Version 7.0

## What's new - Updated to Version 1.6 of ESP8266_Deauther - HTML injection vulnerability fixed - MAC address for SSID beacons can be changed in settings - increased stealth by randomizing the mac address - Improved SSID clone, beacons can be individually encrypted or not - Fixed display bug when scanning for APs - Added beacon flood attack to OLED version - 90%+ speed improvements! Thanks to the `Cache-Control` headers, the page load speed have significantly increased. This should stop the pages from failing to load and glitching (Option in settings to turn this off) - Check for update feature! You can now go to the Info page and click `Check for updates`, which will bring up a page that checks your installed version against the latest - Updated footer to include link to my Development Discord server - Settings page input boxes now fade in from being disabled if you mark their companion checkboxes - Removed background SVG, it was causing Lag - Serial outputs to table (Still need to improve this) - GPIO Control page implemented (but still not functional) - Nav shadow is invisible whilst at the top of the page, but fades in as you scroll - Bug fixes - Scan page now redirects to folder root instead of server root - Pink `STOP` buttons replaced with RED ones - Fixed settings page `Leave page` confirm dialog triggering when not required and not triggering when - Removed custom scrollbar on mobile versions - Removed Simplify feature, it was too difficult to implement whilst keeping Wi-PWN as fast as possible - Other minor fixes
samdenty · Aug 9, 2017 · 38f7a28 · 38f7a28
1 parent 8303378
commit 38f7a28
Show file tree

Hide file tree

Showing 11 changed files with 94 additions and 132 deletions.
diff --git a/arduino/Wi-PWN/APScan.cpp b/arduino/Wi-PWN/APScan.cpp
@@ -20,7 +20,7 @@ bool APScan::start() {
 
   if (debug) Serial.println("Scan results: "+(String)results);
 
-  for (int i = 0; i < results; i++) {
+  for (int i = 0; i < results && i < maxAPScanResults; i++) {
     Mac _ap;
     _ap.set(WiFi.BSSID(i)[0], WiFi.BSSID(i)[1], WiFi.BSSID(i)[2], WiFi.BSSID(i)[3], WiFi.BSSID(i)[4], WiFi.BSSID(i)[5]);
     aps.add(_ap);

diff --git a/arduino/Wi-PWN/Attack.cpp b/arduino/Wi-PWN/Attack.cpp
@@ -139,12 +139,8 @@ void Attack::sendDeauths(Mac from, Mac to){
     buildDeauth(from, to, 0xc0, settings.deauthReason );
     if(send()) packetsCounter[0]++;
     buildDeauth(from, to, 0xa0, settings.deauthReason );
-    send();
-    buildDeauth(to, from, 0xc0, settings.deauthReason );
-    send();
-    buildDeauth(to, from, 0xa0, settings.deauthReason );
-    send();
-    delay(5);
+    if(send()) packetsCounter[0]++;
+    delay(3);
   }
 }
 

