sensepost / hostapd-mana Goto Github PK
View Code? Open in Web Editor NEWSensePost's modified hostapd for wifi attacks.
Home Page: https://w1f1.net/
License: Other
SensePost's modified hostapd for wifi attacks.
Home Page: https://w1f1.net/
License: Other
Has this been added to Mana's functionality yet?
Hello,
your patch to hostapd's ACL loading to support masks broke the whitelist functionality (and probably blacklist as well, although i havent tested it).
You can fix it by changing the following code:
hostapd/config_file.c:230
hwaddr_aton("ff:ff:ff:ff:ff:ff", mask); //No mask specified to add a "no change" mask
change it to
{
hwaddr_aton("ff:ff:ff:ff:ff:ff", mask); //No mask specified to add a "no change" mask
for (i=0; i<ETH_ALEN; i++)
transform[i] = addr[i];
}
root@kali:~/hostapd-2.6/hostapd# make && make install
../src/drivers/driver_nl80211.c:17:31: fatal error: netlink/genl/genl.h: No such file or directory
#include <netlink/genl/genl.h>
^
compilation terminated.
Makefile:1036: recipe for target '../src/drivers/driver_nl80211.o' failed
make: *** [../src/drivers/driver_nl80211.o] Error 1
Can you assist?
./hostapd -S hostapd.conf
I get the below msg in the terminal
MANA - Broadcast probe request from c4:8e:8f:a9:11:e5 nl80211: BSS Event 59 (NL80211_CMD_FRAME) received for wlan0 nl80211: RX frame da=ff:ff:ff:ff:ff:ff sa=c4:8e:8f:a9:11:e5 bssid=ff:ff:ff:ff:ff:ff freq=2412 ssi_signal=-59 fc=0x40 seq_ctrl=0x200 stype=4 (WLAN_FC_STYPE_PROBE_REQ) len=88 MANA - Broadcast probe request from c4:8e:8f:a9:11:e5
I've compiled the latest commit, with CONFIG_TAXONOMY enabled.
Tested it on my Kali Linux laptop (x64), and on my WiFi Pineappple (OpenWRT).
There's no taxonomy output being sent to "mana_outfile".
If i simultaneously launch the compiled hostapd_cli, it is clearly compiled with taxonomy, as i can request taxonomy signature from a station.
The mana_outfile simply looks like this:
root@fsociety:~# cat /tmp/hostapd-mana.out
72:10:6a:78:d7:84, <Broadcast>, 1
4c:b1:99:3b:89:4a, <Broadcast>, 0
26:79:67:9b:27:79, <Broadcast>, 1
4c:b1:99:3b:89:4a, <Broadcast>, 0
b4:9c:df:51:ab:d4, Lovmo, 0
If i'm not mistaken it should look like this:
<MAC>, <SSID>, <Random 1, or not 0>, <TAXONOMY>
Attempting to diagnose and figure out what would be the root cause; just submitting a ticket in case you guys haven't run across this error before. I didn't see it mentioned in any other open issues. Current git clone of repository. I've seen this happen with two different cards now. Currently only testing Open AP configuration in hostapd-mana. Testing at home in a residential district that is well saturated with APs and clients. Could it potentially be a saturation problem where the card/my computer cannot handle the overhead of dealing with all traffic?
Error seems to be random in regards to timing. Typically though it'll be after several minutes of running and hostapd-mana doesn't outright crash it still tries to operate normally but the errors continue. I'm also running a basic config file, just like the ones we were using for class at Blackhat.
Interesting to note I do not see the same issue when using berate_ap to spin up an Open AP.
Full up to date Kali as of 13SEP2020
AWUS036ACM - MediaTek Chipset (MT7612U) - Kismet recommended hardware
Panda PAU09 ( I know it says 08 on the wiki hardware but the link redirected to 09; so I just made the assumption that it would work equally as well)
I included a screenshot.
Regards,
Nick (TwistedCrypto88)
I used hostapd-mana 2.3 on my old ubuntu version.
Now working with hostapd 2.6 over ubuntu 18 and kernel 4.14 I can't create more than one AP
My wireless card supports up to 8 APs, i don't get any errors, but I can see that my iface wlan0_0 is down, when trying to "up" it says "device busy".
Result is: only one AP is shown in wifi list on my pc/mobile.
Any thoughts?
Logs:
Running hostapd:
Configuration file: /etc/hostapd/hostapd.conf
Using interface wlan13 with hwaddr 02:c0:XX:XX:XX:X0 and ssid "TEST"
Using interface wlan13_0 with hwaddr 02:c0:XX:XX:XX:X1 and ssid "TEST2"
wlan13: interface state UNINITIALIZED->ENABLED
wlan13: AP-ENABLED
Running hostapd -d:
random: Trying to read entropy from /dev/random
Configuration file: /etc/hostapd/hostapd.conf
ctrl_interface_group=0
nl80211: Supported cipher 00-0f-ac:1
nl80211: Supported cipher 00-0f-ac:5
nl80211: Supported cipher 00-0f-ac:2
nl80211: Supported cipher 00-0f-ac:4
nl80211: Supported cipher 00-0f-ac:10
nl80211: Supported cipher 00-0f-ac:8
nl80211: Supported cipher 00-0f-ac:9
nl80211: Using driver-based off-channel TX
nl80211: Driver-advertised extended capabilities (default) - hexdump(len=8): 00 00 00 00 00 00 00 40
nl80211: Driver-advertised extended capabilities mask (default) - hexdump(len=8): 00 00 00 00 00 00 00 40
nl80211: interface wlan13 in phy phy0
nl80211: Set mode ifindex 3 iftype 3 (AP)
nl80211: Setup AP(wlan13) - device_ap_sme=0 use_monitor=0
nl80211: Subscribe to mgmt frames with AP handle 0x4db3c0
nl80211: Register frame type=0xb0 (WLAN_FC_STYPE_AUTH) nl_handle=0x4db3c0 match=
nl80211: Register frame type=0x0 (WLAN_FC_STYPE_ASSOC_REQ) nl_handle=0x4db3c0 match=
nl80211: Register frame type=0x20 (WLAN_FC_STYPE_REASSOC_REQ) nl_handle=0x4db3c0 match=
nl80211: Register frame type=0xa0 (WLAN_FC_STYPE_DISASSOC) nl_handle=0x4db3c0 match=
nl80211: Register frame type=0xc0 (WLAN_FC_STYPE_DEAUTH) nl_handle=0x4db3c0 match=
nl80211: Register frame type=0x40 (WLAN_FC_STYPE_PROBE_REQ) nl_handle=0x4db3c0 match=
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x4db3c0 match=04
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x4db3c0 match=0501
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x4db3c0 match=0504
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x4db3c0 match=06
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x4db3c0 match=08
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x4db3c0 match=09
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x4db3c0 match=0a
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x4db3c0 match=11
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x4db3c0 match=7f
rfkill: initial event: idx=0 type=1 op=0 soft=0 hard=0
nl80211: Add own interface ifindex 3 (ifidx_reason -1)
nl80211: if_indices[16]: 3(-1)
phy: phy0
BSS count 2, BSSID mask ff:ff:ff:ff:ff:fe (1 bits)
nl80211: Regulatory information - country=00
nl80211: 2402-2482 @ 40 MHz 30 mBm
nl80211: 2474-2494 @ 20 MHz 30 mBm
nl80211: 4910-4990 @ 40 MHz 30 mBm
nl80211: 5030-5090 @ 40 MHz 30 mBm
nl80211: 5170-5250 @ 80 MHz 30 mBm
nl80211: 5250-5330 @ 80 MHz 30 mBm
nl80211: 5490-5710 @ 160 MHz 30 mBm
nl80211: 5580-5825 @ 80 MHz 30 mBm
nl80211: Added 802.11b mode based on 802.11g information
Completing interface initialization
Mode: IEEE 802.11g Channel: 8 Frequency: 2447 MHz
DFS 0 channels required radar detection
nl80211: Set freq 2447 (ht_enabled=0, vht_enabled=0, bandwidth=20 MHz, cf1=2447 MHz, cf2=0 MHz)
* freq=2447
* vht_enabled=0
* ht_enabled=0
* channel_type=0
RATE[0] rate=10 flags=0x1
RATE[1] rate=20 flags=0x1
RATE[2] rate=55 flags=0x1
RATE[3] rate=110 flags=0x1
RATE[4] rate=60 flags=0x0
RATE[5] rate=90 flags=0x0
RATE[6] rate=120 flags=0x0
RATE[7] rate=180 flags=0x0
RATE[8] rate=240 flags=0x0
RATE[9] rate=360 flags=0x0
RATE[10] rate=480 flags=0x0
RATE[11] rate=540 flags=0x0
hostapd_setup_bss(hapd=0x4d78c8 (wlan13), first=1)
wlan13: Flushing old station entries
nl80211: flush -> DEL_STATION wlan13 (all)
wlan13: Deauthenticate all stations
nl80211: send_mlme - da= ff:ff:ff:ff:ff:ff noack=0 freq=0 no_cck=0 offchanok=0 wait_time=0 fc=0xc0 (WLAN_FC_STYPE_DEAUTH) nlmode=3
nl80211: send_mlme -> send_frame
nl80211: send_frame - Use bss->freq=2447
nl80211: send_frame -> send_frame_cmd
nl80211: Frame command failed: ret=-16 (Device or resource busy) (freq=2447 wait=0)
wpa_driver_nl80211_set_key: ifindex=3 (wlan13) alg=0 addr=(nil) key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_nl80211_set_key: ifindex=3 (wlan13) alg=0 addr=(nil) key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_nl80211_set_key: ifindex=3 (wlan13) alg=0 addr=(nil) key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_nl80211_set_key: ifindex=3 (wlan13) alg=0 addr=(nil) key_idx=3 set_tx=0 seq_len=0 key_len=0
Using interface wlan13 with hwaddr 00:c0:ca:8f:d3:72 and ssid "TEST"
Deriving WPA PSK based on passphrase
SSID - hexdump_ascii(len=7):
54 45 53 54 31 39 41 TEST
PSK (ASCII passphrase) - hexdump_ascii(len=10):
61 61 62 62 33 32 37 31 31 39 aabb327119
PSK (from passphrase) - hexdump(len=32): 0a a7 5b c9 30 f8 e9 d4 fa d4 41 fb cd 5e 03 53 34 28 29 f5 b6 6e b1 e4 90 82 92 c2 0d 90 c4 cc
random: Got 20/20 bytes from /dev/random
GMK - hexdump(len=32): f1 0d 8f 46 4d 93 95 cf 72 ce fb 17 3d 0f e2 68 50 0f 9d 0c f9 f2 e1 16 c9 a3 8c 97 53 bd a6 89
Key Counter - hexdump(len=32): cc 26 a0 be f3 22 ff 2b ae d9 d3 61 82 29 37 9c 14 34 87 39 f8 f8 f5 1e c7 63 8d 42 98 6e f6 3a
WPA: Delay group state machine start until Beacon frames have been configured
nl80211: Set beacon (beacon_set=0)
nl80211: Beacon head - hexdump(len=58): 80 00 00 00 ff ff ff ff ff ff 00 c0 ca 8f d3 72 00 c0 ca 8f d3 72 00 00 00 00 00 00 00 00 00 00 64 00 11 04 00 07 54 45 53 54 31 39 41 01 08 82 84 8b 96 0c 12 18 24 03 01 08
nl80211: Beacon tail - hexdump(len=67): 2a 01 04 32 04 30 48 60 6c 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 0c 00 7f 08 00 00 00 00 00 00 00 40 dd 18 00 50 f2 02 01 01 00 00 03 a4 00 00 27 a4 00 00 42 43 5e 00 62 32 2f 00
nl80211: ifindex=3
nl80211: beacon_int=100
nl80211: dtim_period=2
nl80211: ssid - hexdump_ascii(len=7):
54 45 53 54 31 39 41 TEST2
* beacon_int=100
* dtim_period=2
nl80211: hidden SSID not in use
nl80211: privacy=1
nl80211: auth_algs=0x3
nl80211: wpa_version=0x2
nl80211: key_mgmt_suites=0x2
