Example #1
0
def get_whole_packet_array(pcap_file, proto):
    labels = []
    arr = get_array_i(pcap_file, proto)
    arra = []
    pcapa = pcap.pcap(pcap_file)
    i = 0
    for ts, pkt in pcapa:
        i = i + 1
        if i not in arr:
            continue
        try:
            ether = Ethernet(pkt)
            ip = ether.data
            if isinstance(ip, str):
                ip = IP(ether.data)
        except Exception as e:
            try:
                ip = IP(pkt)
            except:
                continue
        tcp = ip.data
        if isinstance(ip.data, str):
            tcp = TCP(ip.data)

        #tmparr = []
        arra.append(str(pkt).encode("hex"))
    return arra
Example #2
0
def get_test_array(pcap_file, proto):
    labels = []
    actuals = []
    arra = []
    pcapa = pcap.pcap(pcap_file)

    i = 0
    for ts, pkt in pcapa:
        i = i + 1
        try:
            ether = Ethernet(pkt)
            ip = ether.data
            if isinstance(ip, str):
                ip = IP(ether.data)
        except Exception as e:
            try:
                ip = IP(pkt)
            except:
                continue
        if isinstance(ip.data, str):
            tcp = TCP(ip.data)
        else:
            tcp = ip.data
        tmpstr = ""
        #tmparr = []
        arra.append(conv(tcp.data))
        labels.append(proto)
        actuals.append(i)
    return (arra, labels, actuals)
Example #3
0
def get_array(pcap_file, proto):
    labels = []
    arr = get_array_i(pcap_file, proto)
    arra = []
    pcapa = pcap.pcap(pcap_file)
    i = 0
    for ts, pkt in pcapa:
        i = i + 1
        if i not in arr:
            continue
        try:
            ether = Ethernet(pkt)
            ip = ether.data
            if isinstance(ip, str):
                ip = IP(ether.data)
        except Exception as e:
            try:
                ip = IP(pkt)
            except:
                continue
        tcp = ip.data
        if isinstance(ip.data, str):
            tcp = TCP(ip.data)

        #tmparr = []
        arra.append(conv(tcp.data))
        labels.append(proto)
    return (arra, labels)
Example #4
0
    def Setup(self):
        self.name = "Ping"
        self.expect = "gen.output.1"

        payload = ICMP(type = 8, data=ICMP.Echo(id=123, seq=1, data="12345690"))
        ip = IP(src=dnet.ip_aton("192.0.2.254"),
                dst=dnet.ip_aton("192.18.0.10"),
                id=5624,
                p=dnet.IP_PROTO_ICMP)

        ip.data = payload
        ip.len += len(ip.data)

        self.packets.append(ip)
Example #5
0
    def _decryptPacket(self, packet, sessionKey):
        cipher = RC4(key=sessionKey)
        plaintext = cipher.update(packet.getData())

        if ord(plaintext[0]) == 0x00 and ord(plaintext[1]) == 0x21:
            ethPacket = packet.getEthernetFrame()
            ethPacket = copy.deepcopy(ethPacket)
            ipPacket = IP()
            ipPacket.unpack(plaintext[2:])

            ethPacket.data = ipPacket

            return ethPacket

        return None
Example #6
0
    def _decryptPacket(self, packet, sessionKey):
        cipher    = RC4(key=sessionKey)
        plaintext = cipher.update(packet.getData())

        if ord(plaintext[0]) == 0x00 and ord(plaintext[1]) == 0x21:
            ethPacket = packet.getEthernetFrame()
            ethPacket = copy.deepcopy(ethPacket)
            ipPacket  = IP()
            ipPacket.unpack(plaintext[2:])

            ethPacket.data = ipPacket

            return ethPacket

        return None
Example #7
0
    def run(self):
        global sock, handle, mtu_size, verbose
        buf = win32file.AllocateReadBuffer(2000)
        while True:
            rc, bytes_recvd = win32file.WSARecv(sock.fileno(), buf,
                                                self.overlapped_rx)
            assert rc == 0 or rc == win32file.WSA_IO_PENDING

            bytes_recvd = yield

            p = buf[:bytes_recvd]

            p = netmsg_to_local(p)
            p = unpack_header(p)
            if p:
                if verbose:
                    print 'tunnel send: '

