fix: do not trigger deauth events for frames sent by client stations …

…or unknown access points

_example/functions.js

@@ -22,7 +22,9 @@ function onDeauthentication(event) {
         'Reason: ' + data.reason + "\n" +
         'Address1: ' + data.address1 + "\n" +
         'Address2: ' + data.address2 + "\n" +
-        'Address3: ' + data.address3;
+        'Address3: ' + data.address3 + "\n"
+        'AP:\n' + JSON.stringify(data.ap, null, 2);
+
 
     // send to telegram bot
     sendMessage(message);

modules/wifi/wifi_events.go

@@ -10,11 +10,12 @@ type ClientEvent struct {
 }
 
 type DeauthEvent struct {
-	RSSI     int8   `json:"rssi"`
-	Address1 string `json:"address1"`
-	Address2 string `json:"address2"`
-	Address3 string `json:"address3"`
-	Reason   string `json:"reason"`
+	RSSI     int8                 `json:"rssi"`
+	AP       *network.AccessPoint `json:"ap"`
+	Address1 string               `json:"address1"`
+	Address2 string               `json:"address2"`
+	Address3 string               `json:"address3"`
+	Reason   string               `json:"reason"`
 }
 
 type ProbeEvent struct {

modules/wifi/wifi_recon.go

@@ -202,11 +202,20 @@ func (mod *WiFiModule) discoverDeauths(radiotap *layers.RadioTap, dot11 *layers.
 		reason = deauth.Reason.String()
 	}
 
+	// trigger events only if the deauth is coming from an AP we know of
+	source := dot11.Address1.String()
+	ap, found := mod.Session.WiFi.Get(source)
+	if !found {
+		mod.Debug("skipping deauth frame from %s", source)
+		return
+	}
+
 	mod.Debug("deauth radio %#v", radiotap)
 
 	mod.Session.Events.Add("wifi.deauthentication", DeauthEvent{
 		RSSI:     radiotap.DBMAntennaSignal,
-		Address1: dot11.Address1.String(),
+		AP:       ap,
+		Address1: source,
 		Address2: dot11.Address2.String(),
 		Address3: dot11.Address3.String(),
 		Reason:   reason,