nl80211: pairwise_ciphers=0x10
nl80211: group_cipher=0x10
nl80211: beacon_ies - hexdump(len=10): 7f 08 00 00 00 00 00 00 00 40
nl80211: proberesp_ies - hexdump(len=10): 7f 08 00 00 00 00 00 00 00 40
nl80211: assocresp_ies - hexdump(len=10): 7f 08 00 00 00 00 00 00 00 40
WPA: Start group state machine to set initial keys
WPA: group state machine entering state GTK_INIT (VLAN-ID 0)
GTK - hexdump(len=16): 03 4e 09 e8 75 20 d5 6e 2c 3e 13 0d f2 04 39 49
WPA: group state machine entering state SETKEYSDONE (VLAN-ID 0)
wpa_driver_nl80211_set_key: ifindex=3 (wlan13) alg=3 addr=0x49134c key_idx=1 set_tx=1 seq_len=0 key_len=16
nl80211: KEY_DATA - hexdump(len=16): 03 4e 09 e8 75 20 d5 6e 2c 3e 13 0d f2 04 39 49
broadcast key
nl80211: Set wlan13 operstate 0->1 (UP)
netlink: Operstate: ifindex=3 linkmode=-1 (no change), operstate=6 (IF_OPER_UP)
hostapd_setup_bss(hapd=0x4d7f20 (wlan13_0), first=0)
nl80211: Create interface iftype 3 (AP)
nl80211: Ignored event (cmd=7) for foreign interface (ifindex 6 wdev 0x0)
nl80211: New interface wlan13_0 created: ifindex=6
nl80211: Add own interface ifindex 6 (ifidx_reason -1)
nl80211: if_indices[16]: 3(-1) 6(-1)
nl80211: Setup AP(wlan13_0) - device_ap_sme=0 use_monitor=0
nl80211: Subscribe to mgmt frames with AP handle 0x4dc780
nl80211: Register frame type=0xb0 (WLAN_FC_STYPE_AUTH) nl_handle=0x4dc780 match=
nl80211: Register frame type=0x0 (WLAN_FC_STYPE_ASSOC_REQ) nl_handle=0x4dc780 match=
nl80211: Register frame type=0x20 (WLAN_FC_STYPE_REASSOC_REQ) nl_handle=0x4dc780 match=
nl80211: Register frame type=0xa0 (WLAN_FC_STYPE_DISASSOC) nl_handle=0x4dc780 match=
nl80211: Register frame type=0xc0 (WLAN_FC_STYPE_DEAUTH) nl_handle=0x4dc780 match=
nl80211: Register frame type=0x40 (WLAN_FC_STYPE_PROBE_REQ) nl_handle=0x4dc780 match=
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x4dc780 match=04
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x4dc780 match=0501
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x4dc780 match=0504
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x4dc780 match=06
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x4dc780 match=08
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x4dc780 match=09
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x4dc780 match=0a
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x4dc780 match=11
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x4dc780 match=7f
nl80211: Add own interface ifindex 6 (ifidx_reason -1)
nl80211: ifindex 6 already in the list
wlan13_0: Flushing old station entries
nl80211: flush -> DEL_STATION wlan13_0 (all)
wlan13_0: Deauthenticate all stations
nl80211: send_mlme - da= ff:ff:ff:ff:ff:ff noack=0 freq=0 no_cck=0 offchanok=0 wait_time=0 fc=0xc0 (WLAN_FC_STYPE_DEAUTH) nlmode=3
nl80211: send_mlme -> send_frame
nl80211: send_frame - Use bss->freq=2447
nl80211: send_frame -> send_frame_cmd
nl80211: Frame command failed: ret=-16 (Device or resource busy) (freq=2447 wait=0)
wpa_driver_nl80211_set_key: ifindex=6 (wlan13_0) alg=0 addr=(nil) key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_nl80211_set_key: ifindex=6 (wlan13_0) alg=0 addr=(nil) key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_nl80211_set_key: ifindex=6 (wlan13_0) alg=0 addr=(nil) key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_nl80211_set_key: ifindex=6 (wlan13_0) alg=0 addr=(nil) key_idx=3 set_tx=0 seq_len=0 key_len=0
Using interface wlan13_0 with hwaddr 00:c0:ca:8f:d3:73 and ssid "TEST2"
Deriving WPA PSK based on passphrase
SSID - hexdump_ascii(len=8):
54 45 53 54 31 39 41 30 TEST2
PSK (ASCII passphrase) - hexdump_ascii(len=10):
30 30 30 30 33 32 37 31 31 39 0000327119
PSK (from passphrase) - hexdump(len=32): 76 11 79 f3 f2 5b 2b 4d 40 7b 8b e9 76 5c f5 70 1e 50 3e aa 19 f3 1a c6 37 d6 de d2 1a 72 64 16
GMK - hexdump(len=32): e4 f0 92 e1 7c 7a 5b cb 8f eb 12 08 51 93 e8 8b ca 73 ea e8 a0 47 f0 d8 a9 45 c2 6b 6f 9c cb 67
Key Counter - hexdump(len=32): 23 ee 49 23 bf 4d 5f 53 62 71 a7 9a 32 c2 ec 8f 31 f4 77 55 70 f7 4c 3d a7 7c 5a 2f 21 88 ea 6c
WPA: Delay group state machine start until Beacon frames have been configured
nl80211: Set beacon (beacon_set=0)
nl80211: Beacon head - hexdump(len=59): 80 00 00 00 ff ff ff ff ff ff 00 c0 ca 8f d3 73 00 c0 ca 8f d3 73 00 00 00 00 00 00 00 00 00 00 64 00 11 04 00 08 54 45 53 54 31 39 41 30 01 08 82 84 8b 96 0c 12 18 24 03 01 08
nl80211: Beacon tail - hexdump(len=67): 2a 01 04 32 04 30 48 60 6c 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 0c 00 7f 08 00 00 00 00 00 00 00 40 dd 18 00 50 f2 02 01 01 00 00 03 a4 00 00 27 a4 00 00 42 43 5e 00 62 32 2f 00
nl80211: ifindex=6
nl80211: beacon_int=100
nl80211: dtim_period=2
nl80211: ssid - hexdump_ascii(len=8):
54 45 53 54 31 39 41 30 TEST2
* beacon_int=100
* dtim_period=2
nl80211: hidden SSID not in use
nl80211: privacy=1
nl80211: auth_algs=0x3
nl80211: wpa_version=0x2
nl80211: key_mgmt_suites=0x2
nl80211: pairwise_ciphers=0x10
nl80211: group_cipher=0x10
nl80211: beacon_ies - hexdump(len=10): 7f 08 00 00 00 00 00 00 00 40
nl80211: proberesp_ies - hexdump(len=10): 7f 08 00 00 00 00 00 00 00 40
nl80211: assocresp_ies - hexdump(len=10): 7f 08 00 00 00 00 00 00 00 40
WPA: Start group state machine to set initial keys
WPA: group state machine entering state GTK_INIT (VLAN-ID 0)
GTK - hexdump(len=16): 58 61 84 df 9d 0f 7a 09 47 7e af 74 6c c9 be 6a
WPA: group state machine entering state SETKEYSDONE (VLAN-ID 0)
wpa_driver_nl80211_set_key: ifindex=6 (wlan13_0) alg=3 addr=0x49134c key_idx=1 set_tx=1 seq_len=0 key_len=16
nl80211: KEY_DATA - hexdump(len=16): 58 61 84 df 9d 0f 7a 09 47 7e af 74 6c c9 be 6a
broadcast key
nl80211: Set wlan13_0 operstate 1->1 (UP)
netlink: Operstate: ifindex=3 linkmode=-1 (no change), operstate=6 (IF_OPER_UP)
wlan13: interface state UNINITIALIZED->ENABLED
wlan13: AP-ENABLED
wlan13: Setup of interface done.
ctrl_iface not configured!
RTM_NEWLINK: ifi_index=3 ifname=wlan13 operstate=2 linkmode=0 ifi_family=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK: ifi_index=3 ifname=wlan13 operstate=6 linkmode=0 ifi_family=0 ifi_flags=0x11043 ([UP][RUNNING][LOWER_UP])
RTM_NEWLINK: ifi_index=6 ifname=wlan13_0 operstate=2 linkmode=0 ifi_family=0 ifi_flags=0x1002 ()
nl80211: Ignore interface down event since interface wlan13_0 is up
RTM_NEWLINK: ifi_index=6 ifname=wlan13_0 operstate=2 linkmode=0 ifi_family=0 ifi_flags=0x1002 ()
nl80211: Ignore interface down event since interface wlan13_0 is up
RTM_NEWLINK: ifi_index=6 ifname=wlan13_0 operstate=0 linkmode=0 ifi_family=0 ifi_flags=0x1043 ([UP][RUNNING])
wlan13: Event INTERFACE_STATUS (5) received
Unknown event 5
RTM_NEWLINK: ifi_index=6 ifname=wlan13_0 operstate=6 linkmode=0 ifi_family=0 ifi_flags=0x11043 ([UP][RUNNING][LOWER_UP])
wlan13: Event INTERFACE_STATUS (5) received
Unknown event 5
RTM_NEWLINK: ifi_index=6 ifname=wlan13_0 operstate=6 linkmode=0 ifi_family=0 ifi_flags=0x11043 ([UP][RUNNING][LOWER_UP])
wlan13: Event INTERFACE_STATUS (5) received
Unknown event 5
RTM_NEWLINK: ifi_index=6 ifname=wlan13_0 operstate=2 linkmode=0 ifi_family=0 ifi_flags=0x1002 ()
nl80211: Interface down (wlan13_0/wlan13_0)
nl80211: Not the main interface (wlan13) - do not indicate interface down
wlan13: Event INTERFACE_STATUS (5) received
Unknown event 5
nl80211: Drv Event 16 (NL80211_CMD_STOP_AP) received for wlan13_0
wlan13: Event INTERFACE_UNAVAILABLE (29) received
Interface wlan13 is unavailable -- stopped
nl80211: BSS Event 59 (NL80211_CMD_FRAME) received for wlan13
nl80211: RX frame da=ff:ff:ff:ff:ff:ff sa=70:f1:1c:0c:5f:12 bssid=ff:ff:ff:ff:ff:ff freq=2447 ssi_signal=-59 fc=0x40 seq_ctrl=0x80 stype=4 (WLAN_FC_STYPE_PROBE_REQ) len=73
nl80211: send_mlme - da= 70:f1:1c:0c:5f:12 noack=1 freq=0 no_cck=0 offchanok=0 wait_time=0 fc=0x50 (WLAN_FC_STYPE_PROBE_RESP) nlmode=3
nl80211: send_mlme -> send_frame
nl80211: send_frame - Use bss->freq=2447
nl80211: send_frame -> send_frame_cmd
nl80211: BSS Event 59 (NL80211_CMD_FRAME) received for wlan13
nl80211: RX frame da=ff:ff:ff:ff:ff:ff sa=70:f1:1c:0c:5f:cb bssid=ff:ff:ff:ff:ff:ff freq=2447 ssi_signal=-61 fc=0x40 seq_ctrl=0x80 stype=4 (WLAN_FC_STYPE_PROBE_REQ) len=73
nl80211: send_mlme - da= 70:f1:1c:0c:5f:cb noack=1 freq=0 no_cck=0 offchanok=0 wait_time=0 fc=0x50 (WLAN_FC_STYPE_PROBE_RESP) nlmode=3
nl80211: send_mlme -> send_frame
nl80211: send_frame - Use bss->freq=2447
nl80211: send_frame -> send_frame_cmd
nl80211: BSS Event 59 (NL80211_CMD_FRAME) received for wlan13
nl80211: RX frame da=ff:ff:ff:ff:ff:ff sa=58:00:e3:c4:67:e5 bssid=ff:ff:ff:ff:ff:ff freq=2447 ssi_signal=-81 fc=0x40 seq_ctrl=0x7340 stype=4 (WLAN_FC_STYPE_PROBE_REQ) len=42
nl80211: send_mlme - da= 58:00:e3:c4:67:e5 noack=1 freq=0 no_cck=0 offchanok=0 wait_time=0 fc=0x50 (WLAN_FC_STYPE_PROBE_RESP) nlmode=3
nl80211: send_mlme -> send_frame
nl80211: send_frame - Use bss->freq=2447
nl80211: send_frame -> send_frame_cmd
nl80211: BSS Event 59 (NL80211_CMD_FRAME) received for wlan13
nl80211: RX frame da=ff:ff:ff:ff:ff:ff sa=58:00:e3:c4:67:e5 bssid=ff:ff:ff:ff:ff:ff freq=2447 ssi_signal=-83 fc=0x40 seq_ctrl=0x7350 stype=4 (WLAN_FC_STYPE_PROBE_REQ) len=42
nl80211: send_mlme - da= 58:00:e3:c4:67:e5 noack=1 freq=0 no_cck=0 offchanok=0 wait_time=0 fc=0x50 (WLAN_FC_STYPE_PROBE_RESP) nlmode=3
nl80211: send_mlme -> send_frame
nl80211: send_frame - Use bss->freq=2447
nl80211: send_frame -> send_frame_cmd
/etc/hostapd/hostapd.conf:
interface=wlan13
driver=nl80211
ctrl_interface=/var/run/hostapd
ssid=TEST
channel=8
hw_mode=g
bss=wlan13_0
ssid=TEST2
iw list:
Wiphy phy0
max # scan SSIDs: 4
max scan IEs length: 2257 bytes
max # sched scan SSIDs: 0
max # match sets: 0
max # scan plans: 1
max scan plan interval: -1
max scan plan iterations: 0
Retry short long limit: 2
Coverage class: 0 (up to 0m)
Device supports RSN-IBSS.
