From bc7d1d966353ef75dd197369c62609669c05b0dd Mon Sep 17 00:00:00 2001
From: Simone Margaritelli <evilsocket@gmail.com>
Date: Fri, 9 Apr 2021 16:31:13 +0200
Subject: [PATCH] misc: small fix or general refactoring i did not bother
commenting
---
README.md | 2 +-
_example/example.js | 107 +++++-------------------------------------
_example/functions.js | 93 ++++++++++++++++++++++++++++++++++++
3 files changed, 105 insertions(+), 97 deletions(-)
create mode 100644 _example/functions.js
diff --git a/README.md b/README.md
index 2e8bf81a..f2a334a5 100644
--- a/README.md
+++ b/README.md
@@ -17,7 +17,7 @@ bettercap is a powerful, easily extensible and portable framework written in Go
* **Bluetooth Low Energy** devices scanning, characteristics enumeration, reading and writing.
* 2.4Ghz wireless devices scanning and **MouseJacking** attacks with over-the-air HID frames injection (with DuckyScript support).
* Passive and active IP network hosts probing and recon.
-* **ARP, DNS and DHCPv6 spoofers** for MITM attacks on IP based networks.
+* **ARP, DNS, NDP and DHCPv6 spoofers** for MITM attacks on IPv4 and IPv6 based networks.
* **Proxies at packet level, TCP level and HTTP/HTTPS** application level fully scriptable with easy to implement **javascript plugins**.
* A powerful **network sniffer** for **credentials harvesting** which can also be used as a **network protocol fuzzer**.
* A very fast port scanner.
diff --git a/_example/example.js b/_example/example.js
index 753fa540..70d73bdc 100644
--- a/_example/example.js
+++ b/_example/example.js
@@ -1,110 +1,21 @@
require("config")
require("telegram")
-
-var fakeESSID = random.String(16, 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ');
-var fakeBSSID = random.Mac()
-
-function createGraph(who, where) {
- // generates a .dot file with the graph for this mac
- run('graph.to_dot ' + who);
- // uses graphviz to make a png of it
- run('!dot -Tpng bettergraph.dot > ' + where);
-}
-
-function onDeauthentication(event) {
- var data = event.data;
-
- createGraph(data.address1, '/tmp/graph_deauth.png');
-
- var message = '🚨 Detected deauthentication frame:\n\n' +
- // 'Time: ' + event.time + "\n" +
- // 'GPS: lat=' + session.GPS.Latitude + " lon=" + session.GPS.Longitude + " updated_at=" +
- //session.GPS.Updated.String() + "\n\n" +
- 'RSSI: ' + data.rssi + "\n" +
- 'Reason: ' + data.reason + "\n" +
- 'Address1: ' + data.address1 + "\n" +
- 'Address2: ' + data.address2 + "\n" +
- 'Address3: ' + data.address3;
-
- // send to telegram bot
- sendMessage(message);
- sendPhoto("/tmp/graph_deauth.png");
-}
-
-function onNewAP(event){
- var ap = event.data;
- if(ap.hostname == fakeESSID) {
- createGraph(ap.mac, '/tmp/graph_ap.png');
-
- var message = '🦠 Detected rogue AP:\n\n' +
- // 'Time: ' + event.time + "\n" +
- // 'GPS: lat=' + session.GPS.Latitude + " lon=" + session.GPS.Longitude + " updated_at=" +
- //session.GPS.Updated.String() + "\n\n" +
- 'AP: ' + ap.mac + ' (' + ap.vendor + ')';
-
- // send to telegram bot
- sendMessage(message);
- sendPhoto("/tmp/graph_ap.png");
- }
-}
-
-function onHandshake(event){
- var data = event.data;
- var what = 'handshake';
-
- createGraph(data.station, '/tmp/graph_handshake.png');
-
- if(data.pmkid != null) {
- what = "RSN PMKID";
- } else if(data.full) {
- what += " (full)";
- } else if(data.half) {
- what += " (half)";
- }
-
- var message = '💰 Captured ' + what + ':\n\n' +
- //'Time: ' + event.time + "\n" +
- //'GPS: lat=' + session.GPS.Latitude + " lon=" + session.GPS.Longitude + " updated_at=" +
- //session.GPS.Updated.String() + "\n\n" +
- 'Station: ' + data.station + "\n" +
- 'AP: ' + data.ap;
-
- // send to telegram bot
- sendMessage(message);
- sendPhoto("/tmp/graph_handshake.png");
-}
-
-function onNewNode(event) {
- var node = event.data;
-
- if(node.type != 'ssid' && node.type != 'ble_server' && graph.IsConnected(node.type, node.id)) {
- createGraph(node.id, '/tmp/graph_node.png');
-
- var message = '🖥️ Detected previously unknown ' + node.type + ':\n\n' +
- 'Type: ' + node.type + "\n" +
- 'MAC: ' + node.id;
-
- // send to telegram bot
- sendMessage(message);
- sendPhoto("/tmp/graph_node.png");
