wifi-probes fix, dbus-find-session.sh no longer needed

wifi-probes/README.md

@@ -1,32 +1,26 @@
-# Notes
-since I dont have an working GPS in my laptop and want to have some information where SSIDs were seen at the same time I've solved that by grabing an SSID of my primary wireless device I am connected to to be included in the filename. Thus by having an SSID of my home network in the filename of the log i know the SSID was seen when i was at home, etc.
-
 # Instalation
 * install notify-send binary and airmon-ng
 apt-get install libnotify-bin aircrack-ng tshark
 
-cp hoover.pl /usr/local/bin/;
+cp hoover.pl /usr/local/bin/
 chmod 755 /usr/local/bin/hoover.pl
 
-cp hoover-start.sh /usr/local/bin/;
+cp hoover-start.sh /usr/local/bin/
 chmod 755 /usr/local/bin/hoover-start.sh
 * change WIFI_INTERFACE to your WiFi sniffing interface and
 * UPLINK_WLAN to Wifi interface you are using to connect to Internet 
 editor /usr/local/bin/hoover-start.sh 
 
-cp dbus-find-session.sh /usr/local/bin/;
-chmod 755 /usr/local/bin/dbus-find-session.sh
-
 cp wifi-probes.service /etc/systemd/system/
 * change value of User=ruza to user to be notified
-editor /etc/systemd/system/wifi-probes.service;
+editor /etc/systemd/system/wifi-probes.service
 systemctl daemon-reload
 
 cp sudoers /etc/sudoers.d/wifi-probes
 
 mkdir /home/LEAKS/wifi/probes/
 
-systemctl start wifi-probes.service;
+systemctl start wifi-probes.service
 systemctl status wifi-probes.service
 
 * watch log files in /home/LEAKS/wifi/probes/ directory. You should also get desktop notification from time to time

wifi-probes/hoover-start.sh

@@ -1,22 +1,34 @@
-#!/bin/bash
+#!/bin/bash -x
 
 PIDFILE="/run/wifi-probe-scanner.pid"
 WIFI_INTERFACE="wlxra"
-UPLINK_WLAN=""
+#WIFI_INTERFACE="wlanRabbit"
 NOW="$(date +%Y-%m-%d--%H:%M:%S)"
-#HOOVER_OPTS="--verbose"
+HOOVER_OPTS="--verbose"
 MY_PID="$$"
+DISPLAY=:0
+export DISPLAY
+HOME=/home/ruza/
 
 # this is your first wifi device used to connect to Internet. We are detecting your location based on SSID you are connected to on yout first wifi device.
 UPLINK_WLAN="${UPLINK_WLAN:-wlp3s0}"
 WLAN0_SSID="$(iw dev ${UPLINK_WLAN} info | awk -F' ' '/ssid/ {print $2 }')"
 
 DUMPFILE="/home/LEAKS/wifi/probes/dump-${NOW}-${WLAN0_SSID}.txt"
+DUMPFILE_LAST="/home/LEAKS/wifi/probes/dump-last.log"
 
-. /usr/local/bin/dbus-find-session.sh
+ln -sf ${DUMPFILE} ${DUMPFILE_LAST}
+
+function find_dbus_session {
+        dbus_session_file=/home/ruza/.dbus/session-bus/$(cat /var/lib/dbus/machine-id)-0
+        . "$dbus_session_file"
+        export DBUS_SESSION_BUS_ADDRESS DBUS_SESSION_BUS_PID
+
+        #echo "DBUS-FCE: D-Bus session is: $DBUS_SESSION_BUS_ADDRESS" >> /tmp/wifi-probes.debug
+}
 
 function airmon_stop {
-	MON_IFACES="$(ifconfig -a|grep $(ifconfig -a|grep ${WIFI_INTERFACE}|awk '{print $5}'|sed 's/:/-/g'|tr a-z A-Z)|awk '{print $1}')" 
+	MON_IFACES="$(ifconfig -a|grep $(ifconfig -a|grep ${WIFI_INTERFACE}|awk '{print $5}'|sed -n 's/:/-/g;1p'|tr a-z A-Z)|awk '{print $1}')" 
 	for mon in ${MON_IFACES};do
 		echo "## Shutting down $mon"
 	        sudo airmon-ng stop ${mon} && echo "** Monitoring device ${mon} destroyed"
@@ -31,6 +43,7 @@ function ctrl_c() {
 }
 
 function main_start {
+	find_dbus_session        
 	echo "${MY_PID}" > ${PIDFILE}
         
         sudo ifconfig ${WIFI_INTERFACE} up
@@ -38,21 +51,15 @@ function main_start {
         
         touch  ${DUMPFILE} && echo "** dumpfile is ${DUMPFILE}"
         
