allow to use any configured network interface with a valid IP

[gustavo-iniguez-goya]

Hi all,

This is a patch for the suggestion #240 .

It works as follow:

• initialize the system and configure the network.
  • initialize the network, by default using the wireless information available.
    • if it´s not available (no wifi interface configured), get all the ifaces configured on the system (any net device with a valid IP).
      • if there's only one interface configured, use that, and add the default net devices to the layout (subnet + target gw + target ip).
      • if there're more than one interface configured, display a dialog with the list of available net interfaces.
      • re/load the network items list, configure the layouts and start the network radar.
      • when a valid net interface is selected, register the plugins, launch the network radar and launch the update checker.
    • if there´s no network interface available, display an information message, and launch the update checker.

If the user press the option menu to select a device:

• Display always the dialog, even with only one interface.
  • reload the network items list, configure the layouts and start the network radar.

This has been my check list:

• Install the app
• start the app and check that core tools are:
  • checked.
  • downloaded (if not installed or outdated)
  • verified and extracted.
• start the app with no interfaces available (airplane mode), 1, 2 and 3 interfaces available.
• start the app with wifi interface available, and with gsm interface available.
• show the net interfaces dialog from the menu with no interfaces available, with 1, 2 and 3 interfaces available.
• start the app with wifi interface available and wait until get all the network hosts. Then disable wifi, get gsm connectivity, and select that interface from the menu. Ensure that the network hosts list is refreshed with the new found hosts.

If someone wants to try it out would be great, since it's quite intrusive and it will need to be tested well.

Regards.

[sorano]

I could test it out if you have compiled the .apk

[gustavo-iniguez-goya]

ok, I´ve detected a couple of problems, so I´ll commit the latest changes tonight, and upload to somewhere the apk.

[gustavo-iniguez-goya]

@sorano, here you have: http://tempsend.com/2B583A8746/106C/cSploitmultinterfaces_16092015.apk
md5: 6527d7edf4c553b8e2e99b81e2d6c255

[hightechstl]

Crashes as soon as I choose an interface
On Sep 16, 2015 6:17 PM, "ga" notifications@github.com wrote:

@sorano https://github.com/sorano, here you have:
http://tempsend.com/2B583A8746/106C/cSploitmultinterfaces_16092015.apk
md5: 6527d7edf4c553b8e2e99b81e2d6c255

—
Reply to this email directly or view it on GitHub
#245 (comment).

[gustavo-iniguez-goya]

@hightechstl , could you post please the logcat output where the exception occurs? android version? mobile model? how many interfaces appeared on the dialog when the app crashed? what kind of interface(s) (wifi, gsm, ethernet)?

[gustavo-iniguez-goya]

Here's another apk with the latest 3 commits applied (plus the one which fixes a crash, reported on another issue):
http://tempsend.com/DCFBEBEB35/33D9/cSploitmultinterfaces_18092015.apk

md5: a91377f4cfad2768909ff1f93b3e74c6

[fat-tire]

Hey @Gainan-- any chance you could meet on IRC... want to compare notes w/you on what's working and what isn't... I'll hang out here, on #csploit in freenode.

Anyone else who feels like joining great.. I didn't create this channel tho.

[sorano]

Ok. Sorry for the delay. I started testing the first version yesterday on my Nexus 7 Lollipop (Running Nethunter rom (aug 2015 release)) but followed up by testing the newer APK today (it was released when I was sleeping). FYI I could start both versions without crashes.

I tested the newer APK with both a USB LAN and WLAN interface and it worked fine as such as it detects and prompts for additional interfaces, finds the local subnet on that interface, sweeps that subnet etc.

One bug I found is that if I am connected to two WLAN interfaces at the same (WLAN0 and WLAN1). In this case cSploit will be confused on which is the correct SSID on the network gateway / router and will show the SSID from WLAN0 even if I selected WLAN1 interface in cSploit. This can easily be circumvented by disconnecting wlan0 though.

So all in all I must say: Great job! Can't wait to see this merged together with the fix for MSF :) 👍

Update: If I disable everything except WLAN1 and try to perform any actions, scan host, port scan, etc. nothing seems to work. I get "Error accessing the Net" on everything.

