wifi.assoc appears to be broken

[paulouderkirk]

wifi.assoc appears to be broken. No packets are sent after the command is issued, and no APs are associated.

Environment

Please provide:

• Bettercap version you are using ( bettercap -version ).

root@kali:~# bettercap -version
bettercap v2.22 (built for linux amd64 with go1.11.6)

• OS version and architecture you are using.

root@kali:~# uname -a
Linux kali 4.19.0-kali4-amd64 #1 SMP Debian 4.19.28-2kali1 (2019-03-18) x86_64 GNU/Linux

• Go version if building from sources.
  n/a

• Command line arguments you are using.

root@kali:~# bettercap -iface wlan0 -debug

• Caplet code you are using or the interactive session commands.

wifi.recon on
wifi.assoc all

• Full debug output while reproducing the issue ( bettercap -debug ... ).

root@kali:~# bettercap -iface wlan0 -debug
bettercap v2.22 (built for linux amd64 with go1.11.6) [type 'help' for a list of commands]

 wlan0  » [11:11:06] [sys.log] [dbg] FindGateway(wlan0) [cmd=ip opts=[route] parser=^(default|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)\svia\s([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)\sdev\s(\S+).*$]
 wlan0  » [11:11:06] [sys.log] [dbg] FindGateway(wlan0) output:
default via 172.16.122.2 dev eth0 proto dhcp metric 100 
172.16.122.0/24 dev eth0 proto kernel scope link src 172.16.122.131 metric 100
 wlan0  » [11:11:06] [sys.log] [dbg] FindGateway(wlan0): nothing found :/
 wlan0  » [11:11:06] [sys.log] [dbg] Could not detect gateway.
 wlan0  » [11:11:06] [session.started] {session.started 2019-04-04 11:11:06.54900884 -0400 EDT m=+0.019265858 <nil>}
 wlan0  » [11:11:06] [mod.started] events.stream
 wlan0  » wifi.recon on
[11:11:13] [sys.log] [inf] wifi using interface wlan0 (56:b0:91:e6:9d:40)
[11:11:13] [sys.log] [war] wifi could not set interface wlan0 txpower to 30, 'Set Tx Power' requests not supported
[11:11:13] [sys.log] [dbg] wifi new frequencies: [2412 2417 2422 2427 2432 2437 2442 2447 2452 2457 2462 2467 2472 2484]
[11:11:13] [sys.log] [dbg] wifi wifi supported frequencies: [2412 2417 2422 2427 2432 2437 2442 2447 2452 2457 2462 2467 2472 2484]
 wlan0  » [11:11:13] [mod.started] wifi
 wlan0  » [11:11:13] [sys.log] [inf] wifi started (min rssi: -200 dBm)
 wlan0  » [11:11:13] [sys.log] [inf] wifi channel hopper started.
 wlan0  » [11:11:13] [sys.log] [dbg] wifi hopping on channel 1
 wlan0  » [11:11:13] [sys.log] [dbg] wifi wifi stations pruner started.
 wlan0  » [11:11:13] [sys.log] [dbg] wifi hopping on channel 2
 wlan0  » [11:11:13] [sys.log] [dbg] wifi hopping on channel 3
 wlan0  » [11:11:14] [wifi.ap.new] wifi access point six (-38 dBm) detected as 90:72:40:15:6a:aa (Apple, Inc.).
 wlan0  » [11:11:14] [sys.log] [dbg] wifi hopping on channel 4
 wlan0  » [11:11:14] [sys.log] [dbg] wifi hopping on channel 5
 wlan0  » [11:11:15] [sys.log] [dbg] wifi hopping on channel 6
 wlan0  » [11:11:15] [sys.log] [dbg] wifi hopping on channel 7
 wlan0  » [11:11:15] [sys.log] [dbg] wifi hopping on channel 8
 wlan0  » [11:11:16] [sys.log] [dbg] wifi hopping on channel 9
 wlan0  » [11:11:16] [sys.log] [dbg] wifi hopping on channel 10
 wlan0  » [11:11:17] [sys.log] [dbg] wifi hopping on channel 11
 wlan0  » [11:11:17] [sys.log] [dbg] wifi hopping on channel 12
 wlan0  » [11:11:17] [sys.log] [dbg] wifi hopping on channel 13
 wlan0  » [11:11:24] [sys.log] [dbg] wifi hopping on channel 14
 wlan0  » [11:11:24] [sys.log] [dbg] wifi hopping on channel 1
 wlan0  » [11:11:24] [sys.log] [dbg] wifi hopping on channel 2
 wlan0  » [11:11:25] [sys.log] [dbg] wifi hopping on channel 3
 wlan0  » [11:11:25] [sys.log] [dbg] wifi hopping on channel 4
 wlan0  » [11:11:26] [sys.log] [dbg] wifi hopping on channel 5
 wlan0  » [11:11:26] [sys.log] [dbg] wifi hopping on channel 6
 wlan0  » [11:11:26] [sys.log] [dbg] wifi hopping on channel 7
 wlan0  » [11:11:27] [sys.log] [dbg] wifi hopping on channel 8
 wlan0  » [11:11:27] [sys.log] [dbg] wifi hopping on channel 9
 wlan0  » [11:11:28] [sys.log] [dbg] wifi hopping on channel 10
 wlan0  » [11:11:28] [sys.log] [dbg] wifi hopping on channel 11
 wlan0  » [11:11:28] [sys.log] [dbg] wifi hopping on channel 12
 wlan0  » [11:11:29] [sys.log] [dbg] wifi hopping on channel 13
 wlan0  » [11:11:29] [sys.log] [dbg] wifi hopping on channel 14
 wlan0  » [11:11:30] [sys.log] [dbg] wifi hopping on channel 1
 wlan0  » [11:11:30] [sys.log] [dbg] wifi hopping on channel 2
 wlan0  » [11:11:30] [sys.log] [dbg] wifi hopping on channel 3
 wlan0  » [11:11:31] [sys.log] [dbg] wifi hopping on channel 4
 wlan0  » [11:11:31] [sys.log] [dbg] wifi hopping on channel 5
 wlan0  » [11:11:32] [sys.log] [dbg] wifi hopping on channel 6
 wlan0  » [11:11:32] [sys.log] [dbg] wifi hopping on channel 7
 wlan0  » [11:11:32] [sys.log] [dbg] wifi hopping on channel 8
 wlan0  » [11:11:33] [sys.log] [dbg] wifi hopping on channel 9
 wlan0  » [11:11:33] [sys.log] [dbg] wifi hopping on channel 10
 wlan0  » [11:11:34] [sys.log] [dbg] wifi hopping on channel 11
 wlan0  » [11:11:34] [sys.log] [dbg] wifi hopping on channel 12
 wlan0  » [11:11:34] [sys.log] [dbg] wifi hopping on channel 13
 wlan0  » w[11:11:35] [sys.log] [dbg] wifi hopping on channel 14
 wlan0  » wif[11:11:35] [sys.log] [dbg] wifi hopping on channel 1
 wlan0  » wifif[11:11:36] [sys.log] [dbg] wifi hopping on channel 2
 wlan0  » wifif[11:11:36] [sys.log] [dbg] wifi hopping on channel 3
 wlan0  » wifi.[11:11:36] [sys.log] [dbg] wifi hopping on channel 4
 wlan0  » wifi.as[11:11:37] [sys.log] [dbg] wifi hopping on channel 5
 wlan0  » wifi.assoc[11:11:37] [sys.log] [dbg] wifi hopping on channel 6
 wlan0  » wifi.assoc [11:11:38] [sys.log] [dbg] wifi hopping on channel 7
 wlan0  » wifi.assoc all[11:11:38] [sys.log] [dbg] wifi hopping on channel 8
 wlan0  » wifi.assoc all
 wlan0  » [11:11:38] [sys.log] [inf] wifi sending association request to AP six (channel:6 encryption:WPA2)
 wlan0  » [11:11:54] [wifi.client.new] new station e8:2a:ea:1f:03:b5 (Intel Corporate) detected for six (90:72:40:15:6a:aa)
 wlan0  » 

Steps to Reproduce

1. Start bettercap
2. Run wifi.recon on and wait until at least one AP is discovered
3. Run wifi.assoc all to attempt to associate and capture a PMKID

Expected behavior: I expected an association request to be sent and (maybe) a PMKID to be captured.

Actual behavior: The association request is not sent, and it seems to hang after the first attempt. No request is actually sent (that I can see, I ran Wireshark on another interface, and the bettercap interface does not send any traffic).

I've reproduced this issue on two laptops (with multiple different wifi adapters with different chipsets), and in a VMware Fusion VM with an Alfa AWUS036H attached.

--

♥ ANY INCOMPLETE REPORT WILL BE CLOSED RIGHT AWAY ♥

[evilsocket]

not sure i follow, when you executed wifi.assoc all i can see bettercap sending an association request to an AP:

wlan0 » [11:11:38] [sys.log] [inf] wifi sending association request to AP six (channel:6 encryption:WPA2)

now, if that's the only visible AP in that moment, that's normal ... what was the output of wifi.show? from your own logs, i can see that only that AP was discovered:

wlan0 » [11:11:38] [sys.log] [inf] wifi sending association request to AP six (channel:6 encryption:WPA2)

so what did you exactly expect to happen?

[paulouderkirk]

Sorry, I'll try to be more clear: the association request is never actually sent from the interface. I've confirmed this with Wireshark running on another machine.

[paulouderkirk]

Additionally, if you run wifi.assoc all when there are multiple APs detected in range, it outputs the debug "sending association request to AP blah" to one of the APs, but doesn't send or output any log about the other APs in range.

[evilsocket]

i'll try to test this but it's unlikely i will be able to reproduce as it works every time for me

[paulouderkirk]

If there's any additional debug information I can provide, I'm willing to try anything.

[evilsocket]

ooops, i was actually able to reproduce this, let's see if i can fix :D

[evilsocket]

it appeared to be a bug i introduced recently, fixed now, will release as precompiled in a couple of weeks approximately

[paulouderkirk]

Thanks very much!