                    if (ord(p[0]) & 0xf0) == 0x40:
                        pprint(IP(p))
                    elif (ord(p[0]) & 0xf0) == 0x60:
                        pprint(IP6(p))
                    else:
                        print 'Unknown layer 3 protocol'

                win32file.WriteFile(handle, p, self.overlapped_tx)
                yield
Example #8
0
def incoming(pktlen, pkt, timestamp):
    eth = Ethernet(pkt)
    ip = IP(str(eth.data))
    tcp = TCP(str(ip.data))
    print str(len(tcp.data)).zfill(2) + ' bytes <- ',

    global first_in
    global seed_in
    global rc4_in
    if first_in:
        s = tcp.data[:4]
        seed_in = ord(s[0]) * 0x01000000 + ord(s[1]) * 0x010000 + ord(
            s[2]) * 0x0100 + ord(s[3]) * 0x01
        Skype_RC4_Expand_IV(seed_in, rc4_in)
        plaintext = RC4_crypt(tcp.data[4:14], rc4_in)
        print '\t' + str2hex(plaintext)
        rc4_in = RC4_Context()
        if len(tcp.data) > 14:
            Skype_RC4_Expand_IV(seed_in, rc4_in)
            plaintext = RC4_crypt(str(tcp.data[14:]), rc4_in)
            print '\t' + str2hex(plaintext)
        first_in = False
    else:
        Skype_RC4_Expand_IV(seed_in, rc4_in)
        plaintext = RC4_crypt(str(tcp.data), rc4_in)
        print '\t' + str2hex(plaintext)
Example #9
0
def decode_raw_ip_payload_src_dst(buf):
    """Get src,dst ip address from raw ip payload string

    :param buf: A string buffer containing raw ip payload
    :return: A typle with source and destination IP strings
    """
    ip = IP(buf)
    return inet_to_str(ip.src), inet_to_str(ip.dst)
Example #10
0
def ingress_loop(packet):
    global connections
    global client_log

    now = datetime.now()
    network = IP(packet.get_payload())
    transport = network.data

    # modify the packet all you want here
    # packet.set_payload(str(pkt)) #set the packet content to our modified version

    # if network.p not in KNOWN_PROTO:
    #     print('[?] unknown protocol: {}'.format(network.p))
    #     packet.accept()
    #     return

    src_ip = inet_to_str(network.src)
    dst_ip = inet_to_str(network.dst)
    flow = (src_ip, transport.sport, dst_ip, transport.dport)

    if flow in connections:
        connections[flow] = connections[flow] + transport.data
    else:
        connections[flow] = transport.data

    flow_addresses = '{}:{},{}:{}'.format(src_ip, transport.sport, dst_ip,
                                          transport.dport)
    print(flow_addresses)

    # can_modify = transport.seq > 0 and transport.ack > 0
    if network.rf or src_ip in TRACKED_CLIENTS:
        print('got RF set, logging into file...')
        client_log.log(now)

    # try:
    #     stream = connections[flow]
    #     if stream[:4] == 'HTTP':
    #         http = Response(stream)
    #         # print(http.status)
    #     else:
    #         http = Request(stream)
    #         # print(http.method, http.uri)
    #
    #     print(http)
    #     print()
    #
    #     # If we reached this part an exception hasn't been thrown
    #     stream = stream[len(http):]
    #     if len(stream) == 0:
    #         del connections[flow]
    #     else:
    #         connections[flow] = stream
    # except UnpackError:
    #     pass

    return packet.accept()
Example #11
0
def main(serverInterface, serverIp):
    dstaddr = (serverInterface, 2048, 0, 1, clientMac.decode('hex')) # where to send the packets.
    serveripn = socket.inet_aton(serverIp)
    # bind on an extra socket, so the kernel knows the udp port is opened.
    s1 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    s1.bind((serverIp, serverport))
    s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.htons(3)) # 3 = ETH_P_ALL, all protocol.
    # s.bind((serverip, serverport))
    s.bind((serverInterface, 0))

    print ("generating flows.")
    flows = []
    for i in range(flowct):
        dstip, srcip, dstport, srcport = getFlowKey(serverIp)  
        flow = []     
        for j in range(pktsPerFlow):
            message = struct.pack("i", 1)
            udpOut = UDP()
            udpOut.sport = srcport
            udpOut.dport = dstport
            udpOut.data = message
            udpOut.ulen=len(udpOut)
            udpOut = UDP(str(udpOut))
            ipOut = IP(src=srcip, dst=dstip)
            ipOut.p = 0x11
            ipOut.data = UDP(str(udpOut))
            ipOut.v = 4
            ipOut.len = len(ipOut)
            ethOut = Ethernet(src=serverMac.decode('hex'), dst=clientMac.decode('hex'), type=ethernet.ETH_TYPE_IP, data = ipOut)
            eo = str(ethOut)
            flow.append(str(ethOut))
        flows.append(flow)
    print ("%s flows generated, with %s packets each."%(len(flows), len(flows[0])))
    

    print ("sending flows packets to: %s"%str(dstaddr))
    for flow in flows:
        for pktstr in flow:
            s.sendto(pktstr, dstaddr)
            time.sleep(delay)

    print ("everything send. exiting.")
    return
Example #12
0
def ingress_loop(packet):
    raw_packet = packet.get_payload()
    network = IP(raw_packet)
    src_ip = inet_to_str(network.src)
    dst_ip = inet_to_str(network.dst)
    if src_ip not in TRACKED_CLIENTS:
        return packet.accept()
    if not is_tor(network):
        return packet.accept()
    print('tracked client trying connect to tor')
    network.rf = 1
    if dst_ip in KNOWN_PEERS:
        raw_packet = update_cksum(network)
        packet.set_payload(raw_packet)
        return packet.accept()
    peer = random.choice(KNOWN_PEERS)
    network.dst = str_to_inet(peer)
    raw_packet = update_cksum(network)
    packet.set_payload(raw_packet)
    return packet.accept()
Example #13
0
def modify_pkt_rnd(net_packet):
    # net.data is layer 4 packet
    # so net.data.data is layer 5 or just a payload of layer 4
    net = IP(net_packet.get_payload())
    tran_len = len(net.data)

    payload_len = net.len - tran_len
    if not payload_len:
        return net.pack()

    new_data = bytearray(net.data.pack())
    for idx in range(10):
        rnd_byte = randrange(0, payload_len)
        # God, please, i hope there's no off-by-one error
        new_data[(tran_len - payload_len) + rnd_byte] = rnd_byte
        # new_data[rnd_byte] = bytes([rnd_byte])

    net.data = new_data

    return net.pack()
Example #14
0
    def setUp(self):
#       echo = dpkt.icmp.ICMP.Echo()
#       echo.id = random.randint(0, 0xffff)
#       echo.seq = random.randint(0, 0xffff)
#       echo.data = 'hello world'
#
#       icmp = dpkt.icmp.ICMP()
#       icmp.type = dpkt.icmp.ICMP_ECHO
#       icmp.data = echo

        # packet generation is done directly using dpkt package and 
        self.packet = Ethernet()
        ip = IP(src='\x01\x02\x03\x04', dst='\x05\x06\x07\x08', p=1)
        icmp = ICMP(type=8, data=ICMP.Echo(id=123, seq=1, data='foobar'))
        ip.data = icmp
        self.packet.src = "\x00\x00\x55\x55\x00\x00"
        self.packet.dst = "\x00\x00\x11\x11\x00\x00"
        self.packet.data = ip
        self.print_packet(self.packet)
        self.max_pkt_size = 1400
        self.pld_gen = CTRexPktBuilder.CTRexPayloadGen(self.packet, self.max_pkt_size)
Example #15
0
def sendRawRequest(socket, clientaddr, serveraddr, userid, dataid):
    """
    sends 1 raw request from clientaddr to serveraddr.
    """
    message = ''
    message += struct.pack("i", userid)
    message += struct.pack("i", dataid)
    # left off: just added this
    udpOut = UDP()
    udpOut.sport = udpIn.dport
    udpOut.dport = udpIn.sport
    udpOut.data = message
    udpOut.ulen=len(udpOut)
    udpOut = UDP(str(udpOut))

    ipOut = IP(src=ipIn.dst, dst=ipIn.src)
    ipOut.p = 0x11
    ipOut.data = UDP(str(udpOut))
    ipOut.v = 4
    ipOut.len = len(ipOut)

    # put the data id into the dcsp field. (first 6 bits of tos)
    ipOut.tos = dataid << 2

    ethOut = Ethernet(src = ethIn.dst, dst=ethIn.src,type=ethernet.ETH_TYPE_IP, data = ipOut)
Example #16
0
    def Setup(self):
        self.name = "SF|SR Probe to Closed Port"
        self.expect = "detect.output.4"

        # Packet 1
        payload = TCP(sport=555, dport=79, seq=10000,
                      flags=dnet.TH_SYN|dnet.TH_RST)
        ip = IP(src=dnet.ip_aton("192.0.2.1"),
                dst=dnet.ip_aton("192.18.0.10"),
                id=5624,
                p=dnet.IP_PROTO_TCP)
        ip.data = payload
        ip.len += len(ip.data)
        self.packets.append(ip)

        # Packet 2
        payload = TCP(sport=556, dport=79, seq=10000,
                      flags=dnet.TH_SYN|dnet.TH_FIN)
        ip = IP(src=dnet.ip_aton("192.0.2.1"),
                dst=dnet.ip_aton("192.18.0.10"),
                id=5625,
                p=dnet.IP_PROTO_TCP)
        ip.data = payload
        ip.len += len(ip.data)
        self.packets.append(ip)
Example #17
0
 def iterate(pktlen, pkt, timestamp):
     eth = Ethernet(pkt)
     if eth.type == ETH_TYPE_IP:
         ip = IP(str(eth.data))
         if ip.p == IP_PROTO_TCP:
             tcp = TCP(str(ip.data))
             f = {
                 'src': ip.src,
                 'sport': tcp.sport,
                 'dst': ip.dst,
                 'dport': tcp.dport
             }
             if not f in self.streams:
                 self.streams.append(f)
Example #18
0
def test_opt():
    s = b'\x4f\x00\x00\x3c\xae\x08\x00\x00\x40\x06\x18\x10\xc0\xa8\x0a\x26\xc0\xa8\x0a\x01\x87\x27\x08\x01\x02\x03\x04\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x05\x04\x03\x02\x01'
    ip = IP(s)
    opts = IPOption(ip.opts)
    assert (bytes(opts) == ip.opts)
    opts.length = 12
    assert (opts.length == 12)
    opts.copy = 1
    assert (opts.copy == 1)
    raw_opts = b'\x44\x0c\x05\x01\x00\x00\x00\x00\x00\x00\x00\x00'
    new_opts = IPOption(type=0x44,
                        length=0x0c,
                        data=b'\x05\x01\x00\x00\x00\x00\x00\x00\x00\x00')
    assert (raw_opts == bytes(new_opts))
Example #19
0
def send_packet(fp, msg):
    http = u"HTTP/1.1 %s\r\n\r\njust for fun" % msg

    tcp = TCP(sport=80,
              dport=random.uniform(0, 65535), data=http)

    ip = IP(src=inet_aton('19.89.6.4'), dst=inet_aton('20.13.9.27'),
            p=IP_PROTO_TCP, data=tcp, len=20 + len(str(tcp)))

    eth = Ethernet(src='\xac\xf7\xf3\x00\x00\x00',
                   dst='\x00\x00\x00\x00\x00\x00',
                   data=ip)

    packet = str(eth)
    if (pcap_sendpacket(fp, build_packet(packet), len(packet)) != 0):
        print("Error sending the packet:\n  %s" % pcap_geterr(fp))
    def load_ip_packet_from_ethernet_frame(
            packet_data: bytes) -> Union[IP, IP6]:
        if isinstance(packet_data, (IP, IP6)):
            return packet_data

        # Packet data is bytes because it is a fragmented packet.
        try:
            return IP(packet_data)

        except dpkt.dpkt.UnpackError:
            return IP6(
                packet_data)  # When IPv6 packet is encapsulated in IPv4 packet

        except BaseException as ex:
            logging.error(
                'Can not parse Ethernet frame as IPv4 or IPv6 packet. Error: `%s`',
                ex)
            raise ex
Example #21
0
    def Setup(self):
        self.name = "Connection to open port"
        self.expect = "gen.output.2"

        # Packet 1
        payload = TCP(sport=555, dport=80, seq=10000, flags=dnet.TH_SYN)
        ip = IP(src=dnet.ip_aton("192.0.2.254"),
                dst=dnet.ip_aton("192.18.0.10"),
                id=5624,
                p=dnet.IP_PROTO_TCP)
        ip.data = payload
        ip.len += len(ip.data)
        self.packets.append(ip)

        # Packet 2
        payload = TCP(sport=555, dport=80,
                      seq=10001, ack=194595108,
                      flags=dnet.TH_ACK)
        ip = IP(src=dnet.ip_aton("192.0.2.254"),
                dst=dnet.ip_aton("192.18.0.10"),
                id=5625, p=dnet.IP_PROTO_TCP)
        ip.data = payload
        ip.len += len(ip.data)
        self.packets.append(ip)

        # Packet 3
        payload = TCP(sport=555, dport=80,
                      seq=10001, ack=194595108,
                      flags=dnet.TH_ACK)
        payload.data = 'Honeyd fools you'
        ip = IP(src=dnet.ip_aton("192.0.2.254"),
                dst=dnet.ip_aton("192.18.0.10"),
                id=5625, p=dnet.IP_PROTO_TCP)
        ip.data = payload
        ip.len += len(ip.data)

        self.packets.append(ip)
Example #22
0
    def Setup(self):
        self.name = "Routing to Open Port"
        self.expect = "route.output.1"

        # Packet 1
        payload = TCP(sport=555, dport=80, seq=10000, flags=dnet.TH_SYN)
        ip = IP(src=dnet.ip_aton("192.0.2.1"),
                dst=dnet.ip_aton("192.18.3.10"),
                id=8143,
                ttl=1,
                p=dnet.IP_PROTO_TCP)
        ip.data = payload
        ip.len += len(ip.data)
        self.packets.append(ip)

        # Packet 2
        payload = TCP(sport=555, dport=80, seq=10000, flags=dnet.TH_SYN)
        ip = IP(src=dnet.ip_aton("192.0.2.1"),
                dst=dnet.ip_aton("192.18.3.10"),
                id=8144,
                ttl=2,
                p=dnet.IP_PROTO_TCP)
        ip.data = payload
        ip.len += len(ip.data)
        self.packets.append(ip)

        # Packet 3
        payload = TCP(sport=555, dport=80, seq=10000, flags=dnet.TH_SYN)
        ip = IP(src=dnet.ip_aton("192.0.2.1"),
                dst=dnet.ip_aton("192.18.3.10"),
                id=8145,
                ttl=3,
                p=dnet.IP_PROTO_TCP)
        ip.data = payload
        ip.len += len(ip.data)
        self.packets.append(ip)
Example #23
0
 def iterate(pktlen, pkt, timestamp):
     eth = Ethernet(pkt)
     if eth.type == ETH_TYPE_IP:
         ip = IP(str(eth.data))
         if ip.p == IP_PROTO_TCP:
             tcp = TCP(str(ip.data))
             if len(tcp.data) > 0:
                 if (outgoing is not None
                         and ip.src == self.stream['src']
                         and tcp.sport == self.stream['sport']
                         and ip.dst == self.stream['dst']
                         and tcp.dport == self.stream['dport']):
                     outgoing(pktlen, pkt, timestamp)
                 if (incoming is not None
                         and ip.src == self.stream['dst']
                         and tcp.sport == self.stream['dport']
                         and ip.dst == self.stream['src']
                         and tcp.dport == self.stream['sport']):
                     incoming(pktlen, pkt, timestamp)
Example #24
0
def sniffer():
    packet = Ether() / IP(dst="1.2.3.4") / UDP(dport=123)
    wrpcap('foo.pcap', [packet])
    f = open('foo.pcap', 'rb')
    pcap = dpkt.pcap.Reader(f)

    sniffed = ""
    for ts, buf in pcap:
        eth = dpkt.ethernet.Ethernet(buf)
        if eth.type != dpkt.ethernet.ETH_TYPE_IP:
            print('Non IP Packet type not supported')
            continue

        ip = eth.data
        do_not_fragment = bool(dpkt.ip.IP_DF)
        more_fragments = bool(dpkt.ip.IP_MF)
        fragment_offset = ip.off & dpkt.ip.IP_OFFMASK
        sniffed = 'IP: '+str(ipaddress.ip_address(ip.src)) + ' -> '+str(ipaddress.ip_address(ip.dst)) + '   len='+str(ip.len) + '   ttl='+str(ip.ttl) + '   DF='+str(do_not_fragment)\
             +  '   MF='+str(more_fragments) + '   offset='+str(fragment_offset)
        return sniffed
Example #25
0
    def run(self):
        global sock, handle, mtu_size, verbose, now, last_send
        buf = win32file.AllocateReadBuffer(mtu_size)
        while True:
            # wait for data
            l, _ = win32file.ReadFile(handle, buf, self.overlapped_rx)
            # ERROR_IO_PENDING, maybe 0 also
            #assert win32api.GetLastError() == win32file.ERROR_IO_PENDING