Supported Ciphers:
* WEP40 (00-0f-ac:1)
* WEP104 (00-0f-ac:5)
* TKIP (00-0f-ac:2)
* CCMP-128 (00-0f-ac:4)
* CCMP-256 (00-0f-ac:10)
* GCMP-128 (00-0f-ac:8)
* GCMP-256 (00-0f-ac:9)
Available Antennas: TX 0 RX 0
Supported interface modes:
* IBSS
* managed
* AP
* AP/VLAN
* monitor
* mesh point
Band 1:
Capabilities: 0x17e
HT20/HT40
SM Power Save disabled
RX Greenfield
RX HT20 SGI
RX HT40 SGI
RX STBC 1-stream
Max AMSDU length: 3839 bytes
No DSSS/CCK HT40
Maximum RX AMPDU length 32767 bytes (exponent: 0x002)
Minimum RX AMPDU time spacing: 2 usec (0x04)
HT TX/RX MCS rate indexes supported: 0-7, 32
Bitrates (non-HT):
* 1.0 Mbps
* 2.0 Mbps (short preamble supported)
* 5.5 Mbps (short preamble supported)
* 11.0 Mbps (short preamble supported)
* 6.0 Mbps
* 9.0 Mbps
* 12.0 Mbps
* 18.0 Mbps
* 24.0 Mbps
* 36.0 Mbps
* 48.0 Mbps
* 54.0 Mbps
Frequencies:
* 2412 MHz [1] (30.0 dBm)
* 2417 MHz [2] (30.0 dBm)
* 2422 MHz [3] (30.0 dBm)
* 2427 MHz [4] (30.0 dBm)
* 2432 MHz [5] (30.0 dBm)
* 2437 MHz [6] (30.0 dBm)
* 2442 MHz [7] (30.0 dBm)
* 2447 MHz [8] (30.0 dBm)
* 2452 MHz [9] (30.0 dBm)
* 2457 MHz [10] (30.0 dBm)
* 2462 MHz [11] (30.0 dBm)
* 2467 MHz [12] (30.0 dBm)
* 2472 MHz [13] (30.0 dBm)
* 2484 MHz [14] (30.0 dBm)
Supported commands:
* new_interface
* set_interface
* new_key
* start_ap
* new_station
* new_mpath
* set_mesh_config
* set_bss
* authenticate
* associate
* deauthenticate
* disassociate
* join_ibss
* join_mesh
* set_tx_bitrate_mask
* frame
* frame_wait_cancel
* set_wiphy_netns
* set_channel
* set_wds_peer
* probe_client
* set_noack_map
* register_beacons
* start_p2p_device
* set_mcast_rate
* connect
* disconnect
* set_qos_map
* set_multicast_to_unicast
Supported TX frame types:
* IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* AP/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* mesh point: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-device: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
Supported RX frame types:
* IBSS: 0x40 0xb0 0xc0 0xd0
* managed: 0x40 0xd0
* AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* AP/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* mesh point: 0xb0 0xc0 0xd0
* P2P-client: 0x40 0xd0
* P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* P2P-device: 0x40 0xd0
software interface modes (can always be added):
* AP/VLAN
* monitor
valid interface combinations:
* #{ AP, mesh point } <= 8,
total <= 8, #channels <= 1
HT Capability overrides:
* MCS: ff ff ff ff ff ff ff ff ff ff
* maximum A-MSDU length
* supported channel width
* short GI for 40 MHz
* max A-MPDU length exponent
* min MPDU start spacing
Device supports TX status socket option.
Device supports HT-IBSS.
Device supports SAE with AUTHENTICATE command
Device supports low priority scan.
Device supports scan flush.
Device supports AP scan.
Device supports per-vif TX power setting
Driver supports full state transitions for AP/GO clients
Driver supports a userspace MPM
Device supports configuring vdev MAC-addr on create```
Hi, someone can help me? I'm usig Kali linux with VirtualBox and get this error:
make: ingresso nella directory «/home/peppo/temp/hostapd-mana/hostapd»
fatal: Nessun tag annotato può descrivere '99aeb3027672af59c463efe0374fcee7553f264e'.
Ciò nonostante, c'erano dei tag non annotati: prova con --tags.
CC main.c
config_file.c: In function ‘hostapd_config_fill.part.0’:
config_file.c:2231:3: warning: ‘strcpy’ writing one too many bytes into a region of a size that depends on ‘strlen’ [-Wstringop-overflow=]
2231 | strcpy(tmp,pos);
| ^~~~~~~~~~~~~~~
config_file.c:2230:15: note: at offset 0 to an object allocated by ‘malloc’ here
2230 | char *tmp = malloc(strlen(pos));
| ^~~~~~~~~~~~~~~~~~~
config_file.c:2202:3: warning: ‘strcpy’ writing one too many bytes into a region of a size that depends on ‘strlen’ [-Wstringop-overflow=]
2202 | strcpy(tmp2,pos);
| ^~~~~~~~~~~~~~~~
config_file.c:2201:16: note: at offset 0 to an object allocated by ‘malloc’ here
2201 | char *tmp2 = malloc(strlen(pos));
| ^~~~~~~~~~~~~~~~~~~
config_file.c:2191:3: warning: ‘strcpy’ writing one too many bytes into a region of a size that depends on ‘strlen’ [-Wstringop-overflow=]
2191 | strcpy(tmp2,pos);
| ^~~~~~~~~~~~~~~~
config_file.c:2190:16: note: at offset 0 to an object allocated by ‘malloc’ here
2190 | char *tmp2 = malloc(strlen(pos));
| ^~~~~~~~~~~~~~~~~~~
config_file.c:2174:3: warning: ‘strcpy’ writing one too many bytes into a region of a size that depends on ‘strlen’ [-Wstringop-overflow=]
2174 | strcpy(tmp1,pos);
| ^~~~~~~~~~~~~~~~
config_file.c:2173:16: note: at offset 0 to an object allocated by ‘malloc’ here
2173 | char *tmp1 = malloc(strlen(pos));
| ^~~~~~~~~~~~~~~~~~~
config_file.c:2163:3: warning: ‘strcpy’ writing one too many bytes into a region of a size that depends on ‘strlen’ [-Wstringop-overflow=]
2163 | strcpy(tmp,pos);
| ^~~~~~~~~~~~~~~
config_file.c:2162:15: note: at offset 0 to an object allocated by ‘malloc’ here
2162 | char *tmp = malloc(strlen(pos));
| ^~~~~~~~~~~~~~~~~~~
CC config_file.c
CC ../src/ap/hostapd.c
CC ../src/ap/wpa_auth_glue.c
CC ../src/ap/drv_callbacks.c
CC ../src/ap/ap_drv_ops.c
CC ../src/ap/utils.c
CC ../src/ap/authsrv.c
CC ../src/ap/ieee802_1x.c
CC ../src/ap/ap_config.c
CC ../src/ap/eap_user_db.c
CC ../src/ap/ieee802_11_auth.c
CC ../src/ap/sta_info.c
CC ../src/ap/wpa_auth.c
CC ../src/ap/tkip_countermeasures.c
CC ../src/ap/ap_mlme.c
CC ../src/ap/wpa_auth_ie.c
CC ../src/ap/preauth_auth.c
CC ../src/ap/pmksa_cache_auth.c
CC ../src/ap/ieee802_11_shared.c
CC ../src/ap/beacon.c
CC ../src/ap/bss_load.c
CC ../src/ap/neighbor_db.c
CC ../src/ap/rrm.c
CC ../src/common/mana.c
CC ../src/drivers/drivers.c
CC ../src/ap/taxonomy.c
CC ../src/utils/eloop.c
CC ../src/utils/common.c
CC ../src/utils/wpa_debug.c
CC ../src/utils/wpabuf.c
CC ../src/utils/os_unix.c
CC ../src/utils/ip_addr.c
CC ../src/common/ieee802_11_common.c
CC ../src/common/wpa_common.c
CC ../src/common/hw_features_common.c
CC ../src/eapol_auth/eapol_auth_sm.c
CC ../src/eapol_auth/eapol_auth_dump.c
CC ../src/radius/radius.c
CC ../src/radius/radius_client.c
CC ../src/radius/radius_das.c
CC ../src/ap/accounting.c
../src/ap/vlan_init.c: In function ‘vlan_init’:
../src/ap/vlan_init.c:149:54: warning: ‘.#’ directive output may be truncated writing 2 bytes into a region of size between 1 and 17 [-Wformat-truncation=]
149 | os_snprintf(vlan->ifname, sizeof(vlan->ifname), "%s.#",
| ^~
In file included from /home/peppo/temp/hostapd-mana/src/utils/common.h:12,
from ../src/ap/vlan_init.c:13:
/home/peppo/temp/hostapd-mana/src/utils/os.h:552:21: note: ‘snprintf’ output between 3 and 19 bytes into a destination of size 17
552 | #define os_snprintf snprintf
../src/ap/vlan_init.c:149:3: note: in expansion of macro ‘os_snprintf’
149 | os_snprintf(vlan->ifname, sizeof(vlan->ifname), "%s.#",
| ^~~~~~~~~~~
../src/ap/vlan_init.c: In function ‘vlan_add_dynamic’:
../src/ap/vlan_init.c:201:51: warning: ‘snprintf’ output may be truncated before the last format character [-Wformat-truncation=]
201 | os_snprintf(n->ifname, sizeof(n->ifname), "%s%d%s", ifname, vlan_id,
| ^
In file included from /home/peppo/temp/hostapd-mana/src/utils/common.h:12,
from ../src/ap/vlan_init.c:13:
/home/peppo/temp/hostapd-mana/src/utils/os.h:552:21: note: ‘snprintf’ output 2 or more bytes (assuming 18) into a destination of size 17
552 | #define os_snprintf snprintf
../src/ap/vlan_init.c:201:2: note: in expansion of macro ‘os_snprintf’
201 | os_snprintf(n->ifname, sizeof(n->ifname), "%s%d%s", ifname, vlan_id,
| ^~~~~~~~~~~
CC ../src/ap/vlan_init.c
CC ../src/ap/vlan_ifconfig.c
CC ../src/ap/vlan.c
CC ../src/common/ctrl_iface_common.c
CC ctrl_iface.c
CC ../src/ap/ctrl_iface_ap.c
CC ../src/ap/iapp.c
CC ../src/ap/peerkey_auth.c
CC ../src/ap/wpa_auth_ft.c
../src/drivers/driver_hostap.c: In function ‘hostap_init’:
../src/drivers/driver_hostap.c:234:57: warning: ‘ap’ directive output may be truncated writing 2 bytes into a region of size between 0 and 16 [-Wformat-truncation=]
234 | snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%sap", drv->iface);
| ^~
../src/drivers/driver_hostap.c:234:9: note: ‘snprintf’ output between 3 and 19 bytes into a destination of size 16
234 | snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%sap", drv->iface);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../src/drivers/driver_hostap.c:351:35: warning: ‘ap’ directive output may be truncated writing 2 bytes into a region of size between 0 and 16 [-Wformat-truncation=]
351 | os_snprintf(ifname, IFNAMSIZ, "%sap", drv->iface);
| ^~
In file included from /home/peppo/temp/hostapd-mana/src/utils/common.h:12,
from ../src/drivers/driver_hostap.c:13:
/home/peppo/temp/hostapd-mana/src/utils/os.h:552:21: note: ‘snprintf’ output between 3 and 19 bytes into a destination of size 16
552 | #define os_snprintf snprintf
../src/drivers/driver_hostap.c:351:2: note: in expansion of macro ‘os_snprintf’
351 | os_snprintf(ifname, IFNAMSIZ, "%sap", drv->iface);
| ^~~~~~~~~~~
../src/drivers/driver_hostap.c: In function ‘hostap_driver_deinit’:
../src/drivers/driver_hostap.c:351:35: warning: ‘ap’ directive output may be truncated writing 2 bytes into a region of size between 0 and 16 [-Wformat-truncation=]
351 | os_snprintf(ifname, IFNAMSIZ, "%sap", drv->iface);
| ^~
In file included from /home/peppo/temp/hostapd-mana/src/utils/common.h:12,
from ../src/drivers/driver_hostap.c:13:
/home/peppo/temp/hostapd-mana/src/utils/os.h:552:21: note: ‘snprintf’ output between 3 and 19 bytes into a destination of size 16
552 | #define os_snprintf snprintf
../src/drivers/driver_hostap.c:351:2: note: in expansion of macro ‘os_snprintf’
351 | os_snprintf(ifname, IFNAMSIZ, "%sap", drv->iface);
| ^~~~~~~~~~~
CC ../src/drivers/driver_hostap.c
CC ../src/drivers/driver_wired.c
In file included from ../src/drivers/driver_nl80211.c:26:
/home/peppo/temp/hostapd-mana/src/utils/common.h:426: warning: "__bitwise" redefined
426 | #define __bitwise
|
In file included from /usr/include/linux/sysinfo.h:5,
from /usr/include/linux/kernel.h:5,
from /usr/include/linux/netlink.h:5,
from /usr/include/libnl3/netlink/netlink.h:25,
from /usr/include/libnl3/netlink/genl/genl.h:15,
from ../src/drivers/driver_nl80211.c:17:
/usr/include/linux/types.h:22: note: this is the location of the previous definition
22 | #define __bitwise __bitwise__
|
../src/drivers/driver_nl80211.c: In function ‘i802_set_wds_sta’:
../src/drivers/driver_nl80211.c:5946:37: warning: ‘.sta’ directive output may be truncated writing 4 bytes into a region of size between 1 and 17 [-Wformat-truncation=]
5946 | os_snprintf(name, sizeof(name), "%s.sta%d", bss->ifname, aid);
| ^~~~
In file included from /home/peppo/temp/hostapd-mana/src/utils/common.h:12,
from ../src/drivers/driver_nl80211.c:26:
/home/peppo/temp/hostapd-mana/src/utils/os.h:552:21: note: ‘snprintf’ output between 6 and 32 bytes into a destination of size 17
552 | #define os_snprintf snprintf
../src/drivers/driver_nl80211.c:5946:2: note: in expansion of macro ‘os_snprintf’
5946 | os_snprintf(name, sizeof(name), "%s.sta%d", bss->ifname, aid);
| ^~~~~~~~~~~
CC ../src/drivers/driver_nl80211.c
In file included from ../src/drivers/driver_nl80211_capa.c:14:
/home/peppo/temp/hostapd-mana/src/utils/common.h:426: warning: "__bitwise" redefined
426 | #define __bitwise
|
In file included from /usr/include/linux/sysinfo.h:5,
