diff --git a/CMakeLists.txt b/CMakeLists.txt index 665610a9fe..43b8efd72c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1167,7 +1167,7 @@ if (NOT WIN32) find_package(M REQUIRED) endif() -if(BUILD_sshdump OR BUILD_ciscodump) +if(BUILD_sshdump OR BUILD_ciscodump OR BUILD_wifidump) set(ENABLE_LIBSSH ON) else() set(ENABLE_LIBSSH OFF) @@ -1752,7 +1752,7 @@ set_package_properties(LIBXML2 PROPERTIES set_package_properties(LIBSSH PROPERTIES DESCRIPTION "Library for implementing SSH clients" URL "https://www.libssh.org/" - PURPOSE "extcap remote SSH interfaces (sshdump, ciscodump)" + PURPOSE "extcap remote SSH interfaces (sshdump, ciscodump, wifidump)" ) set_package_properties(LZ4 PROPERTIES DESCRIPTION "LZ4 is a fast lossless compression algorithm" @@ -1949,6 +1949,7 @@ if (ASCIIDOCTOR_FOUND) ${CMAKE_BINARY_DIR}/doc/rawshark.html ${CMAKE_BINARY_DIR}/doc/reordercap.html ${CMAKE_BINARY_DIR}/doc/sshdump.html + ${CMAKE_BINARY_DIR}/doc/wifidump.html ${CMAKE_BINARY_DIR}/doc/text2pcap.html ${CMAKE_BINARY_DIR}/doc/tshark.html ${CMAKE_BINARY_DIR}/doc/wireshark.html diff --git a/CMakeOptions.txt b/CMakeOptions.txt index 0310cf9fd5..81fc8f4d44 100644 --- a/CMakeOptions.txt +++ b/CMakeOptions.txt @@ -25,6 +25,7 @@ option(BUILD_sshdump "Build sshdump" ON) option(BUILD_ciscodump "Build ciscodump" ON) option(BUILD_dpauxmon "Build dpauxmon" ON) option(BUILD_randpktdump "Build randpktdump" ON) +option(BUILD_wifidump "BUild wifidump" ON) if(WIN32 AND NOT MINGW) # XXX - I don't think building etwdump is possible with MinGW-w64 as of # version 9.0 but I would like to be 100% certain. diff --git a/doc/CMakeLists.txt b/doc/CMakeLists.txt index d417d9a8c7..156ef650a8 100644 --- a/doc/CMakeLists.txt +++ b/doc/CMakeLists.txt @@ -60,6 +60,7 @@ ADD_MAN_PAGE(sshdump 1) ADD_MAN_PAGE(text2pcap 1) ADD_MAN_PAGE(tshark 1) ADD_MAN_PAGE(udpdump 1) +ADD_MAN_PAGE(wifidump 1) ADD_MAN_PAGE(extcap 4) ADD_MAN_PAGE(wireshark-filter 4) diff --git a/doc/wifidump.adoc b/doc/wifidump.adoc new file mode 100644 index 0000000000..a55af0821c --- /dev/null +++ b/doc/wifidump.adoc @@ -0,0 +1,280 @@ +include::../docbook/attributes.adoc[] += wifidump(1) +:doctype: manpage +:stylesheet: ws.css +:linkcss: +:copycss: ../docbook/{stylesheet} + +== NAME + +wifidump - Provides an interface to capture Wi-Fi frames from a remote host through SSH. + +== SYNOPSIS + +[manarg] +*wifidump* +[ *--help* ] +[ *--version* ] +[ *--extcap-interfaces* ] +[ *--extcap-dlts* ] +[ *--extcap-interface*= ] +[ *--extcap-config* ] +[ *--extcap-capture-filter*= ] +[ *--capture* ] +[ *--fifo*= ] +[ *--remote-host*= ] +[ *--remote-port*= ] +[ *--remote-username*= ] +[ *--remote-password*= ] +[ *--sshkey*= ] +[ *--remote-interface*= ] +[ *--remote-channel-frequency*= ] +[ *--remote-channel-width*= ] + +[manarg] +*wifidump* +*--extcap-interfaces* + +[manarg] +*wifidump* +*--extcap-interface*= +*--extcap-dlts* + +[manarg] +*wifidump* +*--extcap-interface*= +*--extcap-config* + +[manarg] +*wifidump* +*--extcap-interface*= +*--fifo*= +*--capture* +*--remote-host=myremotehost* +*--remote-port=22* +*--remote-username=user* +*--remote-interface=eth2* +*--remote-channel-frequency=5180* +*--remote-channel-width=40* + +== DESCRIPTION + +*Wifidump* is an extcap tool that allows you to capture Wi-Fi traffic from a +remote host over an SSH connection using *tcpdump*. The requirement to capture Wi-Fi +frames is that the remote host must have the necessary binaries to manage and put +the wanted interface into monitor mode. Such binaries include: *ip*, *iw*, and +*iwconfig*. Also, because using monitor mode and managing the Wi-Fi interface requires +root privileges, the system must be configured to allow the wanted user to run +these binaries using sudo without entering a password. + +Typically wifidump is not invoked directly. Instead it can be configured through +the Wireshark graphical user interface or its command line. The following will +start Wireshark and start capturing from host *remotehost*: + + $ wireshark '-oextcap.wifidump.remotehost:remotehost' -i wifidump -k + +To explicitly control the remote capture command: + + $ wireshark '-oextcap.wifidump.remotehost:remotehost' \ + '-oextcap.wifidump.remotechannelfrequency:5180' \ + '-oextcap.wifidump.remotechannelwidth:40' \ + -i wifidump -k + +Supported interfaces: + +1. wifidump + +== OPTIONS + +--help:: ++ +-- +Print program arguments. +-- + +--version:: ++ +-- +Print program version. +-- + +--extcap-interfaces:: ++ +-- +List available interfaces. +-- + +--extcap-interface=:: ++ +-- +Use specified interfaces. +-- + +--extcap-dlts:: ++ +-- +List DLTs of specified interface. +-- + +--extcap-config:: ++ +-- +List configuration options of specified interface. +-- + +--capture:: ++ +-- +Start capturing from specified interface and write raw packet data to the location specified by --fifo. +-- + +--fifo=:: ++ +-- +Save captured packet to file or send it through pipe. +-- + +--remote-host=:: ++ +-- +The address of the remote host for capture. +-- + +--remote-port=:: ++ +-- +The SSH port of the remote host. +-- + +--remote-username=:: ++ +-- +The username for ssh authentication. +-- + +--remote-password=:: ++ +-- +The password to use (if not ssh-agent and pubkey are used). WARNING: the +passwords are stored in plaintext and visible to all users on this system. It is +recommended to use keyfiles with a SSH agent. +-- + +--sshkey=:: ++ +-- +The path to a private key for authentication. +-- + +--remote-interface=:: ++ +-- +The remote network interface to capture from. +-- + +--remote-channel-frequency=:: ++ +-- +The remote channel frequency in MHz. +-- + +--remote-channel-width=:: ++ +-- +The remote channel width in MHz. +-- + +--extcap-capture-filter=:: ++ +-- +The capture filter. It corresponds to the value provided via the *tshark -f* +option, and the Capture Filter field next to the interfaces list in the +Wireshark interface. +-- + +== EXAMPLES + +To see program arguments: + + wifidump --help + +To see program version: + + wifidump --version + +To see interfaces: + + wifidump --extcap-interfaces + +Only one interface (wifidump) is supported. + +.Example output + interface {value=wifidump}{display=Wi-Fi remote capture} + +To see interface DLTs: + + wifidump --extcap-interface=wifidump --extcap-dlts + +.Example output + dlt {number=147}{name=wifidump}{display=Remote capture dependent DLT} + +To see interface configuration options: + + wifidump --extcap-interface=wifidump --extcap-config + +.Example output + arg {number=0}{call=--remote-host}{display=Remote SSH server address}{type=string} + {tooltip=The remote SSH host. It can be both an IP address or a hostname}{required=true}{group=Server} + arg {number=1}{call=--remote-port}{display=Remote SSH server port}{type=unsigned} + {tooltip=The remote SSH host port (1-65535)}{range=1,65535}{group=Server} + arg {number=2}{call=--remote-username}{display=Remote SSH server username}{type=string} + {tooltip=The remote SSH username. If not provided, the current user will be used}{group=Authentication} + arg {number=3}{call=--remote-password}{display=Remote SSH server password}{type=password} + {tooltip=The SSH password, used when other methods (SSH agent or key files) are unavailable.}{group=Authentication} + arg {number=4}{call=--sshkey}{display=Path to SSH private key}{type=fileselect} + {tooltip=The path on the local filesystem of the private ssh key}{mustexist=true}{group=Authentication} + arg {number=5}{call=--sshkey-passphrase}{display=SSH key passphrase}{type=password} + {tooltip=Passphrase to unlock the SSH private key}{group=Authentication} + arg {number=6}{call=--remote-interface}{display=Remote interface}{type=string} + {tooltip=The remote network interface used to capture}{default=auto}{group=Capture} + arg {number=7}{call=--remote-channel-frequency}{display=Remote channel}{type=selector} + {tooltip=The remote channel used to capture}{group=Capture} + arg {number=8}{call=--remote-channel-width}{display=Remote channel width}{type=selector} + {tooltip=The remote channel width used to capture}{group=Capture} + arg {number=9}{call=--remote-filter}{display=Remote capture filter}{type=string} + {tooltip=The remote capture filter}{group=Capture} + arg {number=10}{call=--remote-count}{display=Packets to capture}{type=unsigned} + {tooltip=The number of remote packets to capture.}{group=Capture} + arg {number=11}{call=--log-level}{display=Set the log level}{type=selector} + {tooltip=Set the log level}{required=false}{group=Debug} + arg {number=12}{call=--log-file}{display=Use a file for logging}{type=fileselect} + {tooltip=Set a file where log messages are written}{required=false}{group=Debug} + +To capture: + + wifidump --extcap-interface=wifidump --fifo=/tmp/wifidump.pcap --capture --remote-host 192.168.1.10 --remote-username user --remote-channel-frequency 5180 --remote-channel-width 40 + +NOTE: To stop capturing CTRL+C/kill/terminate application. + +The wifidump binary can be renamed to support multiple instances. For instance if we want wifidump +to show up twice in wireshark (for instance to handle multiple profiles), we can copy wifidump to +wifidump-host1 and