def answerUDP(self, packet):
# print(udp_color + 'New udp client:')
# packet.summary()
# print(reset_color, end="")
dst_port = packet.sport
src_port = packet.dport
victim_ip = packet['IP'].src
my_ip = packet['IP'].dst
service = self.port_mapper[str(src_port) + "False"]
if self.subscribers and victim_ip in self.subscribers[
0].white_list or victim_ip in self.subscribers[0].black_list:
return
# TODO identify UDP -sV packet
# if not self.os_spoofer and self.os_spoofer.personality_fingerprint:
# self.publish(Event(EventTypes.UDPOpenHit, victim_ip))
ip = IP(src=my_ip, dst=victim_ip)
udp = UDP(sport=src_port, dport=dst_port)
payload = service.genRegexString()
udp_main = ip / udp / payload
# print(udp_color, end="")
if SessionManager.getInstance().is_android:
ether = Ether(src=packet['Ether'].dst,
dst=packet['Ether'].src,
type=0x800)
sendp(ether / udp_main, iface=self.interfaces[0])
else:
send(udp_main, verbose=False)
# print(udp_color + 'udp client done' + reset_color)
return ""
def __init__(self, con, cur):
""" Virtually private constructor. """
if EPSController.__instance != None:
raise Exception("This class is a singleton!")
else:
EPSController.__instance = self
self.con = con
self.cur = cur
self.sm = SessionManager.getInstance()
def _stopIpTables(self):
if SessionManager.getInstance().is_android:
iptables = '/system/bin/iptables'
else:
iptables = 'iptables'
for service in self.services:
if service.tcp:
set_iptable = iptables + ' -D OUTPUT -p tcp --tcp-flags RST RST --sport ' + str(
service.port) + ' -j DROP'
elif service.udp:
set_iptable = iptables + ' -D OUTPUT -p icmp --icmp-type destination-unreachable -j DROP'
os.system(set_iptable)
def answerTCP(self, packet):
try:
# print(tcp_color + 'New tcp client:')
# packet.show()
# print(reset_color, end="")
dport = packet.sport
sport = packet.dport
SeqNr = packet.seq
AckNr = packet.seq + 1
my_mac = packet['Ether'].dst
victim_mac = packet['Ether'].src
victim_ip = packet['IP'].src
my_ip = packet['IP'].dst
service = self.port_mapper[str(sport) + "True"]
if self.subscribers and victim_ip in self.subscribers[
0].white_list or victim_ip in self.subscribers[
0].black_list:
return
# Let os_spoofer handle publishing if able to
'''
if not self.os_spoofer:
is_nmap = False
is_sv = False
try:
if packet['TCP'].window == 64240 and \
(('MSS', 1460) == packet['TCP'].options[0]) and \
(('WScale', 8) == packet['TCP'].options[-1]):
self.publish(Event(EventTypes.ServiceVersionScan, victim_ip))
is_sv = True
except:
pass
try:
if packet['TCP'].window == 1024 and \
packet['TCP'].options == [('MSS', 1460)] and \
packet['IP'].flags == 0:
self.publish(Event(EventTypes.TCPScan, victim_ip))
is_nmap = True
except:
pass
if not is_nmap and not is_sv:
self.publish(Event(EventTypes.TCPOpenHit, victim_ip))
'''
# send syn ack
ip = IP(src=my_ip, dst=victim_ip)
ether = Ether(src=my_mac, dst=victim_mac, type=0x800)
tcp_synack = TCP(sport=sport,
dport=dport,
flags="SA",
seq=SeqNr,
ack=AckNr,
options=[('MSS', 1460)])
handshake = ip / tcp_synack
if SessionManager.getInstance().is_android:
handshake = ether / handshake
# print(tcp_color+"sending synack", end="")
if self.os_spoofer and self.os_spoofer.personality_fingerprint:
handshake = self.os_spoofer.handleTCP(packet, handshake)
if not handshake:
return
if SessionManager.getInstance().is_android:
ANSWER = srp1(handshake, timeout=8, iface=self.interfaces[0])
else:
ANSWER = sr1(handshake, timeout=8, verbose=0)
# print("\ngot it"+reset_color)
if not ANSWER:
# print(red + "TIMEOUT on syn ack" + reset_color)
return ""
# Capture next TCP packet if the client talks first
# GEThttp = sniff(filter="tcp and src host "+str(victim_ip)+" and port "+str(server_port),count=1)
# GEThttp = GEThttp[0]
# AckNr = AckNr+len(GEThttp['Raw'].load)
# send psh ack (main tcp packet)
SeqNr += 1
# payload="HTTP/1.1 200 OK\x0d\x0aDate: Wed, 29 Sep 2010 20:19:05 GMT\x0d\x0aServer: Testserver\x0d\x0aConnection: Keep-Alive\x0d\x0aContent-Type: text/html; charset=UTF-8\x0d\x0aContent-Length: 291\x0d\x0a\x0d\x0a<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0//EN\"><html><head><title>Testserver</title></head><body bgcolor=\"black\" text=\"white\" link=\"blue\" vlink=\"purple\" alink=\"red\"><p><font face=\"Courier\" color=\"blue\">-Welcome to test server-------------------------------</font></p></body></html>"
payload = service.genRegexString()
