There mainly three things here:
-
MITMSDR
-
spectrum
-
Manual reverse shell
-
MITMSDR
Installation
Clone the project and run the setup file:./setup
One of the MITM Plugins relies on peinjector service, this has to be installed manually following the instructions of the project.
https://github.com/JonDoNym/peinjector
Usage
First enter the FDL Console interface as root:./fdlconsole
For now there only is a console interface that is very easy to use and has tab completion! The whole thing will work according to the fdl.conf file. You can view and change all configurations via de console, just type: config to list the modules available for configuration. While working on the console type: listargs to view the available parameters (here you can check if configurations are OK), then type:
set to change it. If a parameter is (dict) it means it is another configurable module within.
To start an access point make sure you have it configured correctly, type: config airhost
check if everything is OK (use listargs)
config aplauncher check if everything is OK (use listargs)
config dnsmasqhandlercheck if everything is OK and start the access point
start airhost
You can also configure an access point by copying one that is nearby. Start scanning:
config airscanner
check if everything is OK (use listargs)
start airscanner … wait …show sniffed_aps
This lists the sniffed access points with their ids
copy ap OR show sniffed_probes copy probe Then start the fake access point
start airhost
You can deauthenticate others from their network while running the acces point. To add access points or clients to be deauthenticated type: show sniffed_aps
add aps <filter_string>The filter_string follows an easy syntax, it goes: <filter_keyword> <filter_args>
The args can be any of the column names listed in the table. The filter keywords are ‘where’ for inclusive filtering or ‘only’ for exclusive filtering, examples: This will add the access point whose id is 5 to the deauthentication list (this is adding a single and specific AP): add aps where id = 5
This will add the access point whose ssid is ‘StarbucksWifi’ to the deauthentication list: add aps where ssid = StarbucksWifi
This will add the access point whose encryption type has ‘wpa’ OR ‘opn’ to the deauthentication list: add aps where crypto = wpa, crypto = opn
This will add the access point whose ssid id ‘freewifi’ AND is on channel 6 to the deauthentication list: add aps only ssid = freewifi, channel = 6
You can use the same interface for injecting packets while running the fake access point. You can check and set configurations with:
config airinjector listargs
After all that run the Injector (which by default performs Deauthentication attack):
start airinjector
Same can be done when deleting from the deauth list with the ‘del’ command. The ‘show’ command can also be followed by a filter string
Contributors can program Plugins in python either for the airscanner or airhost or airdeauthor. Contributors can also code MITM scripts for mitmproxy.
-
spectrum
cd spectrum
chmod +x ./spectrum
gem install colorizecp ./spectrum /usr/local/bin/ # optional
Usage:
./spectrum # or simplyspectrumif you copied it to /usr/local/bin
This will spawn an interactive shell, along with inspectrum itself. As you usually would, open your capture file. Then align the cursors, right click the signal, add amplitued plot (for OOK) or add frequency plot (for 2FSK). Right click the plot that appeared, and click extract data. The demodulated bits should appear in your terminal.This script has been tested with OOK & 2FSK signals with a 100% success rate (so far…). It does some sanity checking and will alert if you something doesn’t feel right.
You can also use this tool to compare 2 parts of a signal in the same file, or signals from two separate files.
-
Manual python reverse shell #optional
