Beispiel #1
0
    def test_usb_tethering_over_wifi(self):
        """Tests USB tethering over wifi.

    Steps:
    1. Connects to a wifi network
    2. Enables USB tethering
    3. Verifies wifi is preferred upstream over data connection
    """

        wutils.start_wifi_connection_scan_and_ensure_network_found(
            self.dut, self.wifi_network[SSID])
        wutils.wifi_connect(self.dut, self.wifi_network)
        wifi_network = self.dut.droid.connectivityGetActiveNetwork()
        self.log.info("wifi network %s" % wifi_network)

        iflist_before = get_if_list()
        nutils.start_usb_tethering(self.dut)
        self.USB_TETHERED = True
        self.iface = nutils.wait_for_new_iface(iflist_before)
        self.real_hwaddr = get_if_raw_hwaddr(self.iface)

        output = self.dut.adb.shell(DUMSYS_CMD)
        for line in output.split("\n"):
            if UPSTREAM_WANTED_STRING in line:
                asserts.assert_true("true" in line,
                                    "Upstream interface is not active")
                self.log.info("Upstream interface is active")
            if CURRENT_UPSTREAM_STRING in line:
                asserts.assert_true("wlan" in line, "WiFi is not the upstream "
                                    "interface")
                self.log.info("WiFi is the upstream interface")
Beispiel #2
0
def cmd_dhcp_discover(iface, timeout, verbose):
    """Send a DHCP request and show what devices has replied.

    Note: Using '-v' you can see all the options (like DNS servers) included on the responses.

    \b
    # habu.dhcp_discover
    Ether / IP / UDP 192.168.0.1:bootps > 192.168.0.5:bootpc / BOOTP / DHCP
    """

    conf.verb = False

    if iface:
        conf.iface = iface

    conf.checkIPaddr = False

    hw = get_if_raw_hwaddr(conf.iface)

    ether = Ether(dst="ff:ff:ff:ff:ff:ff")
    ip = IP(src="0.0.0.0",dst="255.255.255.255")
    udp = UDP(sport=68,dport=67)
    bootp = BOOTP(chaddr=hw)
    dhcp = DHCP(options=[("message-type","discover"),"end"])

    dhcp_discover = ether / ip / udp / bootp / dhcp

    ans, unans = srp(dhcp_discover, multi=True, timeout=5)      # Press CTRL-C after several seconds

    for _, pkt in ans:
        if verbose:
            print(pkt.show())
        else:
            print(pkt.summary())
Beispiel #3
0
def test_dhcp(*args):
    """

    from scapy/docs/usage
    """

    from scapy.all import conf
    conf.checkIPaddr = False

    iface = conf.iface

    fam, hw = get_if_raw_hwaddr(iface)
    dhcp_discover = (
        Ether(dst="ff:ff:ff:ff:ff:ff") /
        IP(src="0.0.0.0", dst="255.255.255.255") /
        UDP(sport=68, dport=67) /
        BOOTP(chaddr=hw) /
        DHCP(options=[("message-type","discover"),"end"])
    )
    ans, unans = srp(dhcp_discover, multi=True, timeout=30, iface=iface)
    # Press CTRL-C after several seconds

    for p in ans:
        print( p[1][Ether].src, p[1][IP].src )

    raise Exception()
Beispiel #4
0
def cmd_dhcp_discover(iface, timeout, verbose):
    """Send a DHCP request and show what devices has replied.

    Note: Using '-v' you can see all the options (like DNS servers) included on the responses.

    \b
    # habu.dhcp_discover
    Ether / IP / UDP 192.168.0.1:bootps > 192.168.0.5:bootpc / BOOTP / DHCP
    """

    conf.verb = False

    if iface:
        conf.iface = iface

    conf.checkIPaddr = False

    hw = get_if_raw_hwaddr(conf.iface)

    ether = Ether(dst="ff:ff:ff:ff:ff:ff")
    ip = IP(src="0.0.0.0", dst="255.255.255.255")
    udp = UDP(sport=68, dport=67)
    bootp = BOOTP(chaddr=hw)
    dhcp = DHCP(options=[("message-type", "discover"), "end"])

    dhcp_discover = ether / ip / udp / bootp / dhcp

    ans, unans = srp(dhcp_discover, multi=True,
                     timeout=5)  # Press CTRL-C after several seconds

    for _, pkt in ans:
        if verbose:
            print(pkt.show())
        else:
            print(pkt.summary())
Beispiel #5
0
def main():
    """
        Entry point
    """
    # Parsing command line
    parser = OptionParser()
    parser.add_option("-t", "--timeout", type="float", dest="timeout",
                      default=1,
                      help="timeout in seconds for waiting answers",
                      metavar="TIME")
    (options, args) = parser.parse_args()