diff --git a/arduino/Wi-PWN/Wi-PWN.ino b/arduino/Wi-PWN/Wi-PWN.ino
@@ -170,142 +170,67 @@ void loadSetupHTML() {
     server.sendHeader("Cache-Control", "no-cache, no-store, must-revalidate");
     server.sendHeader("Pragma", "no-cache");
     server.sendHeader("Expires", "0");
-    sendFile(200, "text/html", data_setup_HTML, sizeof(data_setup_HTML));
+    sendFile(200, "text/html", data_setup_HTML, sizeof(data_setup_HTML), true);
 }
 void loadIndexHTML() {
-  if (settings.cache) {
-    server.sendHeader("Cache-Control", "max-age=200");
-  } else {
-    server.sendHeader("Cache-Control", "no-cache, no-store, must-revalidate");
-  }
-  sendFile(200, "text/html", data_index_HTML, sizeof(data_index_HTML));
+  sendFile(200, "text/html", data_index_HTML, sizeof(data_index_HTML), false);
 }
 void loadUsersHTML() {
-  if (settings.cache) {
-    server.sendHeader("Cache-Control", "max-age=200");
-  } else {
-    server.sendHeader("Cache-Control", "no-cache, no-store, must-revalidate");
-  }
-  sendFile(200, "text/html", data_users_HTML, sizeof(data_users_HTML));
+  sendFile(200, "text/html", data_users_HTML, sizeof(data_users_HTML), false);
 }
 void loadAttackHTML() {
-  if (settings.cache) {
-    server.sendHeader("Cache-Control", "max-age=200");
-  } else {
-    server.sendHeader("Cache-Control", "no-cache, no-store, must-revalidate");
-  }
-  sendFile(200, "text/html", data_attack_HTML, sizeof(data_attack_HTML));
+  sendFile(200, "text/html", data_attack_HTML, sizeof(data_attack_HTML), false);
 }
 void loadDetectorHTML() {
-  if (settings.cache) {
-    server.sendHeader("Cache-Control", "max-age=200");
-  } else {
-    server.sendHeader("Cache-Control", "no-cache, no-store, must-revalidate");
-  }
-  sendFile(200, "text/html", data_detector_HTML, sizeof(data_detector_HTML));
+  sendFile(200, "text/html", data_detector_HTML, sizeof(data_detector_HTML), false);
 }
 void loadControlHTML() {
-  if (settings.cache) {
-    server.sendHeader("Cache-Control", "max-age=200");
-  } else {
-    server.sendHeader("Cache-Control", "no-cache, no-store, must-revalidate");
-  }
-  sendFile(200, "text/html", data_control_HTML, sizeof(data_control_HTML));
+  sendFile(200, "text/html", data_control_HTML, sizeof(data_control_HTML), false);
 }
 void loadSettingsHTML() {
-  if (settings.cache) {
-    server.sendHeader("Cache-Control", "max-age=200");
-  } else {
-    server.sendHeader("Cache-Control", "no-cache, no-store, must-revalidate");
-  }
-  sendFile(200, "text/html", data_settings_HTML, sizeof(data_settings_HTML));
+  sendFile(200, "text/html", data_settings_HTML, sizeof(data_settings_HTML), false);
 }
 void load404() {
-  if (settings.cache) {
-    server.sendHeader("Cache-Control", "max-age=200");
-  } else {
-    server.sendHeader("Cache-Control", "no-cache, no-store, must-revalidate");
-  }
-  sendFile(404, "text/html", data_error_HTML, sizeof(data_error_HTML));
+  sendFile(404, "text/html", data_error_HTML, sizeof(data_error_HTML), false);
 }
 void loadInfoHTML(){
-  if (settings.cache) {
-    server.sendHeader("Cache-Control", "max-age=200");
-  } else {
-    server.sendHeader("Cache-Control", "no-cache, no-store, must-revalidate");
-  }
-  sendFile(200, "text/html", data_info_HTML, sizeof(data_info_HTML));
+  sendFile(200, "text/html", data_info_HTML, sizeof(data_info_HTML), false);
 }
 
 void loadFunctionsJS() {
-  if (settings.cache) {
-    server.sendHeader("Cache-Control", "max-age=300");
-  } else {
-    server.sendHeader("Cache-Control", "no-cache, no-store, must-revalidate");
-  }
-  sendFile(200, "text/javascript", data_functions_JS, sizeof(data_functions_JS));
+  sendFile(200, "text/javascript", data_functions_JS, sizeof(data_functions_JS), false);
 }
 void loadScanJS() {
-  if (settings.cache) {
-    server.sendHeader("Cache-Control", "max-age=300");
-  } else {
-    server.sendHeader("Cache-Control", "no-cache, no-store, must-revalidate");
-  }
-  sendFile(200, "text/javascript", data_scan_JS, sizeof(data_scan_JS));
+  sendFile(200, "text/javascript", data_scan_JS, sizeof(data_scan_JS), false);
 }
 void loadUsersJS() {
-  if (settings.cache) {
-    server.sendHeader("Cache-Control", "max-age=300");
-  } else {
-    server.sendHeader("Cache-Control", "no-cache, no-store, must-revalidate");
-  }
-  sendFile(200, "text/javascript", data_users_JS, sizeof(data_users_JS));
+  sendFile(200, "text/javascript", data_users_JS, sizeof(data_users_JS), false);
 }
 void loadAttackJS() {
   attack.ssidChange = true;
-  if (settings.cache) {
-    server.sendHeader("Cache-Control", "max-age=300");
-  } else {
-    server.sendHeader("Cache-Control", "no-cache, no-store, must-revalidate");
-  }
-  sendFile(200, "text/javascript", data_attack_JS, sizeof(data_attack_JS));
+  sendFile(200, "text/javascript", data_attack_JS, sizeof(data_attack_JS), false);
 }
 void loadControlJS() {
-  if (settings.cache) {
-    server.sendHeader("Cache-Control", "max-age=300");
-  } else {
-    server.sendHeader("Cache-Control", "no-cache, no-store, must-revalidate");
-  }
-  sendFile(200, "text/javascript", data_control_JS, sizeof(data_control_JS));
+  sendFile(200, "text/javascript", data_control_JS, sizeof(data_control_JS), false);
 }
 void loadSettingsJS() {
-  if (settings.cache) {
-    server.sendHeader("Cache-Control", "max-age=300");
-  } else {
-    server.sendHeader("Cache-Control", "no-cache, no-store, must-revalidate");
-  }
-  sendFile(200, "text/javascript", data_settings_JS, sizeof(data_settings_JS));
+  sendFile(200, "text/javascript", data_settings_JS, sizeof(data_settings_JS), false);
 }
 
