问题
I'm trying to capture and send a beacon frame using the following code
def SniffIncomingProbes():
#create a general socket to monitor ongoing traffic
sniffer = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(0x0003))
sniffer.bind((interface, 0x0003))
#byte [30] in the packet is the packet type/subtype field
#\x40 is a probe request, \x80 is a beacon probe
while True:
if frame_subtype==8:
packet = sniffer.recvfrom(2048)[0]
if packet[30] == "\x80":
#byte [67] in the packet contains the length of the SSID
SSID = packet[68: 68 + ord(packet[67])]
MAC = packet[40:46].encode('hex')
association_set.add((MAC,SSID))
PrintNicely()
#try and send a beacon on my own
if len(SSID) == 4:
newPacket = packet[:68] + "MOSS" + packet[72:]
newPacket = newPacket[:46] + ("\xAC\xDC\xDE\xAD\xBE\xEF") + newPacket[52:]
#get the FRC into unsigned form, convert to a
#string, and remove the "0x" characters in the beginning of the string
FCS = str(hex(abs(binascii.crc32(newPacket[:len(packet)-4]))))[2:]
if len(FCS)%2 == 1:
FCS = "0" + FCS
print FCS
print len(FCS)
newPacket = newPacket[:len(newPacket)-4]+ FCS.decode("hex")
sniffer.send(newPacket)
elif frame_subtype==4:
packet = sniffer.recvfrom(2048)[0]
if packet[30] == "\x40":
#byte [55] in the packet contains the length of the SSID
SSID = packet[56: 56 + ord(packet[55])]
MAC = packet[40:46].encode('hex')
association_set.add((MAC,SSID))
PrintNicely()
when I run Wireshark and airodump I can see the packets with SSID "MOSS" going through, and it shows up as a beacon on airodump. yet when I run Windows Network Monitor on a remote machine, I don't see these packets going through. also, my CRC checksum seems to be wrong (checked with wireshark). seems like I am not sending the packet correctly and the FCS check failed
any input will be appreciated, thank you in advance.
UPDATE: The frame seqeuence check(FSC) returns Good and is not marked by wireshark anymore, BUT the packet is still not transmitted to any remote machine on the network.
i changed the FSC code to:
def FSCCheckSum(data):
#get the crc32 checksum of the data,
#without the radiotap header(first 30 bytes) and the FSC (last 4 bytes)
#and change it to unsigned form
#convert the hex representation to a string
#and remove the "0x" characters at the beginning of the string
FSC = binascii.crc32(data[30:-4]) % (1<<32)
FSC = str(hex(FSC))[2:]
#we might get zeroes(not showing) from the left,
#so we pad the number from the left with "0"s to match 4 bytes(4 hex pairs)
FSC = "0" * (8-len(FSC)) + FSC
#reverse the byte ordering
return FSC.decode("hex")[::-1]
so I just use the following code to modify the packet. * Notice I also change the source address now
newPacket = packet[:68] + "MOSS" + packet[72:]
newPacket = newPacket[:40] + ("\xAC\xDC\xDE\xAD\xBE\xEF") + newPacket[46:]
newPacket = newPacket[:46] + ("\xAC\xDC\xDE\xAD\xBE\xEF") + newPacket[52:]
newPacket = newPacket[:-4] + FSCCheckSum(newPacket)
sniffer.send(newPacket)
(i split setting it with the BSSID so it would be easier to read and understand, i know it can be merged)
来源:https://stackoverflow.com/questions/39472943/python-broadcast-802-11-frames-using-the-socket-module