    conf.checkIPaddr = False
    fam, hw = get_if_raw_hwaddr(conf.iface)
    mac = ":".join(map(lambda x: "%.02x" % ord(x), list(hw)))
    print 'Requesting DHCP servers for', mac
    ether = Ether(dst="ff:ff:ff:ff:ff:ff", src=hw)
    ip = IP(src="0.0.0.0", dst="255.255.255.255")
    udp = UDP(sport=68, dport=67)
    bootp = BOOTP(chaddr=hw)
    dhcp = DHCP(options=[("message-type", "discover"), "end"])
    dhcp_discover = ether / ip / udp / bootp / dhcp
    ans, unans = srp(dhcp_discover, multi=True, timeout=options.timeout)
    print 'Discovered DHCP servers:'
    for p in ans:
        print p[1][Ether].src, p[1][IP].src
Beispiel #6
0
def check_dhcp_on_eth(iface, timeout):
    """Check if there is roque dhcp server in network on given iface
        @iface - name of the ethernet interface
        @timeout - scapy timeout for waiting on response
    >>> check_dhcp_on_eth('eth1')
    """

    scapy.conf.iface = iface

    scapy.conf.checkIPaddr = False
    dhcp_options = [("message-type", "discover"),
                    ("param_req_list", utils.format_options(
                        [1, 2, 3, 4, 5, 6,
                         11, 12, 13, 15, 16, 17, 18, 22, 23,
                         28, 40, 41, 42, 43, 50, 51, 54, 58, 59, 60, 66, 67])),
                    "end"]

    fam, hw = scapy.get_if_raw_hwaddr(iface)
    dhcp_discover = (
        scapy.Ether(src=hw, dst="ff:ff:ff:ff:ff:ff") /
        scapy.IP(src="0.0.0.0", dst="255.255.255.255") /
        scapy.UDP(sport=68, dport=67) /
        scapy.BOOTP(chaddr=hw) /
        scapy.DHCP(options=dhcp_options))
    ans, unans = scapy.srp(dhcp_discover, multi=True,
                           nofilter=1, timeout=timeout, verbose=0)
    return ans
Beispiel #7
0
    def craft_dhcp_request(self, hw=None):
        """Generates a DHCPREQUEST packet
        
        Args:
            hw (str|bytes, optional): Defaults to MAC of Scapy's `conf.iface`.
                Client MAC address to place in `chaddr`.
        
        Returns:
            scapy.layers.inet.IP: DHCPREQUEST packet

        https://www.freesoft.org/CIE/RFC/2131/24.htm
        """

        if not hw:
            _, hw = get_if_raw_hwaddr(conf.iface)
        else:
            hw = mac_str_to_bytes(hw)

        # server identifier => DHCP server that sent the DHCPOFFER
        # Client inserts the address of the selected server in 'server
        # identifier', 'ciaddr' MUST be zero, 'requested IP address' MUST be
        # filled in with the yiaddr value from the chosen DHCPOFFER.
        options = [("message-type", "request"), ("server_id", self.server_id),
                   ("requested_addr", self.offered_address), "end"]
        dhcp_request = (IP(src="0.0.0.0", dst="255.255.255.255") /
                        UDP(sport=68, dport=67) /
                        BOOTP(chaddr=hw, xid=self.xid, flags=0x8000) /
                        DHCP(options=options))
        # TODO: param req list
        if settings.DEBUG:
            print(dhcp_request.show())
        return dhcp_request
Beispiel #8
0
def cmd_dhcp_discover(iface, timeout, verbose):

    conf.verb = False

    if iface:
        conf.iface = iface

    conf.checkIPaddr = False

    hw = get_if_raw_hwaddr(conf.iface)

    ether = Ether(dst="ff:ff:ff:ff:ff:ff")
    ip = IP(src="0.0.0.0",dst="255.255.255.255")
    udp = UDP(sport=68,dport=67)
    bootp = BOOTP(chaddr=hw)
    dhcp = DHCP(options=[("message-type","discover"),"end"])

    dhcp_discover = ether / ip / udp / bootp / dhcp

    ans, unans = srp(dhcp_discover, multi=True, timeout=5)      # Press CTRL-C after several seconds

    for _, pkt in ans:
        if verbose:
            print(pkt.show())
        else:
            print(pkt.summary())
Beispiel #9
0
def check_dhcp_request(iface, server, range_start, range_end, timeout=5):
    """Provide interface, server endpoint and pool of ip adresses
        Should be used after offer received
        >>> check_dhcp_request('eth1','10.10.0.5','10.10.0.10','10.10.0.15')
    """

    scapy.conf.iface = iface

    scapy.conf.checkIPaddr = False

    fam, hw = scapy.get_if_raw_hwaddr(iface)

    ip_address = next(utils.pick_ip(range_start, range_end))