wifidump-host2. Each binary will show up an interface name same as the executable +name. Those executables not being "wifidump" will show up as "custom version" in the interface description. + +== SEE ALSO + +xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:extcap.html[extcap](4), xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](1) + +== NOTES + +*Wifidump* is part of the *Wireshark* distribution. The latest version +of *Wireshark* can be found at https://www.wireshark.org. + +HTML versions of the Wireshark project man pages are available at +https://www.wireshark.org/docs/man-pages. + +== AUTHORS + +.Original Author +[%hardbreaks] +Adrian Granados diff --git a/extcap/.editorconfig b/extcap/.editorconfig index 812a4b6c22..6f7bf68932 100644 --- a/extcap/.editorconfig +++ b/extcap/.editorconfig @@ -4,6 +4,6 @@ # https://editorconfig.org # -[{ciscodump,randpktdump,ssh-base,sshdump,udpdump}.[ch]] +[{ciscodump,randpktdump,ssh-base,sshdump,udpdump,wifidump}.[ch]] indent_style = tab indent_size = tab diff --git a/extcap/CMakeLists.txt b/extcap/CMakeLists.txt index 40d9512ef8..d70accf2c3 100644 --- a/extcap/CMakeLists.txt +++ b/extcap/CMakeLists.txt @@ -180,6 +180,32 @@ elseif (BUILD_ciscodump) #message( WARNING "Cannot find libssh, cannot build ciscodump" ) endif() +if(BUILD_wifidump AND LIBSSH_FOUND) + set(wifidump_LIBS + writecap + wsutil + ${CMAKE_DL_LIBS} + ${WIN_WS2_32_LIBRARY} + ${LIBSSH_LIBRARIES} + ) + set(wifidump_FILES + $ + $ + $ + wifidump.c + ) + + set_executable_resources(wifidump "Wifidump") + add_executable(wifidump ${wifidump_FILES}) + set_extcap_executable_properties(wifidump) + target_link_libraries(wifidump ${wifidump_LIBS}) + target_include_directories(wifidump SYSTEM PRIVATE ${LIBSSH_INCLUDE_DIRS}) + install(TARGETS wifidump RUNTIME DESTINATION ${EXTCAP_INSTALL_LIBDIR}) + add_dependencies(extcaps wifidump) +elseif (BUILD_wifidump) + #message( WARNING "Cannot find libssh, cannot build wifidump" ) +endif() + if(BUILD_dpauxmon AND HAVE_LIBNL3) set(dpauxmon_LIBS wsutil diff --git a/extcap/wifidump.c b/extcap/wifidump.c new file mode 100644 index 0000000000..1f4fd341a4 --- /dev/null +++ b/extcap/wifidump.c @@ -0,0 +1,745 @@ +/* wifidump.c + * wifidump is an extcap tool used to capture Wi-Fi frames using a remote ssh host + * + * Adapted from sshdump. + * + * Copyright 2022, Adrian Granados + * + * Wireshark - Network traffic analyzer + * By Gerald Combs + * Copyright 1998 Gerald Combs + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include "config.h" +#define WS_LOG_DOMAIN "wifidump" + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#include + +static gchar* wifidump_extcap_interface; +#ifdef _WIN32 +#define DEFAULT_WIFIDUMP_EXTCAP_INTERFACE "wifidump.exe" +#else +#define DEFAULT_WIFIDUMP_EXTCAP_INTERFACE "wifidump" +#endif + +#define WIFIDUMP_VERSION_MAJOR "1" +#define WIFIDUMP_VERSION_MINOR "0" +#define WIFIDUMP_VERSION_RELEASE "0" + +#define SSH_READ_BLOCK_SIZE 256 + +enum { + EXTCAP_BASE_OPTIONS_ENUM, + OPT_HELP, + OPT_VERSION, + OPT_REMOTE_HOST, + OPT_REMOTE_PORT, + OPT_REMOTE_USERNAME, + OPT_REMOTE_PASSWORD, + OPT_REMOTE_INTERFACE, + OPT_REMOTE_CHANNEL_FREQUENCY, + OPT_REMOTE_CHANNEL_WIDTH, + OPT_REMOTE_FILTER, + OPT_SSHKEY, + OPT_SSHKEY_PASSPHRASE, + OPT_PROXYCOMMAND, + OPT_REMOTE_COUNT +}; + +static struct ws_option longopts[] = { + EXTCAP_BASE_OPTIONS, + { "help", ws_no_argument, NULL, OPT_HELP}, + { "version", ws_no_argument, NULL, OPT_VERSION}, + SSH_BASE_OPTIONS, + { "remote-channel-frequency", ws_required_argument, NULL, OPT_REMOTE_CHANNEL_FREQUENCY}, + { "remote-channel-width", ws_required_argument, NULL, OPT_REMOTE_CHANNEL_WIDTH}, + { 0, 0, 0, 0} +}; + +static const char * remote_capture_functions = +"\n" +"function iface_down {\n" +" local iface=$1\n" +" sudo ip link set $iface down > /dev/null 2>&1\n" +"}\n" +"\n" +"function iface_up {\n" +" local iface=$1\n" +" sudo ip link set $iface up > /dev/null 2>&1\n" +"}\n" +"\n" +"function iface_monitor {\n" +" local iface=$1\n" +" sudo iw dev $iface set monitor none > /dev/null 2>&1 ||\n" +" sudo iw dev $iface set type monitor > /dev/null 2>&1\n" +"}\n" +"\n" +"function iface_scan {\n" +" local iface=$1\n" +" iface_down $iface &&\n" +" sudo iw dev $iface set type managed > /dev/null 2>&1 &&\n" +" iface_up $iface &&\n" +" sudo iw dev $iface scan > /dev/null 2>&1\n" +"}\n" +"\n" +"function iface_config {\n" +" local iface=$1\n" +" local freq=$2\n" +" local ch_width=$3\n" +" local center_freq=$4\n" +" if [ $freq -eq $center_freq ]; then\n" +" sudo iw dev $1 set freq $freq $ch_width 2>&1\n" +" else\n" +" sudo