python – 如何找到scapy无线网络?
发布时间:2020-12-20 11:38:52 所属栏目:Python 来源:网络整理
导读:我如何找到scapy无线网络?如果我做sniff()和pkt.haslayer(Dot11)然后如果pkt.info然后我收集它们但速度很慢,例如我的 Android手机在几秒钟内完成它并且这个脚本在几分钟内甚至更多…… 解决方法 造成差异的原因是您的手机通过向附近的任何接入点发送请求来
我如何找到scapy无线网络?如果我做sniff()和pkt.haslayer(Dot11)然后如果pkt.info然后我收集它们但速度很慢,例如我的
Android手机在几秒钟内完成它并且这个脚本在几分钟内甚至更多……
解决方法
造成差异的原因是您的手机通过向附近的任何接入点发送请求来主动寻找WiFi点 – 嗅探正在侦听任何过往的流量.
您可能会发现更快: >具体选择您的网络适配器 – 这样您就不会嗅探所有适配器. 关于如何从packet header发送WiFi数据包的示例可能会有所帮助,(不是我的代码,也没有经过我的测试): #!/usr/bin/env python """ 802.11 Scapy Packet Example Author: Joff Thyer,2014 """ # if we set logging to ERROR level,it supresses the warning message # from Scapy about ipv6 routing # WARNING: No route found for IPv6 destination :: (no default route?) import logging logging.getLogger("scapy.runtime").setLevel(logging.ERROR) from scapy.all import * class Scapy80211(): def __init__(self,intf='wlan0',ssid='test', source='00:00:de:ad:be:ef', bssid='00:11:22:33:44:55',srcip='10.10.10.10'): self.rates = "x03x12x96x18x24x30x48x60" self.ssid = ssid self.source = source self.srcip = srcip self.bssid = bssid self.intf = intf self.intfmon = intf + 'mon' # set Scapy conf.iface conf.iface = self.intfmon # create monitor interface using iw cmd = '/sbin/iw dev %s interface add %s type monitor >/dev/null 2>&1' % (self.intf,self.intfmon) try: os.system(cmd) except: raise def Beacon(self,count=10,ssid='',dst='ff:ff:ff:ff:ff:ff'): if not ssid: ssid=self.ssid beacon = Dot11Beacon(cap=0x2104) essid = Dot11Elt(ID='SSID',info=ssid) rates = Dot11Elt(ID='Rates',info=self.rates) dsset = Dot11Elt(ID='DSset',info='x01') tim = Dot11Elt(ID='TIM',info='x00x01x00x00') pkt = RadioTap() /Dot11(type=0,subtype=8,addr1=dst,addr2=self.source,addr3=self.bssid) /beacon/essid/rates/dsset/tim print '[*] 802.11 Beacon: SSID=[%s],count=%d' % (ssid,count) try: sendp(pkt,iface=self.intfmon,count=count,inter=0.1,verbose=0) except: raise def ProbeReq(self,dst='ff:ff:ff:ff:ff:ff'): if not ssid: ssid=self.ssid param = Dot11ProbeReq() essid = Dot11Elt(ID='SSID',info=self.rates) dsset = Dot11Elt(ID='DSset',info='x01') pkt = RadioTap() /Dot11(type=0,subtype=4,addr3=self.bssid) /param/essid/rates/dsset print '[*] 802.11 Probe Request: SSID=[%s],verbose=0) except: raise def ARP(self,targetip,count=1,toDS=False): if not targetip: return arp = LLC()/SNAP()/ARP(op='who-has',psrc=self.srcip,pdst=targetip,hwsrc=self.source) if toDS: pkt = RadioTap() /Dot11(type=2,subtype=32,FCfield='to-DS', addr1=self.bssid,addr3='ff:ff:ff:ff:ff:ff') /arp else: pkt = RadioTap() /Dot11(type=2, addr1='ff:ff:ff:ff:ff:ff',addr3=self.bssid) /arp print '[*] ARP Req: who-has %s' % (targetip) try: sendp(pkt,verbose=0,count=count) except: raise ans = sniff(lfilter = lambda x: x.haslayer(ARP) and x.op == 2,store=1,timeout=1) if len(ans) > 0: return ans[0][ARP].hwsrc else: return None def DNSQuery(self,query='www.google.com',qtype='A',ns=None,toDS=False): if ns == None: return dstmac = self.ARP(ns) dns = LLC()/SNAP()/IP(src=self.srcip,dst=ns)/ UDP(sport=random.randint(49152,65535),dport=53)/ DNS(qd=DNSQR(qname=query,qtype=qtype)) if toDS: pkt = RadioTap() /Dot11(type=2,addr3=dstmac)/dns else: pkt = RadioTap() /Dot11(type=2, addr1=dstmac,addr3=self.bssid)/dns print '[*] DNS query %s (%s) -> %s?' % (query,qtype,ns) try: sendp(pkt,verbose=0) except: raise # main routine if __name__ == "__main__": print """ [*] 802.11 Scapy Packet Crafting Example [*] Assumes 'wlan0' is your wireless NIC! [*] Author: Joff Thyer,2014 """ sdot11 = Scapy80211(intf='wlan0') sdot11.Beacon() sdot11.ProbeReq() sdot11.DNSQuery(ns='10.10.10.2') (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
推荐文章
站长推荐
热点阅读