from /usr/include/linux/kernel.h:5,
from /usr/include/linux/netlink.h:5,
from /usr/include/libnl3/netlink/netlink.h:25,
from /usr/include/libnl3/netlink/genl/genl.h:15,
from ../src/drivers/driver_nl80211_capa.c:12:
/usr/include/linux/types.h:22: note: this is the location of the previous definition
22 | #define __bitwise __bitwise__
|
CC ../src/drivers/driver_nl80211_capa.c
In file included from ../src/drivers/driver_nl80211_event.c:14:
/home/peppo/temp/hostapd-mana/src/utils/common.h:426: warning: "__bitwise" redefined
426 | #define __bitwise
|
In file included from /usr/include/linux/sysinfo.h:5,
from /usr/include/linux/kernel.h:5,
from /usr/include/linux/netlink.h:5,
from /usr/include/libnl3/netlink/netlink.h:25,
from /usr/include/libnl3/netlink/genl/genl.h:15,
from ../src/drivers/driver_nl80211_event.c:12:
/usr/include/linux/types.h:22: note: this is the location of the previous definition
22 | #define __bitwise __bitwise__
|
CC ../src/drivers/driver_nl80211_event.c
In file included from ../src/drivers/driver_nl80211_monitor.c:17:
/home/peppo/temp/hostapd-mana/src/utils/common.h:426: warning: "__bitwise" redefined
426 | #define __bitwise
|
In file included from /usr/include/linux/filter.h:10,
from ../src/drivers/driver_nl80211_monitor.c:15:
/usr/include/linux/types.h:22: note: this is the location of the previous definition
22 | #define __bitwise __bitwise__
|
../src/drivers/driver_nl80211_monitor.c: In function ‘nl80211_create_monitor_interface’:
../src/drivers/driver_nl80211_monitor.c:365:32: warning: ‘%s’ directive output may be truncated writing up to 16 bytes into a region of size 12 [-Wformat-truncation=]
365 | snprintf(buf, IFNAMSIZ, "mon.%s", drv->first_bss->ifname);
| ^~
../src/drivers/driver_nl80211_monitor.c:365:3: note: ‘snprintf’ output between 5 and 21 bytes into a destination of size 16
365 | snprintf(buf, IFNAMSIZ, "mon.%s", drv->first_bss->ifname);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CC ../src/drivers/driver_nl80211_monitor.c
In file included from ../src/drivers/driver_nl80211_scan.c:15:
/home/peppo/temp/hostapd-mana/src/utils/common.h:426: warning: "__bitwise" redefined
426 | #define __bitwise
|
In file included from /usr/include/linux/sysinfo.h:5,
from /usr/include/linux/kernel.h:5,
from /usr/include/linux/netlink.h:5,
from /usr/include/libnl3/netlink/netlink.h:25,
from /usr/include/libnl3/netlink/genl/genl.h:15,
from ../src/drivers/driver_nl80211_scan.c:13:
/usr/include/linux/types.h:22: note: this is the location of the previous definition
22 | #define __bitwise __bitwise__
|
CC ../src/drivers/driver_nl80211_scan.c
CC ../src/drivers/driver_none.c
CC ../src/drivers/netlink.c
CC ../src/drivers/linux_ioctl.c
CC ../src/drivers/rfkill.c
CC ../src/utils/radiotap.c
In file included from ../src/l2_packet/l2_packet_linux.c:15:
/home/peppo/temp/hostapd-mana/src/utils/common.h:426: warning: "__bitwise" redefined
426 | #define __bitwise
|
In file included from /usr/include/linux/filter.h:10,
from ../src/l2_packet/l2_packet_linux.c:13:
/usr/include/linux/types.h:22: note: this is the location of the previous definition
22 | #define __bitwise __bitwise__
|
CC ../src/l2_packet/l2_packet_linux.c
CC ../src/eap_server/eap_server_md5.c
CC ../src/eap_server/eap_server_tls.c
CC ../src/eap_server/eap_server_peap.c
CC ../src/eap_common/eap_peap_common.c
CC ../src/eap_server/eap_server_ttls.c
CC ../src/eap_server/eap_server_mschapv2.c
CC ../src/eap_server/eap_server_gtc.c
CC ../src/eap_server/eap_server_sim.c
CC ../src/eap_server/eap_server_aka.c
CC ../src/eap_common/eap_sim_common.c
CC ../src/eap_server/eap_sim_db.c
CC ../src/eap_server/eap_server_pax.c
CC ../src/eap_common/eap_pax_common.c
CC ../src/eap_server/eap_server_psk.c
CC ../src/eap_common/eap_psk_common.c
CC ../src/eap_server/eap_server_sake.c
CC ../src/eap_common/eap_sake_common.c
CC ../src/eap_server/eap_server_gpsk.c
CC ../src/eap_common/eap_gpsk_common.c
CC ../src/eap_server/eap_server_pwd.c
CC ../src/eap_common/eap_pwd_common.c
CC ../src/eap_server/eap_server_eke.c
CC ../src/eap_common/eap_eke_common.c
CC ../src/eap_server/eap_server_fast.c
CC ../src/eap_common/eap_fast_common.c
CC ../src/eap_server/eap_server_ikev2.c
CC ../src/eap_server/ikev2.c
CC ../src/eap_common/eap_ikev2_common.c
CC ../src/eap_common/ikev2_common.c
CC ../src/eap_server/eap_server_tnc.c
CC ../src/eap_server/tncs.c
CC eap_register.c
CC ../src/eap_server/eap_server.c
CC ../src/eap_common/eap_common.c
CC ../src/eap_server/eap_server_methods.c
CC ../src/eap_server/eap_server_identity.c
CC ../src/crypto/ms_funcs.c
CC ../src/eap_common/chap.c
CC ../src/eap_server/eap_server_tls_common.c
CC ../src/crypto/tls_openssl.c
CC ../src/crypto/tls_openssl_ocsp.c
CC ../src/crypto/crypto_openssl.c
CC ../src/crypto/fips_prf_openssl.c
CC ../src/crypto/aes-eax.c
CC ../src/crypto/aes-ctr.c
CC ../src/crypto/aes-encblock.c
CC ../src/crypto/aes-omac1.c
CC ../src/crypto/sha1-prf.c
CC ../src/crypto/sha1-tprf.c
CC ../src/crypto/sha1-tlsprf.c
CC ../src/crypto/sha256-prf.c
CC ../src/crypto/sha256-tlsprf.c
CC ../src/crypto/sha256-kdf.c
CC ../src/crypto/dh_groups.c
CC ../src/crypto/random.c
CC ../src/radius/radius_server.c
CC ../src/utils/base64.c
CC ../src/ap/wmm.c
CC ../src/ap/ap_list.c
../src/ap/ieee802_11.c: In function ‘handle_assoc’:
../src/ap/ieee802_11.c:2153:63: warning: ‘?:’ using integer constants in boolean context [-Wint-in-bool-context]
2153 | sta->last_subtype == reassoc ? WLAN_FC_STYPE_REASSOC_REQ :
CC ../src/ap/ieee802_11.c
CC ../src/ap/hw_features.c
CC ../src/ap/dfs.c
CC ../src/ap/ieee802_11_ht.c
CC ../src/ap/ieee802_11_vht.c
CC ../src/ap/hs20.c
CC ../src/common/gas.c
CC ../src/ap/gas_serv.c
CC ../src/ap/x_snoop.c
CC ../src/ap/dhcp_snoop.c
CC ../src/ap/ndisc_snoop.c
CC ../src/drivers/driver_common.c
/usr/bin/ld: ../src/ap/drv_callbacks.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:54: multiple definition of `mana_ssidhash'; ../src/ap/hostapd.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:54: first defined here
/usr/bin/ld: ../src/ap/drv_callbacks.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:53: multiple definition of `mana_machash'; ../src/ap/hostapd.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:53: first defined here
/usr/bin/ld: ../src/ap/sta_info.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:54: multiple definition of `mana_ssidhash'; ../src/ap/hostapd.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:54: first defined here
/usr/bin/ld: ../src/ap/sta_info.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:53: multiple definition of `mana_machash'; ../src/ap/hostapd.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:53: first defined here
/usr/bin/ld: ../src/ap/beacon.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:54: multiple definition of `mana_ssidhash'; ../src/ap/hostapd.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:54: first defined here
/usr/bin/ld: ../src/ap/beacon.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:53: multiple definition of `mana_machash'; ../src/ap/hostapd.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:53: first defined here
/usr/bin/ld: ../src/ap/bss_load.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:54: multiple definition of `mana_ssidhash'; ../src/ap/hostapd.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:54: first defined here
/usr/bin/ld: ../src/ap/bss_load.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:53: multiple definition of `mana_machash'; ../src/ap/hostapd.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:53: first defined here
/usr/bin/ld: ctrl_iface.o:/home/peppo/temp/hostapd-mana/src/ap/beacon.h:54: multiple definition of `mana_ssidhash'; ../src/ap/hostapd.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:54: first defined here
/usr/bin/ld: ctrl_iface.o:/home/peppo/temp/hostapd-mana/src/ap/beacon.h:53: multiple definition of `mana_machash'; ../src/ap/hostapd.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:53: first defined here
/usr/bin/ld: ../src/ap/ap_list.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:54: multiple definition of `mana_ssidhash'; ../src/ap/hostapd.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:54: first defined here
/usr/bin/ld: ../src/ap/ap_list.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:53: multiple definition of `mana_machash'; ../src/ap/hostapd.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:53: first defined here
/usr/bin/ld: ../src/ap/ieee802_11.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:54: multiple definition of `mana_ssidhash'; ../src/ap/hostapd.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:54: first defined here
/usr/bin/ld: ../src/ap/ieee802_11.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:53: multiple definition of `mana_machash'; ../src/ap/hostapd.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:53: first defined here
/usr/bin/ld: ../src/ap/hw_features.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:54: multiple definition of `mana_ssidhash'; ../src/ap/hostapd.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:54: first defined here
/usr/bin/ld: ../src/ap/hw_features.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:53: multiple definition of `mana_machash'; ../src/ap/hostapd.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:53: first defined here
/usr/bin/ld: ../src/ap/ieee802_11_ht.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:54: multiple definition of `mana_ssidhash'; ../src/ap/hostapd.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:54: first defined here
/usr/bin/ld: ../src/ap/ieee802_11_ht.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:53: multiple definition of `mana_machash'; ../src/ap/hostapd.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:53: first defined here
/usr/bin/ld: ../src/ap/ieee802_11_vht.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:54: multiple definition of `mana_ssidhash'; ../src/ap/hostapd.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:54: first defined here
/usr/bin/ld: ../src/ap/ieee802_11_vht.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:53: multiple definition of `mana_machash'; ../src/ap/hostapd.o:/home/peppo/temp/hostapd-mana/hostapd/../src/ap/beacon.h:53: first defined here
collect2: error: ld returned 1 exit status
make: *** [Makefile:1064: hostapd] Errore 1
Hi, singe,
Can you add logging option for all EAP Identity?
Best regards,
Besim.
Berate_ap gets stuck on internet sharing method nat, and no ap is created in kali nethunter. The old manna-toolkit still works but does not integrate with bettercap. Sim link set, and renamed hostpad to hostapd-mana after compiling from source. ln -s /opt/hostapd-mana/hostapd/hostapd-mana hostapd-mana. Tried setting sim link for _cli binary as well. berate_ap worked for me before Nov 20th 2019 when Cablethief Merged the branch 'master' of github.com:sensepost/berate_ap. Changing sim links to /usr/lib/mana-toolkit/ doesn't change any behaviour. Compiled hostapd seems to work if used by itself from the command line. My apologies but I couldn't see a way to report an issue on the berate_ap page. Any help or suggestions would be appreciated, and thank you all for all the hard work you do on github
First of all, thanks for your awesome tool!