If I then instead enable 3G interface and WLAN1 still connected I dont get the "Error access the net" however nothing seems to happen. It starts the action but no output is ever given.

If I use a LAN interface it works better, some actions works, like port scanner, but different actions seems a bit more prone to crashing at times. No logcat at this moment sorry.

[gustavo-iniguez-goya]

@sorano, thank you very much for your feedback, very useful. I've taken a look at the error you're seeing ("error accessing the net"), and the bug is present on the master branch. In fact it crashes the app. We should react on network connectivity changes, but as it's a different feature I've decided to not add it to this patch. Once we decide to merge this feature or not, I'll start working on that one.

In the meantime, I'll commit a workaround for this problem.

[domenicoblanco]

Hi, can you upload again the APK?

[gustavo-iniguez-goya]

@sorano, @domenicoblanco here's another version with a fix for the situation you've described:
http://tempsend.com/9F5D8D5989/2884/cSploit_1.5.3_multinterfaces_19092015.apk
md5: 5dfa6174464e26c52c12fd4b5450d6f3

I don't have an external wifi card for connect to the mobile, so I haven't tested it with 2 wifi interfaces and I don't know if it will display correctly the ESSID of the selected network. But if it solves the other issue will be great. I won't commit these changes for now, I'll wait for your feedback.

Thank you very much for the tests, we're going to need more testers btw :)

[ghost]

In the apk you sent only rmnet1 and rmnet 0 are availible

[ghost]

Nevermind after 30 seconds they all came up

[tux-mind]

calling a method of mUpdateStatus, but checking if it is null after few lines of code.
if all path that lead the program here initializes mUpdateStatus the null check is pointless, instead if some execution path leave it uninitialized a NullPointerException will be raised.

[gustavo-iniguez-goya]

I moved the initialization of mUpdateStatus to onCreate(). Since it's called only once on the activity lifetime, it shouldn't be null, and it's not instantiated every time we change a layout (although there aren't so much changes...).

btw, there's a null check in onCreate(), because onCreate() was called after coming back from selecting a wifi network. Since I created a new method, init(), for common initializations and checks, that null check is not necessary anymore.

[tux-mind]

great, will remove these checks after the merge 😉

[tux-mind]

great new feature @gainan , I've reviewed the code and commented where I have some questions.

thanks for all your great efforts 😊

[gustavo-iniguez-goya]

wow @tux-mind , thank you very much for review it. As I said this is a quite intrusive patch which should be reviewed carefully. I've had a lot of doubts about the code, so probably there're parts that have no sense or are not finished yet (I think I've covered all of them).

I've had serious problems to:

• get the default gateway of the network (the methods which return it require API >= 21, and android studio was complaining about the compat lib version).
• know the type of a network interface, when it is not the default active network.
• get the wireless parameters of a 2nd connected wireless network (as far as I can tell, WifiManager will only return the parameters of the default connected wireless network, with no possibility to know if the device is connected to another AP on a different wireless card).
• know if a network interface is up/down (workarounded by using NetworkInterface.getByName()).

I have a set of changes not commited yet, which would fix the problem described by @sorano, when you are using the app and the net iface goes down.

This is a huge change to the code and to the default app behaviour, so I'll understand if it's not merged. Maybe I've given you some ideas :-) In any case, this would be an awesome feature.

[tux-mind]

hi @gainan , first of all thanks for your great work 😊

this feature MUST be merged.

I'm currently working on closing some bug, after you'll fix the other pull ( the one with the file editor ) I can compile again the apk and start play with this feature.

don't be hurry my friend, we are working on an open source project, do what you feel when you can, I don't want to stress you 😋

I gave a look at the core of android years ago and there is a socket for the wpa_supplicant daemon.
if that socket and the protocol has been unchanged between android versions then we can exploit that interface to control the boat.

also this is the first to step to control an external WiFi adapter, which is a feature that I want to add from years ❤️

[ETeissonniere]

Hey guys, if you do it, I will try to add aircrack-ng instead of router
keygen
Le 21 sept. 2015 18:36, "tux-mind" notifications@github.com a écrit :

hi @gainan https://github.com/gainan , first of all thanks for your
great work [image: 😊]

this feature MUST be merged.

