def sr(x, promisc=None, filter=None, iface=None, nofilter=0, *args, **kargs):
"""Send and receive packets at layer 3
nofilter: put 1 to avoid use of BPF filters
retry: if positive, how many times to resend unanswered packets
if negative, how many times to retry when no more packets are answered # noqa: E501
timeout: how much time to wait after the last packet has been sent
verbose: set verbosity level
multi: whether to accept multiple answers for the same stimulus
filter: provide a BPF filter
iface: listen answers only on the given interface
store_unanswered: whether to store not-answered packets or not. Default True.
setting it to False will increase speed, and will return None
as the unans list.
process: if specified, only result from process(pkt) will be stored.
the function should follow the following format:
lambda sent, received: (func(sent), func2(received))
if the packet is unanswered, `received` will be None.
if `store_unanswered` is False, the function won't be called on un-answered packets.""" # noqa: E501
s = conf.L3socket(promisc=promisc,
filter=filter,
iface=iface,
nofilter=nofilter) # noqa: E501
result = sndrcv(s, x, *args, **kargs)
s.close()
return result
def sr(x, promisc=None, filter=None, iface=None, nofilter=0, *args, **kargs):
"""Send and receive packets at layer 3"""
s = conf.L3socket(promisc=promisc, filter=filter,
iface=iface, nofilter=nofilter)
result = sndrcv(s, x, *args, **kargs)
s.close()
return result
def send(x,
inter=0,
loop=0,
count=None,
verbose=None,
realtime=None,
return_packets=False,
socket=None,
*args,
**kargs):
"""Send packets at layer 3
send(packets, [inter=0], [loop=0], [count=None], [verbose=conf.verb], [realtime=None], [return_packets=False], # noqa: E501
[socket=None]) -> None"""
need_closing = socket is None
socket = socket or conf.L3socket(*args, **kargs)
results = __gen_send(socket,
x,
inter=inter,
loop=loop,
count=count,
verbose=verbose,
realtime=realtime,
return_packets=return_packets)
if need_closing:
socket.close()
return results
def send(
x,
inter=0,
loop=0,
count=None,
verbose=None,
realtime=None,
return_packets=False,
socket=None, # noqa: E501
*args,
**kargs):
"""Send packets at layer 3
send(packets, [inter=0], [loop=0], [count=None], [verbose=conf.verb], [realtime=None], [return_packets=False], # noqa: E501
[socket=None]) -> None"""
if socket is None:
socket = conf.L3socket(*args, **kargs)
return __gen_send(
socket,
x,
inter=inter,
loop=loop,
count=count,
verbose=verbose, # noqa: E501
realtime=realtime,
return_packets=return_packets)
def sr1flood(x,
promisc=None,
filter=None,
iface=None,
nofilter=0,
*args,
**kargs): # noqa: E501
"""Flood and receive packets at layer 3 and return only the first answer
:param prn: function applied to packets received
:param verbose: set verbosity level
:param nofilter: put 1 to avoid use of BPF filters
:param filter: provide a BPF filter
:param iface: listen answers only on the given interface
"""
s = conf.L3socket(promisc=promisc,
filter=filter,
nofilter=nofilter,
iface=iface) # noqa: E501
ans, _ = sndrcvflood(s, x, *args, **kargs)
s.close()
if len(ans) > 0:
return ans[0][1]
else:
return None
def sr1(x, promisc=None, filter=None, iface=None, nofilter=0, *args, **kargs):
"""Send packets at layer 3 and return only the first answer"""
s = conf.L3socket(promisc=promisc, filter=filter,
nofilter=nofilter, iface=iface)
ans, _ = sndrcv(s, x, *args, **kargs)
s.close()
if len(ans) > 0:
return ans[0][1]
else:
return None
def __init__(self, start_ttl=1, end_ttl=64, environment_id=None):
Action.__init__(self, "trace", "out")
self.terminal = True
self.branching = False
self.start_ttl = start_ttl
self.end_ttl = end_ttl
# Since running this action might take enough time that additional packets
# get generated, only allow this action to run once
self.ran = False
# Define a socket
self.socket = conf.L3socket(iface=actions.utils.get_interface())
def srflood(x, promisc=None, filter=None, iface=None, nofilter=None, *args,**kargs):
