Merge pull request #500 from kimocoder/copilot/apply-patch-changes

Apply patch.patch: Dragonblood timing attack, live hashcat progress, and security hardening

Author: kimocoder

requirements.txt

@@ -1,6 +1,6 @@
 # Core dependencies for wifite2
 # These should match pyproject.toml [project.dependencies]
-chardet>=7.0.1
+chardet>=7.4.1
 requests>=2.32.5
 rich>=14.0.0
 scapy>=2.7.0; python_version < '4'

tools/run-automation.sh

@@ -768,6 +768,35 @@ def _add_wpa_args(self, wpa):
                                             '(default: {G}%d sec{W})' % self.config.wpa_attack_timeout))
         wpa.add_argument('-wpa3-timeout', help=argparse.SUPPRESS, action='store', dest='wpa3_attack_timeout', type=int)
 
+        # Dragonblood timing attack (CVE-2019-13377)
+        wpa.add_argument('--dragonblood-timing',
+                         action='store_true',
+                         dest='dragonblood_timing',
+                         help=Color.s('Enable {C}Dragonblood timing attack{W} (CVE-2019-13377) for APs with '
+                                      'vulnerable MODP groups (22, 23, 24). Probes the AP to measure SAE '
+                                      'response latency and partitions the password search space. '
+                                      '(default: {G}off{W})'))
+        wpa.add_argument('-dragonblood-timing', help=argparse.SUPPRESS, action='store_true', dest='dragonblood_timing')
+
+        wpa.add_argument('--dragonblood-samples',
+                         action='store',
+                         dest='dragonblood_samples',
+                         metavar='[count]',
+                         type=int,
+                         help=self._verbose('Number of timing samples per password candidate '
+                                            'during Dragonblood attack. More samples improve accuracy '
+                                            'but take longer. (default: {G}3{W})'))
+        wpa.add_argument('-dragonblood-samples', help=argparse.SUPPRESS, action='store', dest='dragonblood_samples', type=int)
+
+        wpa.add_argument('--dragonblood-max',
+                         action='store',
+                         dest='dragonblood_max_passwords',
+                         metavar='[count]',
+                         type=int,
+                         help=self._verbose('Maximum number of passwords to probe during '
+                                            'Dragonblood timing attack. (default: {G}50{W})'))
+        wpa.add_argument('-dragonblood-max', help=argparse.SUPPRESS, action='store', dest='dragonblood_max_passwords', type=int)
+
         wpa.add_argument('--owe',
                          action='store_true',
                          dest='owe_filter',

wifite/args.py

@@ -3,7 +3,7 @@
 
 from ..model.attack import Attack
 from ..config import Configuration
-from ..tools.hashcat import HcxDumpTool, HcxPcapngTool, Hashcat
+from ..tools.hashcat import HcxDumpTool, HcxPcapngTool, Hashcat, HashcatCracker
 from ..util.color import Color
 from ..util.timer import Timer
 from ..util.output import OutputManager
@@ -515,7 +515,36 @@ def crack_pmkid_file(self, pmkid_file):
                 wordlist_name = os.path.basename(wordlist)
                 Color.clear_entire_line()
                 Color.pattack('PMKID', self.target, 'CRACK', 'Cracking PMKID using {C}%s{W} ...\n' % wordlist_name)
-                key = Hashcat.crack_pmkid(pmkid_file, wordlist=wordlist)
+
+                try:
+                    with HashcatCracker(pmkid_file, wordlist) as cracker:
+                        cracker.start(show_command=Configuration.verbose > 1)
+
+                        # Polling loop for progress tracking
+                        while not cracker.is_finished():
+                            status = cracker.poll_status()
+                            if self.view:
+                                self.view.update_progress({
+                                    'progress': status['progress'],
+                                    'metrics': {
+                                        'Speed': status['speed'],
+                                        'ETA': status['eta']
+                                    }
+                                })
+
+                            # Update TUI status line periodically (approx every 2 seconds)
+                            # We use a simple sleep since this is a dedicated attack thread
+                            time.sleep(2)
+
+                        key = cracker.get_result()
+                except KeyboardInterrupt:
+                    return self._handle_hashcat_failure(
+                        '\n{!} {R}Failed to crack PMKID: {O}Cracking interrupted by user{W}'
+                    )
+                except Exception as e:
+                    log_error('AttackPMKID', f'Error during hashcat polling: {e}')
+                    continue
+
                 if key is not None:
                     break
                 Color.pl('{!} {O}%s did not contain password{W}' % wordlist_name)

wifite/attack/pmkid.py

@@ -364,20 +364,38 @@ def get_validation_results(self) -> List[ValidationResult]:
         """
         return self.validation_results.copy()
 
