Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WPA-SEC multiple improvements #1248

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

WPA-SEC multiple improvements #1248

wants to merge 1 commit into from

Conversation

jacopotediosi
Copy link
Contributor

@jacopotediosi jacopotediosi commented Jul 20, 2024
edited
Loading

Description

This PR is a nearly complete rewrite of the wpa-sec plugin to add features and fix bugs.
Below I try to summarize my changes by dividing them into subchapters.

Uploading handshakes and tracking their status

The most notable improvement brought by this PR is definitely the drastic increase in handshakes that are actually uploaded to the wpa-sec website.

There are several reasons why a handshake may be invalid and therefore rejected by the wpa-sec website, including:

  • too much distance from the clients did not allow to capture all the packets needed to crack the handshake;
  • the uploaded pcap file was not yet completed, for example because the pwnagotchi had started writing it when it sent the association frame to the AP but the AP had never responded with the PMKID.

The wpa-sec plugin implementation prior to this PR, uploaded any pcap file contained in the handshakes folder (even if its capture was not completed or if the file was still being written) and did not check the response from the wpa-sec website. If an invalid handshake was uploaded, it was still marked as reported by the plugin and was not retried in subsequent captures.
Additionally, this approach suffered from performance and reliability issues:

  • as the number of pcap files in the handshakes folder increased, it became longer and longer to iterate
  • the list of handshakes already uploaded was saved in a json file. This list was loaded into memory, so it took up more and more RAM as the number of handshakes increased. If pwnagotchi was turned off during writing, the json file was irreparably corrupted.

This PR instead uses a sqlite db to store the status of uploads, which should be a better choice from the point of view of performance, memory usage, and reliability.
Files are added to the database with status TOUPLOAD only when pwnagotchi calls the on_handshake function, that is, when it is guaranteed that a handshake has been captured and that writing to the pcap file has finished.
When there is an internet connection, all files with status TOUPLOAD are uploaded and the response of the wpa-sec API is checked. If a handshake is rejected by the website, it is marked with status INVALID and at the next capture it is set back to TOUPLOAD so it will be retried.

Download cracked passwords into .pcap.cracked single files

The new single_files option is implemented in the config.toml file. This option (which already existed for the Onlinehashcrack plugin), if set to true, downloads the cracked passwords from the wpasec website into individual files with the .pcap.cracked extension, so you can see the cracked WiFi passwords directly in the webgpsmap plugin map.

Download interval

The new download_interval option is implemented in the config.toml file. This option allows you to decide how often to download passwords cracked by wpa-sec. This option was already implemented in the aluminum-ice fork (aluminum-ice/pwnagotchi@b1343b2), but additionally in the implementation of this PR the plugin falls back to the default value of 3600 without crashing if the option is not set.

On_webook

The previous implementation of the on_webhook function before this commit was broken. When clicking the plugin name in the Plugins tab of the pwnagotchi web UI, you were not actually authenticated to the wpa-sec website, because the code was trying to set the cookie containing the API key on the remote website's origin, so it was obviously not allowed to create cookies due to the Same Origin Policy. The new code implemented by this commit actually authenticates to the wpa-sec website by simulating entering the API key in the website's login form.

Log messages and exception handling

While rewriting the code I improved the log messages and exception handling (for example, by using the logging.exception() method, which prints the exception stacktrace to the logs for easier debugging). Also, this plugin now writes a logging info every time it uploads an handshake to the wpa-sec website, because in my opinion this is a sensitive operation and should be logged.

Motivation and Context

I noticed that most of my handshakes were not listed in the "My Nets" list on the wpa-sec website, so I started investigating why. I eventually found that invalid handshakes were considered reported and were not retried even if a valid handshake was captured for the same AP later.

  • I have raised an issue to propose this change (required) --> About downloading cracked passwords from wpa-sec website into single .pcap.cracked files, please look at this issue from 2020. For everything else, I haven't opened any issues.

How Has This Been Tested?

I have reread the code multiple times and asked a couple of friends for a review. The code has been running on our pwnagotchi instances without any issues for over three weeks. Unfortunately, I have not done any further testing. If you have any suggestions for further testing, please let me know.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change) --> I paid special attention to backwards compatibility. The plugin does not crash even if the new options in the config.toml file are missing.