I'd like to see the Known Beacons attack implemented.
https://census-labs.com/news/2018/02/01/known-beacons-attack-34c3/
TL;DR: it's just the ability for hostapd to anounce multipled ESSIDs instead of just one.
I am evaluating to port hostapd-mana to Openwrt in order to make it run under ZSUN AP [1]
I have also noticed that someone already manage to port a very similar weaponized version of hostapd (i.e hostapd-wpe) to openwrt but applying manually some patches [2].
**
I am writing here in case someone is interested as well or if already tried the porting and eventually succeded.**
[1] https://forum.openwrt.org/viewtopic.php?pid=313458
[2] https://www.acrylicwifi.com/en/blog/hostapd-wpe-openwrt-barrier-breaker/
If we enable mana_ssid_filter_file hostapd-mana will only repsond to probe-requests for SSID's specified in our file, operating in a "whitelist-mode".
It would be awesome to also have the reverse option, like a "blacklist-mode", for this SSID-filter.
So that mana will respond to all probe-requests, except from the one(s) in the blacklist-file.
I'll be taking a deeper look into the source to see if this change is something i can manage to pull off, and then create a PR if wanted.
If not, consider this a feature request :)
I can't seem to find a log file option in the configs to store received EAP creds (challenge/response hashes, gtc plain text passwords etc.) It would be nice to have a simple log file containing the creds so you don't need to scroll through your terminal output.
As the title says, will there be updates in the future or has it been abandoned?
Hi,
client can connect to fake AP but the hash password not captured.
instead show hash password the AP say WPA: pairwise key handshake completed (RSN)
this is the log
wlx00c0ca977de5: interface state UNINITIALIZED->ENABLED
wlx00c0ca977de5: AP-ENABLED
wlx00c0ca977de5: STA 5c:c5:d4:7b:eb:a2 IEEE 802.11: authenticated
wlx00c0ca977de5: STA 5c:c5:d4:7b:eb:a2 IEEE 802.11: associated (aid 1)
wlx00c0ca977de5: CTRL-EVENT-EAP-STARTED 5c:c5:d4:7b:eb:a2
wlx00c0ca977de5: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlx00c0ca977de5: CTRL-EVENT-EAP-STARTED 5c:c5:d4:7b:eb:a2
wlx00c0ca977de5: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
MANA EAP Identity Phase 0: [email protected]
wlx00c0ca977de5: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
wlx00c0ca977de5: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13
wlx00c0ca977de5: CTRL-EVENT-EAP-SUCCESS 5c:c5:d4:7b:eb:a2
wlx00c0ca977de5: STA 5c:c5:d4:7b:eb:a2 WPA: pairwise key handshake completed (RSN)
wlx00c0ca977de5: AP-STA-CONNECTED 5c:c5:d4:7b:eb:a2
wlx00c0ca977de5: STA 5c:c5:d4:7b:eb:a2 RADIUS: starting accounting session 0124404ADA0F5484
wlx00c0ca977de5: STA 5c:c5:d4:7b:eb:a2 IEEE 802.1X: authenticated - EAP type: 0 (unknown)
wlx00c0ca977de5: AP-STA-DISCONNECTED 5c:c5:d4:7b:eb:a2
any advise please ?
Configured manna to work as wpa2 .... works as it should replys to wpa2 networks
but if a client tries to connect, no handshake gets captured ... (message on device shows wrong pw... sure thats ok, but i would like to have the handshake)
did i miss something ?
do i need to run another mon device listening for those handshakes ?
would it be possible to clear out the wpa2 function a bit more
that would be nice
would like to use the wpa2 setting to reply to all wpa2 requests in the area and get those connection handshakes ....
On both Debian (Jessie), and Kali Rolling one willl now experience issues when compiling hostapd-mana.
I took a quick glance at the output and the bug seems to be related to OpenSSL.
root@fsociety-vm1:~/gits/mana/hostapd-mana/hostapd# make -j8
CC ../src/ap/utils.c
CC ../src/ap/authsrv.c
CC ../src/ap/wpa_auth_glue.c
CC main.c
CC ../src/ap/ap_drv_ops.c
CC ../src/ap/drv_callbacks.c
CC ../src/ap/eap_user_db.c
CC ../src/ap/ap_config.c
CC ../src/ap/ieee802_11_auth.c
CC ../src/ap/tkip_countermeasures.c
CC ../src/ap/ap_mlme.c
CC ../src/ap/sta_info.c
CC ../src/ap/preauth_auth.c
CC ../src/ap/ieee802_1x.c
CC ../src/ap/wpa_auth_ie.c
CC ../src/ap/hostapd.c
CC ../src/ap/pmksa_cache_auth.c
CC ../src/ap/ieee802_11_shared.c
CC ../src/drivers/drivers.c
CC ../src/utils/wpa_debug.c
CC ../src/utils/wpabuf.c
CC ../src/utils/eloop.c
CC ../src/utils/common.c
CC ../src/utils/ip_addr.c
CC ../src/ap/wpa_auth.c
CC ../src/utils/os_unix.c
CC ../src/ap/beacon.c
CC ../src/common/ieee802_11_common.c
CC config_file.c
CC ../src/eapol_auth/eapol_auth_dump.c
CC ../src/common/wpa_common.c
CC ../src/radius/radius_das.c
CC ../src/eapol_auth/eapol_auth_sm.c
CC ../src/radius/radius_client.c
CC ../src/crypto/md5.c
CC ../src/ap/iapp.c
CC ../src/ap/vlan_init.c
CC ../src/ap/ctrl_iface_ap.c
CC ../src/radius/radius.c
CC ../src/ap/peerkey_auth.c
CC ../src/drivers/driver_wired.c
CC ../src/drivers/netlink.c
CC ../src/drivers/linux_ioctl.c
CC ../src/utils/radiotap.c
CC ../src/drivers/rfkill.c
CC ctrl_iface.c
CC ../src/l2_packet/l2_packet_linux.c
CC ../src/drivers/driver_hostap.c
CC ../src/eap_server/eap_server_md5.c
CC ../src/eap_common/eap_peap_common.c
../src/eap_server/eap_server_ttls.c: In function ‘eap_ttls_process_phase2_pap’:
../src/eap_server/eap_server_ttls.c:520:22: warning: field precision specifier ‘.*’ expects argument of type ‘int’, but argument 5 has type ‘size_t {aka long unsigned int}’ [-Wformat=]
fprintf(f, "%s|%*.*s|%s\n", hdr, 0, sm->identity_len, sm->identity, user_password);
^
CC ../src/eap_server/eap_server_tls.c
CC ../src/eap_server/eap_server_gtc.c
CC ../src/eap_server/eap_server_mschapv2.c
CC ../src/eap_server/eap_server_sim.c
CC ../src/eap_server/eap_server_peap.c
CC ../src/eap_server/eap_server_ttls.c
CC ../src/eap_common/eap_pax_common.c
CC ../src/eap_common/eap_sim_common.c
CC ../src/eap_server/eap_server_aka.c
CC ../src/eap_server/eap_sim_db.c
CC ../src/eap_common/eap_psk_common.c
CC ../src/eap_server/eap_server_pax.c
CC ../src/eap_server/eap_server_psk.c
CC ../src/eap_common/eap_sake_common.c
CC ../src/eap_server/eap_server_sake.c
CC ../src/eap_common/eap_gpsk_common.c
CC ../src/eap_server/eap_server_gpsk.c
CC ../src/eap_common/eap_pwd_common.c
CC ../src/eap_common/eap_fast_common.c
CC ../src/eap_common/eap_eke_common.c
CC ../src/eap_server/eap_server_eke.c
CC ../src/eap_server/eap_server_ikev2.c
CC ../src/eap_server/eap_server_pwd.c
CC ../src/eap_common/eap_ikev2_common.c
CC ../src/eap_common/ikev2_common.c
CC eap_register.c
CC ../src/eap_server/eap_server_fast.c
../src/eap_server/eap_server.c: In function ‘eap_user_get’:
../src/eap_server/eap_server.c:100:49: warning: field precision specifier ‘.*’ expects argument of type ‘int’, but argument 3 has type ‘size_t {aka long unsigned int}’ [-Wformat=]
wpa_printf(MSG_INFO, "MANA (EAP) : identity: %.*s", identity_len, identity);
^
CC ../src/eap_server/eap_server_tnc.c
CC ../src/eap_server/ikev2.c
CC ../src/eap_server/eap_server_methods.c
CC ../src/eap_common/eap_common.c
CC ../src/eap_server/eap_server_identity.c
CC ../src/eap_server/tncs.c
CC ../src/eap_common/chap.c
../src/crypto/crypto_openssl.c: In function ‘openssl_digest_vector’:
../src/crypto/crypto_openssl.c:84:13: error: storage size of ‘ctx’ isn’t known
EVP_MD_CTX ctx;
^~~
../src/crypto/crypto_openssl.c:84:13: warning: unused variable ‘ctx’ [-Wunused-variable]
../src/crypto/crypto_openssl.c: In function ‘rc4_skip’:
../src/crypto/crypto_openssl.c:145:17: error: storage size of ‘ctx’ isn’t known
EVP_CIPHER_CTX ctx;
^~~
../src/crypto/crypto_openssl.c:145:17: warning: unused variable ‘ctx’ [-Wunused-variable]
In file included from /root/gits/mana/hostapd-mana/src/utils/common.h:12:0,
from ../src/crypto/crypto_openssl.c:26:
../src/crypto/crypto_openssl.c: In function ‘aes_encrypt_init’:
../src/crypto/crypto_openssl.c:223:25: error: dereferencing pointer to incomplete type ‘EVP_CIPHER_CTX {aka struct evp_cipher_ctx_st}’
ctx = os_malloc(sizeof(*ctx));
^~
/root/gits/mana/hostapd-mana/src/utils/os.h:478:30: note: in definition of macro ‘os_malloc’
#define os_malloc(s) malloc((s))
^
../src/crypto/crypto_openssl.c: At top level:
../src/crypto/crypto_openssl.c:355:17: error: field ‘enc’ has incomplete type
EVP_CIPHER_CTX enc;
^~~
../src/crypto/crypto_openssl.c:356:17: error: field ‘dec’ has incomplete type
EVP_CIPHER_CTX dec;
^~~
../src/crypto/crypto_openssl.c: In function ‘dh5_init’:
../src/crypto/crypto_openssl.c:482:4: error: dereferencing pointer to incomplete type ‘DH {aka struct dh_st}’
dh->g = BN_new();
^~
../src/crypto/crypto_openssl.c: At top level:
../src/crypto/crypto_openssl.c:600:11: error: field ‘ctx’ has incomplete type
HMAC_CTX ctx;
^~~
../src/crypto/crypto_openssl.c: In function ‘crypto_hash_init’:
../src/crypto/crypto_openssl.c:635:2: warning: implicit declaration of function ‘HMAC_CTX_init’ [-Wimplicit-function-declaration]
HMAC_CTX_init(&ctx->ctx);
^~~~~~~~~~~~~
../src/crypto/crypto_openssl.c: In function ‘crypto_hash_finish’:
../src/crypto/crypto_openssl.c:678:2: warning: implicit declaration of function ‘HMAC_CTX_cleanup’ [-Wimplicit-function-declaration]
HMAC_CTX_cleanup(&ctx->ctx);
^~~~~~~~~~~~~~~~
../src/crypto/crypto_openssl.c: In function ‘hmac_sha1_vector’:
../src/crypto/crypto_openssl.c:710:11: error: storage size of ‘ctx’ isn’t known
HMAC_CTX ctx;
^~~
../src/crypto/crypto_openssl.c:710:11: warning: unused variable ‘ctx’ [-Wunused-variable]
../src/crypto/crypto_openssl.c: In function ‘hmac_sha256_vector’:
../src/crypto/crypto_openssl.c:751:11: error: storage size of ‘ctx’ isn’t known
HMAC_CTX ctx;
^~~
../src/crypto/crypto_openssl.c:751:11: warning: unused variable ‘ctx’ [-Wunused-variable]
Makefile:891: recipe for target '../src/crypto/crypto_openssl.o' failed
make: *** [../src/crypto/crypto_openssl.o] Error 1
make: *** Waiting for unfinished jobs....