"""Flood and receive packets at layer 3
prn: function applied to packets received
unique: only consider packets whose print
nofilter: put 1 to avoid use of BPF filters
filter: provide a BPF filter
iface: listen answers only on the given interface"""
s = conf.L3socket(promisc=promisc, filter=filter, iface=iface, nofilter=nofilter)
r=sndrcvflood(s,x,*args,**kargs)
s.close()
return r
def srflood(x, filter=None, iface=None, nofilter=None, *args, **kargs):
"""Flood and receive packets at layer 3
prn: function applied to packets received. Ret val is printed if not None
store: if 1 (default), store answers and return them
unique: only consider packets whose print
nofilter: put 1 to avoid use of bpf filters
filter: provide a BPF filter
iface: listen answers only on the given interface"""
s = conf.L3socket(filter=filter, iface=iface, nofilter=nofilter)
r = sndrcvflood(s, x, *args, **kargs)
s.close()
return r
def __init__(self, interface, super_socket=None, timeout=5):
abstract.FileDescriptor.__init__(self, reactor)
if interface == 'auto':
interface = getDefaultIface()
if not super_socket:
super_socket = conf.L3socket(iface=interface,
promisc=True,
filter='')
#super_socket = conf.L2socket(iface=interface)
self.protocols = []
fdesc._setCloseOnExec(super_socket.ins.fileno())
self.super_socket = super_socket
def sendSYNACK(packet): # To the client
cookie = buildCookie(packet)
seqe = packet[TCP].seq + 1
print "out - this is a SYN-ACK with seq:" + str(cookie) + " ack:" + str(
seqe)
s = conf.L3socket(iface=INTERFACE_NAME)
ip = IP(src=SERVER_IP, dst=packet[IP].src)
syn = TCP(sport=SERVER_PORT,
dport=packet[TCP].sport,
flags='SA',
seq=cookie,
ack=seqe)
packet = ip / syn
s.send(packet)
def fragleak(target,sport=123, dport=123, timeout=0.2, onlyasc=0):
load = "XXXXYYYYYYYYYY"
# getmacbyip(target)
# pkt = IP(dst=target, id=RandShort(), options="\x22"*40)/UDP()/load
pkt = IP(dst=target, id=RandShort(), options="\x00"*40, flags=1)/UDP(sport=sport, dport=sport)/load
s=conf.L3socket()
intr=0
found={}
try:
while 1:
try:
if not intr:
s.send(pkt)
sin,sout,serr = select([s],[],[],timeout)
if not sin:
continue
ans=s.recv(1600)
if not isinstance(ans, IP): #TODO: IPv6
continue
if not isinstance(ans.payload, ICMP):
continue
if not isinstance(ans.payload.payload, IPerror):
continue
if ans.payload.payload.dst != target:
continue
if ans.src != target:
print "leak from", ans.src,
# print repr(ans)
if not ans.haslayer(Padding):
continue
# print repr(ans.payload.payload.payload.payload)
# if not isinstance(ans.payload.payload.payload.payload, Raw):
# continue
# leak = ans.payload.payload.payload.payload.load[len(load):]
leak = ans.getlayer(Padding).load
if leak not in found:
found[leak]=None
linehexdump(leak, onlyasc=onlyasc)
except KeyboardInterrupt:
if intr:
raise
intr=1
except KeyboardInterrupt:
pass
def sr(x, filter=None, iface=None, nofilter=0, *args, **kargs):
"""Send and receive packets at layer 3
nofilter: put 1 to avoid use of bpf filters
retry: if positive, how many times to resend unanswered packets
if negative, how many times to retry when no more packets are answered
timeout: how much time to wait after the last packet has been sent
verbose: set verbosity level
multi: whether to accept multiple answers for the same stimulus
filter: provide a BPF filter
iface: listen answers only on the given interface"""
if not kargs.has_key("timeout"):
kargs["timeout"] = -1
s = conf.L3socket(filter=filter, iface=iface, nofilter=nofilter)
a, b = sndrcv(s, x, *args, **kargs)
s.close()
return a, b
def sr(x, # type: _PacketIterable
promisc=None, # type: Optional[bool]
filter=None, # type: Optional[str]
iface=None, # type: Optional[_GlobInterfaceType]
nofilter=0, # type: int
*args, # type: Any
**kargs # type: Any
):
# type: (...) -> Tuple[SndRcvList, PacketList]
"""
Send and receive packets at layer 3
"""
s = conf.L3socket(promisc=promisc, filter=filter,
iface=iface, nofilter=nofilter)
result = sndrcv(s, x, *args, **kargs)
s.close()
return result