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation. --> Maybe? The new single_files and download_interval options should be documented, but I see that, for example, the onlinehashcrack plugin's single_files option was not documented either.
  • I have updated the documentation accordingly.
  • I've read the CONTRIBUTION guide
  • I have signed-off my commits with git commit -s

@jacopotediosi jacopotediosi mentioned this pull request Jul 20, 2024
Closed
@jacopotediosi jacopotediosi force-pushed the wpa-sec-single-files branch 2 times, most recently from 9e6e295 to ebbfb44 Compare July 28, 2024 21:51
@jacopotediosi jacopotediosi mentioned this pull request Jul 29, 2024
Open
9 tasks
@jacopotediosi jacopotediosi changed the title WPA-SEC download into .pcap.cracked single files WPA-SEC multiple improvements Aug 15, 2024
@jacopotediosi
WPA-SEC multiple improvements
35743bc 
# WPA-SEC multiple improvements

This commit is a nearly complete rewrite of the wpa-sec plugin to add features and fix bugs.
Below I try to summarize my changes by dividing them into subchapters.

## Uploading handshakes and tracking their status
The most notable improvement brought by this commit is definitely the drastic increase in handshakes that are actually uploaded to the wpa-sec website.

There are several reasons why a handshake may be invalid and therefore rejected by the wpa-sec website, including:
- too much distance from the clients did not allow to capture all the packets needed to crack the handshake;
- the uploaded pcap file was not yet completed, for example because the pwnagotchi had started writing it when it sent the association frame to the AP but the AP had never responded with the PMKID.

The wpa-sec plugin implementation prior to this commit, uploaded any pcap file contained in the handshakes folder (even if its capture was not completed or if the file was still being written) and did not check the response from the wpa-sec website. If an invalid handshake was uploaded, it was still marked as reported by the plugin and was not retried in subsequent captures.
Additionally, this approach suffered from performance and reliability issues:
- as the number of pcap files in the handshakes folder increased, it became longer and longer to iterate
- the list of handshakes already uploaded was saved in a json file. This list was loaded into memory, so it took up more and more RAM as the number of handshakes increased. If pwnagotchi was turned off during writing, the json file was irreparably corrupted.

This commit instead uses a sqlite db to store the status of uploads, which should be a better choice from the point of view of performance, memory usage, and reliability.
Files are added to the database with status `TOUPLOAD` only when pwnagotchi calls the `on_handshake` function, that is, when it is guaranteed that a handshake has been captured and that writing to the pcap file has finished.
When there is an internet connection, all files with status `TOUPLOAD` are uploaded and the response of the wpa-sec API is checked. If a handshake is rejected by the website, it is marked with status `INVALID` and at the next capture it is set back to `TOUPLOAD` so it will be retried.

## Download cracked passwords into .pcap.cracked single files
The new `single_files` option is implemented in the `config.toml` file. This option (which already existed for the Onlinehashcrack plugin), if set to `true`, downloads the cracked passwords from the wpasec website into individual files with the `.pcap.cracked` extension, so you can see the cracked WiFi passwords directly in the webgpsmap plugin map.

## Download interval
The new `download_interval` option is implemented in the `config.toml` file. This option allows you to decide how often to download passwords cracked by wpa-sec. This option was already implemented in the aluminum-ice fork (aluminum-ice/pwnagotchi@b1343b2), but additionally in the implementation of this commit the plugin falls back to the default value of 3600 without crashing if the option is not set.

## On_webook
The previous implementation of the `on_webhook` function before this commit was broken. When clicking the plugin name in the Plugins tab of the pwnagotchi web UI, you were not actually authenticated to the wpa-sec website, because the code was trying to set the cookie containing the API key on the remote website's origin, so it was obviously not allowed to create cookies due to the Same Origin Policy. The new code implemented by this commit actually authenticates to the wpa-sec website by simulating entering the API key in the website's login form.

## Log messages and exception handling
While rewriting the code I improved the log messages and exception handling (for example, by using the `logging.exception()` method, which prints the exception stacktrace to the logs for easier debugging). Also, this plugin now writes a logging info every time it uploads an handshake to the wpa-sec website, because in my opinion this is a sensitive operation and should be logged.
@jacopotediosi
Copy link
Contributor Author

Sorry for the multiple force-pushes. Originally, I was going to create this PR just to add the new single_files option, but then I realized that it would be better to include all the other changes in this one PR. Now the PR should actually be ready to be merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jacopotediosi