-        sudo /usr/local/bin/hoover.pl --interface mon0 --dumpfile ${DUMPFILE} ${HOOVER_OPTS} | while read LINE
+        while read -r LINE; do
-                do
-                # echo $LINE
-                
                 if [[ $LINE == *probe* ]] ; then
-                        # notify-send "$(echo \"${LINE}\"|sed 's/.*++//')"
+			find_dbus_session
-                        #MSG="$(echo \"${LINE}\"|sed 's/.*++//')"
+			#echo "$(echo \"${LINE}\"|sed 's/.*++//')" >> /tmp/wifi-probes.debug
-                        # /usr/local/bin/notify-send-as-root-MSG.sh "" "${TITLE}" "${MSG}"
+			su ruza -c "notify-send \"$LINE\""
-			#export DISPLAY=:0
+			#/usr/bin/notify-send -u low "${LINE}"
-                        #sudo -s /bin/bash su -c /usr/local/bin/notify-send-as-root-MSG.sh "-u low" "WiFi probe" "${MSG}"
+			#DBUS_SESSION_BUS_ADDRESS="${DBUS_SESSION_BUS_ADDRESS}" DISPLAY=:0 /usr/bin/notify-send -u low "${LINE}"
-                        # notify-send "${MSG}"
-			#DBUS_SESSION_BUS_ADDRESS=$DBUS_SESSION /usr/bin/notify-send "Wifi Probe" "$(echo \"${LINE}\"|sed 's/.*++//')"
-			DBUS_SESSION_BUS_ADDRESS=$DBUS_SESSION /usr/bin/notify-send -u low "$(echo \"${LINE}\"|sed 's/.*++//')"
                fi
-        done
+        done < <(sudo /usr/local/bin/hoover.pl --interface mon0 --dumpfile ${DUMPFILE} ${HOOVER_OPTS})
 }
 
 function main_stop {
@@ -63,6 +70,7 @@ function main_stop {
 
 case "$1" in
   start)
+	find_dbus_session
 	#main_stop
         main_start
         ;;

wifi-probes/hoover.pl

@@ -114,9 +114,9 @@ _HELP_
 sub dumpNetworks {
 	my $i;
 	my $key;
-	print STDOUT "!! Dumping detected networks:\n";
+	print STDOUT "## Dumping detected networks:\n";
-	print STDOUT "!! MAC Address          SSID                           Count      Last Seen\n";
+	print STDOUT "## MAC Address          SSID                           Count      Last Seen\n";
-	print STDOUT "!! -------------------- ------------------------------ ---------- -------------------\n";
+	print STDOUT "## -------------------- ------------------------------ ---------- -------------------\n";
 	if ($dumpFile) {
 		open(DUMP, ">$dumpFile") || die "Cannot write to $dumpFile (Error: $?)";
 		print DUMP "MAC Address          SSID                           Count      Last Seen\n";
@@ -127,13 +127,13 @@ sub dumpNetworks {
 		#my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($detectedSSID{$key}[2]);
 		#my $lastSeen = sprintf("%04d/%02d/%02d %02d:%02d:%02d", $year+1900, $mon+1, $mday, $hour, $min, $sec);
 		my $lastSeen = $detectedSSID{$key}[3];
-		print STDOUT sprintf("!! %-20s %-30s %10s %-20s\n", $detectedSSID{$key}[2],
+		print STDOUT sprintf("## %-20s %-30s %10s %-20s\n", $detectedSSID{$key}[2],
 		 				 $detectedSSID{$key}[0], $detectedSSID{$key}[1], $lastSeen);
 		($dumpFile) && print DUMP sprintf("%-20s %-30s %10s %-20s\n", 
 						 $detectedSSID{$key}[2], $detectedSSID{$key}[0],
 						 $detectedSSID{$key}[1], $lastSeen); 
 	}
-	print STDOUT "!! Total unique SSID: $uniqueSSID\n";
+	#print STDOUT "## Total unique SSID: $uniqueSSID\n";
 	($dumpFile) && print DUMP "Total unique SSID: $uniqueSSID\n";
 	close(DUMP);
 	return;
@@ -144,14 +144,14 @@ if ($pid) {
 	# ---------------------------------
 	# Parent process: run the main loop
 	# ---------------------------------
-	($verbose) && print "!! Running with PID: $$ (child: $pid)\n";
+	($verbose) && print "## Running with PID: $$ (child: $pid)\n";
 	#open(TSHARK, "$tsharkPath -i $interface -n -l subtype probereq |") || die "Cannot spawn tshark process!\n";
 	open(TSHARK, "$tsharkPath -i $interface -o gui.column.format:'\"Source\", \"%s\", \"Destination\", \"%d\", \"Protocol\", \"%p\", \"Info\", \"%i\"' -n -l subtype probereq |") || die "Cannot spawn tshark process!\n";
 
