本文主要是介绍(一百七十七) WiFi如何分辨出不同加密方式的AP?(续),希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
前言:之前https://blog.csdn.net/sinat_20059415/article/details/99686537 看WiFi如何分辨出不同加密方式的AP? 中提到“加密方式大概是从扫描结果中的ie解析出来放在一个叫做capabilities里的,后续上面判断加密方式就简单判断下是否包含特定加密方式的字符串就好了。”抓个包看下
1.probe request & response
用wireshark看下有啥
1.1 arrival time
1.2 radio informatin
1.3 probe response
主要显示了mac地址
1.4 wireless LAN
可以看到至少有ssid channel和加密方式
这个psk应该也是wireshark根据特定字段解析出来的,结合之前的梳理代码看下
// RSNE format (size unit: byte)//// | Element ID | Length | Version | Group Data Cipher Suite |// 1 1 2 4// | Pairwise Cipher Suite Count | Pairwise Cipher Suite List |// 2 4 * m// | AKM Suite Count | AKM Suite List | RSN Capabilities |// 2 4 * n 2// | PMKID Count | PMKID List | Group Management Cipher Suite |// 2 16 * s 4//// Note: InformationElement.bytes has 'Element ID' and 'Length'// stripped off alreadyprivate void parseRsnElement(InformationElement ie) {ByteBuffer buf = ByteBuffer.wrap(ie.bytes).order(ByteOrder.LITTLE_ENDIAN);try {// versionif (buf.getShort() != RSNE_VERSION) {// incorrect versionreturn;}// found the RSNE IE, hence start building the capability stringprotocol.add(ScanResult.PROTOCOL_WPA2);// group data cipher suitegroupCipher.add(parseRsnCipher(buf.getInt()));// pairwise cipher suite countshort cipherCount = buf.getShort();ArrayList<Integer> rsnPairwiseCipher = new ArrayList<>();// pairwise cipher suite listfor (int i = 0; i < cipherCount; i++) {rsnPairwiseCipher.add(parseRsnCipher(buf.getInt()));}pairwiseCipher.add(rsnPairwiseCipher);// AKM// AKM suite countshort akmCount = buf.getShort();ArrayList<Integer> rsnKeyManagement = new ArrayList<>();for (int i = 0; i < akmCount; i++) {int akm = buf.getInt();switch (akm) {case WPA2_AKM_EAP:rsnKeyManagement.add(ScanResult.KEY_MGMT_EAP);break;case WPA2_AKM_PSK:rsnKeyManagement.add(ScanResult.KEY_MGMT_PSK);break;case WPA2_AKM_FT_EAP:rsnKeyManagement.add(ScanResult.KEY_MGMT_FT_EAP);break;case WPA2_AKM_FT_PSK:rsnKeyManagement.add(ScanResult.KEY_MGMT_FT_PSK);break;case WPA2_AKM_EAP_SHA256:rsnKeyManagement.add(ScanResult.KEY_MGMT_EAP_SHA256);break;case WPA2_AKM_PSK_SHA256:rsnKeyManagement.add(ScanResult.KEY_MGMT_PSK_SHA256);break;default:// do nothingbreak;}}// Default AKMif (rsnKeyManagement.isEmpty()) {rsnKeyManagement.add(ScanResult.KEY_MGMT_EAP);}keyManagement.add(rsnKeyManagement);} catch (BufferUnderflowException e) {Log.e("IE_Capabilities", "Couldn't parse RSNE, buffer underflow");}}这边是解析的一个
与报文对应
是反过来的
OUI:OUI认证应该是对应的wpa2
结合起来就是wpa2_psk的加密方式
2.beacon
待续,没抓到。。。尴尬
3.过滤器转载
https://my.oschina.net/665544/blog/1647001
| 帧类型 | 过滤器语法 |
| Management frame | wlan.fc.type == 0 |
| Control frame | wlan.fc.type == 1 |
| Data frame | wlan.fc.type == 2 |
| Association request | wlan.fc.type_subtype == 0x00 |
| Association response | wlan.fc.type_subtype == 0x01 |
| Reassociation request | wlan.fc.type_subtype == 0x02 |
| Reassociation response | wlan.fc.type_subtype == 0x03 |
| Probe request | wlan.fc.type_subtype == 0x04 |
| Probe response | wlan.fc.type_subtype == 0x05 |
| Beacon | wlan.fc.type_subtype == 0x08 |
| Disassociate | wlan.fc.type_subtype == 0x0A |
| Authentication | wlan.fc.type_subtype == 0x0B |
| Deauthentication | wlan.fc.type_subtype == 0x0C |
| Action frame | wlan.fc.type_subtype == 0x0D |
| Block ACK requests | wlan.fc.type_subtype == 0x18 |
| Block ACK | wlan.fc.type_subtype == 0x19 |
| Power save poll | wlan.fc.type_subtype == 0x1A |
| Request to send | wlan.fc.type_subtype == 0x1B |
| Clear to send | wlan.fc.type_subtype == 0x1C |
| ACK | wlan.fc.type_subtype == 0x1D |
| Contention free period end | wlan.fc.type_subtype == 0x1E |
| NULL data | wlan.fc.type_subtype == 0x24 |
| QoS data | wlan.fc.type_subtype == 0x28 |
| Null QoS data | wlan.fc.type_subtype == 0x2C |
4.总结
与之前总结基本一致,加密方式其实就是从datagram的特定字段解析出来的,结合抓包可以定位是解析的
RSN Information的AKM字段,里面包含认证和类型两个小字段,比如wpa2+psk
PS:
The RSN information element was brought out by the IEEE 802.11i Task Group. RSN stands for Robust Security Network and it made AES cipher mandatory with the use of Robust Security Network.
高级加密标准(Advanced Encryption Standard: AES)
IEEE 802.11i引入了RSN信息元素。RSN表示强健安全网络,它使用健壮安全网络和强制AES加密。
这篇关于(一百七十七) WiFi如何分辨出不同加密方式的AP?(续)的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
