fragattacks: option to never send QoS data frames

Fixes #5. This option is experimental and may break some tests that rely on sending QoS Data frames with different priorities.
2024-11-24 16:28:23 -05:00 · 2021-05-16 22:07:54 +04:00 · 2021-05-16 22:07:54 +04:00 · 1bc7636768
commit 1bc7636768
parent 6cb61da4a1
2 changed files with 13 additions and 0 deletions
--- a/research/fragattack.py
+++ b/research/fragattack.py
@ -208,6 +208,7 @@ if __name__ == "__main__":
 	# TODO: Properly test the --bad-mic option
 	parser.add_argument('--bad-mic', default=False, action='store_true', help="Send pings using an invalid authentication tag.")
 	parser.add_argument('--pn-per-qos', default=False, action='store_true', help="Use separate Tx packet counter for each QoS TID.")
+	parser.add_argument('--no-qos', default=False, action='store_true', help="Don't send QoS data frames (experimental - may break some tests).")
 	parser.add_argument('--freebsd-cache', default=False, action='store_true', help="Sent EAP(OL) frames as (malformed) broadcast EAPOL/A-MSDUs.")
 	parser.add_argument('--connected-delay', type=float, default=1, help="Second to wait after AfterAuth before triggering Connected event")
 	parser.add_argument('--to-self', default=False, action='store_true', help="Send ARP/DHCP/ICMP with same src and dst MAC address.")
@ -227,6 +228,9 @@ if __name__ == "__main__":
 	# Sanity check and convert some arguments to more usable form
 	options.ptype = args2ptype(options)
 	options.as_msdu = args2msdu(options)
+	if options.pn_per_qos and options.no_qos:
+		log(STATUS, f"Cannot specify option --pn-per-qos and --no-qos simultaneously.")
+		quit(1)

 	# Make the --inject-test-postauth flags easier to check
 	if options.inject_test_postauth != None:
--- a/research/fraginternals.py
+++ b/research/fraginternals.py
@ -437,6 +437,11 @@ class Station():
 	def encrypt(self, frame, inc_pn=1, force_key=None):
 		# TODO: Add argument to force a bad authenticity check

+		# Need to already remove Dot11QoS here since this affects authenticity tag
+		if self.options.no_qos and Dot11QoS in frame:
+			log(DEBUG, "Station.encrypt: removing Dot11QoS header as requested by user")
+			frame = remove_dot11qos(frame)
+
 		idx = dot11_get_priority(frame) if self.options.pn_per_qos else 0
 		self.pn[idx] += inc_pn

@ -795,6 +800,10 @@ class Daemon(metaclass=abc.ABCMeta):
 			set_monitor_mode(self.options.inject_test)

 	def inject_mon(self, p):
+		# If requested send all frames as normal data frames (i.e. remove Dot11QoS if present)
+		if self.options.no_qos and Dot11QoS in p:
+			log(DEBUG, "Station.inject_mon: removing Dot11QoS header as requested by user")
+			p = remove_dot11qos(p)
 		self.sock_mon.send(p)

 	def inject_eth(self, p):