# Automation of MitM Attack on WiFi Networks - Instalation - Hardware requirements - Usage - Reference ## Installation ```bash make ``` The implemented automated tool depends on several other tools, which are being controlled. *Wifimitm* has to be able to start the required tools, therefore they have to be available on a user’s system. The *wifimitm* package itself can be automatically installed by the package’s `setup.py`. After the installation, the implemented automated tool can be started using its CLI named `wifimitmcli`. The rest of software dependencies can be satisfied by installation of required tools. For convenient setup of the implemented tool, a `Makefile` and several installation scripts and wrappers have been developed. *MITMf* has a number of dependencies, therefore it is highly recommended to use *MITMf* inside a virtual environment as stated in its installation guide[^MITMf_installation] . *MITMf* could be installed using the package[^AUR_mitmf-git] available on Arch User Repository (AUR), but unfortunately this package does not utilize the virtual environment. An installation script `MITMf_install.sh` is able to install *MITMf*, including its dependencies. This script also creates a virtual environment dedicated to *MITMf*. An implemented wrapper script is used to automate activation and deactivation of the virtual environment before and after running *MITMf*. After installation, *MITMf* can be easily run encapsulated in its virtual environment. *Wifiphisher* is available in form of an AUR package[^AUR_wifiphisher], but this package is not suitable for correct installation, because currently (May 2016), it is not updated to the changes in the repository structure of *wifiphisher*. An implemented installation script `wifiphisher_install.sh` is able to create a dedicated virtual environment and install *wifiphisher*. Convenient usage of *wifiphisher* installed inside its virtual environment is achieved by a wrapper similar to the one for *MITMf*. Due to the fact that some changes in *wifiphisher’s* source code were implemented, the installation script also applies a software patch to the installed *wifiphisher*. Tool *upc_keys* is implemented in the C language and therefore it is compiled during installation. Compiled *upc_keys* and the executable wrappers for *MITMf* and *wifiphisher*, which are described above, are linked from the `/usr/bin/` directory after the installation. The required tools are installed by their installation scripts to the `/opt/` directory. Installation of all the requirements can be started by `requirements_install.sh` script or `Makefile`. A usage of implemented `Makefile`, which can be used for a convenient installation, is shown in table below. A usage of *Makefile* |Command |Description | |-------------------|----------------------------------------------------------------| |`make requirements`|Install requirements. | |`make install` |Install the *wifimitm* package and the *wifimitmcli* tool. | |`make man` |Install a manual page of *wifimitmcli*. | |`make`, `make all` |Install requirements, the package, the tool and the manual page.| ### Hardware requirements Due to the nature of specific steps of the attack, a special hardware equipment is required. During the scanning and capturing of network traffic without being connected to the network, an attacking device needs a wireless network interface in monitor mode. For sending special forged packets, the wireless network interface also needs to be capable of packet injection. In order to be able to perform a phishing attack, a second wireless interface capable of master (AP) mode has to be available. The user can check whether his hardware is capable of packet injection using the *aireplay-ng* tool executed as `aireplay-ng --test `. Managing monitor mode of interface is possible with the *airmon-ng* tool. ## Usage After the installation, the CLI can be started via wifimitmcli. During *wifimitmcli’s* run, usual output information is written to *stdout*, notifications concerning errors are written to *stderr*. *Wifimitmcli* saves and loads attack data from the `∼/.wifimitm/` directory. According to the fact that *wifimitmcli* is an automated tool, it does not expect any input from a user during its progress. The user can control behaviour of *wifimitmcli* by program arguments provided at start of *wifimitmcli*. This way, *wifimitmcli* does not even have to be started manually by user, but it could be a part of other scripts. Table below shows an overview of program arguments of *wifimitmcli* tool. The synopsis of *wifimitmcli’s* arguments is specified as follows: ```bash wifimitmcli [-h] [-v] [-ll ] [-p] [-cf FILE ] ``` Program arguments of *wifimitmcli* |Argument |Description | |----------------------------------------|--------------------------------------------------------------------------------| |`-h`, `--help` |Show help message and exit. | |`-v`, `--version` |Show program’s version number and exit. | |`-ll `, `--logging-level `|Select logging level (choices: `disabled`, `critical`, `error`, `warning`, `info`, `debug`).| |`-p`, `--phishing` |Enable phishing attack if dictionary attack fails. | |`-cf FILE`, `--capture-file FILE` |Capture network traffic to provided file. | |`` |Attack network with provided SSID. | |`` |Use provided wireless network interface for attack. | As seen from the synopsis shown above, `` and `` arguments are mandatory to start *wifimitmcli*. In the case that provided arguments are not correct, an appropriate error message and the synopsis is shown and the program terminates immediately after the arguments check. For more information concerning usage of *wifimitmcli*, a user can start the tool with `-h` or `--help` argument, which results in showing a help page. More detailed information about *wifimitmcli* can be found on its installed manual page. ```sh man wifimitmcli ``` The implemented Python package *wifimitm* provides a functionality to log performed actions using Python’s *logging* [^Python_logging] module. Individual modules contained in the *wifimitm* package posses their own logger objects. The implemented *wifimitmcli* tool uses its logger as well. This approach makes it possible for *wifimitmcli* to control all noted loggers. Level of logging for the loggers can be set at start of *wifimitmcli* as a program argument. Upon termination of the *wifimitmcli* tool, appropriate exit code indicating the result is returned. Some of the implemented exit codes are inspired by sysexits[^sysexits] . Exit codes of the implemented automated tool are shown in table below. Exit codes of *wifimitmcli* |Value|Name |Description | |:---:|------------------------|---------------------------------------------------------------| | 0 |`EX_OK` |Program terminated successfully. | | 2 |`ARGUMENTS` |Incorrect or missing arguments provided. | | 69 |`EX_UNAVAILABLE` |Required program or file does not exist. | | 77 |`EX_NOPERM` |Permission denied. | | 79 |`TARGET_AP_NOT_FOUND` |Target AP was not found during scan. | | 80 |`NOT_IN_ANY_DICTIONARY` |WPA/WPA2 passphrase was not found in any available dictionary. | | 81 |`PHISHING_INCORRECT_PSK`|WPA/WPA2 passphrase obtained from phishing attack is incorrect.| | 82 |`SUBPROCESS_ERROR` |Failure in subprocess occured. | | 130 |`KEYBOARD_INTERRUPT` |Program received SIGINT. | ## Reference VONDRÁČEK, Martin. *Automation of MitM Attack on WiFi Networks*. Brno, 2016. Bachelor’s thesis. Brno University of Technology, Faculty of Information Technology. Supervisor Pluskal Jan, Briffa Johann. [^MITMf_installation]: URL: https://github.com/byt3bl33d3r/MITMf/wiki/Installation [^AUR_mitmf-git]: URL: https://aur.archlinux.org/packages/mitmf-git/ [^AUR_wifiphisher]: URL: https://aur.archlinux.org/packages/wifiphisher/ [^Python_logging]: URL: https://docs.python.org/3/library/logging.html [^sysexits]: URL: http://linux.die.net/include/sysexits.h *[AP]: Access Point *[STA]: Station *[WLAN]: Wireless Local Area Network *[HTTPS]: Hypertext Transfer Protocol Secure *[MITMf]: Framework for Man-In-The-Middle attacks *[CLI]: Command Line Interface *[AUR]: Arch User Repository *[stdin]: Standard input stream *[stdout]: Standard output stream *[stderr]: Standard error stream *[SSID]: Service Set Identifier *[WPA]: Wi-Fi Protected Access *[WPA2]: Wi-Fi Protected Access II *[ESSID]: Extended Service Set Identifier