summaryrefslogtreecommitdiff
path: root/scapy
diff options
context:
space:
mode:
Diffstat (limited to 'scapy')
-rw-r--r--scapy/doctor-who-wifi.py101
1 files changed, 101 insertions, 0 deletions
diff --git a/scapy/doctor-who-wifi.py b/scapy/doctor-who-wifi.py
new file mode 100644
index 0000000..ba99006
--- /dev/null
+++ b/scapy/doctor-who-wifi.py
@@ -0,0 +1,101 @@
+#!/usr/bin/python
+# coding: utf-8
+
+# $ iw dev wlan0 interface add mon0 type monitor
+interface = "mon0"
+
+beacon_interval = 0.4
+beacon1_ssid = "internet"
+beacon1_mac = "02:03:04:05:06:07"
+
+beacon2_ssid = ["ᖵᕕ", "¬Γٮ Ξ /Δɱ", "ᒣᒥ☐ᙿᐬᗑ", "ᒣᒥ∐ ̿ ᐟᐃ∏",
+ "┐┌┗┛=/△ㄇ", "┓┏ 凵 =╱⊿┌┬┐", "=╱⊿┌┬┐'"]
+beacon2_timeout = 20 # sec.
+#######################################################
+from scapy.all import *
+import time
+import sys
+import threading
+
+destinations = dict() # key: mac, value:count-down
+
+def build_beacon(daddr, addr, symbol,enc=False):
+ p = (Dot11(addr1=daddr,addr2=addr,addr3=addr)/
+ Dot11Beacon(cap="ESS")/
+ Dot11Elt(ID="SSID",info=symbol)/
+ Dot11Elt(ID="Rates",info='\x82\x84\x0b\x16')/
+ Dot11Elt(ID="DSset",info="\x03")/
+ Dot11Elt(ID="TIM",info="\x00\x01\x00\x00") )
+ if enc:
+ p = p / Dot11Elt(ID="RSNinfo", info="\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x00\x00")
+ return RadioTap() / p
+
+def build_deauth(ap_addr, client_addr):
+ p = (Dot11(addr1=ap_addr, addr2=client_addr, addr3=ap_addr) /
+ Dot11Deauth(reason=5)) # 5: Disassociated because AP is unable to handle all currently associated STAs
+ return RadioTap() / p
+
+def sniffer_run(*_):
+ while True:
+ p = sniff(count=1, iface=interface)[0]
+ #print repr(p)
+
+ if p.haslayer(Dot11Auth) and \
+ p.addr1 == beacon1_mac and \
+ p.addr2 not in destinations.keys():
+ print "Registered via dot11auth {addr}".format(addr=p.addr2)
+ destinations[p.addr2] = time.time()
+ sendp(build_deauth(beacon1_mac, p.addr2), iface=interface, verbose=False)
+ continue
+
+ if p.haslayer(Dot11ProbeReq):
+ for layer in p.getlayer(Dot11Elt):
+ field_id, value = p.getlayer(Dot11Elt).getfield_and_val("ID")
+ if field_id.i2s[value] == "SSID":
+ if layer.info == beacon1_ssid and p.addr2 not in destinations.keys():
+ print "registered via Dot11ProbeReq {addr2}".format(addr2=p.addr2)
+ destinations[p.addr2] = time.time()
+ sendp(build_deauth(beacon1_mac, p.addr2), iface=interface, verbose=False)
+ continue
+
+def sender_run(*_):
+ beacon = build_beacon("ff:ff:ff:ff:ff:ff",beacon1_mac, beacon1_ssid)
+ last_ts = time.time()
+ while True:
+ d = time.time() - last_ts
+ if beacon_interval - d > 0:
+ time.sleep(beacon_interval - d)
+ last_ts = time.time()
+ sendp(beacon,iface=interface,verbose=False)
+ for addr,timestamp in destinations.items():
+ if time.time() - timestamp > beacon2_timeout:
+ print "{addr} timed out".format(addr=addr)
+ destinations.pop(addr)
+ continue
+
+
+ print "Send beacons to {addr}".format(addr=addr)
+ for i,symbol in zip(range(len(beacon2_ssid)), beacon2_ssid):
+ bssid = "02:00:00:00:{0:02x}:{1:02x}".format(i/0xff, i%0xff)
+ p = build_beacon(addr, bssid, symbol, enc=True)
+ sendp(p, iface=interface, verbose=False)
+
+sniffer_thread = threading.Thread()
+sniffer_thread.run = sniffer_run
+sniffer_thread.daemon = True
+sniffer_thread.start()
+
+sender_thread = threading.Thread()
+sender_thread.run = sender_run
+sender_thread.daemon = True
+sender_thread.start()
+
+try:
+ while True:
+ sender_thread.join(1)
+ if (not sender_thread.is_alive() or
+ not sniffer_thread.is_alive()):
+ sys.exit(0)
+except KeyboardInterrupt:
+ sys.exit(1)
+