diff --git a/research/README.md b/research/README.md index 523650435..c5367b278 100644 --- a/research/README.md +++ b/research/README.md @@ -1,13 +1,24 @@ # Usage -Install the dependencies in `../../requirements.txt`. Then you can run -`./inject.py interface tests` where the first argument is the interface -to use. This inferface should NOT be set to monitor mode (the script will -handle this). The second parameter is the test to execute. +## Installation + +1. Install the dependencies in `../../requirements.txt`. + +2. Compile the modified `hostapd` and `wpa_supplicant` using `cd research && ./build.sh`. + If this fails install the required dependencies. The build.sh script is also very + trivial so you can manually execute each command in that script to see + where it fails and how to fix it. + + +## Example Usage + +Then you can run `./fragattack.py interface tests` where the first argument +is the interface to use. This inferface should NOT be set to monitor mode +(the script will handle this). The second parameter is the test to execute. You can first execute a simple ping to see if everything is working: - ./inject.py wlan0 ping --ip 192.168.100.10 --peerip 192.168.100.1 + ./fragattack.py wlan0 ping --ip 192.168.100.10 --peerip 192.168.100.1 Here `peerip` is the IP address of the AP/router we are testing, and `ip` denotes the IP address we are assignment to the client. Edit the file diff --git a/research/build.sh b/research/build.sh new file mode 100755 index 000000000..3fe00cedd --- /dev/null +++ b/research/build.sh @@ -0,0 +1,13 @@ +#!/bin/bash +set -e + +cd ../hostapd +cp defconfig .config +make clean +make -j2 + +cd ../wpa_supplicant +cp defconfig .config +make clean +make -j2 + diff --git a/research/inject.py b/research/fragattack.py similarity index 98% rename from research/inject.py rename to research/fragattack.py index 0c8a60517..361865f7b 100755 --- a/research/inject.py +++ b/research/fragattack.py @@ -107,7 +107,7 @@ class Action(): # Reconnect: force a reconnect GetIp, Rekey, Reconnect, Roam, Inject, Func = range(6) - def __init__(self, trigger, action=Inject, func=None, enc=False, frame=None, inc_pn=1, delay=None): + def __init__(self, trigger, action=Inject, func=None, enc=False, frame=None, inc_pn=1, delay=None, wait=None): self.trigger = trigger self.action = action self.func = func @@ -115,6 +115,13 @@ class Action(): if self.func != None: self.action = Action.Func + # Take into account default wait values. A wait value of True means the next + # Action will not be immediately executed if it has the same trigger (instead + # we have to wait on a new trigger e.g. after rekey, reconnect, roam). + self.wait = wait + if self.wait == None: + self.wait = action in [Action.Rekey, Action.Reconnect, Action.Roam] + # Specific to fragment injection self.encrypted = enc self.inc_pn = inc_pn @@ -548,17 +555,17 @@ class Station(): elif act.action == Action.Rekey: # Force rekey as AP, wait on rekey as client self.daemon.rekey(self) - break + if act.wait: break elif act.action == Action.Roam: # Roam as client, TODO XXX what was AP? self.daemon.roam(self) - break + if act.wait: break elif act.action == Action.Reconnect: # Full reconnect as AP, reassociation as client self.daemon.reconnect(self) - #break + if act.wait: break elif act.action == Action.Inject: if act.delay != None: