def build_query(self, conf):
"""Method used to build the packet to send
:conf: the namespace configuration
:returns: packet to send
"""
pkt = Ether(src=conf['mac_local'], dst=ETHER_BROADCAST)
pkt /= ARP(op=1, pdst=conf['ip_nh'])
return pkt.__class__(str(pkt))
def build_query(self, conf):
"""Method used to build the packet to send
:conf: the namespace configuration
:returns: packet built
"""
pkt = Ether(src=conf['mac_local'], dst=conf['mac_nh'])
pkt /= self._payload
# Force building the packet
return pkt.__class__(str(pkt))
def build_query(self, conf):
"""Method used to build the packet to send
:conf: the namespace configuration
:returns: packet to send
"""
pkt = Ether(src=conf['mac_local'], dst=conf['mac_nh'])
pkt /= IP(src=conf['ip_priv'], dst=conf['ip_rmt'], id=RandShort())
pkt /= ICMP(id=RandShort(), seq=1)
pkt /= self._payload
return fragment(pkt.__class__(str(pkt)))
def build_query(self, conf):
"""Method used to build a serie of fragment of a huge UDP packet.
:conf: the namespace configuration
:returns: packet to send
"""
payload = self._payload
pkt = Ether(src=conf['mac_local'], dst=conf['mac_nh'])
pkt /= IP(src=conf['ip_priv'], dst=conf['ip_rmt'], id=RandShort())
pkt /= UDP(sport=RandShort(), dport=RandShort())
pkt /= payload
return fragment(pkt.__class__(str(pkt)))
def build_query(self, conf):
"""Method used to build the UDP packet to send.
TCP test need to validate any kind of TCP packet so let's use TCP SYN
:conf: the namespace configuration
:returns: packet to send
"""
pkt = Ether(src=conf['mac_local'], dst=conf['mac_nh'])
pkt /= IP(src=conf['ip_priv'], dst=conf['ip_rmt'], id=RandShort())
pkt /= UDP(sport=RandShort(), dport=RandShort())
pkt /= self._payload
return pkt.__class__(str(pkt))
def build_query(self, conf):
"""Method used to build the UDP packet to send.
:conf: the namespace configuration
:returns: packet to send
"""
pkt = Ether(src=conf['mac_local'], dst=conf['mac_nh'])
pkt /= IP(src=conf['ip_priv'],
dst=conf['ip_rmt'],
id=RandShort(),
flags=2)
pkt /= UDP(sport=RandShort(), dport=RandShort(), chksum=0)
pkt /= self._payload
return pkt.__class__(str(pkt))
def find_tunneled_layer(tunnel_packet: scapy.layers.l2.Ether, protocol: str):
"""
Locate tunneled protocol layer in packet capture.
Args:
tunnel_packet (scapy.layers.l2.Ether): the PDU to search
protocol (str): the tunneled protocol to search for
Returns:
offset (int): the byte offset of the tunneled protocol in data field of 'packet'
"""
offset = 0
while True:
data = tunnel_packet[Raw].load[offset:]
if len(data) < 20:
offset = -1
break
chksum1 = tunnel_packet[Raw].load[offset + 10:offset + 12]
chksum1 = int.from_bytes(chksum1, "big")
temp_packet = Ether() / IP()
temp_packet[IP].chksum = None
# try:
temp_packet = Ether(dst=tunnel_packet[Ether].dst, src=tunnel_packet[Ether].src, type=tunnel_packet[Ether].type)/IP(data)
# except:
# print("Struct error handled")
del temp_packet[IP].chksum
temp_packet = temp_packet.__class__(bytes(temp_packet))
chksum2 = temp_packet[IP].chksum
if offset >= len(data):
offset = -1
break
if chksum1 == chksum2:
break
offset += 1
return offset
def open_logfile(logfile,
victim_info,
attacker_info,
r_victim_info,
r_attacker_info,
interface,
timing_type,
s_switch=None):
print('Opening "{}"'.format(logfile))
# before reading through packets we must get some info about the file header
fp = open(logfile, 'rb')
magic_number = fp.read(4).hex()
major_version = int.from_bytes(fp.read(2), byteorder="little")
minor_version = int.from_bytes(fp.read(2), byteorder="little")
time_zone_offset = int.from_bytes(fp.read(4), byteorder="little")
time_stamp_acc = int.from_bytes(fp.read(4), byteorder="little")
snapshot_len = int.from_bytes(fp.read(4), byteorder="little")
link_layer_type = int.from_bytes(fp.read(4), byteorder="little")
fp.close()
print('PCAP Magic')
print('Version major number = {}'.format(major_version))
print('Version minor number = {}'.format(minor_version))
print('GMT to local correction = {}'.format(time_zone_offset))
print('Timestamp accuracy = {}'.format(time_stamp_acc))
print('Snaplen = {}'.format(snapshot_len))