iw dev $1 set freq $freq $ch_width $center_freq 2>&1\n" +" fi\n" +"}\n" +"\n" +"function iface_start {\n" +" local iface=$1\n" +" local count=$2\n" +" local filter=\"${@:3}\"\n" +" if [ $count -gt 0 ]; then\n" +" sudo tcpdump -i $iface -U -w - -c $count $filter\n" +" else\n" +" sudo tcpdump -i $iface -U -w - $filter\n" +" fi\n" +"}\n" +"\n" +"function capture_generic {\n" +" local iface=$1\n" +" local freq=$2\n" +" local ch_width=$3\n" +" local center_freq=$4\n" +" local count=$5\n" +" local filter=\"${@:6}\"\n" +" if ! { iwconfig $iface | grep Monitor > /dev/null 2>&1; }; then\n" +" iface_down $iface &&\n" +" iface_monitor $iface &&\n" +" iface_up $iface\n" +" fi\n" +" iface_config $iface $freq $ch_width $center_freq &&\n" +" iface_start $iface $count $filter\n" +"}\n" +"\n" +"function capture_iwlwifi {\n" +" local iface=$1\n" +" local freq=$2\n" +" local ch_width=$3\n" +" local center_freq=$4\n" +" local count=$5\n" +" local filter=\"${@:6}\"\n" +" INDEX=`sudo iw dev $iface info | grep wiphy | grep -Eo '[0-9]+'`\n" +" sudo iw phy phy${INDEX} channels | grep $freq | grep -i disabled > /dev/null 2>&1 &&\n" +" iface_scan $iface\n" +" MON=${iface}mon\n" +" sudo iw $iface interface add $MON type monitor flags none > /dev/null 2>&1\n" +" iface_up $MON &&\n" +" iface_down $iface &&\n" +" iface_config $MON $freq $ch_width $center_freq &&\n" +" iface_start $MON $count $filter\n" +"}\n" +"\n" +"function capture {\n" +" local iface=$1\n" +" local freq=$2\n" +" local ch_width=$3\n" +" local center_freq=$4\n" +" local count=$5\n" +" local filter=\"${@:6}\"\n" +" if [ \"$iface\" == \"auto\" ]; then\n" +" iface=`sudo iw dev | grep -i interface | awk '{ print $2 }' | sort | head -n 1`\n" +" fi\n" +" local driver=`/usr/sbin/ethtool -i $iface | grep driver | awk '{ print $2 }'`\n" +" if [ $driver = \"iwlwifi\" ]; then\n" +" capture_iwlwifi $iface $freq $ch_width $center_freq $count $filter\n" +" else\n" +" capture_generic $iface $freq $ch_width $center_freq $count $filter\n" +" fi\n" +"}\n" +"\n"; + +static unsigned int wifi_freqs_2dot4_5ghz[] = { + 2412, 2417, 2422, 2427, 2432, 2437, 2442, 2447, 2452, 2457, 2462, + 2467, 2472, 2484, + 5180, 5200, 5220, 5240, 5260, 5280, 5300, 5320, 5500, 5520, 5540, 5560, 5580, + 5600, 5620, 5640, 5660, 5680, 5700, 5720, 5745, 5765, 5785, 5805, 5825, + 0 +}; + +static unsigned int freq_to_channel(unsigned int freq_mhz) { + if (freq_mhz == 2484) + return 14; + else if (freq_mhz >= 2412 && freq_mhz <= 2484) + return ((freq_mhz - 2412) / 5) + 1; + else if (freq_mhz >= 5160 && freq_mhz <= 5885) + return ((freq_mhz - 5180) / 5) + 36; + else if (freq_mhz >= 5955 && freq_mhz <= 7115) + return ((freq_mhz - 5955) / 5) + 1; + else + return 0; +} + +static const char *freq_to_band(unsigned int freq_mhz) +{ + if (freq_mhz >= 2412 && freq_mhz <= 2484) + return "2.4 GHz"; + else if (freq_mhz >= 5160 && freq_mhz <= 5885) + return "5 GHz"; + else if (freq_mhz >= 5955 && freq_mhz <= 7115) + return "6 GHz"; + else + return NULL; +} + +static unsigned int center_freq(unsigned int freq_mhz, unsigned int ch_width_mhz) { + + unsigned int start_freq; + + if (ch_width_mhz == 20) { + return freq_mhz; + } + else if (ch_width_mhz == 40) { + if (freq_mhz >= 5180 && freq_mhz <= 5720) { + for (start_freq = 5180; start_freq <= 5700; start_freq += ch_width_mhz) { + if (freq_mhz >= start_freq && freq_mhz <= (start_freq + 20)) + return ((start_freq * 2) + 20) / 2; + } + } + else if (freq_mhz >= 5745 && freq_mhz <= 5765) + return 5755; + else if (freq_mhz >= 5785 && freq_mhz <= 5805) + return 5795; + else if (freq_mhz >= 5955 && freq_mhz <= 7095) { + for (start_freq = 5955; start_freq <= 7075; start_freq += ch_width_mhz) { + if (freq_mhz >= start_freq && freq_mhz <= (start_freq + 20)) + return ((start_freq * 2) + 20) / 2; + } + } + } + else if (ch_width_mhz == 80) { + if (freq_mhz >= 5180 && freq_mhz <= 5660) { + for (start_freq = 5180; start_freq <= 5660; start_freq += ch_width_mhz) { + if (freq_mhz >= start_freq && freq_mhz <= (start_freq + 60)) + return ((start_freq * 2) + 60) / 2; + } + } + else if (freq_mhz >= 5745 && freq_mhz <= 5805) + return 5775; + else if (freq_mhz >= 5955 && freq_mhz <= 7055) { + for (start_freq = 5955; start_freq <= 6995; start_freq += ch_width_mhz) { + if (freq_mhz >= start_freq && freq_mhz <= (start_freq + 60)) + return ((start_freq * 2) + 60) / 2; + } + } + } + else if (ch_width_mhz == 160) { + if (freq_mhz >= 5180 && freq_mhz <= 5640) { + for (start_freq = 5180; start_freq <= 5500; start_freq += ch_width_mhz) { + if (freq_mhz >= start_freq && freq_mhz <= (start_freq + 140)) + return ((start_freq * 2) + 140) / 2; + } + } + else if (freq_mhz >= 5955 && freq_mhz <= 7055) { + for (start_freq = 5955; start_freq <= 6915; start_freq += ch_width_mhz) { + if (freq_mhz >= start_freq && freq_mhz <= (start_freq + 140)) + return ((start_freq * 2) + 140) / 2; + } + } + } + + return -1; +} + +static int ssh_loop_read(ssh_channel channel, FILE* fp) +{ + int nbytes; + int ret = EXIT_SUCCESS; + char buffer[SSH_READ_BLOCK_SIZE]; + + /* read from stdin until data are available */ + while (ssh_channel_is_open(channel) && !ssh_channel_is_eof(channel)) { + nbytes = ssh_channel_read(channel, buffer, SSH_READ_BLOCK_SIZE, 0); + if (nbytes < 0) { + ws_warning("Error reading from channel"); + goto end; + } + if (nbytes == 0) { + break; + } + if (fwrite(buffer, 1, nbytes, fp) != (guint)nbytes) { + ws_warning("Error writing to fifo"); + ret = EXIT_FAILURE; + goto end; + } + fflush(fp); + } + + /* read loop finished... maybe something wrong happened. Read from stderr */ + while (ssh_channel_is_open(channel) && !ssh_channel_is_eof(channel)) { + nbytes = ssh_channel_read(channel, buffer, SSH_READ_BLOCK_SIZE, 1); + if (nbytes < 0) { + ws_warning("Error reading from channel"); + goto end; + } + if (fwrite(buffer, 1, nbytes, stderr) != (guint)nbytes) { + ws_warning("Error writing to stderr"); + break; + } + } + +end: + if (ssh_channel_send_eof(channel) != SSH_OK) { + ws_warning("Error sending EOF in ssh channel"); + ret = EXIT_FAILURE; + } + return ret; +} + +static ssh_channel run_ssh_command(ssh_session sshs, const char* capture_functions, + const char* iface, const guint16 channel_frequency, const guint16 channel_width, + const guint16 center_frequency, const char* cfilter, const guint32 count) +{ + gchar* cmdline; + ssh_channel channel; + char* quoted_iface = NULL; + char* quoted_filter = NULL; + char* count_str = NULL; + unsigned int remote_port = 22; + + channel = ssh_channel_new(sshs); + if (!channel) { + ws_warning("Can't create channel"); + return NULL; + } + + if (ssh_channel_open_session(channel) != SSH_OK) { + ws_warning("Can't open session"); + ssh_channel_free(channel); + return NULL; + } + + ssh_options_get_port(sshs, &remote_port); + + quoted_iface = iface ? g_shell_quote(iface) : NULL; + quoted_filter = g_shell_quote(cfilter ? cfilter : ""); + cmdline = ws_strdup_printf("%s capture %s %u %u %u %u %s", + capture_functions, + quoted_iface ? quoted_iface : "auto", + channel_frequency, + channel_width, + center_frequency, + count, + quoted_filter); + + ws_debug("Running: %s", cmdline); + if (ssh_channel_request_exec(channel, cmdline) != SSH_OK) { + ws_warning("Can't request exec"); + ssh_channel_close(channel); + ssh_channel_free(channel); + channel = NULL; + } + + g_free(quoted_iface); + g_free(quoted_filter); + g_free(cmdline); + g_free(count_str); + + return channel; +} + +static int ssh_open_remote_connection(const ssh_params_t* params, const char* capture_functions, + const char* iface, const guint16 channel_frequency, const guint16 channel_width, + const guint16 center_frequency, const char* cfilter, const guint32 count, const char* fifo) +{ + ssh_session sshs = NULL; + ssh_channel channel = NULL; + FILE* fp = stdout; + int ret = EXIT_FAILURE; + char* err_info = NULL; + + if (g_strcmp0(fifo, "-")) { + /* Open or create the output file */ + fp = fopen(fifo, "wb"); + if (fp == NULL) { + ws_warning("Error creating output file: %s (%s)", fifo, g_strerror(errno)); + return EXIT_FAILURE; + } + } + + sshs = create_ssh_connection(params, &err_info); + + if (!sshs) { + ws_warning("Error creating connection."); + goto cleanup; + } + + channel = run_ssh_command(sshs, capture_functions, iface, channel_frequency, + channel_width, center_frequency, cfilter, count); + + if (!channel) { + ws_warning("Can't run ssh command."); + goto cleanup; + } + + /* read from channel and write into fp */ + if (ssh_loop_read(channel, fp) != EXIT_SUCCESS) { + ws_warning("Error in read loop."); + ret = EXIT_FAILURE; + goto cleanup; + } + + ret = EXIT_SUCCESS; +cleanup: + if (err_info) + ws_warning("%s", err_info); + g_free(err_info); + + /* clean up and exit */ + ssh_cleanup(&sshs, &channel); + + if (g_strcmp0(fifo, "-")) + fclose(fp); + return ret; +} + +static int list_config(char *interface) +{ + unsigned inc = 0; + int i, psc; + + if (!interface) { + ws_warning("ERROR: No interface specified."); + return EXIT_FAILURE; + } + + if (g_strcmp0(interface, wifidump_extcap_interface)) { + ws_warning("ERROR: interface must be %s", wifidump_extcap_interface); + return EXIT_FAILURE; + } + + // Server