# wifizoo# complains to Hernan Ochoa (hernan@gmail.com)import sysimport cu

1. # wifizoo
2. # complains to Hernan Ochoa (hernan@gmail.com)
3. import sys
4. import curses.ascii
5. from scapy import *
6. import scapy
7. import wifiglobals
8. import appHandlers
9. import datetime
10. import getopt
11.  
12. import WifiZooEntities
13. import wifizoowebgui
14. import wifizooproxy
15.  
16. # tcp port numbers
17. HTTP_PORT = 80
18. POP3_PORT = 110
19. FTP_PORT = 21
20. TELNET_PORT = 23
21. MSN_PORT = 1863
22. SMTP_PORT = 25
23.  
24. # udp port numbers
25. NETBIOS_NS_UDP = 137
26. NETBIOS_DGM_UDP = 138
27.  
28. # dictionary of portnumber->handler
29. tcpHandlers = {}
30. udpHandlers = {}
31.  
32.  
33. # add your handlers here
34. # tcpHandlers
35. tcpHandlers[ HTTP_PORT ] = appHandlers.httpHandler
36. tcpHandlers[ POP3_PORT ] = appHandlers.pop3Handler
37. tcpHandlers[ FTP_PORT ] = appHandlers.ftpHandler
38. tcpHandlers[ TELNET_PORT ] = appHandlers.telnetHandler
39. tcpHandlers[ MSN_PORT ] = appHandlers.msnHandler
40. tcpHandlers[ SMTP_PORT ] = appHandlers.smtpHandler
41.  
42. # udpHandlers
43. udpHandlers[ NETBIOS_NS_UDP ] = appHandlers.netbiosnsHandler
44. udpHandlers[ NETBIOS_DGM_UDP ] = appHandlers.netbiosdgmHandler
45.  
46. #config
47. conf.verb=0
48. # interface where to listen for traffic
49. # tested with a rt2570 chipset
50. conf.iface = 'rausb0'
51.  
52.  
53. def showBanner():
54. print "WifiZoo v1.3 -complaints to Hernan Ochoa (hernan@gmail.com)"
55. print "options:"
56. print "\t-i <interface>"
57. print "\t-c <pcap_file>\n"
58.  
59.  
60. ### MAIN ###
61.  
62. if len(sys.argv) < 2:
63. showBanner()
64. sys.exit(0)
65.  
66. # parameters
67. iface_name = 'None'
68. pcap_filename = 'None'
69.  
70. pcap_opt = 0
71. iface_opt = 0
72.  
73. try:
74. opts, args = getopt.getopt(sys.argv[1:], 'i:c:')
75.  
76. except getopt.GetoptError, e:
77. print e
78. sys.exit(0)
79.  
80. for o, a in opts:
81. if o == '-i':
82. iface_name = a
83. iface_opt = 1
84. elif o == '-c':
85. pcap_filename = a
86. pcap_opt = 1
87.  
88. if pcap_opt == 1 and iface_opt == 1:
89. showBanner()
90. print "You cannot use -i and -c together!."
91. sys.exit(0)
92.  
93. if pcap_opt == 0 and iface_opt == 0:
94. showBanner()
95. sys.exit(0)
96.  
97. if iface_opt == 1:
98. conf.iface = iface_name
99.  
100.  
101. print "WifiZoo v1.3, complains to Hernan Ochoa (hernan@gmail.com)"
102. if iface_opt == 1:
103. print "using interface %s" % iface_name
104. elif pcap_opt == 1:
105. print "using capture file %s" % pcap_filename
106.  
107. webgui = wifizoowebgui.WifiZooWebGui()
108. webgui.start()
109. webproxy = wifizooproxy.WifiZooProxy()
110. webproxy.start()
111. print "Waiting..."
112.  
113. # if pcap file specified, read packets from file
114. if pcap_opt == 1:
115. pcapr = PcapReader(pcap_filename)
116.  
117.  
118. while 1:
119. # mm, would be better to use callback perhaps. TODO
120. if iface_opt == 1:
121. p = sniff(filter=None, iface=conf.iface, count=1)
122. pkt = p[0]
123. elif pcap_opt == 1:
124. try:
125. pkt = pcapr.next()
126. except:
127. continue
128.  
129.  
