📄 airodump.c
字号:
{ if( ! ( st_cur = (struct ST_info *) malloc( sizeof( struct ST_info ) ) ) ) { perror( "malloc failed" ); return( 1 ); } memset( st_cur, 0, sizeof( struct ST_info ) ); if( st_1st == NULL ) st_1st = st_cur; else st_prv->next = st_cur; memcpy( st_cur->stmac, stmac, 6 ); st_cur->prev = st_prv; st_cur->base = ap_cur; if( tv_sec == 0 ) { st_cur->tinit = time( NULL ); st_cur->tlast = time( NULL ); } else { st_cur->tinit = tv_sec; st_cur->tlast = tv_sec; } st_cur->power = power; st_end = st_cur; } /* every 1s, update the last time seen & receive power */ if( tv_sec == 0 ) st_cur->tlast = time( NULL ); else st_cur->tlast = tv_sec; if( ( h80211[1] & 3 ) == 1 ) st_cur->power = power; st_cur->nb_pkt++;skip_station: /* packet parsing: Beacon or Probe Response */ if( h80211[0] == 0x80 || h80211[0] == 0x50 ) { if( ap_cur->crypt < 0 ) ap_cur->crypt = ( h80211[34] & 0x10 ) >> 4; p = h80211 + 36; while( p < h80211 + pkh.caplen ) { if( p + 2 + p[1] > h80211 + pkh.caplen ) break; if( p[0] == 0x00 && p[1] > 0 && p[2] != '\0' && ( p[1] > 1 || p[2] != ' ' ) ) { /* found a non-cloaked ESSID */ n = ( p[1] > 32 ) ? 32 : p[1]; memset( ap_cur->essid, 0, 33 ); memcpy( ap_cur->essid, p + 2, n ); for( i = 0; i < n; i++ ) if( ap_cur->essid[i] < 32 || ( ap_cur->essid[i] > 126 && ap_cur->essid[i] < 160 ) ) ap_cur->essid[i] = '.'; } if( p[0] == 0x01 || p[0] == 0x32 ) ap_cur->speed = ( p[1 + p[1]] & 0x7F ) / 2; if( p[0] == 0x03 ) ap_cur->chanl = p[2]; p += 2 + p[1]; } } /* packet parsing: Association Request */ if( h80211[0] == 0x00 ) { p = h80211 + 28; while( p < h80211 + pkh.caplen ) { if( p + 2 + p[1] > h80211 + pkh.caplen ) break; if( p[0] == 0x00 && p[1] > 0 && p[2] != '\0' && ( p[1] > 1 || p[2] != ' ' ) ) { /* found a non-cloaked ESSID */ n = ( p[1] > 32 ) ? 32 : p[1]; memset( ap_cur->essid, 0, 33 ); memcpy( ap_cur->essid, p + 2, n ); for( i = 0; i < n; i++ ) if( ap_cur->essid[i] < 32 || ( ap_cur->essid[i] > 126 && ap_cur->essid[i] < 160 ) ) ap_cur->essid[i] = '.'; } p += 2 + p[1]; } } /* packet parsing: some data */ if( ap_cur->chanl == -1 ) ap_cur->chanl = channel; if( ( h80211[0] & 0x0C ) == 0x08 ) { /* check the SNAP header to see if data is encrypted */ unsigned int z = ( ( h80211[1] & 3 ) != 3 ) ? 24 : 30; if( z + 26 > pkh.caplen ) goto write_packet; if( h80211[z] == h80211[z + 1] && h80211[z + 2] == 0x03 ) { if( ap_cur->crypt < 0 ) ap_cur->crypt = 0; /* if ethertype == IPv4, find the LAN address */ if( h80211[z + 6] == 0x08 && h80211[z + 7] == 0x00 && ( h80211[1] & 3 ) == 0x01 ) memcpy( ap_cur->lanip, &h80211[z + 20], 4 ); if( h80211[z + 6] == 0x08 && h80211[z + 7] == 0x06 ) memcpy( ap_cur->lanip, &h80211[z + 22], 4 ); } else ap_cur->crypt = 2 + ( ( h80211[z + 3] & 0x20 ) >> 5 ); if( z + 10 > pkh.caplen ) goto write_packet; if( ap_cur->crypt == 2 ) { /* WEP: check if we've already seen this IV */ if( ! uniqueiv_check( ap_cur->uiv_root, &h80211[z] ) ) { /* first time seen IVs */ if( f_ivs_out != NULL ) { unsigned char iv_info[64]; if( memcmp( prev_bssid, ap_cur->bssid, 6 ) == 0 ) { iv_info[0] = 0xFF; memcpy( iv_info + 1, &h80211[z ], 3 ); memcpy( iv_info + 4, &h80211[z + 4], 2 ); n = 6; } else { memcpy( prev_bssid , ap_cur->bssid, 6 ); memcpy( iv_info , ap_cur->bssid, 6 ); memcpy( iv_info + 6, &h80211[z ], 3 ); memcpy( iv_info + 9, &h80211[z + 4], 2 ); n = 11; } if( fwrite( iv_info, 1, n, f_ivs_out ) != (size_t) n ) { perror( "fwrite(IV info) failed" ); return( 1 ); } } uniqueiv_mark( ap_cur->uiv_root, &h80211[z] ); ap_cur->nb_data++; } } else ap_cur->nb_data++; }write_packet: if( f_cap_out != NULL ) { struct timeval tv; gettimeofday( &tv, NULL ); if( tv_sec == 0 ) { pkh.tv_sec = tv.tv_sec; pkh.tv_usec = ( tv.tv_usec & ~0x1ff ) + power; } else { pkh.tv_sec = tv_sec; pkh.tv_usec = tv_usec; } if( pfh_out.magic == TCPDUMP_CIGAM ) { SWAP32( pkh.tv_sec ); SWAP32( pkh.tv_usec ); SWAP32( pkh.caplen ); SWAP32( pkh.len ); } n = sizeof( pkh ); if( fwrite( &pkh, 1, n, f_cap_out ) != (size_t) n ) { perror( "fwrite(packet header) failed" ); return( 1 ); } fflush( stdout ); n = pkh.caplen; if( fwrite( h80211, 1, n, f_cap_out ) != (size_t) n ) { perror( "fwrite(packet data) failed" ); return( 1 ); } fflush( stdout ); } return( 0 );}void dump_print( int ws_row, int ws_col ){ int nlines; char strbuf[512]; /* print some informations about each detected AP */ fprintf( stderr, "\n BSSID PWR Beacons" " # Data CH MB ENC ESSID\n\n" ); nlines = 5; ap_cur = ap_end; while( ap_cur != NULL ) { if( f_cap_in == NULL && ( ap_cur->nb_pkt < 2 || time( NULL ) - ap_cur->tlast > 120 ) ) { ap_cur = ap_cur->prev; continue; } if( ws_row != 0 && nlines > ws_row ) return; nlines++; fprintf( stderr, " %02X:%02X:%02X:%02X:%02X:%02X", ap_cur->bssid[0], ap_cur->bssid[1], ap_cur->bssid[2], ap_cur->bssid[3], ap_cur->bssid[4], ap_cur->bssid[5] ); fprintf( stderr, " %3d %8ld %8ld", ap_cur->power, ap_cur->nb_bcn, ap_cur->nb_data ); fprintf( stderr, " %3d %3d ", ap_cur->chanl, ap_cur->speed ); switch( ap_cur->crypt ) { case 0: fprintf( stderr, "OPN " ); break; case 1: fprintf( stderr, "WEP?" ); break; case 2: fprintf( stderr, "WEP " ); break; case 3: fprintf( stderr, "WPA " ); break; default: fprintf( stderr, " " ); break; } memset( strbuf, 0, sizeof( strbuf ) ); snprintf( strbuf, sizeof( strbuf ) - 1, "%-32s", ap_cur->essid ); strbuf[ws_col - 58] = '\0'; fprintf( stderr, " %s\n", strbuf ); ap_cur = ap_cur->prev; } /* print some informations about each detected station */ memset( strbuf, 0, ws_col ); nlines += 3; if( ws_row != 0 && nlines > ws_row ) return; memset( strbuf, 0x20, ws_col - 1 ); fprintf( stderr, "%s\n", strbuf ); memcpy( strbuf, " BSSID STATION " " PWR Packets ESSID", 58 ); fprintf( stderr, "%s\n", strbuf ); memset( strbuf, 0x20, ws_col - 1 ); fprintf( stderr, "%s\n", strbuf ); ap_cur = ap_end; while( ap_cur != NULL ) { if( f_cap_in == NULL && ( ap_cur->nb_pkt < 2 || time( NULL ) - ap_cur->tlast > 120 ) ) { ap_cur = ap_cur->prev; continue; } if( ws_row != 0 && nlines > ws_row ) return; st_cur = st_end; while( st_cur != NULL ) { if( st_cur->base != ap_cur || ( f_cap_in == NULL && time( NULL ) - ap_cur->tlast > 120 ) ) { st_cur = st_cur->prev; continue; } if( ws_row != 0 && nlines > ws_row ) return; nlines++; fprintf( stderr, " %02X:%02X:%02X:%02X:%02X:%02X", ap_cur->bssid[0], ap_cur->bssid[1], ap_cur->bssid[2], ap_cur->bssid[3], ap_cur->bssid[4], ap_cur->bssid[5] ); fprintf( stderr, " %02X:%02X:%02X:%02X:%02X:%02X", st_cur->stmac[0], st_cur->stmac[1], st_cur->stmac[2], st_cur->stmac[3], st_cur->stmac[4], st_cur->stmac[5] ); if( st_cur->power != -1 ) fprintf( stderr, " %3d", st_cur->power ); else fprintf( stderr, " " ); fprintf( stderr, " %8ld", st_cur->nb_pkt ); memset( strbuf, 0, sizeof( strbuf ) ); snprintf( strbuf, sizeof( strbuf ) - 1, "%-32s", ap_cur->essid ); strbuf[ws_col - 54] = '\0'; fprintf( stderr, " %s\n", strbuf ); st_cur = st_cur->prev; } ap_cur = ap_cur->prev; }}void dump_write_csv( void ){ struct tm *ltime; if( f_csv_out == NULL ) return; fseek( f_csv_out, 0, SEEK_SET ); fprintf( f_csv_out, "\r\nBSSID, First time seen, Last time seen, Channel, Speed, " "Privacy, Power, # beacons, # data, LAN IP, ESSID\r\n" ); ap_cur = ap_1st; while( ap_cur != NULL ) { if( ap_cur->nb_pkt < 2 ) { ap_cur = ap_cur->next; continue; } fprintf( f_csv_out, "%02X:%02X:%02X:%02X:%02X:%02X, ", ap_cur->bssid[0], ap_cur->bssid[1],⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -