From c2ef76e7d6080a89a790296fc4deb05de9357444 Mon Sep 17 00:00:00 2001 From: Ruzicka Pavel Date: Fri, 16 Sep 2016 22:45:52 +0200 Subject: [PATCH] wifi-probes fix, dbus-find-session.sh no longer needed --- wifi-probes/README.md | 14 +++------- wifi-probes/hoover-start.sh | 48 +++++++++++++++++++-------------- wifi-probes/hoover.pl | 29 ++++++++++---------- wifi-probes/wifi-probes.service | 2 +- 4 files changed, 47 insertions(+), 46 deletions(-) diff --git a/wifi-probes/README.md b/wifi-probes/README.md index 92cc454..87f22d5 100644 --- a/wifi-probes/README.md +++ b/wifi-probes/README.md @@ -1,32 +1,26 @@ -# Notes -since I dont have an working GPS in my laptop and want to have some information where SSIDs were seen at the same time I've solved that by grabing an SSID of my primary wireless device I am connected to to be included in the filename. Thus by having an SSID of my home network in the filename of the log i know the SSID was seen when i was at home, etc. - # Instalation * install notify-send binary and airmon-ng apt-get install libnotify-bin aircrack-ng tshark -cp hoover.pl /usr/local/bin/; +cp hoover.pl /usr/local/bin/ chmod 755 /usr/local/bin/hoover.pl -cp hoover-start.sh /usr/local/bin/; +cp hoover-start.sh /usr/local/bin/ chmod 755 /usr/local/bin/hoover-start.sh * change WIFI_INTERFACE to your WiFi sniffing interface and * UPLINK_WLAN to Wifi interface you are using to connect to Internet editor /usr/local/bin/hoover-start.sh -cp dbus-find-session.sh /usr/local/bin/; -chmod 755 /usr/local/bin/dbus-find-session.sh - cp wifi-probes.service /etc/systemd/system/ * change value of User=ruza to user to be notified -editor /etc/systemd/system/wifi-probes.service; +editor /etc/systemd/system/wifi-probes.service systemctl daemon-reload cp sudoers /etc/sudoers.d/wifi-probes mkdir /home/LEAKS/wifi/probes/ -systemctl start wifi-probes.service; +systemctl start wifi-probes.service systemctl status wifi-probes.service * watch log files in /home/LEAKS/wifi/probes/ directory. You should also get desktop notification from time to time diff --git a/wifi-probes/hoover-start.sh b/wifi-probes/hoover-start.sh index b2a1efd..26e7f28 100755 --- a/wifi-probes/hoover-start.sh +++ b/wifi-probes/hoover-start.sh @@ -1,22 +1,34 @@ -#!/bin/bash +#!/bin/bash -x PIDFILE="/run/wifi-probe-scanner.pid" WIFI_INTERFACE="wlxra" -UPLINK_WLAN="" +#WIFI_INTERFACE="wlanRabbit" NOW="$(date +%Y-%m-%d--%H:%M:%S)" -#HOOVER_OPTS="--verbose" +HOOVER_OPTS="--verbose" MY_PID="$$" +DISPLAY=:0 +export DISPLAY +HOME=/home/ruza/ # this is your first wifi device used to connect to Internet. We are detecting your location based on SSID you are connected to on yout first wifi device. UPLINK_WLAN="${UPLINK_WLAN:-wlp3s0}" WLAN0_SSID="$(iw dev ${UPLINK_WLAN} info | awk -F' ' '/ssid/ {print $2 }')" DUMPFILE="/home/LEAKS/wifi/probes/dump-${NOW}-${WLAN0_SSID}.txt" +DUMPFILE_LAST="/home/LEAKS/wifi/probes/dump-last.log" -. /usr/local/bin/dbus-find-session.sh +ln -sf ${DUMPFILE} ${DUMPFILE_LAST} + +function find_dbus_session { + dbus_session_file=/home/ruza/.dbus/session-bus/$(cat /var/lib/dbus/machine-id)-0 + . "$dbus_session_file" + export DBUS_SESSION_BUS_ADDRESS DBUS_SESSION_BUS_PID + + #echo "DBUS-FCE: D-Bus session is: $DBUS_SESSION_BUS_ADDRESS" >> /tmp/wifi-probes.debug +} function airmon_stop { - MON_IFACES="$(ifconfig -a|grep $(ifconfig -a|grep ${WIFI_INTERFACE}|awk '{print $5}'|sed 's/:/-/g'|tr a-z A-Z)|awk '{print $1}')" + MON_IFACES="$(ifconfig -a|grep $(ifconfig -a|grep ${WIFI_INTERFACE}|awk '{print $5}'|sed -n 's/:/-/g;1p'|tr a-z A-Z)|awk '{print $1}')" for mon in ${MON_IFACES};do echo "## Shutting down $mon" sudo airmon-ng stop ${mon} && echo "** Monitoring device ${mon} destroyed" @@ -31,28 +43,23 @@ function ctrl_c() { } function main_start { - echo "${MY_PID}" > ${PIDFILE} + find_dbus_session + echo "${MY_PID}" > ${PIDFILE} sudo ifconfig ${WIFI_INTERFACE} up sudo airmon-ng start ${WIFI_INTERFACE} && echo "** Monitoring device for ${WIFI_INTERFACE} started" touch ${DUMPFILE} && echo "** dumpfile is ${DUMPFILE}" - sudo /usr/local/bin/hoover.pl --interface mon0 --dumpfile ${DUMPFILE} ${HOOVER_OPTS} | while read LINE - do - # echo $LINE - + while read -r LINE; do if [[ $LINE == *probe* ]] ; then - # notify-send "$(echo \"${LINE}\"|sed 's/.*++//')" - #MSG="$(echo \"${LINE}\"|sed 's/.*++//')" - # /usr/local/bin/notify-send-as-root-MSG.sh "" "${TITLE}" "${MSG}" - #export DISPLAY=:0 - #sudo -s /bin/bash su -c /usr/local/bin/notify-send-as-root-MSG.sh "-u low" "WiFi probe" "${MSG}" - # notify-send "${MSG}" - #DBUS_SESSION_BUS_ADDRESS=$DBUS_SESSION /usr/bin/notify-send "Wifi Probe" "$(echo \"${LINE}\"|sed 's/.*++//')" - DBUS_SESSION_BUS_ADDRESS=$DBUS_SESSION /usr/bin/notify-send -u low "$(echo \"${LINE}\"|sed 's/.*++//')" - fi - done + find_dbus_session + #echo "$(echo \"${LINE}\"|sed 's/.*++//')" >> /tmp/wifi-probes.debug + su ruza -c "notify-send \"$LINE\"" + #/usr/bin/notify-send -u low "${LINE}" + #DBUS_SESSION_BUS_ADDRESS="${DBUS_SESSION_BUS_ADDRESS}" DISPLAY=:0 /usr/bin/notify-send -u low "${LINE}" + fi + done < <(sudo /usr/local/bin/hoover.pl --interface mon0 --dumpfile ${DUMPFILE} ${HOOVER_OPTS}) } function main_stop { @@ -63,6 +70,7 @@ function main_stop { case "$1" in start) + find_dbus_session #main_stop main_start ;; diff --git a/wifi-probes/hoover.pl b/wifi-probes/hoover.pl index e0a73ed..55525a1 100755 --- a/wifi-probes/hoover.pl +++ b/wifi-probes/hoover.pl @@ -114,9 +114,9 @@ _HELP_ sub dumpNetworks { my $i; my $key; - print STDOUT "!! Dumping detected networks:\n"; - print STDOUT "!! MAC Address SSID Count Last Seen\n"; - print STDOUT "!! -------------------- ------------------------------ ---------- -------------------\n"; + print STDOUT "## Dumping detected networks:\n"; + print STDOUT "## MAC Address SSID Count Last Seen\n"; + print STDOUT "## -------------------- ------------------------------ ---------- -------------------\n"; if ($dumpFile) { open(DUMP, ">$dumpFile") || die "Cannot write to $dumpFile (Error: $?)"; print DUMP "MAC Address SSID Count Last Seen\n"; @@ -127,13 +127,13 @@ sub dumpNetworks { #my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($detectedSSID{$key}[2]); #my $lastSeen = sprintf("%04d/%02d/%02d %02d:%02d:%02d", $year+1900, $mon+1, $mday, $hour, $min, $sec); my $lastSeen = $detectedSSID{$key}[3]; - print STDOUT sprintf("!! %-20s %-30s %10s %-20s\n", $detectedSSID{$key}[2], + print STDOUT sprintf("## %-20s %-30s %10s %-20s\n", $detectedSSID{$key}[2], $detectedSSID{$key}[0], $detectedSSID{$key}[1], $lastSeen); ($dumpFile) && print