aleksamcode / preferred-network-list-sniffer Goto Github PK

Is there an existing issue for this?

• I have searched the existing issues

Description

An unhandled Exception occurs on the ASGI server when Redis server is closed unexpectedly.

System information

1. Kali Linux
2. 2023.3
3. Raspberry Pi 4

Actual Behavior

• After the Redis server is closed, an unhandled Exception occurs on the ASGI server.
  • The Exception occurs on a Thread that handles execution _pubsub_data_reader() method from WebSocketBroker class.
• Client socket connections get closed (Web app and Sniffer).
• Sniffer tries to reconnect and after 5 attempts it stops.

Expected Behavior

• ASGI server handles the Exception without crashing and possibly tries to reconnect to the Redis server before shutting down.

Steps To Reproduce

1. Start the Redis server
2. Start the ASGI server
3. Start the React server
4. Start the Sniffer
5. Close the Redis server

Anything else?

Here is a screenshot of the Exception.

The exception was:

redis.exceptions.ConnectionError: Connection closed by server.

Is there an existing issue for this?

• I have searched the existing issues

System information

1. Kali Linux
2. 2023.3
3. Raspberry Pi 4

Actual Behavior

The thread is terminated due to the Exception which occurs when the socket connection is closed unexpectedly and abruptly. The WebSocketConnectionClosedException with a message "socket is already closed" occurs when the thread tries to send data through the closed socket connection. The Exception is captured in a try-catch block but due to the while loop in which it is placed, the new sniffer thread is constantly being created making the program doomed to repeat its mistake over and over again like it is a Groundhog Day.

Expected Behavior

To stop the thread which is sniffing packets in a non-violent way and possibly try to reconnect to the web server before sending more data.

Steps To Reproduce

1. Start the Redis server
2. Start the Web server
3. Start the React server
4. Start the sniffer

Anything else?

Here is a screenshot of the error.

Is there an existing feature request for this?

• I have searched the existing feature requests

How badly do you need this?

• It's a deal-breaker, I can't live without it
• It would be nice to have in the future

Is your feature request related to a problem? Please describe.

No

Describe the solution that you would like.

Add a log message specifying which socket reconnect attempt is currently occurring, e.g. "Attempting to reconnect 1/5"

Describe alternatives you have considered.

No response

Anything else?

The message should be added here as a else clause:

Is there an existing issue for this?

• I have searched the existing issues

Description

When the interface doesn't have Monitor mode enabled, the PNLS won't fail, but it won't be able to capture the expected Probe Requests.

System information

1. Kali Linux 2023.3
2. Raspberry Pi 4
3. PNLS 0.2.0

Actual Behavior

The PNLS never captures any SSIDs.

Expected Behavior

When an interface isn't in a Monitor mode, the sniffer should fail and log the reason why it has stopped.

Steps To Reproduce

No response

Anything else?

No response

Is there an existing feature request for this?

• I have searched the existing feature requests

How badly do you need this?

• It's a deal-breaker, I can't live without it
• It would be nice to have in the future

Is your feature request related to a problem? Please describe.

Hello! First off, great work with this project, The results post deployment are quite impressive.

As the title states, I came across the following error while using the pre-built images during installation:

! frontend The requested image's platform (linux/arm64/v8) does not match the detected host platform (linux/arm/v7) and no specific platform was requested
! backend The requested image's platform (linux/arm64/v8) does not match the detected host platform (linux/arm/v7) and no specific platform was requested

While this is problem is easy to fix by building locally, it slows down the deployment process.

Describe the solution that you would like.

More image variants for the commonly used arm platforms could be provided.

Describe alternatives you have considered.

I understand that catering to a large number of platforms is not a priority (unless there is a quick way to do so). So it would be a nice start to just mention supported platforms in the README :)

Anything else?

Docker docs on multi-platform images: https://docs.docker.com/build/building/multi-platform

Is there an existing issue for this?

• I have searched the existing issues

Description

README Setup instructions for Using Docker and Using Prebuild Docker Image are the same. But both these steps end up pulling from remote owing to the behaviour of docker compose .

System information

1. OS Name: Kali GNU/Linux
2. OS Version: 2023.4
3. docker Version: 24.0.7
4. docker compose Version: 2.24.1

Actual Behavior

The instructions for the mentioned sections are same. This results in pre-built images being used in each case.

Expected Behavior

The 'Using Docker' section instructions must use the locally built images. docker compose build needs to be run first for this followed by docker compose up. The instructions just need to be updated.

Steps To Reproduce

1. Follow README instructions in this section.

Anything else?