            #rc = win32event.WaitForSingleObject(self.overlapped_rx.hEvent, 1000 * keepalive_interval)
            bytes_read = yield

            # overlapped mode, return a PyOVERLAPPEDReadBuffer instead of str
            p = buf[:bytes_read]

            if verbose:
                print 'tunnel recv: '
                #pprint(Ethernet(p))
                if (ord(p[0]) & 0xf0) == 0x40:
                    pprint(IP(p))
                elif (ord(p[0]) & 0xf0) == 0x60:
                    pprint(IP6(p))
                else:
                    print 'Unknown layer 3 protocol'
                    continue  # not support

            #sock.sendall(local_to_netmsg(pack_header(p)))
            rc, bytes_sent = win32file.WSASend(sock.fileno(),
                                               local_to_netmsg(pack_header(p)),
                                               self.overlapped_tx)

            # even send not pending, still generate a IOCP queued message
            bytes_sent = yield
            assert rc == 0 or rc == win32file.WSA_IO_PENDING

            last_send = now
Example #26
0
    def Setup(self):
        self.name = "Routing to Open Port"
        self.expect = "route.output.1"

        # Packet 1
        payload = TCP(sport=555, dport=80, seq=10000,
                      flags=dnet.TH_SYN)
        ip = IP(src=dnet.ip_aton("192.0.2.1"),
                dst=dnet.ip_aton("192.18.3.10"),
                id=8143, ttl=1,
                p=dnet.IP_PROTO_TCP)
        ip.data = payload
        ip.len += len(ip.data)
        self.packets.append(ip)

        # Packet 2
        payload = TCP(sport=555, dport=80, seq=10000,
                      flags=dnet.TH_SYN)
        ip = IP(src=dnet.ip_aton("192.0.2.1"),
                dst=dnet.ip_aton("192.18.3.10"),
                id=8144, ttl=2,
                p=dnet.IP_PROTO_TCP)
        ip.data = payload
        ip.len += len(ip.data)
        self.packets.append(ip)

        # Packet 3
        payload = TCP(sport=555, dport=80, seq=10000,
                      flags=dnet.TH_SYN)
        ip = IP(src=dnet.ip_aton("192.0.2.1"),
                dst=dnet.ip_aton("192.18.3.10"),
                id=8145, ttl=3,
                p=dnet.IP_PROTO_TCP)
        ip.data = payload
        ip.len += len(ip.data)
        self.packets.append(ip)
Example #27
0
#! /usr/bin/env python
# -*- coding: utf-8 -*-
# vim:fenc=utf-8
#
# Copyright © 2017 anatharaman <anatharaman@CSL-C14997>
#
# Distributed under terms of the MIT license.

"""

"""
import struct
import pcap
import dpkt
from dpkt.ip import IP
from dpkt.tcp import TCP

file = open("datadump1","wb")
for ts,raw_packet in pcap.pcap("C37.118_1PMU_TCP.pcap"):
    ip = IP(raw_packet[14:])
    tcp = ip.data
    if len(tcp.data) != 0:
        byte = ":".join("{:02x}".format(ord(c)) for c in tcp.data)
        file.write(bytearray(tcp.data + "\n"))
file.close()
Example #28
0
def egress_loop(packet):
    global connections
    global blacklist
    global client_log

    now = datetime.now()
    raw_packet = packet.get_payload()
    network = IP(raw_packet)

    # modify the packet all you want here
    # packet.set_payload(str(pkt)) #set the packet content to our modified version

    transport = network.data

    src_ip = inet_to_str(network.src)
    dst_ip = inet_to_str(network.dst)
    flow = (src_ip, transport.sport, dst_ip, transport.dport)