DUMP sprintf("%-20s %-30s %10s %-20s\n", $detectedSSID{$key}[2], $detectedSSID{$key}[0], $detectedSSID{$key}[1], $lastSeen); } - print STDOUT "!! Total unique SSID: $uniqueSSID\n"; + #print STDOUT "## Total unique SSID: $uniqueSSID\n"; ($dumpFile) && print DUMP "Total unique SSID: $uniqueSSID\n"; close(DUMP); return; @@ -144,14 +144,14 @@ if ($pid) { # --------------------------------- # Parent process: run the main loop # --------------------------------- - ($verbose) && print "!! Running with PID: $$ (child: $pid)\n"; + ($verbose) && print "## Running with PID: $$ (child: $pid)\n"; #open(TSHARK, "$tsharkPath -i $interface -n -l subtype probereq |") || die "Cannot spawn tshark process!\n"; open(TSHARK, "$tsharkPath -i $interface -o gui.column.format:'\"Source\", \"%s\", \"Destination\", \"%d\", \"Protocol\", \"%p\", \"Info\", \"%i\"' -n -l subtype probereq |") || die "Cannot spawn tshark process!\n"; while () { chomp; my $line = $_; - print "$line\n"; # debug + print "DEBUG: $line\n"; # debug chomp($line = $_); # Everything exept backslash (some probes contains the ssid in ascii, not usable) #if($line = m/\d+\.\d+ ([a-zA-Z0-9:]+).+SSID=([a-zA-ZÀ-ÿ0-9"\s\!\@\$\%\^\&\*\(\)\_\-\+\=\[\]\{\}\,\.\?\>\<]+)/) { @@ -161,8 +161,7 @@ if ($pid) { my $newKey = $2; print DEBUG "$macAddress : $newKey\n"; my $time=localtime(); - if (! $detectedSSID{$newKey}) - { + if (! $detectedSSID{$newKey}) { # New network found! my @newSSID = ( $newKey, # SSID 1, # First packet @@ -170,9 +169,9 @@ if ($pid) { $time); # Seen now $detectedSSID{$newKey} = [ @newSSID ]; $uniqueSSID++; - print "++ New probe request from $macAddress with SSID: $newKey [$uniqueSSID] \@$time\n"; + print STDOUT "New probe request from $macAddress with SSID: $newKey [$uniqueSSID] at $time\n"; if ( $dumpImmediately ) { - dumpNetworks + dumpNetworks; #system("/bin/cat", "/home/ruza/bin/wifi-probe-requests/hoover/$dumpFile"); } } @@ -184,7 +183,6 @@ if ($pid) { $detectedSSID{$newKey}[3] = $time; # Now ($verbose) && print "-- Probe seen before: $newKey [$uniqueSSID] \@$detectedSSID{$newKey}[3] \n"; } - } } } @@ -193,11 +191,12 @@ else { # -------------------------------------------------- # Child process: Switch channels at regular interval # -------------------------------------------------- - ($verbose) && print STDOUT "!! Switching wireless channel every 5\".\n"; + ($verbose) && print STDOUT "## Switching wireless channel every 5\".\n"; while (1) { for (my $channel = 1; $channel <= 13; $channel++) { + print STDOUT "$interface channel set to $channel\n"; (system("$iwconfigPath $interface channel $channel")) && - die "Cannot set interface channel.\n"; + die "Cannot set interface $interface to channel $channel.\n"; sleep(5); } } @@ -207,7 +206,7 @@ else { sub cleanKill { if ($pid) { # Parent process: display information - print "!! Received kill signal!\n"; + print "## Received kill signal!\n"; kill 1, $pid; dumpNetworks; } diff --git a/wifi-probes/wifi-probes.service b/wifi-probes/wifi-probes.service index 7aef8b9..c2c3b05 100644 --- a/wifi-probes/wifi-probes.service +++ b/wifi-probes/wifi-probes.service @@ -13,7 +13,7 @@ PIDFile=/run/wifi-probe-scanner.pid KillMode=mixed Restart=on-failure RestartSec=42s -User=ruza +#User=ruza [Install] WantedBy=default.target