-

Is there an existing issue for this?

• I have searched the existing issues

Description

When sniffing out packets before creating a Monitor interface, an unhandled Exception will occur in a AsyncSniffer thread, after which the sniffer will stay in an idle state without knowing that the sniffing process has failed.

PNLS version

0.2.0 with d7a9886

Python version

3.11.4

Operating system

Linux 5.15.44-Re4son-v8l+

Additional environment/system information

1. Raspberry Pi 4

Actual Behavior

Sniffer fails to capture packets and the program continues unaware of the error where it waits for socket connection thread, meaning it stays in an idle state until the socket connection is closed/fails.

Expected Behavior

The unexpected Exception should be handled in some way. One solution could be done using a custom exception hook.

Steps To Reproduce

Follow README instructions in this section.

Anything else?

Exception in thread AsyncSniffer:
Traceback (most recent call last):
  File "/usr/lib/python3.11/threading.py", line 1038, in _bootstrap_inner
    self.run()
  File "/usr/lib/python3.11/threading.py", line 975, in run
    self._target(*self._args, **self._kwargs)
  File "/usr/lib/python3/dist-packages/scapy/sendrecv.py", line 1171, in _run
    sniff_sockets[_RL2(iface)(type=ETH_P_ALL, iface=iface,
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/scapy/arch/linux.py", line 499, in __init__
    set_promisc(self.ins, self.iface)
  File "/usr/lib/python3/dist-packages/scapy/arch/linux.py", line 179, in set_promisc
    mreq = struct.pack("IHH8s", get_if_index(iff), PACKET_MR_PROMISC, 0, b"")
                                ^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/scapy/arch/linux.py", line 399, in get_if_index
    return int(struct.unpack("I", get_if(iff, SIOCGIFINDEX)[16:20])[0])
                                  ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/scapy/arch/unix.py", line 42, in get_if
    return ioctl(sck, cmd, struct.pack("16s16x", iff.encode("utf8")))
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
OSError: [Errno 19] No such device

Is there an existing issue for this?

• I have searched the existing issues

Description

When the server is started, it doesn't create a connection to the Redis server by default. The connection to Redis is created when a subscriber connects, but not when a publisher connects.

System information

1. Kali Linux
2. 2023.3
3. Raspberry Pi 4

Actual Behavior

• ASGI sever is started without errors.
• Sniffer connects to the server.
• Sniffer sends data through socket.
• Publisher receives data through socket from Sniffer, but as soon as it tries to send data to Redis channel it fails due to the fact that the connection to Redis was never created.

Expected Behavior

Connection to Redis server needs to be created when the ASGI server is first started.

Steps To Reproduce

1. Start the Redis server
2. Start the ASGI server
3. Start the Sniffer

Anything else?

Here is a screenshot of the error.

The connection object is None due to the fact the Redis connection was never created.

Is there an existing issue for this?

• I have searched the existing issues

Description

Unhandled exception in Sniffer occurs due to improper return statement in the socket_manager.py function connect().

System information

1. Kali Linux
2. 2023.3
3. Raspberry Pi 4

Actual Behavior

After the 5th unsuccessful reconnect attempt, the unhandled Exception occurs.

Expected Behavior

The Exception shouldn't happen at all; the program should exit gracefully.

Steps To Reproduce

1. Run the Sniffer
2. Wait for the aforementioned Exception to occur.

Anything else?

Here is a screenshot of the error.

Is there an existing feature request for this?

• I have searched the existing feature requests

How badly do you need this?

• It's a deal-breaker, I can't live without it
• It would be nice to have in the future

Is your feature request related to a problem? Please describe.

No response

Describe the solution that you would like.

In addition to SSID and timestamp, PNLS could also display device manufacturer. MAC address is available during packet filtering, which means that we could get OUI and send it to the frontend.

Describe alternatives you have considered.

No response

Anything else?

No response

Is there an existing feature request for this?

• I have searched the existing feature requests

How badly do you need this?

• It's a deal-breaker, I can't live without it
• It would be nice to have in the future

Is your feature request related to a problem? Please describe.

When a large amount of data is added, it would be nice if the page would auto-scroll in order to see the latest captured information instead of standing in place, which is currently the case.

Describe the solution that you would like.

Scroll page automatically to the bottom of the page when it's updated with new information.

Describe alternatives you have considered.

No response

Anything else?

No response

Is there an existing issue for this?

• I have searched the existing issues

System information

1. Kali Linux
2. 2023.3
3. Raspberry Pi 4

Actual Behavior

If during the sniffing, the captured SSID has non-ASCII characters or to be more specific, if the characters are not UTF-8, the UnicodeDecodeError will be raised. The Error is not handled, which causes the thread to terminate.

