-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathwifi_capture.sh
207 lines (173 loc) · 4.78 KB
/
wifi_capture.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
#!/system/xbin/bash
#
# Run this on android with nexmon to capture and save packets for a file
#
# Needs nexutil, tcpdump and bash working
# exit codes 0 success, 1 program fail, 2 help, 4 misconfiguration, 8 undefined
# unknown bug.
### CONFIG ###
save_loc=/storage/emulated/0/Download/
capfile_base="wifi_cap"
iface=wlan0
tcpdump_options=""
pid_file="/data/local/tmp/wifi_capture.pid"
### /CONFIG ###
tool=""
tool_options=""
export LD_PRELOAD=libnexmon.so
#date_stamp=$(date +%Y%m%d_%H%M%S)
date_stamp=$(date +%Y%m%d)
cap_file="${capfile_base}_${date_stamp}.pcap"
declare -i exit_code=0
help_and_exit(){
cat 1>&2 << EOF
wifi_capture.sh: Automated android/nexmon capture script.
We are going to asssume you already have nexmon installed and working. If not:
Get that done first: https://github.com/seemoo-lab/nexmon
We also assume you already have tcpdump installed.
This script is designed to be the backend to a push button to capture packets.
Capture will continue until this script is given sigterm and then it will clean
up and exit, leaving the capture file in Download/
Commands
Capture:
<default> No options, captures all packets
ap_beacon Captures 802.11 Beacons, needs a second
parameter as BSSID, MAC of AP.(tcpdump)
ap_handshake Captures WPA handshakes, needs a second
parameter as BSSID, MAC of AP.(tcpdump)
all_by_mac Captures all frames assoicated with BSSID MAC
Address, as specified in second parameter
(airodump-ng)
all_by_name Captures all frames associated with ESSID Access
Point Name. Name specified as second parameter.
(airmodump-ng)
custom Capture packets using specified tcpdump syntax.
(tcpdump)
Script:
help This message
test Test nexutil install
kill Stop capture and exit
EOF
exit 2
}
android_media_rescan(){
# This is a media re-scan so the file shows up over MTP
am broadcast -a android.intent.action.MEDIA_MOUNTED -d file:///${save_loc}
}
test_install(){
local bin_needed="tcpdump nexutil airodump-ng"
local lib_needed="libnexmon.so"
local -i test_exit=0
for file in ${bin_needed};do
which ${file} &> /dev/null
if [ ${?} -ne 0 ];then
test_exit=1
echo "${file} is not an executable, script won't run without it"
fi
done
for file in ${lib_needed};do
if [ ! -f "/system/lib/${file}" ];then
echo "Cannot find Library ${file}, script will not run without it."
test_exit=1
fi
## 64 bit only
#if [ ! -f "/system/lib64/${file}" ];then
# echo "Cannot find 64-bit Library ${file}, script will not run without it."
# test_exit=1
#fi
done
[ ${test_exit} -eq 0 ] && echo "prereqs look fine, script should run"
exit ${test_exit}
}
cleanup_and_exit(){
if [ -f ${pid_file} ];then
local kill_pid=$(cat ${pid_file})
kill ${kill_pid}
rm -f ${pid_file}
else
echo "no pidfile"
killall -s SIGTERM $(basename $0)
fi
# This is a media re-scan so the file shows up over MTP
android_media_rescan
#turn monitor mode off
nexutil -m0
nexutil -p0
exit
}
main() {
trap cleanup_and_exit SIGTERM SIGINT
local command="${1}"
local param="${@:2}"
local -i pid=0
case ${command} in
help|--help|-\?)
help_and_exit
;;
kill)
cleanup_and_exit
;;
test)
test_install
;;
ap_beacon)
tool="tcpdump"
tool_options="type mgt subtype beacon"
[ ! -z ${param} ] && tcpdump_options+=" and ether src ${param}"
;;
ap_handshake)
tool="tcpdump"
tool_options="ether proto 0x888e"
[ ! -z ${param} ] && tcpdump_options+=" and ether host ${param}"
;;
all_by_mac)
tool="airodump"
[ -z ${param} ] && exit_with_error 4 "No MAC specified"
tool_options+=" --bssid ${param}"
;;
all_by_name)
tool="airodump"
[ -z ${param} ] && exit_with_error 4 "No Name specified"
tool_options+=" --essid ${param}"
;;
custom)
tool="tcpdump"
tool_options="${param}"
;;
*)
tool="tcpdump"
;;
esac
[ $UID -ne 0 ] && (echo "Got Root?";exit 2)
#set monitor mode on
nexutil -m2
nexutil -p1
local -i cap_file_i=0
while [ -f "${save_loc}/${cap_file}" ];do
cap_file="${capfile_base}_${date_stamp}_${cap_file_i}.pcap"
cap_file_i+=1
done
case ${tool} in
tcpdump)
tcpdump -i ${iface} ${tool_options} ${tcpdump_options} -w "${save_loc}/${cap_file}" &
pid=$!
;;
airodump)
airodump-ng --output-format pcap --write "${save_loc}/${cap_file}" ${tool_options} ${iface} &
pid=$!
;;
*)
exit_with_error 8 "No tool specified, this shouldn't happen, debug script!"
;;
esac
echo ${pid} > ${pid_file}
wait ${pid}
# This is a media re-scan so the file shows up over MTP
android_media_rescan
# turn off monitor mode
nexutil -m0
nexutil -p0
# This should never get to this point. If so, it is a FAIL
exit 8
}
main "${@}"