    # note lxc dhcp server does not respond to unicast
    dhcp_request = (scapy.Ether(src=hw, dst="ff:ff:ff:ff:ff:ff") /
                    scapy.IP(src="0.0.0.0", dst="255.255.255.255") /
                    scapy.UDP(sport=68, dport=67) /
                    scapy.BOOTP(chaddr=hw) /
                    scapy.DHCP(options=[("message-type", "request"),
                                        ("server_id", server),
                                        ("requested_addr", ip_address),
                                        "end"]))
    ans, unans = scapy.srp(dhcp_request, nofilter=1, multi=True,
                           timeout=timeout, verbose=0)
    return ans
Beispiel #10
0
def check_dhcp_on_eth(iface, timeout):
    """Check if there is roque dhcp server in network on given iface
        @iface - name of the ethernet interface
        @timeout - scapy timeout for waiting on response
    >>> check_dhcp_on_eth('eth1')
    """

    scapy.conf.iface = iface

    scapy.conf.checkIPaddr = False
    dhcp_options = [("message-type", "discover"),
                    ("param_req_list",
                     utils.format_options([
                         1, 2, 3, 4, 5, 6, 11, 12, 13, 15, 16, 17, 18, 22, 23,
                         28, 40, 41, 42, 43, 50, 51, 54, 58, 59, 60, 66, 67
                     ])), "end"]

    fam, hw = scapy.get_if_raw_hwaddr(iface)
    dhcp_discover = (scapy.Ether(src=hw, dst="ff:ff:ff:ff:ff:ff") /
                     scapy.IP(src="0.0.0.0", dst="255.255.255.255") /
                     scapy.UDP(sport=68, dport=67) / scapy.BOOTP(chaddr=hw) /
                     scapy.DHCP(options=dhcp_options))
    ans, unans = scapy.srp(dhcp_discover,
                           multi=True,
                           nofilter=1,
                           timeout=timeout,
                           verbose=0)
    return ans
Beispiel #11
0
def get_mac(interface: str) -> str:
    """ Get the mac address for a specified interface """
    try:
        mac = get_if_hwaddr(interface)
    except Scapy_Exception:
        mac = ":".join(
            format(x, "02x") for x in get_if_raw_hwaddr(interface)[1])
    return mac
Beispiel #12
0
def build_msg(opts):
    conf.checkIPaddr = False
    msg_flag = 0
    import sys
    if sys.platform != "darwin":
        fam, hw = get_if_raw_hwaddr(str(world.cfg["iface"]))
    else:
        # TODO fix this for MAC OS, this is temporary quick fix just for my local system
        hw = convert_MAC("0a:00:27:00:00:00")
    tmp_hw = None

    # we need to choose if we want to use chaddr, or client id.
    # also we can include both: client_id and chaddr
    if world.cfg["values"]["chaddr"] is None or world.cfg["values"][
            "chaddr"] == "default":
        tmp_hw = hw
    elif world.cfg["values"]["chaddr"] == "empty":
        tmp_hw = convert_MAC("00:00:00:00:00:00")
    else:
        tmp_hw = convert_MAC(world.cfg["values"]["chaddr"])

    if world.cfg["values"]["broadcastBit"]:
        # value for setting 1000 0000 0000 0000 in bootp message in field 'flags' for broadcast msg.
        msg_flag = 32768
    else:
        msg_flag = 0

    msg = Ether(dst="ff:ff:ff:ff:ff:ff", src=hw)
    msg /= IP(
        src=world.cfg["source_IP"],
        dst=world.cfg["destination_IP"],
    )
    msg /= UDP(sport=world.cfg["source_port"],
               dport=world.cfg["destination_port"])
    msg /= BOOTP(chaddr=tmp_hw,
                 giaddr=world.cfg["values"]["giaddr"],
                 flags=msg_flag,
                 hops=world.cfg["values"]["hops"])

    # BOOTP requests can be optionless
    if len(opts) > 0:
        opts += ["end"]  # end option
        msg /= DHCP(options=opts)

    #transaction id
    if world.cfg["values"]["tr_id"] is None:
        msg.xid = randint(0, 256 * 256 * 256)
    else:
        msg.xid = int(world.cfg["values"]["tr_id"])
    world.cfg["values"]["tr_id"] = msg.xid

