initial BLIT commit

2025-08-02 06:23:36 +02:00 · 2016-09-16 03:03:49 +02:00 · 2016-09-16 03:03:49 +02:00 · 5130a2ab11
commit 5130a2ab11
parent 7c2356fe80
24 changed files with 900 additions and 0 deletions
--- a/wifi-probes/README.md
+++ b/wifi-probes/README.md
@ -0,0 +1,30 @@
+=== Instalation ===
+# install notify-send binary and airmon-ng
+apt-get install libnotify-bin aircrack-ng tshark
+
+cp hoover.pl /usr/local/bin/
+chmod 755 /usr/local/bin/hoover.pl
+
+cp hoover-start.sh /usr/local/bin/
+chmod 755 /usr/local/bin/hoover-start.sh
+# change WIFI_INTERFACE to your WiFi sniffing interface and
+# UPLINK_WLAN to Wifi interface you are using to connect to Internet 
+editor /usr/local/bin/hoover-start.sh 
+
+cp dbus-find-session.sh /usr/local/bin/
+chmod 755 /usr/local/bin/dbus-find-session.sh
+
+cp wifi-probes.service /etc/systemd/system/
+# change value of User=ruza to user to be notified
+editor /etc/systemd/system/wifi-probes.service
+systemctl daemon-reload
+
+cp sudoers /etc/sudoers.d/wifi-probes
+
+mkdir /home/LEAKS/wifi/probes/
+
+systemctl start wifi-probes.service
+systemctl status wifi-probes.service
+
+# watch log files in /home/LEAKS/wifi/probes/ directory
+# You should also get desktop notification from time to time
--- a/wifi-probes/dbus-find-session.sh
+++ b/wifi-probes/dbus-find-session.sh
@ -0,0 +1,10 @@
+#!/bin/bash
+
+USER_DBUS_PROCESS_NAME="gconfd-2"
+export NOTIFY_SEND_BIN="/usr/bin/notify-send"
+
+# get pid of user dbus process
+DBUS_PID="$(ps ax | grep $USER_DBUS_PROCESS_NAME | grep -v grep | awk '{ print $1 }')"
+
+# get DBUS_SESSION_BUS_ADDRESS variable
+export DBUS_SESSION="$(grep -z DBUS_SESSION_BUS_ADDRESS /proc/$DBUS_PID/environ | sed -e s/DBUS_SESSION_BUS_ADDRESS=//)"
--- a/wifi-probes/hoover-start.sh
+++ b/wifi-probes/hoover-start.sh
@ -0,0 +1,75 @@
+#!/bin/bash
+
+PIDFILE="/run/wifi-probe-scanner.pid"
+WIFI_INTERFACE="wlxra"
+UPLINK_WLAN=""
+NOW="$(date +%Y-%m-%d--%H:%M:%S)"
+#HOOVER_OPTS="--verbose"
+MY_PID="$$"
+
+# this is your first wifi device used to connect to Internet. We are detecting your location based on SSID you are connected to on yout first wifi device.