+    def clear_credentials(self):
+        """Overwrite all stored credential data in memory to prevent leakage."""
+        # Overwrite passwords in validation results
+        for result in self.validation_results:
+            if result.submission.password:
+                result.submission.password = '\x00' * len(result.submission.password)
+                result.submission.password = ''
+        # Overwrite passwords in pending submissions
+        for submission in self.pending_submissions.values():
+            if submission.password:
+                submission.password = '\x00' * len(submission.password)
+                submission.password = ''
+        # Overwrite valid credential tuples
+        for i, (ssid, password) in enumerate(self.valid_credentials):
+            self.valid_credentials[i] = (ssid, '\x00' * len(password))
+        self.valid_credentials.clear()
+        log_info('CredentialHandler', 'Credential data cleared from memory')
+
     def clear_statistics(self):
         """Clear all statistics and results."""
+        self.clear_credentials()
         self.validation_results.clear()
-        self.valid_credentials.clear()
         self.client_attempts.clear()
         self.client_last_attempt.clear()
-        
+
         self.total_submissions = 0
         self.total_validations = 0
         self.successful_validations = 0
         self.failed_validations = 0
-        
+
         log_info('CredentialHandler', 'Statistics cleared')
-    
+
     def __str__(self):
         stats = self.get_statistics()
         return (f'CredentialHandler: {stats["total_submissions"]} submissions, '

wifite/attack/portal/credential_handler.py

@@ -3,7 +3,7 @@
 
 from ..model.attack import Attack
 from ..tools.aircrack import Aircrack
-from ..tools.hashcat import Hashcat
+from ..tools.hashcat import Hashcat, HashcatCracker, HcxDumpTool, HcxPcapngTool
 from ..tools.airodump import Airodump
 from ..tools.aireplay import Aireplay
 from ..config import Configuration
@@ -413,7 +413,37 @@ def run(self):
                 })
 
             try:
-                key = Hashcat.crack_handshake(handshake, target_is_wpa3_sae, show_command=Configuration.verbose > 1, wordlist=wordlist)
+                # Use the new HashcatCracker for non-blocking execution and progress polling
+                # First, generate the hash file (we use the existing HcxPcapngTool logic via a helper)
+                hash_file = HcxPcapngTool.generate_hash_file(handshake, target_is_wpa3_sae, show_command=Configuration.verbose > 1)
+
+                if hash_file is None:
+                    # Fallback to aircrack-ng if hash file generation failed
+                    key = Hashcat.crack_handshake(handshake, target_is_wpa3_sae, show_command=Configuration.verbose > 1, wordlist=wordlist)
+                else:
+                    try:
+                        with HashcatCracker(hash_file, wordlist, target_is_wpa3_sae=target_is_wpa3_sae) as cracker:
+                            cracker.start(show_command=Configuration.verbose > 1)
+
+                            while not cracker.is_finished():
+                                status = cracker.poll_status()
+                                if self.view:
+                                    self.view.update_progress({
+                                        'progress': status['progress'],
+                                        'metrics': {
+                                            'Speed': status['speed'],
+                                            'ETA': status['eta']
+                                        }
+                                    })
+                                time.sleep(2)
+
+                            key = cracker.get_result()
+                    finally:
+                        if hash_file and os.path.exists(hash_file):
+                            try:
+                                os.remove(hash_file)
+                            except OSError:
+                                pass
             except ValueError as e: # Catch errors from hash file generation (e.g. bad capture)
                 error_msg = f"Error during hash file generation for cracking: {e}"
                 Color.pl(f"[!] {error_msg}")