-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
misc: using script to detect karma attacks
- Loading branch information
1 parent
bfe307f
commit 6aa8f45
Showing
2 changed files
with
45 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,61 +1,86 @@ | ||
require("config") | ||
require("telegram") | ||
|
||
var fakeESSID = random.String(16, 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'); | ||
var fakeBSSID = random.Mac() | ||
|
||
function onDeauthentication(event) { | ||
var data = event.Data; | ||
var data = event.data; | ||
var message = '🚨 Detected deauthentication frame:\n\n' + | ||
'Time: ' + event.Time.String() + "\n" + | ||
'Time: ' + event.time + "\n" + | ||
'GPS: lat=' + session.GPS.Latitude + " lon=" + session.GPS.Longitude + " updated_at=" + session.GPS.Updated.String() + "\n\n" + | ||
'RSSI: ' + data.RSSI + "\n" + | ||
'Reason: ' + data.Reason + "\n" + | ||
'Address1: ' + data.Address1 + "\n" + | ||
'Address2: ' + data.Address2 + "\n" + | ||
'Address3: ' + data.Address3; | ||
'RSSI: ' + data.rssi + "\n" + | ||
'Reason: ' + data.reason + "\n" + | ||
'Address1: ' + data.address1 + "\n" + | ||
'Address2: ' + data.address2 + "\n" + | ||
'Address3: ' + data.address3; | ||
|
||
// send to telegram bot | ||
sendMessage(message); | ||
} | ||
|
||
function onHandshake(event){ | ||
var data = event.Data; | ||
var data = event.data; | ||
var what = 'handshake'; | ||
|
||
if(data.PMKID != null) { | ||
if(data.pmkid != null) { | ||
what = "RSN PMKID"; | ||
} else if(data.Full) { | ||
} else if(data.full) { | ||
what += " (full)"; | ||
} else if(hand.Half) { | ||
} else if(hand.half) { | ||
what += " (half)"; | ||
} | ||
|
||
var message = '💰 Captured ' + what + ':\n\n' + | ||
'Time: ' + event.Time.String() + "\n" + | ||
'Time: ' + event.time + "\n" + | ||
'GPS: lat=' + session.GPS.Latitude + " lon=" + session.GPS.Longitude + " updated_at=" + session.GPS.Updated.String() + "\n\n" + | ||
'Station: ' + data.Station + "\n" + | ||
'AP: ' + data.AP; | ||
'Station: ' + data.station + "\n" + | ||
'AP: ' + data.ap; | ||
|
||
// send to telegram bot | ||
sendMessage(message); | ||
} | ||
|
||
function onNewAP(event){ | ||
var ap = event.data; | ||
if(ap.hostname == fakeESSID) { | ||
log("DETECTED KARMA ATTACK!!!"); | ||
// TODO: add reporting | ||
} | ||
} | ||
|
||
function onAnyEvent(event){ | ||
// if endpoint.new or endpoint.lost, clear the screen and show hosts | ||
if( event.Tag.indexOf('endpoint.') === 0 ) { | ||
if( event.tag.indexOf('endpoint.') === 0 ) { | ||
// run('clear; net.show'); | ||
} | ||
} | ||
|
||
log("session script loaded"); | ||
function onTick(event) { | ||
run('wifi.probe ' + fakeBSSID + ' ' + fakeESSID); | ||
} | ||
|
||
log("session script loaded, fake AP is " + fakeESSID); | ||
|
||
// create an empty ticker so we can run commands every few seconds | ||
run('set ticker.commands ""') | ||
run('set ticker.period 10') | ||
run('ticker on') | ||
// enable recon and probing of new hosts | ||
run('net.recon on'); | ||
run('net.probe on'); | ||
// enable wifi scanning | ||
run('set wifi.interface ' + wifiInterface); | ||
run('wifi.recon on'); | ||
|
||
// send fake client probes every tick | ||
onEvent('tick', onTick); | ||
// register for wifi.deauthentication events | ||
onEvent('wifi.deauthentication', onDeauthentication); | ||
// register for wifi.client.handshake events | ||
onEvent('wifi.client.handshake', onHandshake); | ||
// register for wifi.ap.new events | ||
onEvent('wifi.ap.new', onNewAP); | ||
|
||
// register for any event | ||
onEvent(onAnyEvent); | ||
onEvent(onAnyEvent); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters