forked from evilsocket/pwnagotchi
-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WPA-SEC multiple improvements #131
Open
jacopotediosi
wants to merge
1
commit into
aluminum-ice:master
Choose a base branch
from
jacopotediosi:wpa-sec-single-files-aluminum-ice
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
WPA-SEC multiple improvements #131
jacopotediosi
wants to merge
1
commit into
aluminum-ice:master
from
jacopotediosi:wpa-sec-single-files-aluminum-ice
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jacopotediosi
force-pushed
the
wpa-sec-single-files-aluminum-ice
branch
from
July 30, 2024 15:12
706660b
to
53f09b1
Compare
# WPA-SEC multiple improvements This commit is a nearly complete rewrite of the wpa-sec plugin to add features and fix bugs. Below I try to summarize my changes by dividing them into subchapters. ## Uploading handshakes and tracking their status The most notable improvement brought by this commit is definitely the drastic increase in handshakes that are actually uploaded to the wpa-sec website. There are several reasons why a handshake may be invalid and therefore rejected by the wpa-sec website, including: - too much distance from the clients did not allow to capture all the packets needed to crack the handshake; - the uploaded pcap file was not yet completed, for example because the pwnagotchi had started writing it when it sent the association frame to the AP but the AP had never responded with the PMKID. The wpa-sec plugin implementation prior to this commit, uploaded any pcap file contained in the handshakes folder (even if its capture was not completed or if the file was still being written) and did not check the response from the wpa-sec website. If an invalid handshake was uploaded, it was still marked as reported by the plugin and was not retried in subsequent captures. Additionally, this approach suffered from performance and reliability issues: - as the number of pcap files in the handshakes folder increased, it became longer and longer to iterate - the list of handshakes already uploaded was saved in a json file. This list was loaded into memory, so it took up more and more RAM as the number of handshakes increased. If pwnagotchi was turned off during writing, the json file was irreparably corrupted. This commit instead uses a sqlite db to store the status of uploads, which should be a better choice from the point of view of performance, memory usage, and reliability. Files are added to the database with status `TOUPLOAD` only when pwnagotchi calls the `on_handshake` function, that is, when it is guaranteed that a handshake has been captured and that writing to the pcap file has finished. When there is an internet connection, all files with status `TOUPLOAD` are uploaded and the response of the wpa-sec API is checked. If a handshake is rejected by the website, it is marked with status `INVALID` and at the next capture it is set back to `TOUPLOAD` so it will be retried. ## Download cracked passwords into .pcap.cracked single files The new `single_files` option is implemented in the `config.toml` file. This option (which already existed for the Onlinehashcrack plugin), if set to `true`, downloads the cracked passwords from the wpasec website into individual files with the `.pcap.cracked` extension, so you can see the cracked WiFi passwords directly in the webgpsmap plugin map. ## Download interval This option was implemented by the commit aluminum-ice/pwnagotchi@b1343b2 and allows you to decide how often to download passwords cracked by wpa-sec. I have adjusted the implementation to make it falls back to the default value of 3600 without crashing the plugin if the option is not set in the `config.toml` file. ## On_webook The previous implementation of the `on_webhook` function before this commit was broken. When clicking the plugin name in the Plugins tab of the pwnagotchi web UI, you were not actually authenticated to the wpa-sec website, because the code was trying to set the cookie containing the API key on the remote website's origin, so it was obviously not allowed to create cookies due to the Same Origin Policy. The new code implemented by this commit actually authenticates to the wpa-sec website by simulating entering the API key in the website's login form. ## Log messages and exception handling While rewriting the code I improved the log messages and exception handling (for example, by using the `logging.exception()` method, which prints the exception stacktrace to the logs for easier debugging). Also, this plugin now writes a logging info every time it uploads an handshake to the wpa-sec website, because in my opinion this is a sensitive operation and should be logged.
jacopotediosi
force-pushed
the
wpa-sec-single-files-aluminum-ice
branch
from
August 15, 2024 21:03
53f09b1
to
261ad99
Compare
jacopotediosi
changed the title
WPA-SEC download into .pcap.cracked single files
WPA-SEC multiple improvements
Aug 15, 2024
Sorry for the multiple force-pushes and the title change. Originally, I was going to create this PR just to add the new |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is the same as evilsocket#1248, which I submitted to the original evilsocket repository. I'm submitting it here too because the original evilsocket repository seems abandoned and aluminum-ice is actually the fork I use daily in my pwnagotchi.