def send(x,
inter=0,
loop=0,
count=None,
verbose=None,
realtime=None,
return_packets=False,
*args,
**kargs):
"""Send packets at layer 3
send(packets, [inter=0], [loop=0], [verbose=conf.verb]) -> None"""
return __gen_send(conf.L3socket(*args, **kargs),
x,
inter=inter,
loop=loop,
count=count,
verbose=verbose,
realtime=realtime,
return_packets=return_packets)
def sr1(x, promisc=None, filter=None, iface=None, nofilter=0, *args,**kargs):
"""Send packets at layer 3 and return only the first answer
nofilter: put 1 to avoid use of BPF filters
retry: if positive, how many times to resend unanswered packets
if negative, how many times to retry when no more packets are answered
timeout: how much time to wait after the last packet has been sent
verbose: set verbosity level
multi: whether to accept multiple answers for the same stimulus
filter: provide a BPF filter
iface: listen answers only on the given interface"""
if "timeout" not in kargs:
kargs["timeout"] = -1
s=conf.L3socket(promisc=promisc, filter=filter, nofilter=nofilter, iface=iface)
ans, _ = sndrcv(s, x, *args, **kargs)
s.close()
if len(ans) > 0:
return ans[0][1]
else:
return None
def __init__(self,
server_port,
string_strategy,
environment_id=None,
output_directory="trials",
log_level="info"):
self.server_port = server_port
self.seen_packets = []
# Set up the directory and ID for logging
if not output_directory:
output_directory = "trials"
actions.utils.setup_dirs(output_directory)
if not environment_id:
environment_id = actions.utils.get_id()
self.environment_id = environment_id
# Set up a logger
self.logger = actions.utils.get_logger(BASEPATH,
output_directory,
__name__,
"engine",
environment_id,
log_level=log_level)
self.output_directory = output_directory
# Used for conditional context manager usage
self.strategy = actions.utils.parse(string_strategy, self.logger)
# Setup variables used by the NFQueue system
self.out_nfqueue_started = False
self.in_nfqueue_started = False
self.running_nfqueue = False
self.out_nfqueue = None
self.in_nfqueue = None
self.out_nfqueue_socket = None
self.in_nfqueue_socket = None
self.out_nfqueue_thread = None
self.in_nfqueue_thread = None
self.censorship_detected = False
# Specifically define an L3Socket to send our packets. This is an optimization
# for scapy to send packets more quickly than using just send(), as under the hood
# send() creates and then destroys a socket each time, imparting a large amount
# of overhead.
self.socket = conf.L3socket(iface=actions.utils.get_interface())
def sr1(x, # type: _PacketIterable
promisc=None, # type: Optional[bool]
filter=None, # type: Optional[str]
iface=None, # type: Optional[_GlobInterfaceType]
nofilter=0, # type: int
*args, # type: Any
**kargs # type: Any
):
# type: (...) -> Optional[Packet]
"""
Send packets at layer 3 and return only the first answer
"""
iface = _interface_selection(iface, x)
s = conf.L3socket(promisc=promisc, filter=filter,
nofilter=nofilter, iface=iface)
ans, _ = sndrcv(s, x, *args, **kargs)
s.close()
if len(ans) > 0:
return cast(Packet, ans[0][1])
return None
def __init__(self, start_ttl=1, end_ttl=64, environment_id=None):
"""
Initializes the trace action.
Args:
start_ttl (int): Starting TTL to use
end_ttl (int): TTL to end with
environment_id (str, optional): Environment ID associated with the strategy we are a part of
"""
Action.__init__(self, "trace", "out")
self.enabled = True
self.terminal = True
self.branching = False
self.start_ttl = start_ttl
self.end_ttl = end_ttl
# Since running this action might take enough time that additional packets
# get generated, only allow this action to run once
self.ran = False
# Define a socket
self.socket = conf.L3socket(iface=actions.utils.get_interface())
def __init__(self, server_port, string_strategy, environment_id=None, output_directory="trials", log_level="info"):
super().__init__(server_port, string_strategy, environment_id=environment_id, output_directory=output_directory, log_level=log_level)