CC ../src/crypto/ms_funcs.c
CC ../src/eap_server/eap_server_tls_common.c
CC ../src/crypto/aes-wrap.c
CC ../src/crypto/fips_prf_openssl.c
CC ../src/eap_server/eap_server.c
../src/crypto/tls_openssl.c: In function ‘tls_init’:
../src/crypto/tls_openssl.c:812:2: warning: ‘TLSv1_method’ is deprecated [-Wdeprecated-declarations]
ssl = SSL_CTX_new(TLSv1_method());
^~~
In file included from /usr/include/openssl/ct.h:13:0,
from /usr/include/openssl/ssl.h:61,
from ../src/crypto/tls_openssl.c:19:
/usr/include/openssl/ssl.h:1596:1: note: declared here
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_method(void)) /* TLSv1.0 */
^
../src/crypto/tls_openssl.c: In function ‘tls_deinit’:
../src/crypto/tls_openssl.c:868:3: warning: ‘ERR_remove_thread_state’ is deprecated [-Wdeprecated-declarations]
ERR_remove_thread_state(NULL);
^~~~~~~~~~~~~~~~~~~~~~~
In file included from /usr/include/openssl/ct.h:13:0,
from /usr/include/openssl/ssl.h:61,
from ../src/crypto/tls_openssl.c:19:
/usr/include/openssl/err.h:246:1: note: declared here
DEPRECATEDIN_1_1_0(void ERR_remove_thread_state(void *))
^
../src/crypto/tls_openssl.c: In function ‘tls_load_ca_der’:
../src/crypto/tls_openssl.c:1540:40: error: dereferencing pointer to incomplete type ‘SSL_CTX {aka struct ssl_ctx_st}’
lookup = X509_STORE_add_lookup(ssl_ctx->cert_store,
^~
../src/crypto/tls_openssl.c: In function ‘tls_connection_get_keys’:
../src/crypto/tls_openssl.c:2532:24: error: dereferencing pointer to incomplete type ‘SSL {aka struct ssl_st}’
if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL)
^~
../src/crypto/tls_openssl.c: In function ‘tls_connection_set_session_ticket_cb’:
../src/crypto/tls_openssl.c:3534:44: warning: passing argument 2 of ‘SSL_set_session_secret_cb’ from incompatible pointer type [-Wincompatible-pointer-types]
if (SSL_set_session_secret_cb(conn->ssl, tls_sess_sec_cb,
^~~~~~~~~~~~~~~
In file included from ../src/crypto/tls_openssl.c:19:0:
/usr/include/openssl/ssl.h:1799:12: note: expected ‘tls_session_secret_cb_fn {aka int (*)(struct ssl_st *, void *, int *, struct stack_st_SSL_CIPHER *, const struct ssl_cipher_st **, void *)}’ but argument is of type ‘int (*)(SSL *, void *, int *, struct stack_st_SSL_CIPHER *, SSL_CIPHER **, void *) {aka int (*)(struct ssl_st *, void *, int *, struct stack_st_SSL_CIPHER *, struct ssl_cipher_st **, void *)}’
__owur int SSL_set_session_secret_cb(SSL *s,
^~~~~~~~~~~~~~~~~~~~~~~~~
../src/crypto/tls_openssl.c: In function ‘tls_connection_resumed’:
../src/crypto/tls_openssl.c:2819:1: warning: control reaches end of non-void function [-Wreturn-type]
}
^
Makefile:891: recipe for target '../src/crypto/tls_openssl.o' failed
make: *** [../src/crypto/tls_openssl.o] Error 1
CC ../src/drivers/driver_nl80211.c
I also noticed on Kali's package-tracker that OpenSSL got updated on [2016-12-08] from version: 1.0.2j-1 to version 1.1.0c-2.
So over to the "quick fix" / temporary-fix: downgrade OpenSSL manually, by downloading the following files:
libssl1.0.0_1.0.1t-1+deb8u5_amd64.deb
libssl-dev_1.0.1t-1+deb8u5_amd64.deb
openssl_1.0.1t-1+deb8u5_amd64.deb
We have this tool in our tree but since it depends on Python 2, which has been deprecated since 2020-01-01, I was hoping this tool could be upgraded to Python 3.
Hi,
when trying the latest commit, I get the identity of the user which is connecting, but not its challenge/response hash. I can get this information with hostapd-wpe or an old commit of hostapd-mana (can't remember which one, but I know that its configuration was still using "karma" instead of "mana" for enabling the karma attacks). What am I missing / what should I do to get this behaviour again? Thanks.
I get this error when compiling the hostapd-mana (kali 2018.1 / virtual box)
make -C hostapd
make: Entering directory '/root/hostapd-mana/hostapd'
fatal: No annotated tags can describe '38d7a2e1d6ee174836956ebeeb01ade711273fdc'.
However, there were unannotated tags: try --tags.
In file included from /root/hostapd-mana/src/utils/common.h:12,
from config_file.c:14:
config_file.c: In function ‘hostapd_config_read_ssidlist’:
config_file.c:173:51: warning: argument to ‘sizeof’ in ‘memcpy’ call is the same pointer type ‘char *’ as the destination; expected ‘char’ or an explicit length [-Wsizeof-pointer-memaccess]
os_memcpy((*ssid_filter)[*num].ssid, pos, sizeof(pos));
^
/root/hostapd-mana/src/utils/os.h:503:46: note: in definition of macro ‘os_memcpy’
#define os_memcpy(d, s, n) memcpy((d), (s), (n))
^
config_file.c: In function ‘hostapd_config_read_maclist’:
config_file.c:290:7: error: redeclaration of ‘i’ with no linkage
int i;
^
config_file.c:207:7: note: previous declaration of ‘i’ was here
int i, rem = 0;
^
Makefile:1037: recipe for target 'config_file.o' failed
make: *** [config_file.o] Error 1
make: Leaving directory '/root/hostapd-mana/hostapd'
As I can read on the requirements section, the interface needs those modes:
Supported interface modes:
* IBSS
* managed
* AP
* AP/VLAN
* monitor
* mesh point
I am testting the adapter awus036ach using the official Kali drivers and I can see the drivers only support the following modes:
Supported interface modes:
* IBSS
* managed
* AP
* monitor
* P2P-client
* P2P-GO
Looks like it does not support AP/VLAN / mesh point
Am I missing some mana funcionality without those two modes (AP/VLAN / mesh point)?
Best Regards !!
Would it be possible to upgrade this framework to use hostapd version 2.6
Hello to everyone
God verrrrry painful issue
root@kali:~/Downloads/mana-master# ./kali-install.sh
SensePost Mana Installer
[+] This is not a very good installer, it makes a lot of assumptions
[+] It assumes you are running Kali
[+] If you are worried about that, hit Ctl-C now, or hit Enter to continue
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package libnl-dev is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package 'libnl-dev' has no installation candidate
make -C hostapd-mana/hostapd/
make[1]: Entering directory '/root/Downloads/mana-master/hostapd-mana/hostapd'
CC main.c
CC config_file.c
CC ../src/ap/hostapd.c
CC ../src/ap/wpa_auth_glue.c
CC ../src/ap/drv_callbacks.c
CC ../src/ap/ap_drv_ops.c
CC ../src/ap/utils.c
CC ../src/ap/authsrv.c
CC ../src/ap/ieee802_1x.c
CC ../src/ap/ap_config.c
CC ../src/ap/eap_user_db.c
CC ../src/ap/ieee802_11_auth.c
CC ../src/ap/sta_info.c
CC ../src/ap/wpa_auth.c
CC ../src/ap/tkip_countermeasures.c
CC ../src/ap/ap_mlme.c
CC ../src/ap/wpa_auth_ie.c
CC ../src/ap/preauth_auth.c
CC ../src/ap/pmksa_cache_auth.c
CC ../src/ap/ieee802_11_shared.c
CC ../src/ap/beacon.c
CC ../src/drivers/drivers.c
CC ../src/utils/eloop.c
CC ../src/utils/common.c
CC ../src/utils/wpa_debug.c
CC ../src/utils/wpabuf.c
CC ../src/utils/os_unix.c
CC ../src/utils/ip_addr.c
CC ../src/common/ieee802_11_common.c
CC ../src/common/wpa_common.c
CC ../src/eapol_auth/eapol_auth_sm.c
CC ../src/eapol_auth/eapol_auth_dump.c
CC ../src/radius/radius.c
CC ../src/radius/radius_client.c
CC ../src/radius/radius_das.c
CC ../src/ap/vlan_init.c
CC ctrl_iface.c
CC ../src/ap/ctrl_iface_ap.c
CC ../src/crypto/md5.c
CC ../src/ap/iapp.c
CC ../src/ap/peerkey_auth.c
CC ../src/drivers/driver_hostap.c
CC ../src/drivers/driver_wired.c
../src/drivers/driver_nl80211.c:19:31: fatal error: netlink/genl/genl.h: No such file or directory
compilation terminated.
Makefile:891: recipe for target '../src/drivers/driver_nl80211.o' failed
make[1]: *** [../src/drivers/driver_nl80211.o] Error 1
make[1]: Leaving directory '/root/Downloads/mana-master/hostapd-mana/hostapd'
Makefile:3: recipe for target 'all' failed
make: *** [all] Error 2
Reading package lists... Done
Building dependency tree
Reading state information... Done
Note, selecting 'python-scapy' instead of 'scapy'
apache2 is already the newest version (2.4.18-1).
apache2 set to manually installed.
asleap is already the newest version (2.2-1kali7).
asleap set to manually installed.
dsniff is already the newest version (2.4b1+debian-22.1+b2).
dsniff set to manually installed.
iptables is already the newest version (1.4.21-2+b1).
macchanger is already the newest version (1.7.0-5.3).
macchanger set to manually installed.
metasploit-framework is already the newest version (4.11.7-0kali1).
metasploit-framework set to manually installed.
procps is already the newest version (2:3.3.11-3).
python-dnspython is already the newest version (1.12.0-1).
python-dnspython set to manually installed.
python-pcapy is already the newest version (0.10.8-1+b1).
python-pcapy set to manually installed.
python-scapy is already the newest version (2.2.0-1kali1).
python-scapy set to manually installed.
sslsplit is already the newest version (0.4.11+dfsg-2).
sslsplit set to manually installed.
stunnel4 is already the newest version (3:5.29-1).
stunnel4 set to manually installed.
Suggested packages:
resolvconf
The following NEW packages will be installed:
dnsmasq tinyproxy
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 98.8 kB of archives.
After this operation, 219 kB of additional disk space will be used.
Get:1 http://kali.mirror.garr.it/mirrors/kali kali-rolling/main i386 dnsmasq all 2.75-1 [15.9 kB]
Get:2 http://kali.mirror.garr.it/mirrors/kali kali-rolling/main i386 tinyproxy i386 1.8.3-3+b1 [82.9 kB]
Fetched 98.8 kB in 1s (75.2 kB/s)
Selecting previously unselected package dnsmasq.
(Reading database ... 309871 files and directories currently installed.)
Preparing to unpack .../dnsmasq_2.75-1_all.deb ...
Unpacking dnsmasq (2.75-1) ...
Selecting previously unselected package tinyproxy.
Preparing to unpack .../tinyproxy_1.8.3-3+b1_i386.deb ...
Unpacking tinyproxy (1.8.3-3+b1) ...
Processing triggers for systemd (228-4) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up dnsmasq (2.75-1) ...
update-rc.d: We have no instructions for the dnsmasq init script.
update-rc.d: It looks like a network service, we disable it.
insserv: warning: current start runlevel(s) (empty) of script dnsmasq' overrides LSB defaults (2 3 4 5). insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script
dnsmasq' overrides LSB defaults (0 1 6).
Setting up tinyproxy (1.8.3-3+b1) ...
update-rc.d: As per Kali policy, tinyproxy init script is left disabled.
insserv: warning: current start runlevel(s) (empty) of script tinyproxy' overrides LSB defaults (2 3 4 5). insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script
tinyproxy' overrides LSB defaults (0 1 6).
Processing triggers for systemd (228-4) ...
install -d -m 755 /usr/share/mana-toolkit/www
install -d -m 755 /usr/share/mana-toolkit/crackapd
install -d -m 755 /usr/share/mana-toolkit/firelamb
install -d -m 755 /usr/share/mana-toolkit/sslstrip-hsts/sslstrip2
install -d -m 755 /usr/share/mana-toolkit/sslstrip-hsts/sslstrip2/sslstrip
install -d -m 755 /usr/share/mana-toolkit/sslstrip-hsts/dns2proxy
install -d -m 755 /usr/share/mana-toolkit/net-creds
install -d -m 755 /usr/share/mana-toolkit/cert
install -d -m 755 /usr/share/mana-toolkit/run-mana
install -d -m 755 /usr/lib/mana-toolkit/
install -d -m 755 /var/lib/mana-toolkit/sslsplit
install -d -m 755 /etc/mana-toolkit/
install -d -m 755 /etc/apache2/sites-available/
install -m 644 run-mana/conf/* /etc/mana-toolkit/
install -m 644 crackapd/crackapd.conf /etc/mana-toolkit/
install -m 644 apache/etc/apache2/sites-available/* /etc/apache2/sites-available/
install -m 755 hostapd-mana/hostapd/hostapd /usr/lib/mana-toolkit/
install: cannot stat ‘hostapd-mana/hostapd/hostapd’: No such file or directory
Makefile:6: recipe for target 'install' failed
make: *** [install] Error 1
Actually , im close to pay over paypal to person who will solve this problem to me.
The use of bitmasks appears to break the binary search which is found within the hostapd_maclist_found
function within src/ap/ap_config.c
(lines 627-664).