130. if not pkt.haslayer(Dot11):
131. # this is not a 802.11 packet
132. continue
133.  
134. if pkt.haslayer(Dot11):
135. if not pkt.haslayer(PrismHeader):
136. # I assume now the card does not output prism headers
137. wifiglobals.Info.setHasPrismHeaders(0)
138. else:
139. wifiglobals.Info.setHasPrismHeaders(1)
140.  
141. #if not pkt.haslayer(PrismHeader) or not pkt.haslayer(Dot11):
142. # continue
143.  
144. # try to add to AP & clients list
145. #0 = mgmt, 1=control, 2=data
146. d = pkt.getlayer(Dot11)
147. t= pkt.getlayer(Dot11).type
148. if t == 2:
149. # if packet FROMDS then dst,bssid,src
150. # if packet TODS then bssid,src,dst
151. # toDS
152. #print d.mysummary()
153. #print d.FCfield
154. if d.FCfield & 1:
155. #print "toDS"
156. bssid = str(d.addr1)
157. src = str(d.addr2)
158. dst = str(d.addr3)
159. wifiglobals.Info.addClients(src,dst,bssid)
160. #try to add the bssid to our list of APs
161. # this is hardcore :)
162. isprotected = 0
163. if pkt.sprintf("%Dot11ProbeResp.cap%").find("privacy") != -1:
164. isprotected = 1
165. else:
166. isprotected = 0
167. pktChannel = 0
168. if wifiglobals.Info.hasPrismHeaders() == 1:
169. pktChannel = pkt.channel
170. if wifiglobals.Info.addAccessPoint( bssid, '', pktChannel, isprotected ) == 1:
171. wifiglobals.Info.dumpAccessPointsList()
172.  
173.  
174. # fromDS
175. elif d.FCfield & 2:
176. #print "fromDS"
177. dst = str(d.addr1)
178. bssid = str(d.addr2)
179. src = str(d.addr3)
180. wifiglobals.Info.addClients(src,dst,bssid)
181. #try to add the bssid to our list of APs
182. # this is hardcore :)
183. isprotected = 0
184. if pkt.sprintf("%Dot11ProbeResp.cap%").find("privacy") != -1:
185. isprotected = 1
186. else:
187. isprotected = 0
188. pktChannel = 0
189. if wifiglobals.Info.hasPrismHeaders() == 1:
190. pktChannel = pkt.channel
191. if wifiglobals.Info.addAccessPoint( bssid, '', pktChannel, isprotected ) == 1:
192. wifiglobals.Info.dumpAccessPointsList()
193.  
194.  
195.  
196. # if bits are 0 & 0, thn ad-hoc network
197. # if bits are 1 & 1, then WDS system
198. #print wifiglobals.Info.getClients()
199. # is the packet encrypted?
200. #if d.FCfield & 0x40 == 0:
201. # print "UNENCRYPTED"
202. #else:
203. # print "ENCRYPTED"
204.  
205.  
206. # is it a probe request?
207. if pkt.haslayer(Dot11ProbeReq):
208. aProbeRequest = WifiZooEntities.ProbeRequest()
209. aProbeRequest.setPKT(pkt)
210. aProbeRequest.setDST( str(pkt.getlayer(Dot11).addr1) )
211. aProbeRequest.setSRC( str(pkt.getlayer(Dot11).addr2) )
212. aProbeRequest.setBSSID( str(pkt.getlayer(Dot11).addr3) )
213. if wifiglobals.Info.hasPrismHeaders() == 1:
214. aProbeRequest.setChannel( pkt.channel )
215. else:
216. aProbeRequest.setChannel( 0 )
217.  
218. thetime = datetime.datetime.now()
219. aProbeRequest.setFirstSeen( thetime )
220. aProbeRequest.setLastSeen( thetime )
221. # let's check if the ssid is 'printable'
222. assid = pkt.sprintf("%Dot11ProbeReq.info%")
223. #print len(assid)
224. #for x in assid:
225. # print hex(ord(x))
226. #print "===FIN==="
227. isPrintable = 1
228. for x in assid:
229. if not wifiglobals.Info.isAlpha(x):
230. isPrintable = 0
231. break
232.  