    msg.siaddr = world.cfg["values"]["siaddr"]
    msg.ciaddr = world.cfg["values"]["ciaddr"]
    msg.yiaddr = world.cfg["values"]["yiaddr"]
    msg.htype = world.cfg["values"]["htype"]
    return msg
 def run(self):
     baseip = ".".join(self.router.split('.')[0:-1]) + '.'
     targetip = baseip+self.last
     confs.checkIPaddr = False
     hw = get_if_raw_hwaddr(confs.iface)
     dhcp_discover =  Ether(src=RandMAC(),dst="ff:ff:ff:ff:ff:ff")/\
             IP(src="0.0.0.0",dst="255.255.255.255")/\
             UDP(sport=68, dport=67)/\
             BOOTP(chaddr=RandString(RandNum(1,50)))/\
             DHCP(options=[("message-type","discover"),"end"])
     sendp(dhcp_discover, verbose=0)
Beispiel #14
0
def build_msg(opts):
    conf.checkIPaddr = False
    msg_flag = 0
    import sys
    if sys.platform != "darwin":
        fam, hw = get_if_raw_hwaddr(str(world.cfg["iface"]))
    else:
        # TODO fix this for MAC OS, this is temporary quick fix just for my local system
        hw = convert_MAC("0a:00:27:00:00:00")
    tmp_hw = None

    # we need to choose if we want to use chaddr, or client id.
    # also we can include both: client_id and chaddr
    if world.cfg["values"]["chaddr"] is None or world.cfg["values"]["chaddr"] == "default":
        tmp_hw = hw
    elif world.cfg["values"]["chaddr"] == "empty":
        tmp_hw = convert_MAC("00:00:00:00:00:00")
    else:
        tmp_hw = convert_MAC(world.cfg["values"]["chaddr"])

    if world.cfg["values"]["broadcastBit"]:
        # value for setting 1000 0000 0000 0000 in bootp message in field 'flags' for broadcast msg.
        msg_flag = 32768
    else:
        msg_flag = 0

    msg = Ether(dst="ff:ff:ff:ff:ff:ff",
                src=hw)
    msg /= IP(src=world.cfg["source_IP"],
              dst=world.cfg["destination_IP"],)
    msg /= UDP(sport=world.cfg["source_port"], dport=world.cfg["destination_port"])
    msg /= BOOTP(chaddr=tmp_hw,
                 giaddr=world.cfg["values"]["giaddr"],
                 flags=msg_flag,
                 hops=world.cfg["values"]["hops"])

    # BOOTP requests can be optionless
    if len(opts) > 0:
        opts += ["end"]  # end option
        msg /= DHCP(options=opts)

    #transaction id
    if world.cfg["values"]["tr_id"] is None:
        msg.xid = randint(0, 256*256*256)
    else:
        msg.xid = int(world.cfg["values"]["tr_id"])
    world.cfg["values"]["tr_id"] = msg.xid

    msg.siaddr = world.cfg["values"]["siaddr"]
    msg.ciaddr = world.cfg["values"]["ciaddr"]
    msg.yiaddr = world.cfg["values"]["yiaddr"]
    msg.htype = world.cfg["values"]["htype"]
    return msg
Beispiel #15
0
 def craft_discover(self, hw=None):
     """Generates a DHCPDICSOVER packet"""
     if not hw:
         _, hw = get_if_raw_hwaddr(conf.iface)
     else:
         hw = mac_str_to_bytes(hw)
     dhcp_discover = (IP(src="0.0.0.0", dst="255.255.255.255") /
                      UDP(sport=68, dport=67) /
                      BOOTP(chaddr=hw, xid=self.xid, flags=0x8000) /
                      DHCP(options=[("message-type", "discover"), "end"]))
     # TODO: param req list
     if DEBUG:
         print(dhcp_discover.show())
     return dhcp_discover
Beispiel #16
0
def main():

    iface = get_iface()
    fam, hw = get_if_raw_hwaddr(iface)

    print "sending on interface %s" % (iface)
    pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff')

    # A spoofed ARP packet with modified src protocol (IP) address
    pkt = pkt / ARP(op=2,
                    hwsrc=hw,
                    psrc='10.0.1.2',
                    hwdst='ff:ff:ff:ff:ff:ff',
                    pdst='255.255.255.255')
    pkt.show2()  # for a developed view of the assembled packet
    sendp(pkt, iface=iface, verbose=False)  # sendp works at layer 2)
Beispiel #17
0
def get_dhcp_discovery(interface, verbose=False):
    # get interface hw addr
    _, hw = get_if_raw_hwaddr(interface)

    if verbose:
        print(f"Interface: {interface} -> {hw}")

    dhcp_discovery = Ether(dst="ff:ff:ff:ff:ff:ff") / IP(
        src="0.0.0.0", dst="255.255.255.255") / UDP(
            sport=68, dport=67) / BOOTP(chaddr=hw) / DHCP(
                options=[("message-type", "discover"), "end"])

    if verbose:
        dhcp_discovery.show()

    return dhcp_discovery
Beispiel #18
0
def _get_dhcp_discover_message(iface):

    dhcp_options = [("message-type", "discover"),
                    ("param_req_list",
                     utils.format_options([
                         1, 2, 3, 4, 5, 6, 11, 12, 13, 15, 16, 17, 18, 22, 23,
                         28, 40, 41, 42, 43, 50, 51, 54, 58, 59, 60, 66, 67
                     ])), "end"]