+UPLINK_WLAN="${UPLINK_WLAN:-wlp3s0}"
+WLAN0_SSID="$(iw dev ${UPLINK_WLAN} info | awk -F' ' '/ssid/ {print $2 }')"
+
+DUMPFILE="/home/LEAKS/wifi/probes/dump-${NOW}-${WLAN0_SSID}.txt"
+
+. /usr/local/bin/dbus-find-session.sh
+
+function airmon_stop {
+	MON_IFACES="$(ifconfig -a|grep $(ifconfig -a|grep ${WIFI_INTERFACE}|awk '{print $5}'|sed 's/:/-/g'|tr a-z A-Z)|awk '{print $1}')" 
+	for mon in ${MON_IFACES};do
+		echo "## Shutting down $mon"
+	        sudo airmon-ng stop ${mon} && echo "** Monitoring device ${mon} destroyed"
+	done
+}
+
+trap ctrl_c INT
+function ctrl_c() {
+        echo "** Trapped [CTRL-C]"
+        airmon_stop
+        echo "** ${DUMPFILE} occasionally written"
+}
+
+function main_start {
+        echo "${MY_PID}" > ${PIDFILE}
+        
+        sudo ifconfig ${WIFI_INTERFACE} up
+        sudo airmon-ng start ${WIFI_INTERFACE} && echo "** Monitoring device for ${WIFI_INTERFACE} started"
+        
+        touch  ${DUMPFILE} && echo "** dumpfile is ${DUMPFILE}"
+        
+        sudo /usr/local/bin/hoover.pl --interface mon0 --dumpfile ${DUMPFILE} ${HOOVER_OPTS} | while read LINE
+                do
+                # echo $LINE
+                
+                if [[ $LINE == *probe* ]] ; then
+                        # notify-send "$(echo \"${LINE}\"|sed 's/.*++//')"
+                        #MSG="$(echo \"${LINE}\"|sed 's/.*++//')"
+                        # /usr/local/bin/notify-send-as-root-MSG.sh "" "${TITLE}" "${MSG}"
+			#export DISPLAY=:0
+                        #sudo -s /bin/bash su -c /usr/local/bin/notify-send-as-root-MSG.sh "-u low" "WiFi probe" "${MSG}"
+                        # notify-send "${MSG}"
+			#DBUS_SESSION_BUS_ADDRESS=$DBUS_SESSION /usr/bin/notify-send "Wifi Probe" "$(echo \"${LINE}\"|sed 's/.*++//')"
+			DBUS_SESSION_BUS_ADDRESS=$DBUS_SESSION /usr/bin/notify-send -u low "$(echo \"${LINE}\"|sed 's/.*++//')"
+                fi
+        done
+}
+
+function main_stop {
+       #kill -INT $MY_PID 
+       airmon_stop
+       kill $MY_PID 
+}
+
+case "$1" in
+  start)
+	#main_stop
+        main_start
+        ;;
+   stop)
+        main_stop
+        ;;
+      *)
+        main_start
+        ;;
+esac
--- a/wifi-probes/hoover.pl
+++ b/wifi-probes/hoover.pl
@ -0,0 +1,215 @@
+#!/usr/bin/perl
+#
+# hoover.pl - Wi-Fi probe requests sniffer
+#
+# Original idea by David Nelissen (twitter.com/davidnelissen)
+# Thank to him for allowing me to reuse the idea!
+#
+# This script scans for wireless probe requests and prints them out.
+# Hereby you can see for which SSID's devices nearby are searching.
+#
+# Copyright (c) 2012 David Nelissen & Xavier Mertens
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+# 3. Neither the name of copyright holders nor the names of its
+#    contributors may be used to endorse or promote products derived
+#    from this software without specific prior written permission.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL COPYRIGHT HOLDERS OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+#
+# History
+# -------
+# 2012/01/11	Created
+# 2015/06/09	Fix: root detection 
+#
+
+use strict;
+use Getopt::Long;
+
+$SIG{USR1}	= \&dumpNetworks; # Catch SIGINT to dump the detected networks
+$SIG{INT}	= \&cleanKill;
+$SIG{KILL}	= \&cleanKill;
+$SIG{TERM}	= \&cleanKill;
+
+my $uniqueSSID = 0;		#uniq ssid counter
+my %detectedSSID;	# Detected network will be stored in a hash table
+			# SSID, Seen packets, Last timestamp
+my $pid;
+my $help;
+my $verbose;
+my $interface;
+my $dumpFile; 
+my $dumpImmediately = "true";
+my $ifconfigPath = "/sbin/ifconfig";
+my $iwconfigPath = "/sbin/iwconfig";
+my $tsharkPath   = "/usr/bin/tshark";
+my $options = GetOptions(
+	"verbose"		=> \$verbose,
+	"help"			=> \$help,
+	"interface=s"		=> \$interface,
+	"ifconfig-path=s"	=> \$ifconfigPath,
+	"iwconfig-path=s"	=> \$iwconfigPath,
+	"tshark-path=s"		=> \$tsharkPath,
+	"dumpfile=s"		=> \$dumpFile,
+);
+
+if ($help) {
+	print <<_HELP_;
+Usage: $0 --interface=wlan0 [--help] [--verbose] [--iwconfig-path=/sbin/iwconfig] [--ipconfig-path=/sbin/ifconfig]
+		[--dumpfile=result.txt]
+Where:
+--interface		: Specify the wireless interface to use
+--help			: This help
+--verbose		: Verbose output to STDOUT
+--ifconfig-path		: Path to your ifconfig binary
+--iwconfig-path		: Path to your iwconfig binary
+--tshark-path		: Path to your tshark binary
+--dumpfile		: Save found SSID's/MAC addresses in a flat file (SIGUSR1)
+_HELP_
+	exit 0;
+}
+
+# We must be run by root
+($> ne 0) && die "$0 must be run by root!\n";
+
+# We must have an interface to listen to
+(!$interface) && die "No wireless interface speficied!\n";
+
+# Check ifconfig availability
+( ! -x $ifconfigPath) && die "ifconfig tool not found!\n";
+
+# Check iwconfig availability
+( ! -x $iwconfigPath) && die "iwconfig tool not found!\n";
+
+# Check tshark availability
+( ! -x $tsharkPath) && die "tshark tool not available!\n";
+
+# Configure wireless interface
+(system("$ifconfigPath $interface up")) && "Cannot initialize interface $interface!\n";
+
+# Set interface in monitor mode
+(system("$iwconfigPath $interface mode monitor")) && die "Cannot set interface $interface in monitoring mode!\n";
+
+# Create the child process to change wireless channels
+(!defined($pid = fork)) && die "Cannot fork child process!\n";
+
+sub dumpNetworks {
+	my $i;
+	my $key;
+	print STDOUT "!! Dumping detected networks:\n";
+	print STDOUT "!! MAC Address          SSID                           Count      Last Seen\n";
+	print STDOUT "!! -------------------- ------------------------------ ---------- -------------------\n";
+	if ($dumpFile) {
+		open(DUMP, ">$dumpFile") || die "Cannot write to $dumpFile (Error: $?)";
+		print DUMP "MAC Address          SSID                           Count      Last Seen\n";
+		print DUMP "-------------------- ------------------------------ ---------- -------------------\n";
+	}
+	for $key ( keys %detectedSSID)
+	{
+		#my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($detectedSSID{$key}[2]);
+		#my $lastSeen = sprintf("%04d/%02d/%02d %02d:%02d:%02d", $year+1900, $mon+1, $mday, $hour, $min, $sec);
+		my $lastSeen = $detectedSSID{$key}[3];
+		print STDOUT sprintf("!! %-20s %-30s %10s %-20s\n", $detectedSSID{$key}[2],
+		 				 $detectedSSID{$key}[0], $detectedSSID{$key}[1], $lastSeen);
+		($dumpFile) && print DUMP sprintf("%-20s %-30s %10s %-20s\n", 
+						 $detectedSSID{$key}[2], $detectedSSID{$key}[0],
+						 $detectedSSID{$key}[1], $lastSeen); 
+	}
+	print STDOUT "!! Total unique SSID: $uniqueSSID\n";
+	($dumpFile) && print DUMP "Total unique SSID: $uniqueSSID\n";
+	close(DUMP);
+	return;
+}
+
+
+if ($pid) {
+	# ---------------------------------
+	# Parent process: run the main loop
+	# ---------------------------------
+	($verbose) && print "!! Running with PID: $$ (child: $pid)\n";
+	#open(TSHARK, "$tsharkPath -i $interface -n -l subtype probereq |") || die "Cannot spawn tshark process!\n";
+	open(TSHARK, "$tsharkPath -i $interface -o gui.column.format:'\"Source\", \"%s\", \"Destination\", \"%d\", \"Protocol\", \"%p\", \"Info\", \"%i\"' -n -l subtype probereq |") || die "Cannot spawn tshark process!\n";
+
+	while (<TSHARK>) {
+		chomp;
+		my $line = $_;
+              	print "$line\n";  # debug
+		chomp($line = $_); 
+		# Everything exept backslash (some probes contains the ssid in ascii, not usable)
+		#if($line = m/\d+\.\d+ ([a-zA-Z0-9:]+).+SSID=([a-zA-ZÀ-ÿ0-9"\s\!\@\$\%\^\&\*\(\)\_\-\+\=\[\]\{\}\,\.\?\>\<]+)/) { 
+		if($line = m/([a-zA-Z0-9:_]+).+SSID=([a-zA-ZÀ-ÿ0-9"\s\!\@\$\%\^\&\*\(\)\_\-\+\=\[\]\{\}\,\.\?\>\<]+)/) { 
+			if($2 ne "Broadcast") {	# Ignore broadcasts
+				my $macAddress = $1;
+				my $newKey = $2;
+				print DEBUG "$macAddress : $newKey\n";
+				my $time=localtime();
+				if (! $detectedSSID{$newKey})
+				{
+					# New network found!