- }
-}
-
-function onTick(event) {
- run('wifi.probe ' + fakeBSSID + ' ' + fakeESSID);
-}
+require("functions")
log("session script loaded, fake AP is " + fakeESSID);
-// enable the graph module
+// enable the graph module so we can extract more historical info
+// for each device we see
run('graph on')
// create an empty ticker so we can run commands every few seconds
+// this will inject decoy wifi client probes used to detect KARMA
+// attacks and in general rogue access points
run('set ticker.commands ""')
run('set ticker.period 10')
run('ticker on')
-// enable recon and probing of new hosts
+// enable recon and probing of new hosts on IPv4 and IPv6
run('net.recon on');
run('net.probe on');
@@ -114,11 +25,15 @@ run('wifi.recon on');
// send fake client probes every tick
onEvent('tick', onTick);
+
// register for wifi.deauthentication events
onEvent('wifi.deauthentication', onDeauthentication);
+
// register for wifi.client.handshake events
onEvent('wifi.client.handshake', onHandshake);
-// register for wifi.ap.new events
+
+// register for wifi.ap.new events (used to detect rogue APs)
onEvent('wifi.ap.new', onNewAP);
+// register for new nodes in the graph
onEvent('graph.node.new', onNewNode);
\ No newline at end of file
diff --git a/_example/functions.js b/_example/functions.js
new file mode 100644
index 00000000..ffaee6c2
--- /dev/null
+++ b/_example/functions.js
@@ -0,0 +1,93 @@
+var fakeESSID = random.String(16, 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ');
+var fakeBSSID = random.Mac()
+
+// uses graph.to_dot and graphviz to generate a png graph
+function createGraph(who, where) {
+ // generates a .dot file with the graph for this mac
+ run('graph.to_dot ' + who);
+ // uses graphviz to make a png of it
+ run('!dot -Tpng bettergraph.dot > ' + where);
+}
+
+function onDeauthentication(event) {
+ var data = event.data;
+
+ createGraph(data.address1, '/tmp/graph_deauth.png');
+
+ var message = '🚨 Detected deauthentication frame:\n\n' +
+ // 'Time: ' + event.time + "\n" +
+ // 'GPS: lat=' + session.GPS.Latitude + " lon=" + session.GPS.Longitude + " updated_at=" +
+ //session.GPS.Updated.String() + "\n\n" +
+ 'RSSI: ' + data.rssi + "\n" +
+ 'Reason: ' + data.reason + "\n" +
+ 'Address1: ' + data.address1 + "\n" +
+ 'Address2: ' + data.address2 + "\n" +
+ 'Address3: ' + data.address3;
+
+ // send to telegram bot
+ sendMessage(message);
+ sendPhoto("/tmp/graph_deauth.png");
+}
+
+function onNewAP(event){
+ var ap = event.data;
+ if(ap.hostname == fakeESSID) {
+ createGraph(ap.mac, '/tmp/graph_ap.png');
+
+ var message = '🦠 Detected rogue AP:\n\n' +
+ // 'Time: ' + event.time + "\n" +
+ // 'GPS: lat=' + session.GPS.Latitude + " lon=" + session.GPS.Longitude + " updated_at=" +
+ //session.GPS.Updated.String() + "\n\n" +
+ 'AP: ' + ap.mac + ' (' + ap.vendor + ')';
+
+ // send to telegram bot
+ sendMessage(message);
+ sendPhoto("/tmp/graph_ap.png");
+ }
+}
+
+function onHandshake(event){
+ var data = event.data;
+ var what = 'handshake';
+
+ createGraph(data.station, '/tmp/graph_handshake.png');
+
+ if(data.pmkid != null) {
+ what = "RSN PMKID";
+ } else if(data.full) {
+ what += " (full)";
+ } else if(data.half) {
+ what += " (half)";
+ }
+
+ var message = '💰 Captured ' + what + ':\n\n' +
+ //'Time: ' + event.time + "\n" +
+ //'GPS: lat=' + session.GPS.Latitude + " lon=" + session.GPS.Longitude + " updated_at=" +
+ //session.GPS.Updated.String() + "\n\n" +
+ 'Station: ' + data.station + "\n" +
+ 'AP: ' + data.ap;
+
+ // send to telegram bot
+ sendMessage(message);
+ sendPhoto("/tmp/graph_handshake.png");
+}
+
+function onNewNode(event) {
+ var node = event.data;
+
+ if(node.type != 'ssid' && node.type != 'ble_server' && graph.IsConnected(node.type, node.id)) {
+ createGraph(node.id, '/tmp/graph_node.png');
+
+ var message = '🖥️ Detected previously unknown ' + node.type + ':\n\n' +
+ 'Type: ' + node.type + "\n" +
+ 'MAC: ' + node.id;
+
+ // send to telegram bot
+ sendMessage(message);
+ sendPhoto("/tmp/graph_node.png");
+ }
+}
+
+function onTick(event) {
+ run('wifi.probe ' + fakeBSSID + ' ' + fakeESSID);
+}
\ No newline at end of file