crash.software
Projects
Pull Requests
Issues
Builds
macstealer
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY macstealer Commits 5a4bb099
🤬
  • ■ ■ ■ ■ ■
    README.md
    skipped 500 lines
    501 501   of the victim identity.
    502 502   
    503 503   
     504 +## 7.3. Other parameters
     505 + 
     506 +- `--delay seconds`: You can use the parameter `--delay` to specify a delay, in seconds, before reconnecting as
     507 + the attacker.
     508 + 
     509 +- `-d` or `-dd`: Adding one of these parameters increases the debug verbosity of the script
     510 + and the underlying `wpa_supplicant` instance.
     511 + 
     512 + 
    504 513  <a id="id-test-bss"></a>
    505  -## 7.3. Testing a specific Access Point / BSS
     514 +## 7.4. Testing a specific Access Point / BSS
    506 515   
    507 516  By default, MacStealer will automatically select an AP/BSS of the network to connect with and test.
    508 517  In case you have a network with multiple APs/BSSes, you can test a specific one by specifying this
    skipped 35 lines
    544 553   
    545 554   
    546 555  <a id="id-sae-pk"></a>
    547  -## 7.4. Testing an SAE-PK network
     556 +## 7.5. Testing an SAE-PK network
    548 557   
    549 558  You can test an SAE-PK network by using the following configuration file. Notice that for
    550 559  SAE-PK networks there is no difference in how the victim and attacker authenticate, i.e.,
    skipped 94 lines
    645 654   
    646 655  - Improved README: focus intro on bypassing client isolation, update defenses with 802.1X remarks and
    647 656   to prevent stealing the default gateway's MAC address.
     657 + 
     658 +- Added the `--delay` parameter to specify a delay in seconds before reconnecting as the attacker.
    648 659   
    649 660  **Version 1.1 (18 January 2023)**
    650 661   
    skipped 20 lines
  • ■ ■ ■ ■ ■
    research/macstealer.py
    skipped 437 lines
    438 438   if self.options.same_id:
    439 439   log(STATUS, f">>> Received TCP SYN/ACK after connecting and reconnecting as {self.id_victim}.", color="green")
    440 440   else:
    441  - log(STATUS, f">>> Attacker {self.id_attacker} intercepted TCP SYN/ACK reply to victim {self.id_victim}.", color="red")
    442  - log(STATUS, f">>> This means the network is vulnerable!", color="red")
     441 + delay = time.time() - self.time_start_reconnect
     442 + log(STATUS, f">>> Attacker {self.id_attacker} intercepted TCP SYN/ACK reply" \
     443 + f" to victim {self.id_victim} after {delay:.1f}s.", color="red")
     444 + if delay < 10:
     445 + log(STATUS, f">>> This means the network is vulnerable!", color="red")
     446 + else:
     447 + log(STATUS, f">>> This means the network is vulnerable, but the {delay:.1f}s " \
     448 + "delay until interception makes attacks harder.", color="orange")
    443 449   quit(1)
    444 450   
    445 451   
    skipped 129 lines
    575 581   # Step 2. Reconnect
    576 582   #
    577 583   
    578  - time_start_reconnect = time.time()
     584 + self.time_start_reconnect = time.time()
    579 585   
    580 586   if self.options.other_bss:
    581 587   # If --other-bss was used, then blacklist the victim BSSID we just used.
    skipped 7 lines
    589 595   # When not using --other-bss, force reconnecting to the same AP
    590 596   self.set_bssid(self.bssid_victim)
    591 597   
     598 + if self.options.delay != 0:
     599 + self.disconnect(wait=True)
     600 + log(STATUS, f"Sleeping for {self.options.delay}s before reconnecting")
     601 + time.sleep(self.options.delay)
     602 + 
    592 603   if self.options.same_id:
    593 604   log(STATUS, f"Reconnecting as the victim...", color="green")
    594 605   self.connect(self.netid_victim, timeout=20)
    skipped 5 lines
    600 611   log(STATUS, f"Listening for replies to the victim's TCP SYN request...", color="green")
    601 612   self.get_ip_address()
    602 613   
    603  - time_reconnect = time.time() - time_start_reconnect
    604  - if time_reconnect > 9:
     614 + time_reconnect = time.time() - self.time_start_reconnect
     615 + if time_reconnect > self.options.delay + 9:
    605 616   log(WARNING, f"Took {time_reconnect:.1f}s to reconnect & confirm IP." + \
    606 617   " This is slow, may cause test to fail. Options are:")
    607 618   log(WARNING, f"- Assure server still sends SYN/ACKs after this time. If so, this script will still work.")
    skipped 139 lines
    747 758   parser.add_argument("--config", default="client.conf", help="Config containing victim and attacker credentials.")
    748 759   parser.add_argument("--server", default="8.8.8.8", help="Server to send TCP SYN to.")
    749 760   parser.add_argument("--ping", default=False, action="store_true", help="Perform ping to test connection.")
     761 + parser.add_argument("--delay", default=0, type=float, help="Time to wait before reconnecting as attacker.")
    750 762   parser.add_argument("-d", "--debug", action="count", default=0, help="Increase output verbosity.")
    751 763   parser.add_argument("--other-bss", default=False, action="store_true", help="User different BSS=AP for victim/attacker.")
    752 764   parser.add_argument("--no-ssid-check", default=False, action="store_true", help="Allow victim and attacker to use different SSIDs.")
    skipped 44 lines
Please wait...
Page is in error, reload to recover