Expected Behavior

Ignore those SSIDs and continue sniffing.

Steps To Reproduce

1. Start the Redis server
2. Start the Web server
3. Start the React server
4. Start the sniffer
5. Wait for the SSID with Non-ASCII characters to be captured.

Anything else?

Here is a screenshot of the error.

Is there an existing issue for this?

• I have searched the existing issues

System information

1. Kali Linux
2. 2023.3
3. Raspberry Pi 4

Actual Behavior

Every 50 seconds, the socket connection is closed, and its recovery is dependent on packet capturing. If the socket is closed, the sniffer won't know this until it tries to send captured data (in the try-catch block). After, the sniffer will create a new socket connection.

Expected Behavior

Keeping the connection open, reconnect if need, transparently without opening another socket.

Steps To Reproduce

1. Start the Redis server
2. Start the Web server
3. Start the React server
4. Start the sniffer
5. Wait for socket to disconnect
6. 🔁 Repeat 4 & 5

Anything else?

A Short-lived Connection should be replaced with a Long-lived Connection in the sniffer.py. It's more expensive to re-open the connection frequently than keeping the connection open.

Is there an existing feature request for this?

• I have searched the existing feature requests

How badly do you need this?

• It's a deal-breaker, I can't live without it
• It would be nice to have in the future

Is your feature request related to a problem? Please describe.

In order to reconnect the web app with the backend server, you need to refresh the page. Currently, you only get a toast notification about connection error.

Describe the solution that you would like.

It would be nice if the socket reconnection would happen automatically in the background in addition to the toast notification.

Describe alternatives you have considered.

No response

Anything else?

No response

Is there an existing issue for this?

• I have searched the existing issues

Description

When capturing Probe Requests with both, the PNLS and Airodump-ng, I've noticed that not all SSIDs are displayed on PNLS web UI.

System information

1. Kali Linux
2. 2023.3
3. Raspberry Pi 4

Actual Behavior

Some of the packets are never captured in moments of heavy packet loads.

Expected Behavior

To capture all of the packets.

Steps To Reproduce

Run the PNLS normally.

Anything else?

Scapy doesn't handle heavy loads very well because it processes packets too slowly. The load could be decreased, if you make the OS filter the packets instead of Scapy, which can be done when using the filter= argument.

Here are some useful links:

• Scapy AsyncSniffer can miss packets when many are sent
• Performance of Scapy

Is there an existing feature request for this?

• I have searched the existing feature requests

How badly do you need this?

• It's a deal-breaker, I can't live without it
• It would be nice to have in the future

Is your feature request related to a problem? Please describe.

No response

Describe the solution that you would like.

WiGLE API could be used to gather geolocation information about the captured SSIDs.

Describe alternatives you have considered.

No response

Anything else?

No response

Is there an existing issue for this?

• I have searched the existing issues

Description

An unhandled Exception occurs on the ASGI server when one of the clients closes its connection due to erroneous socket connection handle.

System information

1. Kali Linux
2. 2023.3
3. Raspberry Pi 4

Actual Behavior

• After the client socket connection is closed, an unhandled Exception occurs on the ASGI server.
  • The Exception occurs on a Thread that handles execution _pubsub_data_reader() method from WebSocketBroker class.
  • It occurs when a publisher publishes a message to the Redis channel which has a closed socket connection in its pool.

Expected Behavior

• Once the connection is closed, it should be removed from the socket pool.
• When publishing messages to a channel, sockets should be checked if they are open.

Steps To Reproduce

1. Start the Redis server
2. Start the ASGI server
3. Start the React server
   • Open another client in a new tab (this creates a new connection).
   • Close the original tab (this closes a connection).
4. Start the Sniffer

Anything else?

No response

Is there an existing feature request for this?

• I have searched the existing feature requests

How badly do you need this?

• It's a deal-breaker, I can't live without it
• It would be nice to have in the future

Is your feature request related to a problem? Please describe.

When capturing SSIDs, a lot of captured SSIDs are of the locally available network(s). If in the near vicinity of the PNLS, you have a lot of devices which are connected to the local network (e.q. My-Network) the sniffer can get flooded with My-Network SSIDs. As there is no value in capturing local SSIDs, it makes sense to remove these values. Also, filtering out these SSIDs might help with an overall performance.

Describe the solution that you would like.

Add SSID filtering to the backend. Once the SSID is captured, filter out values which are stored in the SSID filter list.

Describe alternatives you have considered.

No response

Anything else?

No response