 void loadStyle() {
-  if (settings.cache) {
-    server.sendHeader("Cache-Control", "max-age=300");
-  } else {
-    server.sendHeader("Cache-Control", "no-cache, no-store, must-revalidate");
-  }
-  sendFile(200, "text/css;charset=UTF-8", data_main_CSS, sizeof(data_main_CSS));
+  sendFile(200, "text/css;charset=UTF-8", data_main_CSS, sizeof(data_main_CSS), false);
 }
 
 void loadDarkMode() {
   if (settings.darkMode) {
-    sendFile(200, "text/css;charset=UTF-8", data_dark_CSS, sizeof(data_dark_CSS));
+    sendFile(200, "text/css;charset=UTF-8", data_dark_CSS, sizeof(data_dark_CSS), true);
   } else {
     server.send(200, "text/html", "/* Dark mode disabled */");
   }
 }
 
 void loadDarkModeForce() {
-   sendFile(200, "text/css;charset=UTF-8", data_dark_CSS, sizeof(data_dark_CSS));
+   sendFile(200, "text/css;charset=UTF-8", data_dark_CSS, sizeof(data_dark_CSS), true);
 }
 
 void loadRedirectHTML() {
@@ -463,7 +388,7 @@ void addSSID() {
     }
     attack.ssidChange = true;
     server.send( 200, "text/json", "true");
-  }else server.send( 200, "text/json", "false");
+  } else server.send( 200, "text/json", "false");
 }
 
 void cloneSelected(){

diff --git a/arduino/Wi-PWN/Wi-PWN.ino.nodemcu.bin b/arduino/Wi-PWN/Wi-PWN.ino.nodemcu.bin
diff --git a/arduino/Wi-PWN/data.h b/arduino/Wi-PWN/data.h
diff --git a/web_server/html/attackInfo.json b/web_server/html/attackInfo.json
@@ -28,7 +28,25 @@
       }
    ],
    "ssid":[
-      "dhrjej",
-      "dhdhsgsh"
+      [  
+         "Test 1",
+         1
+      ],
+      [  
+         "Test 2",
+         0
+      ],
+      [  
+         "Test 3",
+         0
+      ],
+      [  
+         "Test 4",
+         1
+      ],
+      [  
+         "Test 5",
+         0
+      ]
    ]
 }
diff --git a/web_server/html/info.html b/web_server/html/info.html
@@ -53,12 +53,12 @@
                         <br>
                         <a href="https://github.com/SaltyViper" target="_blank">@SaltyViper</a>
                         <br>
+                        <a href="https://github.com/tobozo" target="_blank">@tobozo</a>
+                        <br>
                         <a href="https://github.com/LarzJ" target="_blank">@LarzJ</a> (Larz Jacobs)
                         <br>
                         <a href="https://github.com/ericktedeschi" target="_blank">@ericktedeschi</a> (Erick Belluci Tedeschi)
                         <br>
-                        <a href="https://github.com/tobozo" target="_blank">@tobozo</a>
-                        <br>
                         <a href="https://github.com/andrbmgi" target="_blank">@andrbmgi</a>
                         <br>
                         <a href="https://github.com/SamuelKlit" target="_blank">@SamuelKlit</a> (Samuel KS)

diff --git a/web_server/html/js/attack.js b/web_server/html/js/attack.js
@@ -9,6 +9,7 @@ var selectedAPs = getE("selectedAPs"),
     randomBtn = getE("randomBtn"),
     resultInterval = '',
     randomIntrvl = 5,
+    enc = getE("enc"),
     data = {},
     randSSID = document.getElementById('randSSID');
 
@@ -74,10 +75,14 @@ function getResults() {
             ssidCounter.innerHTML = " ("+ data.length + "/48)";
 