tcp_pshack = TCP(sport=sport,
dport=dport,
flags="PA",
seq=SeqNr,
ack=AckNr,
options=[('MSS', 1460)])
tcp_main = ip / tcp_pshack / payload
if SessionManager.getInstance().is_android:
tcp_main = ether / tcp_main
# print(tcp_color, end="")
if SessionManager.getInstance().is_android:
ACKDATA = srp1(tcp_main, timeout=5, iface=self.interfaces[0])
else:
ACKDATA = sr1(tcp_main, timeout=5, verbose=0)
# print(reset_color, end="")
if not ACKDATA:
# print(red + "TIMEOUT on ack data" + reset_color)
return ""
# send fin
SeqNr = ACKDATA.ack
tcp_fin_ack = TCP(sport=sport,
dport=dport,
flags="FA",
seq=SeqNr,
ack=AckNr,
options=[('MSS', 1460)])
# print(tcp_color, end="")
goodbye = ether / ip / tcp_fin_ack
if SessionManager.getInstance().is_android:
sendp(goodbye, iface=self.interfaces[0])
else:
send(goodbye, verbose=0)
print(tcp_color + 'tcp client done' + reset_color)
except Exception as e:
print("TCP ERR", e)
traceback.print_exec()
return ""
def __init__(self,
interface_list,
os_id='',
service_list='',
ignore='',
security_level=1,
log_dir=None,
kill_file='',
white_list='',
black_list='',
trusted=False,
trusted_file=''):
if os_id == None:
os_id = ''
if service_list == None:
service_list = ''
if ignore == None:
ignore = ''
if log_dir == None:
log_dir = os.path.dirname(sys.argv[0]) + '/logs'
if kill_file == None:
kill_file = ''
if security_level == None:
security_level = 1
if white_list == None:
white_list = ''
if black_list == None:
black_list = ''
if trusted == None:
trusted = False
if trusted_file == None:
trusted_file = ''
self.interface_list = interface_list.split(',')
self.os_id = os_id
self.service_list = service_list
self.services = self.service_list.split(';')
self.ignore = ignore.split(',')
self.kill_file = kill_file
self.log_dir = log_dir
self.security_level = int(security_level)
self.white_list = white_list.split(',')
self.black_list = black_list.split(',')
if trusted and not trusted_file:
trusted_file = os.path.dirname(
sys.argv[0]) + '/settings/Default/trusted.csv'
if trusted_file:
open(trusted_file, 'a+').close()
# TODO V&V inputs
if self.kill_file:
w = open(self.kill_file + ".good", "w+")
w.write("nothing gold can stay")
w.close()
if not self.interface_list[-1]:
self.interface_list = self.interface_list[:-1]
if not self.white_list[-1]:
self.white_list = self.white_list[:-1]
if not self.black_list[-1]:
self.black_list = self.black_list[:-1]
if not self.services[-1]:
self.services = self.services[:-1]
if not self.ignore[-1]:
self.ignore = self.ignore[:-1]
self.os_spoofer = None
self.service_spoofer = None
if self.security_level:
self.ids = IDS(self.log_dir, self.security_level, self.white_list,
self.black_list)
#if self.os_id:
self.os_spoofer = OsSpoofer(self.interface_list, self.os_id,
self.ignore, self.services, trusted_file)
if self.security_level:
self.os_spoofer.addSubscriber(self.ids)
print(str(self.os_spoofer))
if self.service_list:
self.service_spoofer = ServiceSpoofer(self.interface_list,
self.services,
self.os_spoofer)
if self.security_level:
self.service_spoofer.addSubscriber(self.ids)
if self.os_spoofer:
self.os_spoofer.start()
if self.service_spoofer:
self.service_spoofer.start()
#'''
# Normal mode
while True if not self.kill_file else not os.path.isfile(
self.kill_file):
try:
time.sleep(5)
except:
break
if self.kill_file:
os.remove(self.kill_file)
os.remove(self.kill_file + ".good")
# '''
'''
# Testing mode
time.sleep(5)
OhHoney.scpNmap(self.os_spoofer, True, self.log_file)
#time.sleep(3)
#print('____________________FIRST ROUND DONE______________________')
#OhHoney.scpNmap(self.os_spoofer, True, self.log_file)
#time.sleep(3)
#print('____________________SECOND ROUND DONE______________________')
#OhHoney.scpNmap(self.os_spoofer, True)
# '''
if self.os_spoofer:
self.os_spoofer.stop()
if self.service_spoofer:
self.service_spoofer.stop()
if self.ids and not SessionManager.getInstance().is_android:
self.ids.clearIptables()
print('ALL DONE')