    fam, hw = scapy.get_if_raw_hwaddr(iface)

    dhcp_discover = (scapy.Ether(src=hw, dst="ff:ff:ff:ff:ff:ff") /
                     scapy.IP(src="0.0.0.0", dst="255.255.255.255") /
                     scapy.UDP(sport=68, dport=67) / scapy.BOOTP(chaddr=hw) /
                     scapy.DHCP(options=dhcp_options))

    return dhcp_discover
Beispiel #19
0
def create_discover(options):

    opts = [("message-type","discover")]
    if options:
        opts += options
    else:
        assert False

    conf.checkIPaddr = False
    fam,hw = get_if_raw_hwaddr(conf.iface)


    discover = Ether(dst="ff:ff:ff:ff:ff:ff")/IP(src=world.cfg["rel4_addr"],dst=world.cfg["srv4_addr"])
    discover /= UDP(sport=68,dport=67)/BOOTP(chaddr=hw, giaddr="192.0.2.1")
    dhcp = DHCP(options=opts)
    discover /= dhcp
    return discover
Beispiel #20
0
def main():
    iface = get_iface()
    fam, hw = get_if_raw_hwaddr(iface)

    print "sending on interface %s" % (iface)
    pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff')
    pkt = pkt / IP(dst='255.255.255.255') / UDP(dport=67, sport=68) / BOOTP(
        op=1, chaddr=hw) / DHCP(options=[('message-type', 'request'), ('end')])
    pkt.show2()
    # Send a broadcast packet from this unknown client MAC address not present in the DHCP bindings table
    sendp(pkt, iface=iface, verbose=False)

    pkt = Ether(src=get_if_hwaddr(iface), dst='00:00:00:00:01:01')
    pkt = pkt / IP(dst='10.0.1.1') / UDP(dport=68, sport=67) / BOOTP(
        op=2, chaddr=hw) / DHCP(options=[('message-type', 'ack'), ('end')])
    pkt.show2()
    # Send an ack packet from untrusted server not presented in the DHCP trusted server IP table
    sendp(pkt, iface=iface, verbose=False)
Beispiel #21
0
def main():

    iface = get_iface()
    fam, hw = get_if_raw_hwaddr(
        iface)  # returns family and hardware address of the interface

    print "sending on interface %s" % (iface)
    pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff')

    # pkt 1: a non-DHCP pkt with src IP 0.0.0.0 to simulate a client which hasn't been assigned IP addr yet
    # DROPPED
    pkt1 = pkt / IP(src='0.0.0.0', dst='255.255.255.255') / TCP(
        dport=1234, sport=random.randint(49152, 65535))
    pkt1.show2()  # for a developed view of the assembled packet
    sendp(pkt1, iface=iface, verbose=False)  # sendp works at layer 2

    # pkt 2: a DHCP discover pkt with src IP 0.0.0.0
    # FORWARDED
    pkt2 = pkt / IP(src='0.0.0.0', dst='255.255.255.255') / UDP(
        dport=67, sport=68) / BOOTP(op=1, chaddr=hw) / DHCP(
            options=[('message-type', 'discover'), ('end')])
    pkt2.show2()
    sendp(pkt2, iface=iface, verbose=False)

    # pkt 3: a DHCP request pkt with its original src IP
    # FORWARDED
    pkt3 = pkt / IP(dst='255.255.255.255') / UDP(dport=67, sport=68) / BOOTP(
        op=1, chaddr=hw) / DHCP(options=[('message-type', 'request'), ('end')])
    pkt3.show2()
    sendp(pkt3, iface=iface, verbose=False)

    # pkt 4: a non-DHCP pkt with its original src IP
    # FORWARDED
    pkt4 = pkt / IP(dst='255.255.255.255') / TCP(
        dport=1234, sport=random.randint(49152, 65535))
    pkt4.show2()
    sendp(pkt4, iface=iface, verbose=False)

    # pkt 5: a non-DHCP pkt with spoofed src IP 10.0.1.3, which doesn't exist in the DHCP bindings table
    # DROPPED
    pkt5 = pkt / IP(src='10.0.1.3', dst='255.255.255.255') / TCP(
        dport=1234, sport=random.randint(49152, 65535))
    pkt5.show2()
    sendp(pkt5, iface=iface, verbose=False)
Beispiel #22
0
def _get_dhcp_discover_message(iface):

    dhcp_options = [("message-type", "discover"),
                    ("param_req_list", utils.format_options(
                        [1, 2, 3, 4, 5, 6,
                         11, 12, 13, 15, 16, 17, 18, 22, 23,
                         28, 40, 41, 42, 43, 50, 51, 54, 58, 59, 60, 66, 67])),
                    "end"]