I'm currently working on closing some bug, after you'll fix the other pull
( the one with the file editor ) I can compile again the apk and start play
with this feature.

don't be hurry my friend, we are working on an open source project, do
what you feel when you can, I don't want to stress you [image: 😋]

I gave a look at the core of android years ago and there is a socket for
the wpa_supplicant daemon.
if that socket and the protocol has been unchanged between android
versions then we can exploit that interface to control the boat.

also this is the first to step to control an external WiFi adapter, which
is a feature that I want to add from years [image: ❤️]

—
Reply to this email directly or view it on GitHub
#245 (comment).

[tux-mind]

@developpsoft can you split the aircrack-ng suite into small libraries ?

for example:

• libaircommon.so: common shared functions
• libairmon.so : functions to list wifi adapters and putting them into promiscuos/monitor mode
• libairdump.so: functions to sniff raw 802.11 packets from monitor interfaces
• libreplay.so: functions to send fake/ad-hoc packets over the air
• libaircrack.so: function to crack wireless networks from captures packets

I can assist you in this big challenge, I'm a linux expert developer.
It should not a very difficult work but require you to understand all the code base of the aircrack suite in order to arrange all the pieces in those libraries.
The output of those libraries will be structured data defined in some headers.

aircrack-ng seems having a clean separation of sources ( i just gave a look at their file names ).

Why are you reinventing the wheel tux ?

simply because parsing an interactive program output like airodump is very difficult. having libraries that return the data you need leave who use them free to choose how to display those information.

let me known 😊

[ghost]

@developpsoft
You could maybe have a look at bcmon :
https://code.google.com/p/bcmon/
Quite old project but I think they have splited the aircrack-ng suite into small libraries

[tux-mind]

@settix nice to read from you again 😊

AFAIK that project were only developing a monitor driver for bcm chipset, the aircrack suite were statically compiled for android, including the gnu libc, as you can see from their sources on google project.

[ghost]

Thanks @Tux !
Ok. In order to get all the fun out of aircrack-ng/ reaver/wifite etc.. , we would need to put our usb connected wifi adaptater into monitor mode. We could eventually build a kernel w/ monitor mode and packet injection support for every devices out there that uses csploit.
The problem is that it's a very time-consuming and head banging task..
Wouldn't there be a more efficient/easy way ?
Reaver-gui could be implemented : http://forum.xda-developers.com/showthread.php?t=2456888
And aircrack-ng gui too maybe because using a terminal on a smartphone isn't that intuitive.
Anyway This will also be a true challenge.
Csploit, the all in one pentest suite ;D.
Best luck in your project ;)

[tux-mind]

@settix you hit the point.
I though about the driver problem time ago and I think that cSploit should only care about using monitor-capable device if found.

beside we can make an App that handle the driver problem, finding the right kernel module for your device and kernel build.
cSploit is a complex program, extracting this "one time to do per device" feature into another app will be a nice solution IMHO.

do you agree ?

[fat-tire]

we would need to put our usb connected wifi adaptater into monitor mode. We could eventually build a kernel w/ monitor mode and packet injection support for every devices out there that uses csploit The problem is that it's a very time-consuming and head banging task..

Indeed. Every device will need its own kernel modifications, which is kind of a big deal to maintain and could be android version dependent.

That said, I'll throw in a plug here for Nethunter which is doing this for quite a few devices. Aside from some android-UI in the main app, Nethunter installs a full kali chroot on your device. For monitor mode and other functionality it does require the same kernel support, which it provides in the ROMs.

Version 2.1 of the NH app is going to be even easier to install/maintain-- you should be able to use it with existing rooted ROMs such as CyanogenMod. It'll auto-install the chroot and kernel for you. So it could be a nice compliment to cSploit and handle some of the kernel issues... it also could be a collaborative sub-project.

There's a #nethunter channel on IRC (freenode) as well.

[ghost]

@tux-mind Sure.
This seems to be the right thing to do ! ;)
Either find a kernel or build it yourself then Csploit ( or a "companion app" ) will find the monitor mode able interface to use.

@fat-tire
you're right, the nethunter app looks like a great idea !

[ETeissonniere]

@tux-mind, will send a makefile and sources as soon as possible 😄
Le 21 sept. 2015 19:00, "tux-mind" notifications@github.com a écrit :

@developpsoft https://github.com/DeveloppSoft can you split the
aircrack-ng suite into small libraries ?

for example:

• libaircommon.so: common shared functions
• libairmon.so : functions to list wifi adapters and putting them into
  promiscuos/monitor mode
• libairdump.so: functions to sniff raw 802.11 packets from monitor
  interfaces
• libreplay.so: functions to send fake/ad-hoc packets over the air
• libaircrack.so: function to crack wireless networks from captures
  packets

I can assist you in this big challenge, I'm a linux expert developer.
It should not a very difficult work but require you to understand all the
code base of the aircrack suite in order to arrange all the pieces in those
libraries.
The output of those libraries will be structured data defined in some
headers.

aircrack-ng https://github.com/aircrack-ng/aircrack-ng seems having a
clean separation of sources ( i just gave a look at their file names ).

Why are you reinventing the wheel tux ?

simply because parsing an interactive program output like airodump is very
difficult. having libraries that return the data you need leave who use
them free to choose how to display those information.

let me known [image: 😊]

—
Reply to this email directly or view it on GitHub
#245 (comment).

[ETeissonniere]

Or we can use Router Keygen, too
Le 22 sept. 2015 08:10, "Eliott Teissonniere" eliott.teissonniere@gmail.com
a écrit :

@tux-mind, will send a makefile and sources as soon as possible 😄
Le 21 sept. 2015 19:00, "tux-mind" notifications@github.com a écrit :

@developpsoft https://github.com/DeveloppSoft can you split the
aircrack-ng suite into small libraries ?

for example:

• libaircommon.so: common shared functions
• libairmon.so : functions to list wifi adapters and putting them
  into promiscuos/monitor mode
• libairdump.so: functions to sniff raw 802.11 packets from monitor
  interfaces
• libreplay.so: functions to send fake/ad-hoc packets over the air
• libaircrack.so: function to crack wireless networks from captures
  packets

I can assist you in this big challenge, I'm a linux expert developer.
It should not a very difficult work but require you to understand all the
code base of the aircrack suite in order to arrange all the pieces in those
libraries.
The output of those libraries will be structured data defined in some
headers.

aircrack-ng https://github.com/aircrack-ng/aircrack-ng seems having a
clean separation of sources ( i just gave a look at their file names ).

Why are you reinventing the wheel tux ?

simply because parsing an interactive program output like airodump is
very difficult. having libraries that return the data you need leave who
use them free to choose how to display those information.

let me known [image: 😊]

—
Reply to this email directly or view it on GitHub
#245 (comment).

[gustavo-iniguez-goya]

patch outdated. enqueued for the future.

[tux-mind]

this feature is a must-to have 😉
fixing bug it's a great thing, but we must start check all those TODOs.

as always thanks for your great help @gainan 😊

I'll work on it ASAP.
a few days as maximum.

[tux-mind]

merge develop into this pull request.
fixed many bugs and adjusted some little things.

many tests needed: this branch must be heavily tested before merging.

thanks in advance to all those that will spend their time compiling and trying this branch 😊

as now it works also on 3G networks, so please be careful.

[ETeissonniere]

Wow good work 😄
Le 10 oct. 2015 12:57, "tux-mind" notifications@github.com a écrit :

merge develop into this pull request.
fixed many bugs and adjusted some little things.

many tests needed: this branch must be heavily tested before merging.

thanks in advance to all those that will spend their time compiling and
trying this branch [image: 😊]

as now it works also on 3G networks, so please be careful.

—
Reply to this email directly or view it on GitHub
#245 (comment).

[gustavo-iniguez-goya]

@tux-mind , so far so good, no crashes, working fine :)

[tux-mind]

merged

[Megaeloelo]

Noob question : How can I use this?

[tux-mind]

@Megaeloelo just install the nightly build.
you can find it at the official download page