Skip to content

Commit 00bfdd3

Browse files
calebmadrigalcalebmadrigal
committed
More plugin data and better logging when plugin present
1 parent f7f821a commit 00bfdd3

File tree

4 files changed

+64
-47
lines changed

4 files changed

+64
-47
lines changed

plugin_examples/deauth_mac.py

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,9 @@
11
"""Looks for and deauths the specified mac_to_deauth using aircrack-ng."""
2-
import time
32
import subprocess
43

4+
__author__ = 'Caleb Madrigal'
5+
__email__ = '[email protected]'
6+
__version__ = '0.0.2'
57
__apiversion__ = 1
68
__config__ = {'trigger_cooldown': 1, 'log_level': 'ERROR'}
79

trackerjacker/common.py

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,6 @@
11
# pylint: disable=C0111
2+
MACS_TO_IGNORE = {'ff:ff:ff:ff:ff:ff', '00:00:00:00:00:00'}
3+
24

35
class TJException(Exception):
46
pass

trackerjacker/dot11_mapper.py

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,8 +11,7 @@
1111
import ruamel.yaml
1212
from . import dot11_frame # pylint: disable=E0401
1313
from . import ieee_mac_vendor_db # pylint: disable=E0401
14-
15-
MACS_TO_IGNORE = {'ff:ff:ff:ff:ff:ff', '00:00:00:00:00:00'}
14+
from .common import MACS_TO_IGNORE
1615

1716

1817
def trim_frames_to_window(frames, window, now=None):

trackerjacker/dot11_tracker.py

Lines changed: 58 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
import threading
77
import subprocess
88
from functools import reduce
9-
from .common import TJException
9+
from .common import TJException, MACS_TO_IGNORE
1010

1111

1212
class Dot11Tracker:
@@ -85,20 +85,17 @@ def eval_general_mac_trigger(self, macs, frame, raw_frame):
8585
self.do_trigger_alert(mac,
8686
'mac',
8787
num_bytes=bytes_in_window,
88+
data_threshold=self.threshold,
8889
vendor=dev_node['vendor'],
89-
bssid=frame.bssid,
90-
ssid=frame.ssid,
91-
iface=frame.iface,
90+
frame=frame,
9291
raw_frame=raw_frame)
9392

9493
if self.power and frame.signal_strength > self.power:
9594
self.do_trigger_alert(mac,
9695
'mac',
97-
power=dev_node['signal'],
9896
vendor=dev_node['vendor'],
99-
bssid=frame.bssid,
100-
ssid=frame.ssid,
101-
iface=frame.iface,
97+
power_threshold=self.power,
98+
frame=frame,
10299
raw_frame=raw_frame)
103100

104101
def eval_general_bssid_trigger(self, bssid, frame, raw_frame):
@@ -112,8 +109,9 @@ def eval_general_bssid_trigger(self, bssid, frame, raw_frame):
112109
self.do_trigger_alert(bssid,
113110
'bssid',
114111
num_bytes=bytes_in_window,
112+
data_threshold=self.threshold,
115113
vendor=vendor,
116-
iface=frame.iface,
114+
frame=frame,
117115
raw_frame=raw_frame)
118116

119117
if self.power and frame.signal_strength >= self.power:
@@ -122,9 +120,9 @@ def eval_general_bssid_trigger(self, bssid, frame, raw_frame):
122120
vendor = bssid_node['vendor']
123121
self.do_trigger_alert(bssid,
124122
'bssid',
125-
power=frame.signal_strength,
123+
power_threshold=self.power,
126124
vendor=vendor,
127-
iface=frame.iface,
125+
frame=frame,
128126
raw_frame=raw_frame)
129127

130128
def eval_general_ssid_trigger(self, ssid, frame, raw_frame):
@@ -138,21 +136,23 @@ def eval_general_ssid_trigger(self, ssid, frame, raw_frame):
138136
self.do_trigger_alert(ssid,
139137
'ssid',
140138
num_bytes=bytes_in_window,
141-
iface=frame.iface,
139+
data_threshold=self.threshold,
140+
frame=frame,
142141
raw_frame=raw_frame)
143142

144143
if self.power and frame.signal_strength >= self.power:
145144
self.do_trigger_alert(ssid,
146145
'ssid',
147-
power=frame.signal_strength,
148-
iface=frame.iface,
146+
power_threshold=self.power,
147+
frame=frame,
149148
raw_frame=raw_frame)
150149

151150
def eval_mac_triggers(self, macs, frame, raw_frame):
152151
# Only eval macs both on the "to watch" list and in the frame
153152
devices_to_eval = macs & self.devices_to_watch.keys()
154153
for mac in devices_to_eval:
155-
# TODO: ignore ff:ff:ff:ff:ff:ff
154+
if mac in MACS_TO_IGNORE:
155+
continue
156156
dev_watch_node = self.devices_to_watch[mac]
157157
dev_node = self.dot11_map.get_dev_node(mac)
158158
bytes_in_window = 0
@@ -167,16 +167,18 @@ def eval_mac_triggers(self, macs, frame, raw_frame):
167167
self.do_trigger_alert(mac,
168168
'mac',
169169
num_bytes=bytes_in_window,
170+
data_threshold=dev_watch_node['threshold'],
170171
vendor=dev_node['vendor'],
171-
iface=frame.iface,
172+
frame=frame,
172173
raw_frame=raw_frame)
173174
triggered = True
174-
if dev_watch_node['power'] and dev_node['signal'] > dev_watch_node['power']:
175+
176+
if dev_watch_node['power'] and frame.signal_strength > dev_watch_node['power']:
175177
self.do_trigger_alert(mac,
176178
'mac',
177-
power=dev_node['signal'],
178179
vendor=dev_node['vendor'],
179-
iface=frame.iface,
180+
power_threshold=dev_watch_node['power'],
181+
frame=frame,
180182
raw_frame=raw_frame)
181183
triggered = True
182184

@@ -185,7 +187,7 @@ def eval_mac_triggers(self, macs, frame, raw_frame):
185187
.format(mac, dev_watch_node['threshold'], self.threshold_window, bytes_in_window))
186188

187189
def eval_bssid_triggers(self, bssid, frame, raw_frame):
188-
if bssid not in self.bssids_to_watch:
190+
if (bssid not in self.bssids_to_watch) or (bssid in MACS_TO_IGNORE):
189191
return
190192

191193
bssid_watch_node = self.bssids_to_watch[bssid]
@@ -194,22 +196,23 @@ def eval_bssid_triggers(self, bssid, frame, raw_frame):
194196
triggered = False
195197

196198
if bssid_node:
197-
if bssid_watch_node['power'] and bssid_node['signal'] >= bssid_watch_node['power']:
199+
bytes_in_window = self.get_bytes_in_window(bssid_node['frames'])
200+
if bssid_watch_node['threshold'] and bytes_in_window >= bssid_watch_node['threshold']:
198201
self.do_trigger_alert(bssid,
199202
'bssid',
200-
power=bssid_node['signal'],
203+
num_bytes=bytes_in_window,
204+
data_threshold=bssid_watch_node['threshold'],
201205
vendor=bssid_node['vendor'],
202-
iface=frame.iface,
206+
frame=frame,
203207
raw_frame=raw_frame)
204208
triggered = True
205209

206-
bytes_in_window = self.get_bytes_in_window(bssid_node['frames'])
207-
if bssid_watch_node['threshold'] and bytes_in_window >= bssid_watch_node['threshold']:
210+
if bssid_watch_node['power'] and frame.signal_strength >= bssid_watch_node['power']:
208211
self.do_trigger_alert(bssid,
209212
'bssid',
210-
num_bytes=bytes_in_window,
211213
vendor=bssid_node['vendor'],
212-
iface=frame.iface,
214+
power_threshold=bssid_watch_node['power'],
215+
frame=frame,
213216
raw_frame=raw_frame)
214217
triggered = True
215218

@@ -227,13 +230,14 @@ def eval_ssid_triggers(self, ssid, frame, raw_frame):
227230

228231
if bssid_nodes:
229232
bytes_in_window = reduce(lambda acc, bssid_bytes: acc+bssid_bytes,
230-
[bssid_node['frames'] for bssid_node in bssid_nodes],
233+
[self.get_bytes_in_window(bssid_node['frames']) for bssid_node in bssid_nodes],
231234
0)
232235
if bytes_in_window >= ssid_watch_node['threshold']:
233236
self.do_trigger_alert(ssid,
234237
'ssid',
235238
num_bytes=bytes_in_window,
236-
iface=frame.iface,
239+
data_threshold=ssid_watch_node['threshold'],
240+
frame=frame,
237241
raw_frame=raw_frame)
238242
return
239243

@@ -244,11 +248,10 @@ def do_trigger_alert(self,
244248
dev_id,
245249
dev_type,
246250
num_bytes=None,
247-
power=None,
251+
data_threshold=None,
252+
power_threshold=None,
248253
vendor=None,
249-
bssid=None,
250-
ssid=None,
251-
iface=None,
254+
frame=None,
252255
raw_frame=None):
253256
"""Do alert for triggered item.
254257
@@ -260,12 +263,6 @@ def do_trigger_alert(self,
260263
.format(dev_id, self.trigger_cooldown))
261264
return
262265

263-
if num_bytes:
264-
alert_msg = '[@] Device ({} {}) threshold hit: {} bytes'.format(dev_type, dev_id, num_bytes)
265-
else:
266-
alert_msg = '[@] Device ({} {}) seen at power: {}'.format(dev_type, dev_id, power)
267-
self.logger.info(alert_msg)
268-
269266
if self.beep_on_trigger:
270267
print(chr(0x07))
271268

@@ -274,19 +271,36 @@ def do_trigger_alert(self,
274271
self.trigger_plugin['trigger'](dev_id=dev_id,
275272
dev_type=dev_type,
276273
num_bytes=num_bytes,
277-
power=power,
274+
data_threshold=data_threshold,
278275
vendor=vendor,
279-
bssid=bssid,
280-
ssid=ssid,
281-
iface=iface,
276+
power=frame.signal_strength,
277+
power_threshold=power_threshold,
278+
bssid=frame.bssid,
279+
ssid=frame.ssid,
280+
iface=frame.iface,
281+
channel=frame.channel,
282+
frame_type=frame.frame_type_name(),
282283
frame=raw_frame)
283284
except Exception as e:
284285
raise TJException('Error occurred in trigger plugin: {}'.format(e))
285286

286-
if self.trigger_command:
287+
elif self.trigger_command:
287288
# Start trigger_command in background process - fire and forget
288289
subprocess.Popen(self.trigger_command)
289290

291+
else:
292+
if num_bytes:
293+
alert_msg = '[@] Device ({} {}) data threshold ({}) hit: {} bytes'.format(dev_type,
294+
dev_id,
295+
data_threshold,
296+
num_bytes)
297+
else:
298+
alert_msg = '[@] Device ({} {}) power threshold ({}) hit: {}dBm'.format(dev_type,
299+
dev_id,
300+
power_threshold,
301+
frame.signal_strength)
302+
self.logger.info(alert_msg)
303+
290304
self.last_alerted[dev_id] = time.time()
291305

292306
def get_bytes_in_window(self, frame_list):

0 commit comments

Comments
 (0)