Start hostapd-mana using the following configuration file and hostapd.accept
file (make sure to enable debug output using the -d
flag:
hostapd.conf
enable_mana=0
mana_loud=0
mana_macacl=1
interface=wlan0
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
ssid=testnetwork
hw_mode=g
channel=1
macaddr_acl=1
accept_mac_file=./hostapd.accept
ignore_broadcast_ssid=0
hostapd.accept
00:11:22:33:44:55 00:ff:00:ff:00:ff
00:66:77:88:99:aa
00:00:22:33:44:55
a4:83:e7:02:1a:9c 00:00:00:ff:ff:ff
Observe that when hostapd-mana
receives a probe request from a6:83:e7:02:1a:9c
, the mac address a6:83:e7:02:1a:9c
is checked against 00:00:22:33:44:55/ff:ff:ff:ff:ff:ff
, 00:11:22:33:44:55/00:ff:00:ff:00:ff
, and 00:66:77:88:99:aa/ff:ff:ff:ff:ff:ff
. However, a6:83:e7:02:1a:9c
is not compared against a6:83:e7:02:1a:9c/00:00:00:ff:ff:ff
, causing it to fail:
I've translated the relevant function into pseudocode to make it easier to follow.
(skipping vlan related code for brevity)
set start = 0
set end = num_entries - 1
match_found = False
while start <= end:
next_addr = list[middle].addr
masked_test_value = test_value & list[middle].mask
if next_addr == masked_test_value:
match_found = True
break
# implicitly, we know that we can't get here unless mac1 != mac2
if next_addr < test_value:
start = middle + 1
else:
end = middle - 1
Let's assume that we have the following hostapd.accept
file:
00:11:22:33:44:55 00:ff:00:ff:00:ff
00:66:77:88:99:aa
00:00:22:33:44:55
a4:83:e7:02:1a:9c 00:00:00:ff:ff:ff
If we translate these mac addresses into decimal format and include their masked transformations, this gives us:
# mac address & mask == transformed
73588229205 & 1095233372415 == 73017786453
440092105130 & 281474976710655 == 440092105130
573785173 & 281474976710655 == 573785173
180886423345820 & 16777215 == 137884
This gives us the following sorted array of transformed MAC addresses (in decimal format):
list = [137884, 573785173, 73017786453, 440092105130]
The length of our array is 4
, so we set start to 0
and end to 3
.
We then set middle to 3 / 2
which is 1
(integer division).
We then set next_addr
to list[middle] which is list[1] which is 573785173.
Our masked_test_value is 137884
. Since 137884
is not equal to 573785173
(value of next_addr
), we move on.
We next check to see if next_add
573785173
is less than test_value 180886423345820
. Since it is, we set start to middle + 1
which is 2
.
This shrinks our array from [137884, 573785173, 73017786453, 440092105130]
to [73017786453, 440092105130]
. Since the next array does not contain our target value 137884
, indicating that the algorithm has failed.
It's possible that a different search algorithm (and possibly a different data structure) is needed to accommodate anything more efficient than a linear search (which is O(n)) when
bitmasks are used. I'm not sure what those would be. I didn't think about this too hard (this stuff makes my head hurt).
I'm guessing this problem may have gone unnoticed due to #40.
Getting the following error message when attempting to run hostapd on Kali Linux 2018.3.
./hostapd: error while loading shared libraries: libssl.so.1.0.0: cannot open shared object file: No such file or directory
I tried linking the newer libssl.so1.0.2 to libssl.so1.0.0 with no luck. Any help with be appreciated.
Hi,
Trying to get the snoopy like functionality from mana. Can't get hostapd-mana to make because of what seems like a SSL error? Any help is appreciated!
CC main.c CC config_file.c CC ../src/ap/hostapd.c CC ../src/ap/wpa_auth_glue.c CC ../src/ap/drv_callbacks.c CC ../src/ap/ap_drv_ops.c CC ../src/ap/utils.c CC ../src/ap/authsrv.c CC ../src/ap/ieee802_1x.c CC ../src/ap/ap_config.c CC ../src/ap/eap_user_db.c CC ../src/ap/ieee802_11_auth.c CC ../src/ap/sta_info.c CC ../src/ap/wpa_auth.c CC ../src/ap/tkip_countermeasures.c CC ../src/ap/ap_mlme.c CC ../src/ap/wpa_auth_ie.c CC ../src/ap/preauth_auth.c CC ../src/ap/pmksa_cache_auth.c CC ../src/ap/ieee802_11_shared.c CC ../src/ap/beacon.c CC ../src/drivers/drivers.c CC ../src/utils/eloop.c CC ../src/utils/common.c CC ../src/utils/wpa_debug.c CC ../src/utils/wpabuf.c CC ../src/utils/os_unix.c CC ../src/utils/ip_addr.c CC ../src/common/ieee802_11_common.c CC ../src/common/wpa_common.c CC ../src/eapol_auth/eapol_auth_sm.c CC ../src/eapol_auth/eapol_auth_dump.c CC ../src/radius/radius.c CC ../src/radius/radius_client.c CC ../src/radius/radius_das.c CC ../src/ap/vlan_init.c CC ctrl_iface.c CC ../src/ap/ctrl_iface_ap.c CC ../src/crypto/md5.c CC ../src/ap/iapp.c CC ../src/ap/peerkey_auth.c CC ../src/drivers/driver_hostap.c CC ../src/drivers/driver_wired.c CC ../src/drivers/driver_nl80211.c CC ../src/utils/radiotap.c CC ../src/drivers/netlink.c CC ../src/drivers/linux_ioctl.c CC ../src/drivers/rfkill.c CC ../src/l2_packet/l2_packet_linux.c CC ../src/eap_server/eap_server_md5.c CC ../src/eap_server/eap_server_tls.c CC ../src/eap_server/eap_server_peap.c CC ../src/eap_common/eap_peap_common.c ../src/eap_server/eap_server_ttls.c: In function ‘eap_ttls_process_phase2_pap’: ../src/eap_server/eap_server_ttls.c:520:22: warning: field precision specifier ‘.*’ expects argument of type ‘int’, but argument 5 has type ‘size_t {aka long unsigned int}’ [-Wformat=] fprintf(f, "%s|%*.*s|%s\n", hdr, 0, sm->identity_len, sm->identity, user_password); ^ CC ../src/eap_server/eap_server_ttls.c CC ../src/eap_server/eap_server_mschapv2.c CC ../src/eap_server/eap_server_gtc.c CC ../src/eap_server/eap_server_sim.c CC ../src/eap_server/eap_server_aka.c CC ../src/eap_common/eap_sim_common.c CC ../src/eap_server/eap_sim_db.c CC ../src/eap_server/eap_server_pax.c CC ../src/eap_common/eap_pax_common.c CC ../src/eap_server/eap_server_psk.c CC ../src/eap_common/eap_psk_common.c CC ../src/eap_server/eap_server_sake.c CC ../src/eap_common/eap_sake_common.c CC ../src/eap_server/eap_server_gpsk.c CC ../src/eap_common/eap_gpsk_common.c CC ../src/eap_server/eap_server_pwd.c CC ../src/eap_common/eap_pwd_common.c CC ../src/eap_server/eap_server_eke.c CC ../src/eap_common/eap_eke_common.c CC ../src/eap_server/eap_server_fast.c CC ../src/eap_common/eap_fast_common.c CC ../src/eap_server/eap_server_ikev2.c CC ../src/eap_server/ikev2.c CC ../src/eap_common/eap_ikev2_common.c CC ../src/eap_common/ikev2_common.c CC ../src/eap_server/eap_server_tnc.c CC ../src/eap_server/tncs.c CC eap_register.c ../src/eap_server/eap_server.c: In function ‘eap_user_get’: ../src/eap_server/eap_server.c:100:49: warning: field precision specifier ‘.*’ expects argument of type ‘int’, but argument 3 has type ‘size_t {aka long unsigned int}’ [-Wformat=] wpa_printf(MSG_INFO, "MANA (EAP) : identity: %.*s", identity_len, identity); ^ CC ../src/eap_server/eap_server.c CC ../src/eap_common/eap_common.c CC ../src/eap_server/eap_server_methods.c CC ../src/eap_server/eap_server_identity.c CC ../src/crypto/ms_funcs.c CC ../src/eap_common/chap.c CC ../src/eap_server/eap_server_tls_common.c ../src/crypto/tls_openssl.c: In function ‘tls_init’: ../src/crypto/tls_openssl.c:812:2: warning: ‘TLSv1_method’ is deprecated [-Wdeprecated-declarations] ssl = SSL_CTX_new(TLSv1_method()); ^~~ In file included from /usr/include/openssl/ct.h:13:0, from /usr/include/openssl/ssl.h:61, from ../src/crypto/tls_openssl.c:19: /usr/include/openssl/ssl.h:1596:1: note: declared here DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_method(void)) /* TLSv1.0 */ ^ ../src/crypto/tls_openssl.c: In function ‘tls_deinit’: ../src/crypto/tls_openssl.c:868:3: warning: ‘ERR_remove_thread_state’ is deprecated [-Wdeprecated-declarations] ERR_remove_thread_state(NULL); ^~~~~~~~~~~~~~~~~~~~~~~ In file included from /usr/include/openssl/ct.h:13:0, from /usr/include/openssl/ssl.h:61, from ../src/crypto/tls_openssl.c:19: /usr/include/openssl/err.h:246:1: note: declared here DEPRECATEDIN_1_1_0(void ERR_remove_thread_state(void *)) ^ ../src/crypto/tls_openssl.c: In function ‘tls_load_ca_der’: ../src/crypto/tls_openssl.c:1540:40: error: dereferencing pointer to incomplete type ‘SSL_CTX {aka struct ssl_ctx_st}’ lookup = X509_STORE_add_lookup(ssl_ctx->cert_store, ^~ ../src/crypto/tls_openssl.c: In function ‘tls_connection_get_keys’: ../src/crypto/tls_openssl.c:2532:24: error: dereferencing pointer to incomplete type ‘SSL {aka struct ssl_st}’ if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL) ^~ ../src/crypto/tls_openssl.c: In function ‘tls_connection_set_session_ticket_cb’: ../src/crypto/tls_openssl.c:3534:44: warning: passing argument 2 of ‘SSL_set_session_secret_cb’ from incompatible pointer type [-Wincompatible-pointer-types] if (SSL_set_session_secret_cb(conn->ssl, tls_sess_sec_cb, ^~~~~~~~~~~~~~~ In file included from ../src/crypto/tls_openssl.c:19:0: /usr/include/openssl/ssl.h:1799:12: note: expected ‘tls_session_secret_cb_fn {aka int (*)(struct ssl_st *, void *, int *, struct stack_st_SSL_CIPHER *, const struct ssl_cipher_st **, void *)}’ but argument is of type ‘int (*)(SSL *, void *, int *, struct stack_st_SSL_CIPHER *, SSL_CIPHER **, void *) {aka int (*)(struct ssl_st *, void *, int *, struct stack_st_SSL_CIPHER *, struct ssl_cipher_st **, void *)}’ __owur int SSL_set_session_secret_cb(SSL *s, ^~~~~~~~~~~~~~~~~~~~~~~~~ ../src/crypto/tls_openssl.c: In function ‘tls_connection_resumed’: ../src/crypto/tls_openssl.c:2819:1: warning: control reaches end of non-void function [-Wreturn-type] } ^ Makefile:891: recipe for target '../src/crypto/tls_openssl.o' failed make: *** [../src/crypto/tls_openssl.o] Error 1
Compiling this branch on Kali Rolling, running OpenSSL version: 1.0.2j-1.
(I can compile the master branch without problems)
Here's the output produced:
root@fsociety-vm1:~/gits/hostapd-mana-2.6/hostapd# make
fatal: No names found, cannot describe anything.
CC main.c
CC config_file.c
CC ../src/ap/hostapd.c
CC ../src/ap/wpa_auth_glue.c
CC ../src/ap/drv_callbacks.c
CC ../src/ap/ap_drv_ops.c
CC ../src/ap/utils.c
CC ../src/ap/authsrv.c
CC ../src/ap/ieee802_1x.c
CC ../src/ap/ap_config.c
CC ../src/ap/eap_user_db.c
CC ../src/ap/ieee802_11_auth.c
CC ../src/ap/sta_info.c
CC ../src/ap/wpa_auth.c
CC ../src/ap/tkip_countermeasures.c
CC ../src/ap/ap_mlme.c
CC ../src/ap/wpa_auth_ie.c
CC ../src/ap/preauth_auth.c
CC ../src/ap/pmksa_cache_auth.c
CC ../src/ap/ieee802_11_shared.c
../src/ap/beacon.c: In function ‘handle_probe_req’:
../src/ap/beacon.c:892:11: error: ‘sta’ undeclared (first use in this function)
if (sta) {
^~~
../src/ap/beacon.c:892:11: note: each undeclared identifier is reported only once for each function it appears in
../src/ap/beacon.c:1152:13: error: invalid storage class for function ‘hostapd_probe_resp_offloads’
static u8 * hostapd_probe_resp_offloads(struct hostapd_data *hapd,
^~~~~~~~~~~~~~~~~~~~~~~~~~~
../src/ap/beacon.c:1588:1: error: expected declaration or statement at end of input
}
^
At top level:
../src/ap/beacon.c:1576:5: warning: ‘ieee802_11_update_beacons’ defined but not used [-Wunused-function]
int ieee802_11_update_beacons(struct hostapd_iface *iface)
^~~~~~~~~~~~~~~~~~~~~~~~~
../src/ap/beacon.c:1560:5: warning: ‘ieee802_11_set_beacons’ defined but not used [-Wunused-function]
int ieee802_11_set_beacons(struct hostapd_iface *iface)
^~~~~~~~~~~~~~~~~~~~~~
../src/ap/beacon.c:1191:6: warning: ‘sta_track_del’ defined but not used [-Wunused-function]
void sta_track_del(struct hostapd_sta_info *info)
^~~~~~~~~~~~~
Makefile:1036: recipe for target '../src/ap/beacon.o' failed
make: *** [../src/ap/beacon.o] Error 1
Hi,
I got error when client connect to my fake AP.
this is my AP conf.