    fam, hw = scapy.get_if_raw_hwaddr(iface)

    dhcp_discover = (
        scapy.Ether(src=hw, dst="ff:ff:ff:ff:ff:ff") /
        scapy.IP(src="0.0.0.0", dst="255.255.255.255") /
        scapy.UDP(sport=68, dport=67) /
        scapy.BOOTP(chaddr=hw) /
        scapy.DHCP(options=dhcp_options))

    return dhcp_discover
Beispiel #23
0
def build_msg(opts):
    conf.checkIPaddr = False
    msg_flag = 0
    fam, hw = get_if_raw_hwaddr(str(world.cfg["iface"]))
    tmp_hw = None

    # we need to choose if we want to use chaddr, or client id. 
    # also we can include both: client_id and chaddr
    if world.cfg["values"]["chaddr"] is None or world.cfg["values"]["chaddr"] == "default":
        tmp_hw = hw
    elif world.cfg["values"]["chaddr"] == "empty":
        tmp_hw = convert_MAC("00:00:00:00:00:00")
    else:
        tmp_hw = convert_MAC(world.cfg["values"]["chaddr"])

    if world.cfg["values"]["broadcastBit"]:
        # value for setting 1000 0000 0000 0000 in bootp message in field 'flags' for broadcast msg.
        msg_flag = 32768

    msg = Ether(dst = "ff:ff:ff:ff:ff:ff",
                src = hw)
    msg /= IP(src = world.cfg["source_IP"],
              dst = world.cfg["destination_IP"],)
    msg /= UDP(sport = world.cfg["source_port"], dport = world.cfg["destination_port"])
    msg /= BOOTP(chaddr = tmp_hw,
                 giaddr = world.cfg["values"]["giaddr"],
                 flags = msg_flag,
                 hops = world.cfg["values"]["hops"])

    # BOOTP requests can be optionless
    if (len(opts) > 0):
        opts += ["end"]  # end option
        msg /= DHCP(options = opts)

    msg.xid = randint(0, 256*256*256)
    msg.siaddr = world.cfg["values"]["siaddr"]
    msg.ciaddr = world.cfg["values"]["ciaddr"]
    msg.yiaddr = world.cfg["values"]["yiaddr"]

    return msg
Beispiel #24
0
    def craft_dhcp_request(self, hw=None):
        """Generates a DHCPv6 Request packet
        
        Args:
            hw (str|bytes, optional): Defaults to MAC of Scapy's `conf.iface`.
                Client MAC address to use for DUID LL.
        
        Returns:
            scapy.layers.inet.IPv6: DHCPv6 Request packet
        """
        if not hw:
            _, hw = get_if_raw_hwaddr(conf.iface)
        else:
            hw = mac_str_to_bytes(hw)

        # TODO
        # Request Message
        # - sent by clients
        # - includes a server identifier option
        # - the content of Server Identifier option must match server's DUID
        # - includes a client identifier option
        # - must include an ORO Option (even with hints) p40
        # - can includes a reconfigure Accept option indicating whether or
        #   not the client is willing to accept Reconfigure messages from
        #   the server (p40)
        # - When the server receives a Request message via unicast from a
        # client to which the server has not sent a unicast option, the server
        # discards the Request message and responds with a Reply message
        # containing Status Code option with the value UseMulticast, a Server
        # Identifier Option containing the server's DUID, the client
        # Identifier option from the client message and no other option.
        dhcp_request = (IPv6(dst="ff02::1:2") / UDP(sport=546, dport=547) /
                        DHCP6_Request(trid=self.xid) /
                        DHCP6OptServerId(duid=self.server_id) /
                        DHCP6OptElapsedTime() /
                        DHCP6OptClientId(duid=DUID_LL(lladdr=hw)) /
                        DHCP6OptIA_NA(iaid=0))
        if settings.DEBUG:
            print(dhcp_request.show())
        return dhcp_request
Beispiel #25
0
    def craft_discover(self, hw=None):
        """Generates a DHCPv6 Solicit packet
        
        Args:
            hw (str|bytes, optional): Defaults to MAC of Scapy's `conf.iface`.
                Client MAC address to use for DUID LL.
        
        Returns:
            scapy.layers.inet.IPv6: DHCPv6 Solicit packet
        """
        if not hw:
            _, hw = get_if_raw_hwaddr(conf.iface)
        else:
            hw = mac_str_to_bytes(hw)

        dhcp_solicit = (IPv6(dst="ff02::1:2") / UDP(sport=546, dport=547) /
                        DHCP6_Solicit(trid=self.xid) / DHCP6OptElapsedTime() /
                        DHCP6OptClientId(duid=DUID_LL(lladdr=hw)) /
                        DHCP6OptIA_NA(iaid=0))
        if settings.DEBUG:
            print(dhcp_solicit.show())
        return dhcp_solicit
Beispiel #26
0
    def craft_discover(self, hw=None):
        """Generates a DHCPDICSOVER packet
        
        Args:
            hw (str|bytes, optional): Defaults to MAC of Scapy's `conf.iface`.
                Client MAC address to place in `chaddr`.
        