tab + printf("arg {number=%u}{call=--remote-host}{display=Remote SSH server address}" + "{type=string}{tooltip=The remote SSH host. It can be both " + "an IP address or a hostname}{required=true}{group=Server}\n", inc++); + printf("arg {number=%u}{call=--remote-port}{display=Remote SSH server port}" + "{type=unsigned}{tooltip=The remote SSH host port (1-65535)}" + "{range=1,65535}{group=Server}\n", inc++); + + // Authentication tab + printf("arg {number=%u}{call=--remote-username}{display=Remote SSH server username}" + "{type=string}{tooltip=The remote SSH username. If not provided, " + "the current user will be used}{group=Authentication}\n", inc++); + printf("arg {number=%u}{call=--remote-password}{display=Remote SSH server password}" + "{type=password}{tooltip=The SSH password, used when other methods (SSH agent " + "or key files) are unavailable.}{group=Authentication}\n", inc++); + printf("arg {number=%u}{call=--sshkey}{display=Path to SSH private key}" + "{type=fileselect}{tooltip=The path on the local filesystem of the private ssh key}" + "{mustexist=true}{group=Authentication}\n", inc++); + printf("arg {number=%u}{call=--sshkey-passphrase}{display=SSH key passphrase}" + "{type=password}{tooltip=Passphrase to unlock the SSH private key}{group=Authentication}\n", + inc++); + + // Capture tab + printf("arg {number=%u}{call=--remote-interface}{display=Remote interface}" + "{type=string}{tooltip=The remote network interface used to capture" + "}{default=auto}{group=Capture}\n", inc++); + printf("arg {number=%u}{call=--remote-channel-frequency}{display=Remote channel}" + "{type=selector}{tooltip=The remote channel used to capture}{group=Capture}\n", inc); + + unsigned int freq = 0; + for (i = 0; (freq = wifi_freqs_2dot4_5ghz[i]); i++) { + printf("value {arg=%u}{value=%u}{display=%s, Channel %u}\n", inc, freq, freq_to_band(freq), freq_to_channel(freq)); + } + + for (freq = 5955, psc = 3; freq <= 7115; freq += 20, psc++) { + printf("value {arg=%u}{value=%u}{display=%s, Channel %u%s}\n", inc, freq, + freq_to_band(freq), freq_to_channel(freq), (psc % 4 == 0) ? " (PSC)" : ""); + } + inc++; + + printf("arg {number=%u}{call=--remote-channel-width}{display=Remote channel width}" + "{type=selector}{tooltip=The remote channel width used to capture}" + "{group=Capture}\n", inc); + printf("value {arg=%u}{value=20}{display=20 MHz}\n", inc); + printf("value {arg=%u}{value=40}{display=40 MHz}\n", inc); + printf("value {arg=%u}{value=80}{display=80 MHz}\n", inc); + printf("value {arg=%u}{value=160}{display=160 MHz}\n", inc); + inc++; + + printf("arg {number=%u}{call=--remote-filter}{display=Remote capture filter}{type=string}" + "{tooltip=The remote capture filter}{group=Capture}\n", inc++); + printf("arg {number=%u}{call=--remote-count}{display=Frames to capture}" + "{type=unsigned}{tooltip=The number of remote frames to capture.}" + "{group=Capture}\n", inc++); + + extcap_config_debug(&inc); + + return EXIT_SUCCESS; +} + +static char* concat_filters(const char* extcap_filter, const char* remote_filter) +{ + if (!extcap_filter && remote_filter) + return g_strdup(remote_filter); + + if (!remote_filter && extcap_filter) + return g_strdup(extcap_filter); + + if (!remote_filter && !extcap_filter) + return NULL; + + return ws_strdup_printf("(%s) and (%s)", extcap_filter, remote_filter); +} + +int main(int argc, char *argv[]) +{ + char* err_msg; + int result; + int option_idx = 0; + ssh_params_t* ssh_params = ssh_params_new(); + char* remote_interface = NULL; + guint16 remote_channel_frequency = 0; + guint16 remote_channel_width = 0; + guint16 remote_center_frequency = 0; + char* remote_filter = NULL; + guint32 count = 0; + int ret = EXIT_FAILURE; + extcap_parameters* extcap_conf = g_new0(extcap_parameters, 1); + char* help_url; + char* help_header = NULL; + gchar* interface_description = g_strdup("Wi-Fi remote capture"); + + /* Initialize log handler early so we can have proper logging during startup. */ + extcap_log_init("wifidump"); + + wifidump_extcap_interface = g_path_get_basename(argv[0]); + + /* + * Get credential information for later use. + */ + init_process_policies(); + + /* + * Attempt to get the pathname of the directory containing the + * executable file. + */ + err_msg = init_progfile_dir(argv[0]); + if (err_msg != NULL) { + ws_warning("Can't get pathname of directory containing the extcap program: %s.", + err_msg); + g_free(err_msg); + } + + help_url = data_file_url("wifidump.html"); + extcap_base_set_util_info(extcap_conf, argv[0], WIFIDUMP_VERSION_MAJOR, WIFIDUMP_VERSION_MINOR, + WIFIDUMP_VERSION_RELEASE, help_url); + g_free(help_url); + add_libssh_info(extcap_conf); + if (g_strcmp0(wifidump_extcap_interface, DEFAULT_WIFIDUMP_EXTCAP_INTERFACE)) { + gchar* temp = interface_description; + interface_description = ws_strdup_printf("%s, custom version", interface_description); + g_free(temp); + } + extcap_base_register_interface(extcap_conf, wifidump_extcap_interface, interface_description, 147, "Remote capture dependent DLT"); + g_free(interface_description); + + help_header = ws_strdup_printf( + " %s --extcap-interfaces\n" + " %s --extcap-interface=%s --extcap-dlts\n" + " %s --extcap-interface=%s --extcap-config\n" + " %s --extcap-interface=%s --remote-host myhost --remote-port 22222 " + "--remote-username myuser --remote-interface wlan0 --remote-channel-frequency 5180 " + "--remote-channel-width 40 --fifo=FILENAME --capture\n", argv[0], argv[0], wifidump_extcap_interface, argv[0], + wifidump_extcap_interface, argv[0], wifidump_extcap_interface); + extcap_help_add_header(extcap_conf, help_header); + g_free(help_header); + extcap_help_add_option(extcap_conf, "--help", "print this help"); + extcap_help_add_option(extcap_conf, "--version", "print the version"); + extcap_help_add_option(extcap_conf, "--remote-host ", "the remote SSH host"); + extcap_help_add_option(extcap_conf, "--remote-port ", "the remote SSH port"); + extcap_help_add_option(extcap_conf, "--remote-username ", "the remote SSH username"); + extcap_help_add_option(extcap_conf, "--remote-password ", "the remote SSH password. If not specified, ssh-agent and ssh-key are used"); + extcap_help_add_option(extcap_conf, "--sshkey ", "the path of the ssh key"); + extcap_help_add_option(extcap_conf, "--sshkey-passphrase ", "the passphrase to unlock public ssh"); + extcap_help_add_option(extcap_conf, "--remote-interface ", "the remote capture interface"); + extcap_help_add_option(extcap_conf, "--remote-channel-frequency ", "the remote channel frequency in MHz"); + extcap_help_add_option(extcap_conf, "--remote-channel-width ", "the remote channel width in MHz"); + extcap_help_add_option(extcap_conf, "--remote-filter ", "a filter for remote capture"); + extcap_help_add_option(extcap_conf, "--remote-count ", "the number of frames to capture"); + + ws_opterr = 0; + ws_optind = 0; + + if (argc == 1) { + extcap_help_print(extcap_conf); + goto end; + } + + while ((result = ws_getopt_long(argc, argv, ":", longopts, &option_idx)) != -1) { + + switch (result) { + + case OPT_HELP: + extcap_help_print(extcap_conf); + ret = EXIT_SUCCESS; + goto end; + + case OPT_VERSION: + extcap_version_print(extcap_conf); + ret = EXIT_SUCCESS; + goto end; + + case OPT_REMOTE_HOST: + g_free(ssh_params->host); + ssh_params->host = g_strdup(ws_optarg); + break; + + case OPT_REMOTE_PORT: + if (!ws_strtou16(ws_optarg, NULL, &ssh_params->port) || ssh_params->port == 0) { + ws_warning("Invalid port: %s", ws_optarg); + goto end; + } + break; + + case OPT_REMOTE_USERNAME: + g_free(ssh_params->username); + ssh_params->username = g_strdup(ws_optarg); + break; + + case OPT_REMOTE_PASSWORD: + g_free(ssh_params->password); + ssh_params->password = g_strdup(ws_optarg); + memset(ws_optarg, 'X', strlen(ws_optarg)); + break; + + case OPT_SSHKEY: + g_free(ssh_params->sshkey_path); + ssh_params->sshkey_path = g_strdup(ws_optarg); + break; + + case OPT_SSHKEY_PASSPHRASE: + g_free(ssh_params->sshkey_passphrase); + ssh_params->sshkey_passphrase = g_strdup(ws_optarg); + memset(ws_optarg, 'X', strlen(ws_optarg)); + break; + + case OPT_REMOTE_INTERFACE: + g_free(remote_interface); + remote_interface = g_strdup(ws_optarg); + break; + + case OPT_REMOTE_CHANNEL_FREQUENCY: + if (!ws_strtou16(ws_optarg, NULL, &remote_channel_frequency)) { + ws_warning("Invalid channel frequency: %s", ws_optarg); + goto end; + } + break; + + case OPT_REMOTE_CHANNEL_WIDTH: + if (!ws_strtou16(ws_optarg, NULL, &remote_channel_width)) { + ws_warning("Invalid channel width: %s", ws_optarg); + goto end; + } + break; + + case OPT_REMOTE_FILTER: + g_free(remote_filter); + remote_filter = g_strdup(ws_optarg); + break; + + case OPT_REMOTE_COUNT: + if (!ws_strtou32(ws_optarg, NULL, &count)) { + ws_warning("Invalid value for count: %s", ws_optarg); + goto end; + } + break; + + case ':': + /* missing option argument */ + ws_warning("Option '%s' requires an argument", argv[ws_optind - 1]); + break; + + default: + if (!extcap_base_parse_options(extcap_conf, result - EXTCAP_OPT_LIST_INTERFACES, ws_optarg)) { + ws_warning("Invalid option: %s", argv[ws_optind - 1]); + goto end; + } + } + } + + extcap_cmdline_debug(argv, argc); + + if (extcap_base_handle_interface(extcap_conf)) { + ret = EXIT_SUCCESS; + goto end; + } + + if (extcap_conf->show_config) { + ret = list_config(extcap_conf->interface); + goto end; + } + + err_msg = ws_init_sockets(); + if (err_msg != NULL) { + ws_warning("ERROR: %s", err_msg); + g_free(err_msg); + ws_warning("%s", please_report_bug()); + goto end; + } + + if (extcap_conf->capture) { + char* filter; + + if (!ssh_params->host) { + ws_warning("Missing parameter: --remote-host"); + goto end; + } + remote_center_frequency = center_freq(remote_channel_frequency, remote_channel_width); + filter = concat_filters(extcap_conf->capture_filter, remote_filter); + ssh_params->debug = extcap_conf->debug; + ret = ssh_open_remote_connection(ssh_params, remote_capture_functions, + remote_interface, remote_channel_frequency, remote_channel_width, remote_center_frequency, + filter, count, extcap_conf->fifo); + g_free(filter); + } else { + ws_debug("You should not come here... maybe some parameter missing?"); + ret = EXIT_FAILURE; + } + +end: + /* clean up stuff */ + ssh_params_free(ssh_params); + g_free(remote_interface); + g_free(remote_filter); + extcap_base_cleanup(&extcap_conf); + return ret; +} + +/* + * Editor modelines - https://www.wireshark.org/tools/modelines.html + * + * Local variables: + * c-basic-offset: 8 + * tab-width: 8 + * indent-tabs-mode: t + * End: + * + * vi: set shiftwidth=8 tabstop=8 noexpandtab: + * :indentSize=8:tabSize=8:noTabs=false: + */ diff --git a/packaging/debian/wireshark-common.manpages b/packaging/debian/wireshark-common.manpages index f32ca49cc4..d25e71f7d3 100644 --- a/packaging/debian/wireshark-common.manpages +++ b/packaging/debian/wireshark-common.manpages @@ -13,5 +13,6 @@ obj-*/doc/ciscodump.1 obj-*/doc/randpktdump.1 obj-*/doc/udpdump.1 obj-*/doc/sshdump.1 +obj-*/doc/wifidump.1 obj-*/doc/extcap.4 obj-*/doc/wireshark-filter.4 diff --git a/packaging/nsis/uninstall.nsi b/packaging/nsis/uninstall.nsi index efa462fc3c..ec4ca0037d 100644 --- a/packaging/nsis/uninstall.nsi +++ b/packaging/nsis/uninstall.nsi @@ -143,6 +143,7 @@ Push "sshdump" Push "text2pcap" Push "tshark" Push "udpdump" +Push "wifidump" !ifdef MMDBRESOLVE_EXE Push "mmdbresolve" @@ -192,6 +193,7 @@ Delete "$INSTDIR\extcap\randpktdump.*" Delete "$INSTDIR\extcap\sshdump.*" Delete "$INSTDIR\extcap\ciscodump.*" Delete "$INSTDIR\extcap\udpdump.*" +Delete "$INSTDIR\extcap\wifidump.*" Delete "$INSTDIR\help\*.*" Delete "$INSTDIR\iconengines\*.*" Delete "$INSTDIR\imageformats\*.*" diff --git a/packaging/nsis/wireshark.nsi b/packaging/nsis/wireshark.nsi index d7fb24f68b..74432b8342 100644 --- a/packaging/nsis/wireshark.nsi +++ b/packaging/nsis/wireshark.nsi @@ -1182,13 +1182,15 @@ Section /o "Androiddump" SecAndroiddump SectionEnd !insertmacro CheckExtrasFlag "androiddump" -Section /o "Sshdump and Ciscodump" SecSshdump +Section /o "Sshdump, Ciscodump, and Wifidump" SecSshdump ;------------------------------------------- !insertmacro InstallExtcap "sshdump" !insertmacro InstallExtcap "ciscodump" + !insertmacro InstallExtcap "wifidump" SectionEnd !insertmacro CheckExtrasFlag "sshdump" !insertmacro CheckExtrasFlag "ciscodump" +!insertmacro CheckExtrasFlag "wifidump" Section /o "UDPdump" SecUDPdump ;------------------------------------------- diff --git a/packaging/wix/ComponentGroups.wxi b/packaging/wix/ComponentGroups.wxi index 5b924d4d48..e499f7d2bc 100644 --- a/packaging/wix/ComponentGroups.wxi +++ b/packaging/wix/ComponentGroups.wxi @@ -563,6 +563,26 @@ + + + + + + + + + + + + + + + + + + + + diff --git a/packaging/wix/Features.wxi b/packaging/wix/Features.wxi index 536fbfde6f..cd6b80a2c3 100644 --- a/packaging/wix/Features.wxi +++ b/packaging/wix/Features.wxi @@ -105,6 +105,9 @@ + + + diff --git a/test/suite_extcaps.py b/test/suite_extcaps.py index 59132869ce..38217bd928 100644 --- a/test/suite_extcaps.py +++ b/test/suite_extcaps.py @@ -83,6 +83,10 @@ class case_extcaps(subprocesstest.SubprocessTestCase): ''' extcap interface tests for sshdump ''' check_extcap_execution("sshdump") + def test_wifidump(self, check_extcap_execution): + ''' extcap interface tests for wifidump ''' + check_extcap_execution("wifidump") + def test_udpdump(self, check_extcap_execution): ''' extcap interface tests for udpdump ''' check_extcap_execution("udpdump") diff --git a/tools/wireshark_words.txt b/tools/wireshark_words.txt index f3ae89ab7a..a28bad5ee6 100644 --- a/tools/wireshark_words.txt +++ b/tools/wireshark_words.txt @@ -1592,6 +1592,7 @@ webkit websocket whoami wideband +wifidump wikipedia wikis wimax