原理簡介:
在wifi設備進行連接時,probe request幀是手機,電腦,平板等設備發出的請求幀,這個幀屬於管理幀的分組。
通過分析請求幀我們可知道,請求幀的subtype == 0x04,其中包括mac地址信息。設備搜索熱點時發送的探求信號,在一些新設備中,爲了隱藏自己的真實mac地址,採用的是發送僞mac地址的探求信號,所以在探求幀中是無法獲取真實的mac地址。一些老設備中沒有此類功能,所以可以採集到真實的mac地址。響應幀subtype==0x05,同樣包含mac地址信息。同樣如此,基站向僞mac地址迴應設備,所以統一無法獲得真實的mac地址信息。在設備接入基站的過程中,需要進行關聯請求也可稱爲認證,在此過程中,設備所發射的幀中所包含的mac頭地址中真實的mac地址,因此我們可以在此過程中獲取真實的mac信息。
通過分析請求幀我們可知道,請求幀的subtype == 0x00,其中包括mac地址信息。同樣還存在一個關聯響應幀,subtype==0x01.
貼上部分代碼:
Makefile:
include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=WiFi _detect
PKG_VERSION:=1.1
PKG_RELEASE:=1
PKG_BUILD_DIR:= $(BUILD_DIR)/$(PKG_NAME)
include $(INCLUDE_DIR)/package.mk
define Package/$(PKG_NAME)
SECTION:=utils
CATEGORY:=Utilities
TITLE:=WiFi _detect
DEPENDS:=+libpcap +libpthread
MAINTAINER:=LNStar
endef
define Package/Scaner/description
WiFi _detect
endef
define Build/Prepare
mkdir -p $(PKG_BUILD_DIR)
$(CP) ./src/* $(PKG_BUILD_DIR)/
endef
define Package/WiFi _detect/install
$(INSTALL_DIR) $(1)/bin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/Scaner $(1)/bin/
endef
$(eval $(call BuildPackage,WiFi _detect))
數據包解析代碼:
struct ieee80211_radiotap_iterator iter;
if (ieee80211_radiotap_iterator_init(&iter, (struct ieee80211_radiotap_header *)packet, ((struct ieee80211_radiotap_header *)packet)->it_len, NULL))
{
continue;
}
header = (i3e_header *)(packet + le16toh(((struct ieee80211_radiotap_header *)packet)->it_len));
header->fc = le16toh(header->fc);
u_char type = (header->fc & 0x0c) >> 2;
u_char stype = (header->fc & 0xf0) >> 4;
Packet_Info Info;
Packet_Info_Init(&Info);
switch (type)
{
case 0x00:
{
if (stype == 0x04 || stype == 0x05 || stype == 0x08) //probe request /resp
{
struct ControlFrame_Body Body;
memcpy(&Body, (uint8_t *)header + 24, sizeof(struct ControlFrame_Body));
Body.SSID = (uint8_t *)header + 38;
if (Body.Element_ID == 0)
{
Body.SSID_Length > 32 ? Body.SSID_Length = 32 : Body.SSID_Length;
char *ESSID = (char *)malloc(Body.SSID_Length + 1);
memcpy(ESSID, Body.SSID, Body.SSID_Length);
ESSID[Body.SSID_Length] = 0;
Info.ESSID = ESSID;
}
}
}
case 0x02:
{
memcpy(Info.Source_Mac.MAC_SLICE, header->sa, 6);
memcpy(Info.Target_Station_Mac.MAC_SLICE, header->da, 6);
break;
}
http post 請求代碼:
char *List_Element_To_Str(List *pList)
{
extern unsigned char mac_addr[6];
int Str_Length = 0;
char Flag = 0;
Node *pCurrent = pList->Header;
/***************Fill the Request Body***************/
char *pBody = (char *)malloc(sizeof(char) * pList->Num * 45 + 45);
Str_Length = sprintf(pBody, "{\"node\":\"%x:%x:%x:%x:%x:%x\",\"nearby\":[", mac_addr[0], mac_addr[1], mac_addr[2], mac_addr[3], mac_addr[4], mac_addr[5]);
while (pCurrent)
{
Str_Length += sprintf(pBody + Str_Length, "{\"mac\":\"%x:%x:%x:%x:%x:%x\",\"rssi\":%d},",
pCurrent->Key.MAC_SLICE[0], pCurrent->Key.MAC_SLICE[1], pCurrent->Key.MAC_SLICE[2],
pCurrent->Key.MAC_SLICE[3], pCurrent->Key.MAC_SLICE[4], pCurrent->Key.MAC_SLICE[5],
pCurrent->RSSI / pCurrent->RSSI_Counter);
pCurrent = pCurrent->Next;
Flag = 1;
}
pBody[Flag ? Str_Length - 1 : Str_Length] = ']';
pBody[Str_Length++] = '}';
pBody[Str_Length] = 0;
/***************Here comes to add Header*************/
const char *HttpHeader = "POST /mac/post HTTP/1.1\r\nHost: xxxxxxxx.com\r\nContent-Type: text/plain\r\nAccept: */*\nAccept-Encoding: deflate, br\r\nConnection: close\r\nContent-Length:";
int pBody_Length = strlen(pBody), pBody_Request_Length = 1;
for (; pBody_Length /= 10; pBody_Request_Length++)
; //Get the length of i to string
int pStr_Length = strlen(pBody) + strlen(HttpHeader) + pBody_Request_Length + 4;
char *pStr = (char *)malloc(pStr_Length + 1);
Str_Length = sprintf(pStr, "%s%d\r\n\r\n%s", HttpHeader, Str_Length, pBody);
pStr[Str_Length] = 0;
free(pBody);
if (Str_Length != pStr_Length)
{
printf("Str_Length:%d,pStr_Length:%d,pList_Num:%d\r\n", Str_Length, pStr_Length, pBody_Request_Length);
printf("%s\r\n", pStr);
exit(1);
}
return pStr;
}
具體代碼,可聯繫本人。
qq:739980123