = rESSID; 435 time_t now; 436 427 437 if(essid == NULL) 428 438 return -1; 429 439 … … 433 443 if(rESSID == NULL) 434 444 return -1; 435 445 436 while(cur->next != NULL) 446 while(cur->next != NULL) { 447 // if it already exists, just update the expiration time 448 if(cur->len == len && ! memcmp(cur->essid, essid, len)) { 449 if(cur->expire && expiration) { 450 time(&now); 451 cur->expire = now + expiration; 452 } 453 return 0; 454 } 437 455 cur = cur->next; 456 } 438 457 439 458 //alloc mem 440 cur->next = (pESSID_t) malloc(sizeof(struct ESSID_list)); 441 cur = cur->next; 459 tmp = (pESSID_t) malloc(sizeof(struct ESSID_list)); 442 460 443 461 //set essid 444 cur->essid = (char*) malloc(len+1); 445 memcpy(cur->essid, essid, len); 446 cur->essid[len] = 0x00; 447 cur->len = len; 462 tmp->essid = (char*) malloc(len+1); 463 memcpy(tmp->essid, essid, len); 464 tmp->essid[len] = 0x00; 465 tmp->len = len; 466 467 // set expiration date 468 if(expiration) { 469 time(&now); 470 tmp->expire = now + expiration; 471 } else { 472 tmp->expire = 0; 473 } 448 474 449 cur->next = NULL; 450 475 tmp->next = NULL; 476 cur->next = tmp; 477 451 478 return 0; 452 479 } 453 480 … … 921 948 return -1; 922 949 } 923 950 951 952 void flushESSID(void) 953 { 954 pESSID_t old; 955 pESSID_t cur = rESSID; 956 time_t now; 957 958 if(rESSID == NULL) 959 return; 960 961 while(cur->next != NULL) 962 { 963 old = cur->next; 964 if(old->expire) 965 { 966 time(&now); 967 if(now > old->expire) 968 { 969 //got it 970 cur->next = old->next; 971 972 free(old->essid); 973 old->essid = NULL; 974 old->next = NULL; 975 old->len = 0; 976 free(old); 977 return; 978 } 979 } 980 cur = cur->next; 981 } 982 } 983 984 924 985 int delMAC(pMAC_t pMAC, char* mac) 925 986 { 926 987 pMAC_t old, cur = pMAC; … … 1065 1126 { 1066 1127 FILE *list; 1067 1128 char essid[256]; 1068 1129 int x; 1130 1069 1131 list = fopen(filename, "r"); 1070 1132 if(list == NULL) 1071 1133 { … … 1075 1137 1076 1138 while( fgets(essid, 256, list) != NULL ) 1077 1139 { 1078 addESSID(essid, strlen(essid)); 1140 // trim trailing whitespace 1141 x = strlen(essid) - 1; 1142 while (x >= 0 && isspace(essid[x])) 1143 essid[x--] = 0; 1144 1145 if(strlen(essid)) 1146 addESSID(essid, strlen(essid), 0); 1079 1147 } 1080 1148 1081 1149 fclose(list); … … 2837 2905 tag = parse_tags(packet+z, 0, length-z, &len); 2838 2906 if(tag != NULL && tag[0] >= 32 && tag[0] < 127 && len <= 255) //directed probe 2839 2907 { 2840 if( !opt.f_essid || gotESSID((char*)tag, len) == 1)2908 if( opt.promiscuous || !opt.f_essid || gotESSID((char*)tag, len) == 1) 2841 2909 { 2842 2910 bzero(essid, 256); 2843 2911 memcpy(essid, tag, len); … … 2847 2915 if( essid[i] > 0 && essid[i] < ' ' ) 2848 2916 goto skip_probe; 2849 2917 2850 /* got a valid ASCII probed ESSID, check if it's 2851 already in the ring buffer */ 2852 2918 /* got a valid ASCII probed ESSID */ 2919 2920 /* add this to the beacon queue */ 2921 if(opt.beacon_cache) 2922 addESSID(essid, len, opt.beacon_cache); 2923 2924 /* check if it's already in the ring buffer */ 2853 2925 for( i = 0; i < NB_PRB; i++ ) 2854 2926 if( memcmp( st_cur->probes[i], essid, len ) == 0 ) 2855 2927 goto skip_probe; … … 2937 3009 2938 3010 send_packet(packet, length); 2939 3011 2940 send_packet(packet, length);3012 //send_packet(packet, length); 2941 3013 2942 