             var tr = "<tr><th>SSID</th><th><a onclick='clearSSID()' class='right' style='padding-right:10px'>Clear</a></th></tr>";
-            for (var i = 0; i < res.ssid.length; i++) {
+            for (var i = 0; i < data.length; i++) {
                 tr += "<tr>";
-                tr += "<td>" + res.ssid[i] + "</td>";
-                tr += '<td><div class="edit delete" onclick="deleteSSID(' + i + ')">&times;</div></td>';
+                tr += "<td>" + escapeHTML(data[i][0]) + "</td>";
+                if((data[i][1] == 1)) 
+                    var lockIcon = '<div class="edit enc"><svg viewBox="0 0 24 24"><path d="M12,17A2,2 0 0,0 14,15C14,13.89 13.1,13 12,13A2,2 0 0,0 10,15A2,2 0 0,0 12,17M18,8A2,2 0 0,1 20,10V20A2,2 0 0,1 18,22H6A2,2 0 0,1 4,20V10C4,8.89 4.9,8 6,8H7V6A5,5 0 0,1 12,1A5,5 0 0,1 17,6V8H18M12,3A3,3 0 0,0 9,6V8H15V6A3,3 0 0,0 12,3Z"/></svg></div>'
+                else
+                    var lockIcon = ''
+                tr += '<td><div class="edit delete" onclick="deleteSSID(' + i + ')">&times;</div>' + lockIcon + '</td>';
                 tr += "</tr>";
             }
             ssidList.innerHTML = tr;
@@ -106,7 +111,7 @@ function addSSID() {
         if (_ssidName.length > 0) {
             if (data.length >= 64) notify("SSID list full (E16)", 2500);
             else {
-                getResponse("addSSID.json?ssid=" + _ssidName + "&num=" + num.value, getResults);
+                getResponse("addSSID.json?ssid=" + _ssidName + "&num=" + num.value + "&enc=" + enc.checked, getResults);
             }
         }
     }

diff --git a/web_server/html/js/functions.js b/web_server/html/js/functions.js
@@ -1,4 +1,4 @@
-var version = "6.2",
+var version = "7.0",
     sL = getE('spinner-container'),
     notification = document.getElementById("notification"),
     themeColor = getComputedStyle(document.body),

diff --git a/web_server/html/js/users.js b/web_server/html/js/users.js
@@ -178,7 +178,8 @@ function countdown(stop) {
     } else if (countdownRemaining == 0) {
         notify("Scan complete! Reconnect and reload the page");
         indicate(true);
-        clearInterval(startCountdown)
+        clearInterval(startCountdown);
+        autoReload();
     } else {
         if (countdownRemaining == '') countdownRemaining = scanTime;
         notify("Scanning for users ~ "+countdownRemaining+"s remaining");

diff --git a/web_server/html/main.css b/web_server/html/main.css
@@ -45,19 +45,19 @@ nav {
     background: #1976d2;
 }
 nav::after {
-  content: '';
-  position: absolute;
-  z-index: -1;
-  width: 110%;
-  margin-left: -5%;
-  height: 100%;
-  opacity: 0;
-  box-shadow: 0 5px 6px -3px rgba(0, 0, 0, 0.4);
-  transition: opacity 500ms;
-  top: 0;
+    content: '';
+    position: absolute;
+    z-index: -1;
+    width: 110%;
+    margin-left: -5%;
+    height: 100%;
+    opacity: 0;
+    box-shadow: 0 5px 6px -3px rgba(0, 0, 0, 0.4);
+    transition: opacity 500ms;
+    top: 0;
 }
 nav.n-shadow::after {
-  opacity: 1;
+    opacity: 1;
 }
 nav #links {
     overflow-x: scroll;
@@ -356,9 +356,9 @@ h1 {
 .samddAttrib {
     font-size: 1.2em;
     font-weight: bold;
-    padding-left:5px;
-    margin-top:5px !important;
+    margin-top: 12px !important;
     color: #ff7233 !important;
+    display: block;
 }
 .samddAttrib button {
     background: #ff4f00 !important;
@@ -398,9 +398,10 @@ img, nav, td {
 }
 .light-6 {
     opacity: .6;
+    font-size: 11px;
+    text-transform: uppercase;
 }
-a,
-.a {
+a, .a {
     cursor: pointer;
     text-decoration: none;
     color: #2196f3;
@@ -946,6 +947,11 @@ footer a {
     .card-small.smaller {
         min-height: 300px;
     }
+    .samddAttrib {
+        padding-left: 5px;
+        display: inline-block;
+        margin-top: 5px !important;
+    }
 }
 
 /************************ Tablet & mobile only styles *************************/
@@ -990,6 +996,9 @@ footer a {
         font-size: 13px;
         float: none !important;
     }
+    .samddAttrib {
+        font-size: 1em
+    }
 }
 @media (max-width:539px) {
     table#apscan td:nth-child(4), table#apscan th:nth-child(4) {
@@ -1098,6 +1107,10 @@ footer a {
     font-size: 29px;
     line-height: 26px;
 }
+.edit.enc {
+    background: none !important;
+    pointer-events: none;
+}
 
 /******************************** Waves library *******************************/
 .waves-effect {