add custom channels and bbsid

Author: flashnuke

wifi-deauth.py

@@ -28,7 +28,7 @@
 
 
 class Interceptor:
-    def __init__(self, net_iface, skip_monitor_mode_setup, kill_networkmanager):
+    def __init__(self, net_iface, skip_monitor_mode_setup, kill_networkmanager, bssid_name, custom_channels):
         self.interface = net_iface
         self._channel_sniff_timeout = 2
         self._scan_intv = 0.1
@@ -61,6 +61,36 @@ def __init__(self, net_iface, skip_monitor_mode_setup, kill_networkmanager):
         self._channel_range = {channel: defaultdict(dict) for channel in self._get_channels()}
         self._all_ssids: Dict[BandType, Dict[str, SSID]] = {band: dict() for band in BandType}
 
+        self._custom_bssid_name: Union[str, None] = self.parse_custom_bssid_name(bssid_name)
+        self._custom_bssid_channels: List[int] = self.parse_custom_channels(custom_channels)
+        self._custom_bbsid_last_ch = 0  # to avoid overlapping
+
+    @staticmethod
+    def parse_custom_bssid_name(bssid_name: Union[None, str]) -> Union[None, str]:
+        if bssid_name is not None:
+            bssid_name = str(bssid_name)
+            if len(bssid_name) != 0:
+                print_error(f"Custom BSSID name cannot be an empty string")
+                raise Exception("Invalid BSSID name")
+        return bssid_name
+
+    def parse_custom_channels(self, channel_list: Union[None, str]):
+        ch_list = list()
+        if channel_list is not None:
+            try:
+                ch_list = channel_list.split(',')
+            except Exception as exc:
+                print_error(f"Invalid custom channel input -> {channel_list}")
+                raise Exception("Bad custom channel input")
+
+            if len(ch_list):
+                for ch in ch_list:
+                    if ch not in self._channel_range:
+                        print_error(f"Custom channel {ch} is not supported by the network interface")
+                        raise Exception("Unsupported channel")
+        return ch_list
+
+
     def _enable_monitor_mode(self):
         for cmd in [f"sudo ip link set {self.interface} down",
                     f"sudo iw {self.interface} set monitor control",
@@ -76,6 +106,7 @@ def _kill_networkmanager():
         print_cmd(f"Running command -> '{BOLD}{cmd}{RESET}'")
         return not os.system(cmd)
 
+
     def _set_channel(self, ch_num):
         os.system(f"iw dev {self.interface} set channel {ch_num}")
         self._current_channel_num = ch_num
@@ -90,30 +121,52 @@ def _ap_sniff_cb(self, pkt):
             if pkt.haslayer(Dot11Beacon) or pkt.haslayer(Dot11ProbeResp):
                 ap_mac = str(pkt.addr3)
                 ssid = pkt[Dot11Elt].info.strip(b'\x00').decode('utf-8').strip() or ap_mac
-                if ap_mac == BD_MACADDR or not ssid:
+                if ap_mac == BD_MACADDR or not ssid or (self._custom_bbsid_name_is_set()
+                                                        and ssid != self._custom_bssid_name):
                     return
                 pkt_ch = frequency_to_channel(pkt[RadioTap].Channel)
                 band_type = BandType.T_50GHZ if pkt_ch > 14 else BandType.T_24GHZ
                 if ssid not in self._all_ssids[band_type]:
                     self._all_ssids[band_type][ssid] = SSID(ssid, ap_mac, band_type)
                 self._all_ssids[band_type][ssid].add_channel(pkt_ch if pkt_ch in self._channel_range else self._current_channel_num)
+                if self._custom_bbsid_name_is_set():
+                    self._custom_bbsid_last_ch = self._all_ssids[band_type][ssid].channel
             else:
                 self._clients_sniff_cb(pkt)  # pass forward to find potential clients
         except Exception as exc:
             pass
 
     def _scan_channels_for_aps(self):
+        channels_to_scan = self._custom_bssid_channels or self._channel_range
+        print_info(f"Starting AP scan, please wait... ({len(channels_to_scan)} channels total)")
+        if self._custom_bbsid_name_is_set():
+            print_info(f"Scanning for target BBSID -> {self._custom_bssid_name}")
+
         try:
-            for idx, ch_num in enumerate(self._channel_range):
+            for idx, ch_num in enumerate(channels_to_scan):
+                if self._custom_bbsid_name_is_set() and self._found_custom_bssid_name() \
+                        and self._current_channel_num - self._custom_bbsid_last_ch > 2:
+                    # make sure sniffing doesn't stop on an overlapped channel for custom BBSIDs
+                    return
                 self._set_channel(ch_num)
                 print_info(f"Scanning channel {self._current_channel_num} (left -> "
-                           f"{len(self._channel_range) - (idx + 1)})", end="\r")
+                           f"{len(channels_to_scan) - (idx + 1)})", end="\r")
                 sniff(prn=self._ap_sniff_cb, iface=self.interface, timeout=self._channel_sniff_timeout)
         except KeyboardInterrupt:
             self.user_abort()
         finally:
             printf("")
 
+    def _found_custom_bssid_name(self):
+        for all_channel_aps in self._channel_range.values():
+            for ssid_name in all_channel_aps.keys():
+                if ssid_name == self._custom_bssid_name:
+                    return True
+        return False
+
+    def _custom_bbsid_name_is_set(self):
+        return self._custom_bssid_name is not None
+
     def _start_initial_ap_scan(self) -> SSID:
         print_info(f"Starting AP scan, please wait... ({len(self._channel_range)} channels total)")
 
@@ -142,7 +195,10 @@ def _start_initial_ap_scan(self) -> SSID:
             exit(0)
 
         printf(DELIM)
+
         chosen = -1
+        if self._custom_bbsid_name_is_set() and self._found_custom_bssid_name():
+            chosen = 0
         while chosen not in target_map.keys():
             user_input = print_input(f"Choose a target from {min(target_map.keys())} to {max(target_map.keys())}:")
             try:
@@ -261,10 +317,16 @@ def user_abort(self):
                         default=False, dest="skip_monitormode", required=False)
     parser.add_argument('-k', '--kill', help='kill NetworkManager (might interfere with the process)',
                         action='store_true', default=False, dest="kill_networkmanager", required=False)
+    parser.add_argument('-b', '--bbsid', help='custom BBSID name (case-sensitive)',
+                        action='store', default=None, dest="custom_bbsid", required=False)
+    parser.add_argument('-c', '--channel', help='custom channels to scan, separated by a comma (i.e -> 1,3,4)',
+                        action='store', default=None, dest="custom_channels", required=False)
     pargs = parser.parse_args()
 
     invalidate_print()  # after arg parsing
     attacker = Interceptor(net_iface=pargs.net_iface,
                            skip_monitor_mode_setup=pargs.skip_monitormode,
-                           kill_networkmanager=pargs.kill_networkmanager)
+                           kill_networkmanager=pargs.kill_networkmanager,
+                           bssid_name=custom_bbsid,
+                           custom_channels=custom_channels)
     attacker.run()