send_packet(packet, length);3014 //send_packet(packet, length); 2943 3015 return 0; 2944 3016 } 2945 3017 } … … 3339 3411 unsigned char beacon[512]; 3340 3412 int beacon_len=0; 3341 3413 int seq=0, i=0, n=0; 3414 int essid_len; 3415 char *essid = ""; 3416 pESSID_t cur_essid = rESSID; 3342 3417 float f, ticks[3]; 3343 3418 3344 3419 memcpy(&apc, arg, sizeof(struct AP_conf)); 3345 3420 3346 memcpy(beacon, "\x80\x00\x00\x00", 4); //type/subtype/framecontrol/duration3347 beacon_len+=4;3348 memcpy(beacon+beacon_len , BROADCAST, 6); //destination3349 beacon_len+=6;3350 if(!opt.adhoc)3351 memcpy(beacon+beacon_len, apc.bssid, 6); //source3352 else3353 memcpy(beacon+beacon_len, opt.r_smac, 6); //source3354 beacon_len+=6;3355 memcpy(beacon+beacon_len, apc.bssid, 6); //bssid3356 beacon_len+=6;3357 memcpy(beacon+beacon_len, "\x00\x00", 2); //seq+frag3358 beacon_len+=2;3359 3360 memcpy(beacon+beacon_len, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 12); //fixed information3361 beacon[beacon_len+8] = (apc.interval) & 0xFF; //beacon interval3362 beacon[beacon_len+9] = (apc.interval >> 8) & 0xFF;3363 memcpy(beacon+beacon_len+10, apc.capa, 2); //capability3364 beacon_len+=12;3365 3366 beacon[beacon_len] = 0x00; //essid tag3367 beacon[beacon_len+1] = apc.essid_len; //essid tag3368 beacon_len+=2;3369 memcpy(beacon+beacon_len, apc.essid, apc.essid_len); //actual essid3370 beacon_len+=apc.essid_len;3371 3372 memcpy(beacon+beacon_len, RATES, 16); //rates+extended rates3373 beacon_len+=16;3374 3375 beacon[beacon_len] = 0x03; //channel tag3376 beacon[beacon_len+1] = 0x01;3377 beacon[beacon_len+2] = wi_get_channel(_wi_in); //current channel3378 beacon_len+=3;3379 3380 if( opt.allwpa )3381 {3382 memcpy(beacon+beacon_len, WPA_TAGS, 0x56);3383 beacon_len += 0x56;3384 }3385 3386 if(opt.wpa2type > 0)3387 {3388 memcpy(beacon+beacon_len, WPA2_TAG, 22);3389 beacon[beacon_len+7] = opt.wpa2type;3390 beacon[beacon_len+13] = opt.wpa2type;3391 beacon_len += 22;3392 }3393 3394 if(opt.wpa1type > 0)3395 {3396 memcpy(beacon+beacon_len, WPA1_TAG, 24);3397 beacon[beacon_len+11] = opt.wpa1type;3398 beacon[beacon_len+17] = opt.wpa1type;3399 beacon_len += 24;3400 }3401 3402 3421 ticks[0]=0; 3403 3422 ticks[1]=0; 3404 3423 ticks[2]=0; … … 3446 3465 3447 3466 // printf( "4 " ); 3448 3467 fflush(stdout); 3468 3469 3470 if(cur_essid == NULL) cur_essid = rESSID; 3471 if(cur_essid == NULL) { 3472 essid = "default"; 3473 essid_len = strlen(essid); 3474 } else { 3475 3476 /* flush expired ESSID entries */ 3477 flushESSID(); 3478 3479 essid = cur_essid->essid; 3480 essid_len = cur_essid->len; 3481 cur_essid = cur_essid->next; 3482 } 3483 3484 beacon_len = 0; 3485 3486 memcpy(beacon, "\x80\x00\x00\x00", 4); //type/subtype/framecontrol/duration 3487 beacon_len+=4; 3488 memcpy(beacon+beacon_len , BROADCAST, 6); //destination 3489 beacon_len+=6; 3490 if(!opt.adhoc) 3491 memcpy(beacon+beacon_len, apc.bssid, 6); //source 3492 else 3493 memcpy(beacon+beacon_len, opt.r_smac, 6); //source 3494 beacon_len+=6; 3495 memcpy(beacon+beacon_len, apc.bssid, 6); //bssid 3496 beacon_len+=6; 3497 memcpy(beacon+beacon_len, "\x00\x00", 2); //seq+frag 3498 beacon_len+=2; 3499 3500 memcpy(beacon+beacon_len, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 12); //fixed information 3501 3502 beacon[beacon_len+8] = (apc.interval * MAX(getESSIDcount(), 1) ) & 0xFF; //beacon