        Returns:
            scapy.layers.inet.IP: DHCPDISCOVER packet
        """

        if not hw:
            _, hw = get_if_raw_hwaddr(conf.iface)
        else:
            hw = mac_str_to_bytes(hw)
        dhcp_discover = (IP(src="0.0.0.0", dst="255.255.255.255") /
                         UDP(sport=68, dport=67) /
                         BOOTP(chaddr=hw, xid=self.xid, flags=0x8000) /
                         DHCP(options=[("message-type", "discover"), "end"]))
        # TODO: param req list
        if settings.DEBUG:
            print(dhcp_discover.show())
        return dhcp_discover
Beispiel #27
0
from scapy.all import get_if_raw_hwaddr, Ether, IP, UDP, BOOTP, conf

netcard = raw_input("Please enter network card name: ")
fam, hw = get_if_raw_hwaddr(netcard)

bcast = Ether(dst="ff:ff:ff:ff:ff:ff")
ipbcast = IP(src='0.0.0.0', dst='255.255.255.255')
dhcpclisrvports = UDP(sport=68, dport=67)
dhcpproto = BOOTP(chaddr=hw)
pktboot = bcast / ipbcast / dhcpclisrvports / dhcpproto
conf.checkIPaddr = False
Beispiel #28
0
    except getopt.GetoptError, e:
        print str(e)
        showhelp()
        exit(1)

    opts = dict([(k.lstrip('-'), v) for (k,v) in opts])

    if 'h' in opts or len(args) != 1 or 's' not in opts:
        showhelp()
        exit(0)

    conf.iface = opts.get('i', DEFAULT_IFACE)
    ssid       = opts.get('s')
    sourcemac  = opts.get('m', None)
    start      = int(opts.get('f', 0))
    check      = int(opts.get('c', DEFAULT_CHECK))
    outf       = opts.get('o', None)
    pcapfile   = args[0]

    if sourcemac is None:
        # Get local MAC address
        sourcemac = str2mac(get_if_raw_hwaddr(conf.iface)[1])

    replypackets(pcapfile, 
                 sourcemac = sourcemac, ssid = ssid,
                 start = start, check = check, 
                 outfile = outf)

if __name__ == "__main__":
    main()
Beispiel #29
0
        exit(1)

    opts = dict([(k.lstrip('-'), v) for (k, v) in opts])

    if 'h' in opts or len(args) != 1 or 's' not in opts:
        showhelp()
        exit(0)

    conf.iface = opts.get('i', DEFAULT_IFACE)
    ssid = opts.get('s')
    sourcemac = opts.get('m', None)
    start = int(opts.get('f', 0))
    check = int(opts.get('c', DEFAULT_CHECK))
    outf = opts.get('o', None)
    pcapfile = args[0]

    if sourcemac is None:
        # Get local MAC address
        sourcemac = str2mac(get_if_raw_hwaddr(conf.iface)[1])

    replypackets(pcapfile,
                 sourcemac=sourcemac,
                 ssid=ssid,
                 start=start,
                 check=check,
                 outfile=outf)


if __name__ == "__main__":
    main()
Beispiel #30
0
__author__ = 'Yuxibro'

import logging
#import socket
logging.getLogger("scapy").setLevel(1)
from scapy.all import conf, sendp, srp1, sniff, Ether, IP, ARP, UDP, BOOTP, DHCP, get_if_raw_hwaddr
fam, hw = get_if_raw_hwaddr(conf.iface)

#sendp(Ether(dst="ff:ff:ff:ff:ff:ff")/IP(src="0.0.0.0",dst="255.255.255.255")/UDP(sport=68,dport=67)/BOOTP(chaddr=hw)/DHCP(options=[("message-type","discover")]),count=1)
sendp(Ether(dst="ff:ff:ff:ff:ff:ff") /
      IP(src="0.0.0.0", dst="255.255.255.255") / UDP(sport=68, dport=67) /
      BOOTP(chaddr=hw) / DHCP(options=[("message-type", 1)]),
      count=1)
Beispiel #31
0
def set_up_sul(opts):
    if ('h' in opts or 'i' not in opts or 't' not in opts or 's' not in opts
            or 'p' not in opts or 'm' not in opts):

        showhelp()
        exit(0)