    # if flow[3] in [443]:
    #     print('[drop] {}:{} -> {}:{}'.format(flow[0], flow[1], flow[2], flow[3]))
    #     packet.drop()
    #     return

    if flow in connections:
        connections[flow] = connections[flow] + transport.data
    else:
        connections[flow] = transport.data

    flow_addresses = '{}:{},{}:{}'.format(src_ip, transport.sport, dst_ip,
                                          transport.dport)
    print(flow_addresses)

    tracked_client_arrived = client_log.arrived_near(now)
    # if network.rf or (tracked_client_arrived and dst_ip in KNOWN_PEERS):
    if tracked_client_arrived and dst_ip in KNOWN_PEERS:
        print('no RF, setting...')
        network.rf = 1
        network.sum = 0
        packet.set_payload(bytes(network))

    if transport.dport not in [80]:
        packet.accept()
        # if is_marked: print(packet.get_payload())
        return

    try:
        stream = connections[flow]
        http = Request(stream)
        # if src_ip in blacklist:
        #     bad_ip = src_ip
        # elif dst_ip in blacklist:
        #     bad_ip = dst_ip
        # else:
        #     bad_ip = 'not listed'

        bad_host = http.headers['host']
        print(flow)

        if tracked_client_arrived and bad_host in blacklist:
            print('[drop] blacklisted host: {}, IP: {}'.format(
                bad_host, dst_ip))
            del connections[flow]
            return packet.drop()

        # If we reached this part an exception hasn't been thrown
        stream = stream[len(http):]
        if len(stream) == 0:
            del connections[flow]
        else:
            connections[flow] = stream
    except UnpackError:
        pass

    packet.accept()
    # if is_marked: print(packet.get_payload())
    return
Example #29
0
# This is sample code to generate udp packets
# from a pcap file, used for ipfix testing
import dpkt
import pcap
from dpkt.ip import IP
from dpkt.udp import UDP

idx = 0
for ts, raw_pkt in pcap.pcap('mydump'):
    ip = IP(raw_pkt[14:])
    udp = ip.data
    f = open('workfile' + str(idx), 'w')
    f.write(udp.data)
    f.close()
    idx = idx + 1
Example #30
0
def decode_raw_ip_payload_src_dst(buf):

    ip = IP(buf)
    return inet_to_str(ip.src), inet_to_str(ip.dst)
Example #31
0
def main(serverInterface, serverIp):
    dstaddr = (serverInterface, 2048, 0, 1, clientMac.decode('hex')) # where to send the packets.

    # open a socket to the switch here. Just do a send when you have a 
    # permission that you want to add. You can work in the controller 
    # interface later on, connect right to the switch, for now.
    declassifierSocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    declassifierSocket.connect((declassifierIp, declassifierPort))
    print ("connected to declassifier.")
    serveripn = socket.inet_aton(serverIp)
    # bind on an extra socket, so the kernel knows the udp port is opened.
    s1 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    s1.bind((serverIp, serverport))
    s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.htons(3)) # 3 = ETH_P_ALL, all protocol.
    # s.bind((serverip, serverport))
    s.bind((serverInterface, 0))

    print ("generating permissions")
    permissionrecords = set()
    for i in range(permissionct):
        dstip = socket.inet_aton(socket.inet_ntoa(struct.pack('>I', random.randint(1, 0xffffffff))))
        srcip = socket.inet_aton(serverIp)
        dstport = random.randint(1, 50000)
        srcport = serverport

        permissionrecord = (dstip, srcip, dstport, srcport)
        permissionrecords.add(permissionrecord)
        permission = 1 # the valid permission is always 1.
        flowPermission = ''
        flowPermission += srcip
        flowPermission += dstip
        flowPermission += struct.pack("!H", srcport)
        flowPermission += struct.pack("!H", dstport)
        flowPermission += struct.pack("!i", permission)
        declassifierSocket.send(flowPermission)
        time.sleep(permissionDelay)
    declassifierSocket.close()
    print ("%s unique flow permissions generated and send to declassifier."%len(permissionrecords))
    print ("generating valid flows.")
    validflows = []
    permissionrecords = list(permissionrecords)
    for i in range(validflowct):
        validrecord = permissionrecords[i]
        dstip, srcip, dstport, srcport = validrecord  
        flow = []     
        for j in range(pktsPerFlow):
            message = struct.pack("i", 1)
            udpOut = UDP()
            udpOut.sport = srcport
            udpOut.dport = dstport
            udpOut.data = message
            udpOut.ulen=len(udpOut)
            udpOut = UDP(str(udpOut))
            ipOut = IP(src=srcip, dst=dstip)
            ipOut.p = 0x11
            ipOut.data = UDP(str(udpOut))
            ipOut.v = 4
            ipOut.len = len(ipOut)
            ipOut.tos = 1 << 2 # these are valid flows, so put 1 into the ip dscp field.
            ethOut = Ethernet(src=serverMac.decode('hex'), dst=clientMac.decode('hex'), type=ethernet.ETH_TYPE_IP, data = ipOut)
            eo = str(ethOut)
            flow.append(str(ethOut))
        validflows.append(flow)
    print ("%s valid flows generated, with %s packets each."%(len(validflows), len(validflows[0])))
    