 	while (<TSHARK>) {
 		chomp;
 		my $line = $_;
-              	print "$line\n";  # debug
+              	print "DEBUG: $line\n";  # debug
 		chomp($line = $_); 
 		# Everything exept backslash (some probes contains the ssid in ascii, not usable)
 		#if($line = m/\d+\.\d+ ([a-zA-Z0-9:]+).+SSID=([a-zA-ZÀ-ÿ0-9"\s\!\@\$\%\^\&\*\(\)\_\-\+\=\[\]\{\}\,\.\?\>\<]+)/) { 
@@ -161,8 +161,7 @@ if ($pid) {
 				my $newKey = $2;
 				print DEBUG "$macAddress : $newKey\n";
 				my $time=localtime();
-				if (! $detectedSSID{$newKey})
+				if (! $detectedSSID{$newKey}) {
-				{
 					# New network found!
 					my @newSSID = ( $newKey,		# SSID
 							1,			# First packet
@@ -170,9 +169,9 @@ if ($pid) {
 							$time);		# Seen now
 					$detectedSSID{$newKey} = [ @newSSID ];
 					$uniqueSSID++;
-					print "++ New probe request from $macAddress with SSID: $newKey [$uniqueSSID] \@$time\n";
+					print STDOUT "New probe request from $macAddress with SSID: $newKey [$uniqueSSID] at $time\n";
 					if ( $dumpImmediately ) {
-                                        			dumpNetworks
+                                        			dumpNetworks;
                                         			#system("/bin/cat", "/home/ruza/bin/wifi-probe-requests/hoover/$dumpFile");
                                         		}
 				}
@@ -184,7 +183,6 @@ if ($pid) {
 					$detectedSSID{$newKey}[3] = $time;		# Now
 					($verbose) && print "-- Probe seen before: $newKey [$uniqueSSID] \@$detectedSSID{$newKey}[3] \n";
 				}
-					
 			}
 		}	
 	}
@@ -193,11 +191,12 @@ else {
 	# --------------------------------------------------
 	# Child process: Switch channels at regular interval
 	# --------------------------------------------------
-	($verbose) && print STDOUT "!! Switching wireless channel every 5\".\n";
+	($verbose) && print STDOUT "## Switching wireless channel every 5\".\n";
 	while (1) {
 		for (my $channel = 1; $channel <= 13; $channel++) {
+			print STDOUT "$interface channel set to $channel\n";
 			(system("$iwconfigPath $interface channel $channel")) &&
-				die "Cannot set interface channel.\n";
+				die "Cannot set interface $interface to channel $channel.\n";
 			sleep(5);
 		}
 	}
@@ -207,7 +206,7 @@ else {
 sub cleanKill {
 	if ($pid) {
 		# Parent process: display information
-		print "!! Received kill signal!\n";
+		print "## Received kill signal!\n";
 		kill 1, $pid;
 		dumpNetworks;
 	}

wifi-probes/wifi-probes.service

@@ -13,7 +13,7 @@ PIDFile=/run/wifi-probe-scanner.pid
 KillMode=mixed
 Restart=on-failure
 RestartSec=42s
-User=ruza
+#User=ruza
 
 [Install]
 WantedBy=default.target