原理简介:
在wifi设备进行连接时,probe request帧是手机,电脑,平板等设备发出的请求帧,这个帧属于管理帧的分组。
通过分析请求帧我们可知道,请求帧的subtype == 0x04
,其中包括mac地址信息。设备搜索热点时发送的探求信号,在一些新设备中,为了隐藏自己的真实mac地址,采用的是发送伪mac地址的探求信号,所以在探求帧中是无法获取真实的mac地址。一些老设备中没有此类功能,所以可以采集到真实的mac地址。响应帧subtype==0x05
,同样包含mac地址信息。同样如此,基站向伪mac地址回应设备,所以统一无法获得真实的mac地址信息。在设备接入基站的过程中,需要进行关联请求也可称为认证,在此过程中,设备所发射的帧中所包含的mac头地址中真实的mac地址,因此我们可以在此过程中获取真实的mac信息。
通过分析请求帧我们可知道,请求帧的subtype == 0x00
,其中包括mac地址信息。同样还存在一个关联响应帧,subtype==0x01
.
贴上部分代码:
Makefile:
include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=WiFi _detect
PKG_VERSION:=1.1
PKG_RELEASE:=1
PKG_BUILD_DIR:= $(BUILD_DIR)/$(PKG_NAME)
include $(INCLUDE_DIR)/package.mk
define Package/$(PKG_NAME)
SECTION:=utils
CATEGORY:=Utilities
TITLE:=WiFi _detect
DEPENDS:=+libpcap +libpthread
MAINTAINER:=LNStar
endef
define Package/Scaner/description
WiFi _detect
endef
define Build/Prepare
mkdir -p $(PKG_BUILD_DIR)
$(CP) ./src/* $(PKG_BUILD_DIR)/
endef
define Package/WiFi _detect/install
$(INSTALL_DIR) $(1)/bin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/Scaner $(1)/bin/
endef
$(eval $(call BuildPackage,WiFi _detect))
数据包解析代码:
struct ieee80211_radiotap_iterator iter;
if (ieee80211_radiotap_iterator_init(&iter, (struct ieee80211_radiotap_header *)packet, ((struct ieee80211_radiotap_header *)packet)->it_len, NULL))
{
continue;
}
header = (i3e_header *)(packet + le16toh(((struct ieee80211_radiotap_header *)packet)->it_len));
header->fc = le16toh(header->fc);
u_char type = (header->fc & 0x0c) >> 2;
u_char stype = (header->fc & 0xf0) >> 4;
Packet_Info Info;
Packet_Info_Init(&Info);
switch (type)
{
case 0x00:
{
if (stype == 0x04 || stype == 0x05 || stype == 0x08) //probe request /resp
{
struct ControlFrame_Body Body;
memcpy(&Body, (uint8_t *)header + 24, sizeof(struct ControlFrame_Body));
Body.SSID = (uint8_t *)header + 38;
if (Body.Element_ID == 0)
{
Body.SSID_Length > 32 ? Body.SSID_Length = 32 : Body.SSID_Length;
char *ESSID = (char *)malloc(Body.SSID_Length + 1);
memcpy(ESSID, Body.SSID, Body.SSID_Length);
ESSID[Body.SSID_Length] = 0;
Info.ESSID = ESSID;
}
}
}
case 0x02:
{
memcpy(Info.Source_Mac.MAC_SLICE, header->sa, 6);
memcpy(Info.Target_Station_Mac.MAC_SLICE, header->da, 6);
break;
}
http post 请求代码:
char *List_Element_To_Str(List *pList)
{
extern unsigned char mac_addr[6];
int Str_Length = 0;
char Flag = 0;
Node *pCurrent = pList->Header;
/***************Fill the Request Body***************/
char *pBody = (char *)malloc(sizeof(char) * pList->Num * 45 + 45);
Str_Length = sprintf(pBody, "{\"node\":\"%x:%x:%x:%x:%x:%x\",\"nearby\":[", mac_addr[0], mac_addr[1], mac_addr[2], mac_addr[3], mac_addr[4], mac_addr[5]);
while (pCurrent)
{
Str_Length += sprintf(pBody + Str_Length, "{\"mac\":\"%x:%x:%x:%x:%x:%x\",\"rssi\":%d},",
pCurrent->Key.MAC_SLICE[0], pCurrent->Key.MAC_SLICE[1], pCurrent->Key.MAC_SLICE[2],
pCurrent->Key.MAC_SLICE[3], pCurrent->Key.MAC_SLICE[4], pCurrent->Key.MAC_SLICE[5],
pCurrent->RSSI / pCurrent->RSSI_Counter);
pCurrent = pCurrent->Next;
Flag = 1;
}
pBody[Flag ? Str_Length - 1 : Str_Length] = ']';
pBody[Str_Length++] = '}';
pBody[Str_Length] = 0;
/***************Here comes to add Header*************/
const char *HttpHeader = "POST /mac/post HTTP/1.1\r\nHost: xxxxxxxx.com\r\nContent-Type: text/plain\r\nAccept: */*\nAccept-Encoding: deflate, br\r\nConnection: close\r\nContent-Length:";
int pBody_Length = strlen(pBody), pBody_Request_Length = 1;
for (; pBody_Length /= 10; pBody_Request_Length++)
; //Get the length of i to string
int pStr_Length = strlen(pBody) + strlen(HttpHeader) + pBody_Request_Length + 4;
char *pStr = (char *)malloc(pStr_Length + 1);
Str_Length = sprintf(pStr, "%s%d\r\n\r\n%s", HttpHeader, Str_Length, pBody);
pStr[Str_Length] = 0;
free(pBody);
if (Str_Length != pStr_Length)
{
printf("Str_Length:%d,pStr_Length:%d,pList_Num:%d\r\n", Str_Length, pStr_Length, pBody_Request_Length);
printf("%s\r\n", pStr);
exit(1);
}
return pStr;
}
具体代码,可联系本人。
qq:739980123