print('Linktype = {}\n'.format(link_layer_type))
# list of common internet protocol numbers we will use
ip_proto_list = {"ICMP": 1, "IGMP": 2, "TCP": 6, "UDP": 17}
frame_num = 0
relative_start_time = 0
flagged_packets = 0
sent_packets = 0
new_seq = 0
new_ack = 0
amount_recv = 0
set_flag = None
# open file for reading packets
for (
pkt_data,
pkt_metadata,
) in RawPcapReader(logfile):
# getting packet info and timestamp
pkt_num = frame_num
pkt_time_sec = pkt_metadata[0]
pkt_time_usec = pkt_metadata[1]
local_time = time.asctime(time.localtime(pkt_time_sec))
pkt_actual_len = pkt_metadata[2]
pkt_caplen = pkt_metadata[3]
total_time = pkt_time_sec + (pkt_time_usec / 100000)
if pkt_num == 0:
relative_start_time = total_time
pkt_relative_time = 0000.000000
else:
pkt_relative_time = total_time - relative_start_time
# ethernet header info acquired
ether_pkt = Ether(pkt_data)
eth_src = ether_pkt.fields["src"]
eth_dst = ether_pkt.fields["dst"]
if 'type' not in ether_pkt.fields:
frame_num += 1
continue
# ensuring it is ipv4
if ether_pkt.type != 0x0800:
frame_num += 1
continue
# getting ip info [TCP vs UPD vs ICMP etc]
ip_pkt = ether_pkt[IP]
# check if the packet is the one we want based on the config file
if ip_pkt.fields["dst"] == victim_info[0]:
flagged_packets += 1
printout_packet_header(pkt_num, pkt_relative_time, local_time,
pkt_actual_len, pkt_caplen)
printout_ether_header(eth_src, eth_dst, r_victim_info,
r_attacker_info)
printout_ip_header(ip_pkt, r_victim_info, r_attacker_info)
# replace the original information for sending
if s_switch is None:
print("\t\tPacket is not sent")
else:
ether_pkt[Ether].src = r_attacker_info[1]
ether_pkt[Ether].dst = r_victim_info[1]
ether_pkt[IP].fields["src"] = r_attacker_info[0]
ether_pkt[IP].fields["dst"] = r_victim_info[0]
ether_pkt[IP][TCP].fields["sport"] = r_attacker_info[2]
ether_pkt[IP][TCP].fields["dport"] = r_victim_info[2]
# fix ack and seq numbers
ether_pkt[TCP].seq = new_seq
ether_pkt[TCP].ack = new_ack
print("\t\tsending pkt seq: {} ack: {}".format(
ether_pkt[TCP].seq, ether_pkt[TCP].ack))
if set_flag is not None:
ether_pkt[TCP].flags = set_flag
# redo checksum
del ether_pkt.chksum
del ether_pkt[IP].chksum
del ether_pkt[IP][TCP].chksum
ether_pkt = ether_pkt.__class__(bytes(ether_pkt))
if timing_type == "delay":
time.sleep(.5) # sleep for 500 ms
# send packet and receive
answer = srp1(ether_pkt,
iface=interface,
verbose=False,
inter=1,
timeout=2)
sent_packets += 1
print("\t\tPacket sent with flag: {}".format(
ether_pkt[TCP].flags))
if answer != None:
amount_recv += 1
print("\t\trecieved packet with flag: {}".format(
answer[TCP].flags))
print("\t\ttheir seq: {} , ack: {}".format(
answer[TCP].seq, answer[TCP].ack))
print("\t\tsize of TCP payload: {}".format(
len(ether_pkt[TCP].payload)))
if "A" == answer[TCP].flags:
print(
"\t\tvictim acknowledge data was sent, send more")
new_seq = answer[TCP].ack
new_ack = answer[TCP].seq + len(answer[TCP].payload)
print("\t\t\t\tnew seq = {} \tnew ack = {}".format(
new_seq, new_ack))
elif "PA" == answer[TCP].flags:
print("\t\tVictim sent data to us")
new_seq = answer[TCP].ack
new_ack = answer[TCP].seq + len(answer[TCP].payload)
print("\t\t\t\tnew seq = {} \tnew ack = {}".format(
new_seq, new_ack))
elif "SA" == answer[TCP].flags:
print(
"\t\tvictim sent a syn ack, so we'll respond with an ack"
)
new_seq = answer[TCP].ack
new_ack = answer[TCP].seq + 1
print("\t\t\t\tnew seq = {} \tnew ack = {}".format(
new_seq, new_ack))
elif "F" == answer[TCP].flags:
print("\t\tgot a fin flag -- send one back...")
new_seq = answer[TCP].ack
new_ack = answer[TCP].seq + 1
set_flag = "F"
else:
print("\t\tdid not recieve a packet yet from victim")
else:
# regular print out since it did not match
printout_packet_header(pkt_num, pkt_relative_time, local_time,
pkt_actual_len, pkt_caplen)
printout_ether_header(eth_src, eth_dst)
printout_ip_header(ip_pkt)
print("\t\tPacket is not sent")
frame_num += 1
print(
'\n{} contains {} total packets ({} flagged) ({} sent) ({} recieved)'.
format(logfile, frame_num, flagged_packets, sent_packets, amount_recv))