# Setup variables used by the NFQueue system
self.out_nfqueue_started = False
self.in_nfqueue_started = False
self.running_nfqueue = False
self.out_nfqueue = None
self.in_nfqueue = None
self.out_nfqueue_socket = None
self.in_nfqueue_socket = None
self.out_nfqueue_thread = None
self.in_nfqueue_thread = None
# Specifically define an L3Socket to send our packets. This is an optimization
# for scapy to send packets more quickly than using just send(), as under the hood
# send() creates and then destroys a socket each time, imparting a large amount
# of overhead.
self.socket = conf.L3socket(iface=actions.utils.get_interface())
def send_mod(x,
inter=0,
loop=0,
count=None,
verbose=None,
realtime=None,
return_packets=False,
socket=None,
port_random_flag=False,
size_random_flag=False,
src_random_flag=False,
specific_subnet_random=False,
pcktcount=None,
log=None,
source_addr='Default',
*args,
**kargs):
"""Send packets at layer 3
send(packets, [inter=0], [loop=0], [count=None], [verbose=conf.verb], [realtime=None], [return_packets=False], # noqa: E501
[socket=None]) -> None"""
need_closing = socket is None
socket = socket or conf.L3socket(*args, **kargs)
results = __gen_send_mod(socket,
x,
inter=inter,
loop=loop,
count=count,
verbose=verbose,
realtime=realtime,
return_packets=return_packets,
size_random_flag=size_random_flag,
port_random_flag=port_random_flag,
src_random_flag=src_random_flag,
specific_subnet_random=specific_subnet_random,
pcktcount=pcktcount,
log=log,
source_addr=source_addr)
if need_closing:
socket.close()
return results
def send(x,
inter=0,
loop=0,
count=None,
verbose=None,
realtime=None,
return_packets=False,
socket=None,
iface=None,
*args,
**kargs):
"""
Send packets at layer 3
:param x: the packets
:param inter: time (in s) between two packets (default 0)
:param loop: send packet indefinetly (default 0)
:param count: number of packets to send (default None=1)
:param verbose: verbose mode (default None=conf.verbose)
:param realtime: check that a packet was sent before sending the next one
:param return_packets: return the sent packets
:param socket: the socket to use (default is conf.L3socket(kargs))
:param iface: the interface to send the packets on
:param monitor: (not on linux) send in monitor mode
:returns: None
"""
need_closing = socket is None
kargs["iface"] = _interface_selection(iface, x)
socket = socket or conf.L3socket(*args, **kargs)
results = __gen_send(socket,
x,
inter=inter,
loop=loop,
count=count,
verbose=verbose,
realtime=realtime,
return_packets=return_packets)
if need_closing:
socket.close()
return results
def __init__(self,
server_port,
string_strategy,
environment_id=None,
server_side=False,
output_directory="trials",
log_level="info",
enabled=True,
in_queue_num=None,
out_queue_num=None,
forwarder=None,
save_seen_packets=True,
demo_mode=False):
"""
Args:
server_port (int): The port the engine will monitor
string_strategy (str): String representation of strategy DNA to apply to the network
environment_id (str, None): ID of the given strategy
server_side (bool, False): Whether or not the engine is running on the server side of the connection
output_directory (str, 'trials'): The path logs and packet captures should be written to
enabled (bool, True): whether or not the engine should be started (used for conditional context managers)
in_queue_num (int, None): override the netfilterqueue number used for inbound packets. Used for running multiple instances of the engine at the same time. Defaults to None.
out_queue_num (int, None): override the netfilterqueue number used for outbound packets. Used for running multiple instances of the engine at the same time. Defaults to None.
save_seen_packets (bool, True): whether or not the engine should record and save packets it sees while running. Defaults to True, but it is recommended this be disabled on higher throughput systems.
demo_mode (bool, False): whether to replace IPs in log messages with random IPs to hide sensitive IP addresses.
"""
self.server_port = server_port
# whether the engine is running on the server or client side.
# this affects which direction each out/in tree is attached to the
# source and destination port.
self.server_side = server_side
self.overhead = 0
self.seen_packets = []
self.environment_id = environment_id
self.forwarder = forwarder
self.save_seen_packets = save_seen_packets
if forwarder:
self.sender_ip = forwarder["sender_ip"]
self.routing_ip = forwarder["routing_ip"]
self.forward_ip = forwarder["forward_ip"]
# Set up the directory and ID for logging
if not output_directory:
self.output_directory = "trials"
else:
self.output_directory = output_directory
actions.utils.setup_dirs(self.output_directory)
if not environment_id:
self.environment_id = actions.utils.get_id()
# Set up a logger
self.logger = actions.utils.get_logger(BASEPATH,
self.output_directory,
__name__,
"engine",
self.environment_id,
log_level=log_level,
demo_mode=demo_mode)
# Warn if these are not provided
if not environment_id:
self.logger.warning(
"No environment ID given, one has been generated (%s)",
self.environment_id)
if not output_directory:
self.logger.warning(
"No output directory specified, using the default (%s)" %
self.output_directory)
# Used for conditional context manager usage
self.enabled = enabled
# Parse the given strategy
self.strategy = actions.utils.parse(string_strategy, self.logger)
# Setup variables used by the NFQueue system
self.in_queue_num = in_queue_num or 1
self.out_queue_num = out_queue_num or self.in_queue_num + 1
self.out_nfqueue_started = False
self.in_nfqueue_started = False
self.running_nfqueue = False
self.out_nfqueue = None
self.in_nfqueue = None
self.out_nfqueue_socket = None
self.in_nfqueue_socket = None
self.out_nfqueue_thread = None
self.in_nfqueue_thread = None
self.censorship_detected = False
# Specifically define an L3Socket to send our packets. This is an optimization
# for scapy to send packets more quickly than using just send(), as under the hood
# send() creates and then destroys a socket each time, imparting a large amount
# of overhead.
self.socket = conf.L3socket(iface=actions.utils.get_interface())
def start(self):
# type: () -> None
self.s = conf.L3socket(iface=self.iface)
def start(self):
self.s = conf.L3socket(iface=self.iface)