+					my @newSSID = ( $newKey,		# SSID
+							1,			# First packet
+							$macAddress,		# MAC Address
+							$time);		# Seen now
+					$detectedSSID{$newKey} = [ @newSSID ];
+					$uniqueSSID++;
+					print "++ New probe request from $macAddress with SSID: $newKey [$uniqueSSID] \@$time\n";
+					if ( $dumpImmediately ) {
+                                        			dumpNetworks
+                                        			#system("/bin/cat", "/home/ruza/bin/wifi-probe-requests/hoover/$dumpFile");
+                                        		}
+				}
+				else
+				{
+					# Existing SSID found!
+					$detectedSSID{$newKey}[1]++;			# Increase packets counter
+					$detectedSSID{$newKey}[2] = $macAddress;	# MAC Address
+					$detectedSSID{$newKey}[3] = $time;		# Now
+					($verbose) && print "-- Probe seen before: $newKey [$uniqueSSID] \@$detectedSSID{$newKey}[3] \n";
+				}
+					
+			}
+		}	
+	}
+}
+else {
+	# --------------------------------------------------
+	# Child process: Switch channels at regular interval
+	# --------------------------------------------------
+	($verbose) && print STDOUT "!! Switching wireless channel every 5\".\n";
+	while (1) {
+		for (my $channel = 1; $channel <= 13; $channel++) {
+			(system("$iwconfigPath $interface channel $channel")) &&
+				die "Cannot set interface channel.\n";
+			sleep(5);
+		}
+	}
+	
+}
+
+sub cleanKill {
+	if ($pid) {
+		# Parent process: display information
+		print "!! Received kill signal!\n";
+		kill 1, $pid;
+		dumpNetworks;
+	}
+	exit 0;
+}
--- a/wifi-probes/sudoers
+++ b/wifi-probes/sudoers
@ -0,0 +1,3 @@
+Cmnd_Alias   AIRMON = /sbin/ifconfig * up, /usr/sbin/airmon-ng start *, /usr/sbin/airmon-ng stop *, /usr/local/bin/hoover.pl *
+Defaults!AIRMON !syslog, !pam_session
+ruza ALL=NOPASSWD: AIRMON
--- a/wifi-probes/wifi-probes.service
+++ b/wifi-probes/wifi-probes.service
@ -0,0 +1,19 @@
+[Unit]
+Description=wifi-probe-scanner
+
+[Service]
+Type=simple
+NotifyAccess=all
+RemainAfterExit=yes
+# just call /bin/true and let psd-resync.service do it for speed
+#Environment=XDG_RUNTIME_DIR=/run/user/1000/
+ExecStart=/usr/local/bin/hoover-start.sh start
+ExecStop=/usr/local/bin/hoover-start.sh stop
+PIDFile=/run/wifi-probe-scanner.pid
+KillMode=mixed
+Restart=on-failure
+RestartSec=42s
+User=ruza
+
+[Install]
+WantedBy=default.target