233. if isPrintable == 0:
234. temp = assid
235. assid = ''
236. for x in temp:
237. assid = assid + str(hex(ord(x)))
238.  
239. aProbeRequest.setSSID( assid )
240. wifiglobals.Info.addProbeRequest( aProbeRequest )
241. wifiglobals.Info.dumpProbeRequests()
242.  
243. if pkt.haslayer(Dot11ProbeResp):
244. #dst,src,bssid
245. src = str(pkt.getlayer(Dot11).addr2)
246. ssid = pkt.sprintf("%Dot11ProbeResp.info%")
247. # this is hardcore :)
248. if pkt.sprintf("%Dot11ProbeResp.cap%").find("privacy") != -1:
249. isprotected = 1
250. else:
251. isprotected = 0
252. pktChannel = 0
253. if wifiglobals.Info.hasPrismHeaders() == 1:
254. pktChannel = pkt.channel
255. if wifiglobals.Info.addAccessPoint( src, ssid, pktChannel, isprotected ) == 1:
256. wifiglobals.Info.dumpAccessPointsList()
257.  
258. # is it a beacon?
259. # if it is, get SSID
260. if pkt.haslayer(Dot11Beacon):
261. # bssid
262. j = pkt.getlayer(Dot11).addr3
263. # ssid
264. s = pkt.getlayer(Dot11Beacon).getlayer(Dot11Elt).info
265. # this is hardcore :)
266. if pkt.sprintf("%Dot11Beacon.cap%").find("privacy") != -1:
267. isprotected = 1
268. else:
269. isprotected = 0
270. pktChannel = 0
271. if wifiglobals.Info.hasPrismHeaders() == 1:
272. pktChannel = pkt.channel
273. if wifiglobals.Info.addAccessPoint( j, s, pktChannel, isprotected) == 1:
274. wifiglobals.Info.dumpAccessPointsList()
275.  
276.  
277.  
278. if pkt.getlayer(IP) == 0 or pkt.getlayer(UDP) == 0 or pkt.getlayer(TCP) == 0:
279. continue
280.  
281. dot11 = pkt.getlayer(Dot11)
282. raw = pkt['Raw']
283. ippkt = pkt['IP']
284. tpkt = None
285. isUDP = 0
286. isTCP = 0
287. #isUDP = isTCP = 0
288. try:
289. tpkt = pkt['UDP']
290. if tpkt != None:
291. isUDP = 1
292. except e:
293. print "error in udp"
294. isUDP = 0
295.  
296. if isUDP == 0:
297. try:
298. tpkt = pkt['TCP']
299. if tpkt != None:
300. isTCP = 1
301. except ex:
302. print "error in tcp"
303. isTCP = 0
304.  
305.  
306. if isTCP == 1:
307. try:
308. if wifiglobals.Info.hasPrismHeaders() == 1:
309. print "Channel: " + str(pkt.channel)
310. else:
311. print "Channel: Unavailable (No PrismHeaders)."
312. except Exception, e:
313. print e
314. (src,dst,bssid) = wifiglobals.Info.getSrcDstBssid(pkt)
315. print "bssid=" + bssid + " src=" + src + " dst=" + dst
316. print "TCP: " + str(ippkt.src) + "." + str(tpkt.sport) + ' -> ' + str(ippkt.dst) + "." + str(tpkt.dport)
317.  
318. if isUDP == 1:
319. if wifiglobals.Info.hasPrismHeaders() == 1:
320. print "Channel: " + str(pkt.channel)
321. else:
322. print "Channel: Unavailable (No PrismHeaders)."
323.  
324. (src,dst,bssid) = wifiglobals.Info.getSrcDstBssid(pkt)
325. print "bssid=" + bssid + " src=" + src + " dst=" + dst
326. print "UDP: " + str(ippkt.src) + "." + str(tpkt.sport) + ' -> ' + str(ippkt.dst) + "." + str(tpkt.dport)
327.  
328.  
329. if raw != None:
330. if isTCP:
331. for port in tcpHandlers.keys():
332. if tpkt.dport == port or tpkt.sport == port:
333. tcpHandlers[ port ](pkt)
334.  
335.  
336. if isUDP:
337. for port in udpHandlers.keys():
338. if tpkt.dport == port or tpkt.sport == port:
339. udpHandlers[ port ](pkt)