interval 3503 beacon[beacon_len+9] = (apc.interval * MAX(getESSIDcount(), 1) >> 8) & 0xFF; 3504 memcpy(beacon+beacon_len+10, apc.capa, 2); //capability 3505 beacon_len+=12; 3506 3507 beacon[beacon_len] = 0x00; //essid tag 3508 beacon[beacon_len+1] = essid_len; //essid tag 3509 beacon_len+=2; 3510 memcpy(beacon+beacon_len, essid, essid_len); //actual essid 3511 beacon_len+=essid_len; 3512 3513 memcpy(beacon+beacon_len, RATES, 16); //rates+extended rates 3514 beacon_len+=16; 3515 3516 beacon[beacon_len] = 0x03; //channel tag 3517 beacon[beacon_len+1] = 0x01; 3518 beacon[beacon_len+2] = wi_get_channel(_wi_in); //current channel 3519 beacon_len+=3; 3520 3521 if( opt.allwpa ) 3522 { 3523 memcpy(beacon+beacon_len, WPA_TAGS, 0x56); 3524 beacon_len += 0x56; 3525 } 3526 3527 if(opt.wpa2type > 0) 3528 { 3529 memcpy(beacon+beacon_len, WPA2_TAG, 22); 3530 beacon[beacon_len+7] = opt.wpa2type; 3531 beacon[beacon_len+13] = opt.wpa2type; 3532 beacon_len += 22; 3533 } 3534 3535 if(opt.wpa1type > 0) 3536 { 3537 memcpy(beacon+beacon_len, WPA1_TAG, 24); 3538 beacon[beacon_len+11] = opt.wpa1type; 3539 beacon[beacon_len+17] = opt.wpa1type; 3540 beacon_len += 24; 3541 } 3542 3543 3449 3544 //copy timestamp into beacon; a mod 2^64 counter incremented each microsecond 3450 3545 for(i=0; i<8; i++) 3451 3546 { … … 3457 3552 3458 3553 // printf( "5 " ); 3459 3554 fflush(stdout); 3555 3460 3556 if( send_packet( beacon, beacon_len ) < 0 ) 3461 3557 { 3462 3558 printf("Error sending beacon!\n"); … … 3777 3873 opt.ringbuffer = 10; 3778 3874 opt.nb_arp = 0; 3779 3875 opt.f_index = 1; 3780 3876 opt.interval = 0x64; 3877 opt.beacon_cache = 0; /* disable by default */ 3878 3781 3879 srand( time( NULL ) ); 3782 3880 3783 3881 while( 1 ) … … 3785 3883 int option_index = 0; 3786 3884 3787 3885 static struct option long_options[] = { 3886 {"beacon-cache",1, 0, 'C'}, 3788 3887 {"bssid", 1, 0, 'b'}, 3789 3888 {"bssids", 1, 0, 'B'}, 3790 3889 {"channel", 1, 0, 'c'}, … … 3792 3891 {"clients", 1, 0, 'D'}, 3793 3892 {"essid", 1, 0, 'e'}, 3794 3893 {"essids", 1, 0, 'E'}, 3894 {"promiscuous", 0, 0, 'P'}, 3895 {"interval", 1, 0, 'I'}, 3795 3896 {"mitm", 0, 0, 'M'}, 3796 3897 {"hidden", 0, 0, 'X'}, 3797 3898 {"caffe-latte", 0, 0, 'L'}, … … 3803 3904 }; 3804 3905 3805 3906 int option = getopt_long( argc, argv, 3806 "a:h:i: r:w:He:E:c:d:D:f:W:qMY:b:B:XsS:Lx:vAz:Z:yV:0NF:",3907 "a:h:i:C:I:r:w:HPe:E:c:d:D:f:W:qMY:b:B:XsS:Lx:vAz:Z:yV:0NF:", 3807 3908 long_options, &option_index ); 3808 3909 3809 3910 if( option < 0 ) break; … … 3890 3991 3891 3992 case 'e' : 3892 3993 3893 if( addESSID(optarg, strlen(optarg) ) != 0 )3994 if( addESSID(optarg, strlen(optarg), 0) != 0 ) 3894 3995 { 3895 3996 printf( "Invalid ESSID, too long\n" ); 3896 3997 printf("\"%s --help\" for help.\n", argv[0]); … … 3909 4010 opt.f_essid = 1; 3910 4011 3911 4012 break; 4013 4014 case 'P' : 3912 4015 4016 opt.promiscuous = 1; 4017 4018 break; 4019 4020 case 'I' : 4021 4022 opt.interval = atoi(optarg); 4023 4024 break; 4025 4026 case 'C' : 4027 4028 opt.beacon_cache = atoi(optarg); 4029 4030 break; 4031 3913 4032 case 'A' : 3914 4033 3915 4034 opt.adhoc = 1; … … 4461 4580 apc.essid = "\x00"; 4462 4581 apc.essid_len = 1; 4463 4582 } 4464 apc.interval = 0x0064;4583 apc.interval = opt.interval; 4465 4584 apc.capa[0] = 0x00; 4466 4585 if(opt.adhoc) 4467 4586 apc.capa[0] |= 0x02;
