Automatic change of WPA2-password (preshared key) on a Wi-Fi router

Task

- generation of 8-digit number and automatic installation as a WPA2-password on a Wi-Fi router once a week
- sending a new password by email
- create html-page with a password

There is

- Linux with an installed web server (the web server will give this page /opt/company/wifi-guest/index.html) and access to a Wi-Fi point via a proxy (proxy address proxy.company.lan: 3128)
- Wi-Fi router TP-LINK WR1043ND (address of the access point ggw.company.lan )
- smtp-server (server address 10.10.10.10, outgoing address - notificaions@company.com, recipient address admins@company.com)

For the solution will require

- Firefox with HttpFox plugin
- curl
- bash script

Decision

1. Using the HttpFox plugin, we get a POST or GET request performed by the browser to change the password and reboot. In the case of our router, these will be GET requests of the form:

  "http: //$http_url/userRpm/WlanSecurityRpm.htm? wepSecOpt = 3 and wpaSecOpt = 3 

and

  "http: //$http_url/userRpm/SysRebootRpm.htm? Reboot = Reboot" 

2. Using curl and the above GET requests we get html pages that the router returns if the command is successful. From these pages we take the lines that we will consider unique to determine the success of the execution of commands. For example, to set a password:

  "location.href =" / userRpm / WlanSecurityRpm.htm ";" 

- and to reboot:

  "<TD class = h2 id =" t_restart "> Restarting ... </ TD>" 

3. Substitute these values ​​into the bash script and include the script in cron to run once a week.
4. We test start of start of script manually.
5. Done!
')

#!/bin/bash -e # Description: script is purposed for automatic changing WPA2 key on TP-LINK WR1043ND (Wi-Fi router) using curl # Common variables proxy_url=proxy.company.lan:3128 proxy_username=proxy-user proxy_password=proxy-pass http_url=ggw.company.lan http_username=http-user http_password=http-pass # Define email message title smtp_title="Guest Wi-Fi password has been changed" # Define smtp server and email addresses smtp_server=10.10.10.10 smtp_send_from=notificaions@company.com smtp_send_to=admins@company.com smtp_links="Password link: http://wifi-guest.company.lan\nAdmin link: http://$http_url" webpage_path=/opt/company/wifi-guest/index.html # Special variables set_password_successfuly='location.href="/userRpm/WlanSecurityRpm.htm";' perform_reboot_successfuly='<TD class=h2 id="t_restart">Restarting...</TD>' stat_begin='^var hostList = new Array\($' stat_end='.*\);' # Core variables CURL="curl --silent --proxy $proxy_url --proxy-user $proxy_username:$proxy_password --user $http_username:$http_password" # Generate 8-digit password (from 00000000 to 99999999) NEW_WPA_PASSWORD=$( printf "%04d%04d" $(($RANDOM%10000)) $(($RANDOM%10000)) ) # Date and time DATE_TIME="$(date +"%F %T")" # Set password $CURL "http://$http_url/userRpm/WlanSecurityRpm.htm?wepSecOpt=3&wpaSecOpt=3&wpaCipher=1&intervalWpa=0&secType=3&pskSecOpt=3&pskCipher=1&interval=0&Save=Save&pskSecret=$NEW_WPA_PASSWORD" | grep "$set_password_successfuly" > /dev/null && SET_PASS="OK" || SET_PASS="ERR" [[ $SET_PASS != "OK" ]] && echo "Set password error" && exit 1 # Reboot $CURL "http://$http_url/userRpm/SysRebootRpm.htm?Reboot=Reboot" | grep "$perform_reboot_successfuly" > /dev/null && REBOOT="OK" || REBOOT="ERR" [[ $REBOOT != "OK" ]] && echo "Reboot error" && exit 1 # Update web page echo " <html> <head> <meta http-equiv=\"Pragma\" content=\"no-cache\"> <meta http-equiv=\"Cache-Control\" content=\"no-cache\"> </head> <body> <center> <p>New Wi-Fi password:<br>$NEW_WPA_PASSWORD</p> <p>Generated: $DATE_TIME</p> </center> </body> </html> " > $webpage_path # Send password and statistics to admins wifi_stat=$($CURL "http://$http_url/userRpm/WlanStationRpm.htm" | awk "/$stat_begin/,/$stat_end/") smtp_message="New Wi-Fi password: $NEW_WPA_PASSWORD\n\nWi-Fi statistics:\n$wifi_stat\n\n$smtp_links" echo -e "$smtp_message" | \ env smtp=$smtp_server from=$smtp_send_from \ /usr/bin/mail -v \ -s "$smtp_title" \ $smtp_send_to 

PS: source = "bash" for some reason did not color the script.

UPDATE : fixed vulnerable generator.

It was (get only 32768 password options):

 NUMPASS_MIN=10000000 NUMPASS_MAX=99999999 NEW_WPA_PASSWORD="$(( ($RANDOM*($NUMPASS_MAX-$NUMPASS_MIN)/32767)+$NUMPASS_MIN ))" 

It became (now all variants of 8-digit passwords are possible):

 NEW_WPA_PASSWORD=$( printf "%04d%04d" $(($RANDOM%10000)) $(($RANDOM%10000)) )