EAPOLAuthentication issue

[aiddenkeli]

After letting it run with a TPLink wireless adapter recommended for snoopy-ng on a BeagleBone Black It eventually fails with this error. I'm not sure if it is related to any of the previous mentioned issues.

Command ran: ./snoopy.py -vv -m wifi:mon=True -l test -d test

Error: Traceback (most recent call last): File “./snoopy.py”, line 428, in main() File “./snoopy.py”, line 425, in main options.key, options.location, options.flush, options.verbose) File “./snoopy.py”, line 91, in init self.go() File “./snoopy.py”, line 133, in go self.get_data() File “./snoopy.py”, line 154, in get_data multidata = m.get_data() File “/home/ubuntu/snoopy-ng/plugins/wfi.py”, line 178, in get_data m.proc_packet(packet) File “/home/ubuntu/snoopy-ng/plugins/mods80211/wpa.py”, line 50, in proc_packet self.cp.parse_packet(p) File “/usr/local/lib/python2.7/dist-packages/cpyrit/pcktools.py”, line 460, in parse_packet self.new_auth_callback(auth) File “/home/ubuntu/snoopy-ng/plugins/mods80211/wpa.py”, line 25, in auth_handler tmp_eap = auth[1] TypeError: “EAPOLAuthentication” object does not support indexing

[glennzw]

Thanks for the feedback, I haven't encountered this error before. Does it happen every time, or was it just a once off? Could you check which version of pyrit you have installed?

[aiddenkeli]

Version 0.3.0 Pyrite It happens after snoopy is let to run for an indeterminate period of time.

[CCRDude]

Same here. Exactly the same callstack. Pyrit 0.3 from source. Last line before it happened [+] Sub-plugin wifi_clients currently observing 9 client devices which is the first time number of devices went up to 9. Not sure which device that was though, so can't really check if there's something special about its connection.

[maximcherny]

This error seems to happen in the context of WPA handshake capture and presents a rare but possible occurrence of this capture taking place in a passive situation.

It is unlikely related to the number of observed devices.

What I would suggest, if you are comfortable making the following change to your local copy:

[snoopy-ng-dir]/plugins/mods80211/wpa.py

Line 25. Change from:

tmp_eap = auth[1]

To:

tmp_eap = auth

And run your drone again. Please report back whether it happens again. I suspect there may be a typo in the code, because the EAPOLAuthentication object based on http://pyrit.googlecode.com/svn/trunk/pyrit/cpyrit/pckttools.py does not support this type of accessor (although that is for 0.4, I also checked the code of 0.3).

[CCRDude]

Thanks for the fast reply! I made the changes and so far, it ran without the issue for a few hours. Will continue to watch and report should it re-appear.

[jimbonet]

I too had the problem CCRDude describes - tried maximcherny code change but still got issue after a day of running. As I am not interested in capturing handshake information I just changed wpa.py and wpa.pyc to .bk and so far been running 4 days without issue.

I have a cron script that runs every 5 mins to check that python process is running and if its not it then reboots as well as a reboot at midnight.

Was thinking of echoing the output of snoopy log to the watchdog timer(built into raspberry pi and BBB so that if snoopy hangs and the python process is still running it will automatically reboot if the watchdog doesn't get written to in 60 seconds. A bit long winded I know but I am trying to avoid down time.