Description
This PR is a nearly complete rewrite of the wpa-sec plugin to add features and fix bugs.
Below I try to summarize my changes by dividing them into subchapters.
Uploading handshakes and tracking their status
The most notable improvement brought by this PR is definitely the drastic increase in handshakes that are actually uploaded to the wpa-sec website.
There are several reasons why a handshake may be invalid and therefore rejected by the wpa-sec website, including:
The wpa-sec plugin implementation prior to this PR, uploaded any pcap file contained in the handshakes folder (even if its capture was not completed or if the file was still being written) and did not check the response from the wpa-sec website. If an invalid handshake was uploaded, it was still marked as reported by the plugin and was not retried in subsequent captures.
Additionally, this approach suffered from performance and reliability issues:
This PR instead uses a sqlite db to store the status of uploads, which should be a better choice from the point of view of performance, memory usage, and reliability.
Files are added to the database with status
TOUPLOAD
only when pwnagotchi calls theon_handshake
function, that is, when it is guaranteed that a handshake has been captured and that writing to the pcap file has finished.When there is an internet connection, all files with status
TOUPLOAD
are uploaded and the response of the wpa-sec API is checked. If a handshake is rejected by the website, it is marked with statusINVALID
and at the next capture it is set back toTOUPLOAD
so it will be retried.Download cracked passwords into .pcap.cracked single files
The new
single_files
option is implemented in theconfig.toml
file. This option (which already existed for the Onlinehashcrack plugin), if set totrue
, downloads the cracked passwords from the wpasec website into individual files with the.pcap.cracked
extension, so you can see the cracked WiFi passwords directly in the webgpsmap plugin map.Download interval
This option was implemented by the commit b1343b2 and allows you to decide how often to download passwords cracked by wpa-sec. I have adjusted the implementation to make it falls back to the default value of 3600 without crashing the plugin if the option is not set in the
config.toml
file.On_webook
The previous implementation of the
on_webhook
function before this commit was broken. When clicking the plugin name in the Plugins tab of the pwnagotchi web UI, you were not actually authenticated to the wpa-sec website, because the code was trying to set the cookie containing the API key on the remote website's origin, so it was obviously not allowed to create cookies due to the Same Origin Policy. The new code implemented by this commit actually authenticates to the wpa-sec website by simulating entering the API key in the website's login form.Log messages and exception handling
While rewriting the code I improved the log messages and exception handling (for example, by using the
logging.exception()
method, which prints the exception stacktrace to the logs for easier debugging). Also, this plugin now writes a logging info every time it uploads an handshake to the wpa-sec website, because in my opinion this is a sensitive operation and should be logged.Motivation and Context
I noticed that most of my handshakes were not listed in the "My Nets" list on the wpa-sec website, so I started investigating why. I eventually found that invalid handshakes were considered reported and were not retried even if a valid handshake was captured for the same AP later.
.pcap.cracked
files, please look at this issue from 2020. For everything else, I haven't opened any issues.How Has This Been Tested?
I have reread the code multiple times and asked a couple of friends for a review. The code has been running on our pwnagotchi instances without any issues for over three weeks. Unfortunately, I have not done any further testing. If you have any suggestions for further testing, please let me know.
Types of changes
config.toml
file are missing.Checklist:
single_files
anddownload_interval
options should be documented, but I see that, for example, the onlinehashcrack plugin'ssingle_files
option was not documented either.git commit -s