PrincessPi/h00th00t
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added a fuzzer file to play with, taken from ASS

Browse Source
This commit is contained in:
Princess Pi
2025-08-14 15:56:42 -06:00
parent f7d3343000
commit 099512a4cf
1 changed files with 113 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
wifi-beacon-fuzz.py
+113
View File
@@ -0,0 +1,113 @@
from scapy.all import *
import urllib.parse
#from random import randbytes
import random
iface = 'wlan1'
sender = 'ac:cb:12:ad:58:27'
def sendProbe(SSID, repeat=3, interval=0.100):
dot11 = Dot11(type=0, subtype=8, addr1='ff:ff:ff:ff:ff:ff',
addr2=sender, addr3=sender)
beacon = Dot11Beacon()
essid = Dot11Elt(ID='SSID',info=SSID, len=len(SSID))
frame = RadioTap()/dot11/beacon/essid
sendp(frame, iface=iface, inter=interval, count=repeat)
def sendProbeRaw(SSID, repeat=1, interval=0.200, listedLen=255):
dot11 = Dot11(type=0, subtype=8, addr1='ff:ff:ff:ff:ff:ff',
addr2=sender, addr3=sender)
beacon = Dot11Beacon()
essid = Dot11Elt(ID='SSID',info=RawVal(SSID), len=listedLen)
frame = RadioTap()/dot11/beacon/essid
sendp(frame, iface=iface, inter=interval, count=repeat)
def sendRandBytesBeacons(numOfBeacons=200, lenOfSSIDs=20, repeat=3, interval=0.100):
for i in range(numOfBeacons):
SSID = randbytes(lenOfSSIDs)
urlEncoded = urllib.parse.quote(SSID)
print(f"\n{i} of {numOfBeacons}\n\tRepeats: {repeat}\n\tLength: {lenOfSSIDs}\n\tSSID: {urlEncoded}\n")
sendProbe(SSID, repeat, interval)
def sendProbeFuzz(repeat=1, interval=0.150):
randMAC = '6e:07:9e:96:2b:4e'
# randMAC = RandMAC()
randLen = RandNum(0, 255)
randSSIDLen = random.randint(0,255)
randSSIDBytes = random.randbytes(randSSIDLen)
urlEncoded = urllib.parse.quote(randSSIDBytes)
dot11 = Dot11(type=0,
subtype=8,
addr1='ff:ff:ff:ff:ff:ff', # dst set to broadcast
addr2=randMAC, # random source
addr3=randMAC) # random bssid
beacon = Dot11Beacon()
essid = Dot11Elt(ID='SSID',
info=RawVal(randSSIDBytes),
len=RawVal(randLen))
frame = RadioTap()/dot11/beacon/essid
print(f"src={randMAC}, dst=ff:ff:ff:ff:ff:ff, BSSID={randMAC}\n\tSSID Set Length: {randLen}\n\tActual SSID Length: {randSSIDLen}\n\tSSID: {urlEncoded}")
sendp(frame, iface=iface, inter=interval, count=repeat)
def sendFuzzBeacons(numOfBeacons=200,
repeat=1,
interval=0.150):
for i in range(numOfBeacons):
print(f"\n{i} of {numOfBeacons}")
sendProbeFuzz()
def sendRandBytesBeaconsRaw(
numOfBeacons=200,
lenOfSSIDs=256,
listedLen=255,
repeat=1,
interval=0.2):
for i in range(numOfBeacons):
SSID = random.randbytes(lenOfSSIDs)
urlEncoded = urllib.parse.quote(SSID)
print(f"\n{i} of {numOfBeacons}\n\tRepeats: {repeat}\n\tListed Length: {listedLen}\n\tReal Length: {lenOfSSIDs}\n\tInterval: {interval} Seconds\n\tSSID: {urlEncoded}")
sendProbeRaw(SSID, repeat, interval, listedLen)
#sendRandBytesBeaconsRaw(numOfBeacons=100, lenOfSSIDs=1, listedLen=255, repeat=3, interval=0.15)
#sendRandBytesBeacons(100, 20, 5, 0.1)
def fullFuzz(
numOfBeacons=200,
repeat=3,
interval=0.150):
for i in range(numOfBeacons):
realLenSSID = random.randint(0,255)
SSID = random.randbytes(realLenSSID)
urlEncoded = urllib.parse.quote(SSID)
fakeLenSSID = random.randint(0,255)
senderMAC = RandMAC()
dot11 = Dot11(type=0, subtype=8,
addr1='ff:ff:ff:ff:ff:ff',
addr2=senderMAC,
addr3=senderMAC)
beacon = Dot11Beacon()
essid = Dot11Elt(ID='SSID',
info=SSID,
len=fakeLenSSID)
frame = RadioTap()/dot11/beacon/essid
print(f"\n{i}/{numOfBeacons}\n\tEach Repeats: {repeat}\n\tReal Length: {realLenSSID}\n\tFake Length: {fakeLenSSID}\n\tSender MAC: {senderMAC}\n\tSSID: {urlEncoded}\n")
sendp(frame, iface=iface, inter=interval, count=repeat)
fullFuzz()