Mathy Vanhoef
2ccd42033a
fragattacks: add experimental ping-before test
...
This uses fragmented IPv4 packets to perfrom (variants of) the test
"ping BP" without needing to run a packet capture on the victim device.
This is accomplished by sending the first IPv4 fragment of a ping
request before authenticating, and the second IPv4 fragment after
authenticating. If the device is vulnerable, it should replay with a
ping response. Note that both ping IPv4 fragments are sent in a normal
non-fragmented Wi-Fi frame.
The test was confirmed to work against a Huawei MRD-LZ1F (Huawei Y6
2019).
2022-11-07 10:47:20 +01:00
Mathy Vanhoef
b7a520637e
fragattacks: do not use format strings
...
There are only supported on Python 3.6 and above. With openwifi we
likely need to support an older Python version.
This patch may be reverted in the future once support for older
Python versions is no longer needed.
2022-10-16 18:44:11 +02:00
Angelo Compagnucci
0375781b8e
research/fragattack: add --pre-test-delay parameter
...
This parameter can be used each time a test needs to be delayed before
actually executing it.
Suggested-by: Michael Trimarchi <michael@amarulasolutions.com>
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
2022-03-31 13:44:04 +08:00
Mathy Vanhoef
0e9ef74801
fragattack: add comment in code
2022-01-27 16:23:15 +01:00
Mathy Vanhoef
f27bf12e32
fragattacks: README: clarify ping-frag-sep tests
2021-06-21 23:57:45 +04:00
Mathy Vanhoef
1bc7636768
fragattacks: option to never send QoS data frames
...
Fixes #5 . This option is experimental and may break some tests that
rely on sending QoS Data frames with different priorities.
2021-05-16 22:09:28 +04:00
Mathy Vanhoef
c362116dcd
fragattacks: the tool is now called FragAttack
2021-03-01 20:55:14 +04:00
Mathy Vanhoef
32de654b74
fragattack: detect unexpected scapy version
2021-01-30 06:52:45 +04:00
Mathy Vanhoef
cab3422a38
fragattack: bugfixes and move to new scapy
2021-01-13 04:18:13 +04:00
Mathy Vanhoef
641c4a5f2d
fragattack: add --stay-up argument
2020-12-18 21:18:51 +04:00
Mathy Vanhoef
87e5a7e832
fragattack: fix description of optional argument
2020-12-18 21:15:47 +04:00
Mathy Vanhoef
d10941c8bc
fragattack: minor tweaks to README and tool output
2020-11-12 11:49:03 +04:00
Mathy Vanhoef
e94b04ff57
fragattack: check if hostapd/wpa_sup was recompiled on updates
2020-11-04 12:26:50 +04:00
Mathy Vanhoef
71e5c578ae
fragattack: show version number in output
2020-10-20 16:18:21 +04:00
Mathy Vanhoef
5ed2ba7e06
fragattack: fix SSP to SPP
2020-10-20 14:33:09 +04:00
Mathy Vanhoef
a41e1e7740
Minor updates
2020-10-07 13:44:23 +04:00
Mathy Vanhoef
0792f321bc
fragattack: reorder some code
2020-08-12 12:31:03 +04:00
Mathy Vanhoef
6379055c5b
fragattack: minor output improvement
2020-08-07 07:44:50 +04:00
Mathy Vanhoef
303b9cbec8
fragattack: add --amsdu-ssp option
2020-08-05 07:17:59 +04:00
Mathy Vanhoef
9d7378a562
fragattacks: experimental udp injection
2020-07-30 17:54:04 +04:00
Mathy Vanhoef
b53ee8371d
fragattacks: improve test names and argument parsing
2020-07-30 17:53:46 +04:00
Mathy Vanhoef
e81f640cf5
fragattack: remove some old comments
2020-07-27 00:00:00 +04:00
Mathy Vanhoef
7392e6a216
fragattacks: check if modified drivers/firmware are used
2020-07-26 22:55:22 +04:00
Mathy Vanhoef
3df71fff2f
fragattack: move macos to old tests
2020-07-26 12:00:22 +04:00
Mathy Vanhoef
7c039f5581
fragattack: add copyright banners
2020-06-28 12:35:45 +04:00
Mathy Vanhoef
3c772c7df8
fragattack: only import tests currently in the directory
2020-06-28 09:49:07 +04:00
Mathy Vanhoef
9431a8c39b
fragattack: improved injection testing
2020-06-27 17:27:46 +04:00
Mathy Vanhoef
fa1fe54699
Add TODO to detected modified drivers
2020-06-19 23:45:30 +04:00
Mathy
67093175a5
Prep for bad-mic options, some TODOs, and notes
2020-06-19 15:24:12 -04:00
Mathy
a5f498bda4
fragattack: add eapol-inject test
2020-06-13 12:37:16 -04:00
Mathy
2ff772d5ec
fragattack: add some TODOs
2020-06-11 10:57:40 -04:00
Mathy
3171d219c0
fragattack: allow connected-delay to be a float
2020-06-10 19:09:35 -04:00
Mathy
b93e980af6
fragattack: perform eapol-amsdu test against AP without tcpdump
2020-06-07 08:08:04 -04:00
Mathy Vanhoef
95f5203446
fragattacks: tweak A-MSDU injection tests
2020-05-29 05:02:19 +04:00
Mathy Vanhoef
9e068ad969
fragattack: restructured Python files
2020-05-28 17:10:37 +04:00
Mathy
0dcaf9a36c
fragattack: test A-MSDU attack and Linux variant
2020-05-27 01:43:52 -04:00
Mathy Vanhoef
3e76decf16
Use create_msdu_subframe from libwifi
2020-05-27 02:08:07 +04:00
Mathy Vanhoef
f450729cc8
fragattack: whitespace fix
2020-05-25 01:12:48 +04:00
Mathy Vanhoef
3f6639d354
fragattack: print message if a test timed out
2020-05-25 01:10:58 +04:00
Mathy Vanhoef
80c441ab50
fragattacks: minor tweaks
2020-05-24 03:34:41 +04:00
Mathy
a2991e3b3c
fragattack: use injection workarounds in all modes
2020-05-22 18:28:49 +00:00
Mathy Vanhoef
1e7de58084
fragattack: workaround for scapy bug
2020-05-22 21:13:30 +04:00
Mathy Vanhoef
2b18bfdff5
fragattack: MF injection workaround for Intel in mixed mode
2020-05-22 17:24:23 +04:00
Mathy Vanhoef
1013e849db
fragattack: add inject-selftest feature
2020-05-22 03:03:15 +04:00
Mathy Vanhoef
173e11d400
fragattack: ability to test injection capabilities of device
2020-05-20 03:14:55 +04:00
Mathy Vanhoef
3331b80fb7
fragattack: make injection selftest work on ath9k_htc
2020-05-16 23:47:54 +04:00
Mathy Vanhoef
e4ac2d88ed
fragattack: fix interface configuration for hwsim AP mode
2020-05-12 18:54:36 +04:00
Mathy Vanhoef
304d7871ce
fragattacks: initial support for hwsim simulation
2020-05-12 18:33:44 +04:00
Mathy Vanhoef
70f2cc33b7
fragattack: several changes and injection self-test functionality
2020-05-11 22:54:13 +04:00
Mathy
0b83439fdb
fragattack: option to use 2nd interface for frame injection
2020-05-11 12:57:46 -04:00