    inject_iface = opts.get('i')
    sniff_iface = opts.get('t')
    ssid = opts.get('s')
    psk = opts.get('p')
    if 'u' in opts:
        user_id = opts.get('u')
        eap = True
        if 'a' in opts:
            anon_id = opts.get('a')
        else:
            anon_id = None
    else:
        eap = False

    mode = opts.get('m')

    if 'g' not in opts:
        gateway = '192.168.0.1'
    else:
        gateway = opts.get('g')

    beacon_sniff = True
    # Sniff for Beacons to determine channel and RSNinfo
    while beacon_sniff:
        channel = random.randrange(1, 15)
        os.system('iw dev %s set channel %d' % (sniff_iface, channel))
        ps = sniff(timeout=0.1, iface=sniff_iface)
        for p in ps:
            if (p is None or len(p) == 0):
                continue
            if ((p.haslayer(dot11.Dot11Beacon)
                 or p.haslayer(dot11.Dot11ProbeResp))
                    and p[dot11.Dot11Elt].info == ssid):
                try:
                    rsnInfo = getRSNInfo(p)
                    bssid = p[dot11.Dot11].addr3
                    channel = int(ord(p[dot11.Dot11Elt:3].info))
                    os.system('iwconfig %s channel %d' %
                              (sniff_iface, channel))
                    os.system('iwconfig %s channel %d' %
                              (inject_iface, channel))
                    beacon_sniff = False
                except TypeError:
                    continue

    print('Detected beacon from %s on channel %d...' % (ssid, channel))

    print('Sniffer MAC address: %s' %
          str2mac(get_if_raw_hwaddr(sniff_iface)[1]))

    print('Injector address: %s' % str2mac(get_if_raw_hwaddr(inject_iface)[1]))

    # SULState.py line 14 `def __init__(self, iface, ssid, psk, bssid, rsnInfo, gateway):`
    if not eap:
        sul = SULState(inject_iface, ssid, psk, bssid, rsnInfo, gateway)
    else:
        sul = SULState(inject_iface,
                       ssid,
                       psk,
                       bssid,
                       rsnInfo,
                       gateway,
                       user_id=user_id,
                       anon_id=anon_id)

    return sul, mode, sniff_iface
Beispiel #32
0
    fuzztype    = args[0]
    conf.iface  = opts.get('i', DEFAULT_IFACE)
    conf.tping  = opts.get('p', DEFAULT_PING_TIMOUT)

    if not conf.tping.isdigit():
        log("[!] Ping timeout (-p) must be a valid integer", "MAIN")
        exit(2)

    conf.tping = int(conf.tping)
    if conf.tping <= 0:
        log("[!] Ping timeout (-p) must be greater than zero", "MAIN")
        exit(2)

    conf.outdir = opts.get('o', DEFAULT_PCAP_DIR)
    ssid        = opts.get('s')
    localmac    = str2mac(get_if_raw_hwaddr(conf.iface)[1])
    testmode    = 't' in opts
    
    log("Target SSID: %s; Interface: %s; Ping timeout: %d; PCAP directory: %s; Test mode? %s; Fuzzer(s): %s;" % \
            (ssid, conf.iface, conf.tping, conf.outdir, testmode, fuzztype), "MAIN")

    wifi = WifiDriver(ssid = ssid, tping = conf.tping, outdir = conf.outdir,
                      localmac = localmac, testmode = testmode, verbose = 1)

    # Get the MAC address of the AP
    try:
        mac = wifi.waitForBeacon()
    except WiExceptionTimeout, e:
        log("No beacon from target AP after %d seconds" % conf.tping, "MAIN")
        sys.exit(1)
Beispiel #33
0
    fuzztype = args[0]
    conf.iface = opts.get('i', DEFAULT_IFACE)
    conf.tping = opts.get('p', DEFAULT_PING_TIMOUT)

    if not conf.tping.isdigit():
        log("[!] Ping timeout (-p) must be a valid integer", "MAIN")
        exit(2)

    conf.tping = int(conf.tping)
    if conf.tping <= 0:
        log("[!] Ping timeout (-p) must be greater than zero", "MAIN")
        exit(2)

    conf.outdir = opts.get('o', DEFAULT_PCAP_DIR)
    ssid = opts.get('s')
    localmac = str2mac(get_if_raw_hwaddr(conf.iface)[1])
    testmode = 't' in opts

    log("Target SSID: %s; Interface: %s; Ping timeout: %d; PCAP directory: %s; Test mode? %s; Fuzzer(s): %s;" % \
            (ssid, conf.iface, conf.tping, conf.outdir, testmode, fuzztype), "MAIN")

    wifi = WifiDriver(ssid=ssid,
                      tping=conf.tping,
                      outdir=conf.outdir,
                      localmac=localmac,
                      testmode=testmode,
                      verbose=1)

    # Get the MAC address of the AP
    try:
        mac = wifi.waitForBeacon()