[config_wifi.conf]
interface=wlx00c0ca977de5
ssid=Corporate-Wifi
channel=1
hw_mode=g
wpa=3
wpa_key_mgmt=WPA-EAP
wpa_pairwise=TKIP CCMP
auth_algs=3
ieee8021x=1
eap_server=1
eap_user_file=hostapd.eap_user1
ca_cert=sslforfree/ca_bundle.crt
server_cert=sslforfree/certificate.crt
private_key=sslforfree/unkey.key
[Log]
Configuration file: test.conf
MANA: Captured credentials will be written to file 'hostapd.credout'.
Using interface wlx00c0ca977de5 with hwaddr 00:c0:ca:97:7d:e5 and ssid "Corporate-Wifi"
wlx00c0ca977de5: interface state UNINITIALIZED->ENABLED
wlx00c0ca977de5: AP-ENABLED
wlx00c0ca977de5: STA 5c:c5:d4:7b:eb:a2 IEEE 802.11: authenticated
wlx00c0ca977de5: STA 5c:c5:d4:7b:eb:a2 IEEE 802.11: associated (aid 1)
wlx00c0ca977de5: CTRL-EVENT-EAP-STARTED 5c:c5:d4:7b:eb:a2
wlx00c0ca977de5: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlx00c0ca977de5: STA 5c:c5:d4:7b:eb:a2 IEEE 802.11: authenticated
wlx00c0ca977de5: STA 5c:c5:d4:7b:eb:a2 IEEE 802.11: associated (aid 1)
wlx00c0ca977de5: CTRL-EVENT-EAP-STARTED 5c:c5:d4:7b:eb:a2
wlx00c0ca977de5: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlx00c0ca977de5: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
wlx00c0ca977de5: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13
nl80211: EAPOL TX: Message too long
nl80211: EAPOL TX: Message too long
nl80211: EAPOL TX: Message too long
wlx00c0ca977de5: CTRL-EVENT-EAP-STARTED 5c:c5:d4:7b:eb:a2
wlx00c0ca977de5: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlx00c0ca977de5: STA 5c:c5:d4:7b:eb:a2 IEEE 802.11: authenticated
wlx00c0ca977de5: STA 5c:c5:d4:7b:eb:a2 IEEE 802.11: associated (aid 1)
wlx00c0ca977de5: CTRL-EVENT-EAP-STARTED 5c:c5:d4:7b:eb:a2
wlx00c0ca977de5: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlx00c0ca977de5: STA 5c:c5:d4:7b:eb:a2 IEEE 802.11: authenticated
wlx00c0ca977de5: STA 5c:c5:d4:7b:eb:a2 IEEE 802.11: associated (aid 1)
wlx00c0ca977de5: CTRL-EVENT-EAP-STARTED 5c:c5:d4:7b:eb:a2
wlx00c0ca977de5: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlx00c0ca977de5: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
wlx00c0ca977de5: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13
nl80211: EAPOL TX: Message too long
nl80211: EAPOL TX: Message too long
When a user attempts to use an ACL file containing VLAN IDs, hostapd-mana ignores all bitmasks after the first line containing a VLAN ID unless the line also has a VLAN ID.
For example, the bitmasks for the last three entries in the following hostapd.accept
file would be ignored:
Start hostapd-mana using the following configuration file and hostapd.accept
file (make sure to enable debug output using the -d
flag):
hostapd.conf
enable_mana=0
mana_loud=0
mana_macacl=1
interface=wlan0
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
ssid=testnetwork
hw_mode=g
channel=1
macaddr_acl=1
accept_mac_file=./hostapd.accept
ignore_broadcast_ssid=0
hostapd.accept
# List of MAC addresses that are allowed to authenticate (IEEE 802.11)
# with the AP. Optional VLAN ID can be assigned for clients based on the
# MAC address if dynamic VLANs (hostapd.conf dynamic_vlan option) are used.
00:11:22:33:44:55 00:ff:ff:ff:ff:ff
00:66:77:88:99:aa 1
a4:83:e7:02:1a:9c 00:00:00:ff:ff:ff
Make sure to use an external WiFi adapter rather than mac80211_hwsim
, since mac80211_hwsim
cycles through MAC addresses fairly quickly.
Set client MAC address to a4:83:e7:02:1a:9c
and attempt to connect to testnetwork
.
Observe the following line in hostapd's debug output:
In the hostapd_config_read_maclist()
function found within hostapd/config_file.c
(lines 184-320), the variable vlanflag
is not reset to 0
after each iteration of the while loop found on line 206
.
We first store the first mac address on line 17 (whitelisted mac address) in the variable addr
:
At this time, pos
is pointing to the character highlighted by the cursor in the following screenshot:
Next, we reach the following block of code, which is skipped since our hostapd.accept file does not flag any addresses for removal:
Next, we point pos
to the beginning of our buffer buf
(see previous screenshot) and assume our vlan_id is 0 (the default):
We then increment pointer pos
until it points to a character that is not a tab, not a space, and not a null terminator:
This causes pos
to point to the location shown in the screenshot below:
Next, we keep incrementing pos
until it's no longer pointing at a space or tab:
This causes pos
to point to the vlan ID at the end of the line, as shown in the following screenshot:
We then check to see if we've reached the end of the line (by checking if pos
is pointing to a null terminator). If it's not, we attempt to determine whether pos
pointing to the beginning of a mac address or whether pos
is pointing to a VLAN flag. If pos
is pointing to a VLAN flag, we store the VLAN flag in vlan_id
and set vlanflag
to TRUE.
Next, we set replace the newline character at the end of the string with a null terminator:
At this point, pos
is still pointing to the beginning of our VLAN ID. The next block of code checks to see if vlanflag
is set to TRUE. Since we set vlanflag
to TRUE earlier, we then increment pos
until it's pointing to either a null terminator or the start of a mac address (whichever comes first):
Pos is now pointing to the null terminator at the end of our line buffer (I'm depicting this as best I can using vim
):
The next block of code determines whether pos
is pointing to the end of the line or whether it's pointing the beginning of a mac address mask. In the latter case, it parses the mac address mask and stores it in mask
. In the former case, it sets mask
to ff:ff:ff:ff:ff:ff
(exact match).
A bunch of other stuff then happens, but it's not relevant. We proceed to the next iteration and read the next line of the file.
Here's the problem: we never reset vlanflag
to FALSE before the next iteration.
The next time we reach the following block of code...
... pos
will be pointing at the beginning of the mac address mask on line 18:
Since vlanflag
is still set to TRUE, pos
is then incremented to the end of the line, which causes the following block of code to set mask
to the default ff:ff:ff:ff:ff:ff
instead of the mask shown in the hostapd.accept
file:
The result is that every subsequent bitmask in the hostapd.accept
file is ignored (unless the line also contains a VLAN flag).
For a long time it is known that it is possible to perform a relay attack to gain access to certain enterprise wireless networks. Till now no such tool is available but a PoC has been created for hostapd some time ago. Would be an awesome function to have some day.
More info on the PoC for hostapd can be found here:
I'm using version 2.8 and it seems this option isn't accepted in configuration file.
Hi,
I can't seem to find an option like hostapd-wpe in here to always return EAP Success. Would be a nice addition, or is it already in there and have i overlooked something in the code.. Will it still work with FreeRADIUS-WPE and using hostapd-mana just as authenticator?
I tried with mana enabled...
The access point is created and works.
My 3 phones search for home network and the hostapd sees then and write that it's seanding the probe.
But none of the phones tries to connect to it unless I tell them to.
I have been testing the functionality lately and it definately has improved alot!
When reading the wiki i saw a function that was not mentioned in the default hostapd.conf provided with the mana functionality (mana_eaptls=1). Creating the following wifi profile on my android device (8.0.0) still results in failed authentication.
When performing a EAP dumb-down attack by asking for GTC, the plain text credentials do not appear in the log (also referenced #12). I set the ennode configuration to a log file. Perhaps not all methods are stored in logs?
hostapd.eap_user:
"t" PEAP,GTC,TTLS-MSCHAPV2,MSCHAPV2,MD5,TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,TTLS "1234test" [2]
Hostapd log:
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=11): 02 0c 00 0b 01 68 61 63 6b 65 72
EAP-PEAP: received Phase 2: code=2 identifier=12 length=11
EAP-Identity: Peer identity - hexdump_ascii(len=6):
68 61 63 6b 65 72 hacker
MANA (EAP) : identity: hacker
...
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=15): 02 0e 00 0f 06 70 61 73 73 77 6f 72 64 30 31
EAP-PEAP: received Phase 2: code=2 identifier=14 length=15
EAP-GTC: Response - hexdump_ascii(len=10):
70 61 73 73 77 6f 72 64 30 31 password01
EAP-GTC: Done - Failure
EAP-PEAP: Phase2 method failed
EAP-PEAP: PHASE2_METHOD -> FAILURE_REQ
EAP: EAP entering state METHOD_REQUEST
EAP: building EAP-Request: Identifier 15
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=4): 04 0f 00 04
Hi,
I'm trying to get hostapd and sycophant to work for a penetration test, however I can't seem te get it running.
When using berate_ap I get a segmentation fault (I also get a segmentation fault using hostapd directly when include the syphocant directory config line)
This segmentation fault is due to the sycophant_dir= config line
/berate_ap --eap --wpa-sycophant --mana-eapsuccess wlan0 eth0 TestingRogueAP
WARN: Your adapter does not fully support AP virtual interface, enabling --no-virt
Config dir: /tmp/create_ap.wlan0.conf.xwssmeiS
PID: 23136
Network Manager found, set wlan0 as unmanaged device... DONE
Please Provide Certificate Details
Generating a RSA private key
......................+++++
.....+++++
writing new private key to '/tmp/create_ap.wlan0.conf.xwssmeiS/hostapd.key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
........................+...........+..........................................................................................................................................................................+.............................+......................................................................................................+............................................................................................................................................................+............................+....................................................................................................+................................................................................................................++*++*++*++*
Using Example EAP User file
Please see /tmp/create_ap.wlan0.conf.xwssmeiS/hostapd.eap_user to create your own
Sharing Internet using method: nat
hostapd command-line interface: hostapd_cli -p /tmp/create_ap.wlan0.conf.xwssmeiS/hostapd_ctrl
Configuration file: /tmp/create_ap.wlan0.conf.xwssmeiS/hostapd.conf
./berate_ap: line 2284: 23312 Segmentation fault $STDBUF_PATH $HOSTAPD $HOSTAPD_DEBUG_ARGS $CONFDIR/hostapd.conf
^C
Doing cleanup.. done
Using hostapd directly
hostapd-mana hostapd.conf -dd
random: Trying to read entropy from /dev/random
Configuration file: hostapd.conf
ctrl_interface_group=0
MANA: Enabled
SYCOPHANT: Enabled
Segmentation fault
Hostapd config file
interface=wlan0
channel=6
ssid=Test
ieee8021x=1
eapol_key_index_workaround=0
eap_server=1
ca_cert=ca.pem
server_cert=server.pem
private_key=server.key
private_key_passwd=
dh_file=dhparam.pem
pac_opaque_encr_key=000102030405060708090a0b0c0d0e0f
eap_fast_a_id=101112131415161718191a1b1c1d1e1f
eap_fast_a_id_info=test server
eap_fast_prov=3
pac_key_lifetime=604800
pac_key_refresh_time=86400
wpa=1
wpa_key_mgmt=WPA-EAP
wpa_pairwise=TKIP CCMP
# Prevent dissasociations
disassoc_low_ack=0
ap_max_inactivity=3000
# Both open and shared auth
auth_algs=3
# no SSID cloaking
ignore_broadcast_ssid=2
# -1 = log all messages
logger_syslog=-1
logger_stdout=-1
# 2 = informational messages
logger_syslog_level=1
logger_stdout_level=1
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
# Finally, enable mana
enable_mana=1
# Limit mana to responding only to the device probing (0), or not (1)
mana_loud=0
# Extend MAC ACLs to probe frames
mana_macacl=0
# Put hostapd in white/black list mode
#macaddr_acl=0
# only used if you want to do filter by MAC address
#accept_mac_file=/etc/mana-toolkit/hostapd.accept
#deny_mac_file=/etc/mana-toolkit/hostapd.deny
enable_sycophant=1
sycophant_dir=/tmp/
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.