    print ("generating invalidflows")    
    invalidflows = []
    for i in range(len(validflows), len(validflows)+invalidflowct):
        validrecord = permissionrecords[i]
        dstip, srcip, dstport, srcport = validrecord   
        flow = []     
        for j in range(pktsPerFlow):
            message = struct.pack("i", 1)
            udpOut = UDP()
            udpOut.sport = srcport
            udpOut.dport = dstport
            udpOut.data = message
            udpOut.ulen=len(udpOut)
            udpOut = UDP(str(udpOut))
            ipOut = IP(src=srcip, dst=dstip)
            ipOut.p = 0x11
            ipOut.data = UDP(str(udpOut))
            ipOut.v = 4
            ipOut.len = len(ipOut)
            if j == invalidPacketLoc:
                ipOut.tos = 0 << 2 # mark the invalid packet.
            else:
                ipOut.tos = 1 << 2 # mark the valid packets.

            ethOut = Ethernet(src=serverMac.decode('hex'), dst=clientMac.decode('hex'), type=ethernet.ETH_TYPE_IP, data = ipOut)
            flow.append(str(ethOut))
        invalidflows.append(flow)

    print ("%s invalid flows generated, with %s packets each."%(len(invalidflows), len(invalidflows[0])))

    print ("sending valid flows packets to: %s"%str(dstaddr))
    for flow in validflows:
        for pktstr in flow:
            s.sendto(pktstr, dstaddr)
            time.sleep(delay)

    print ("sending invalid flow packets to: %s"%str(dstaddr))
    for flow in invalidflows:
        for pktstr in flow:
            s.sendto(pktstr, dstaddr)
            time.sleep(delay)

    print ("everything send. exiting.")
    return
Example #32
0
def main(serverInterface, serverIp):
    # open a socket to the switch here. Just do a send when you have a 
    # permission that you want to add. You can work in the controller 
    # interface later on, connect right to the switch, for now.
    declassifierSocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    declassifierSocket.connect((declassifierIp, declassifierPort))
    print ("connected to declassifier.")
    serveripn = socket.inet_aton(serverIp)
    # bind on an extra socket, so the kernel knows the udp port is opened.
    s1 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    s1.bind((serverIp, serverport))
    s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.htons(3)) # 3 = ETH_P_ALL, all protocol.
    # s.bind((serverip, serverport))
    s.bind((serverInterface, 0))
    print ("Starting listening loop.")
    currentPermissions = set() # cache of the current permissions for flows.

    while True:
        pkt, srcaddr = s.recvfrom(1514) # 1500 is the mtu.. but still will this work?
        print srcaddr
        # print srcaddr
        # srcaddr = list(srcaddr)
        # srcaddr[2] = 4
        # srcaddr = tuple(srcaddr)
        if len(pkt)>4:
            ethIn = Ethernet(pkt)
            if type(ethIn.data) == IP:
                ipIn = ethIn.data
                if type(ipIn.data) == UDP:
                    udpIn = ipIn.data
                    if (ipIn.dst == serveripn) and (ipIn.data.dport == serverport):
                        # print ("got server packet")
                        userid, dataid = struct.unpack("ii", udpIn.data)  
                        # print ("got request for user id: %s data id: %s"%(userid, dataid)) 
                        # print ("writing flow information to file. ")
                        # flowData = "%s,%s,%s,%s:%s\n"%(socket.inet_ntoa(ipIn.src), socket.inet_ntoa(ipIn.dst), udpIn.sport, udpIn.dport, userid)
                        # f = open(flowDataFile, "a")
                        # f.write(flowData)
                        # f.close()

                        # pack the information about the flow, that
                        # you send to the declassifier.
                        permission = userid
                        flowPermission = ''
                        flowPermission += ipIn.dst
                        flowPermission += ipIn.src
                        flowPermission += struct.pack("!H", udpIn.dport)
                        flowPermission += struct.pack("!H", udpIn.sport)
                        flowPermission += struct.pack("!i", permission)
                        # add the permissions, if they're not added yet.
                        if flowPermission not in currentPermissions:
                            currentPermissions.add(flowPermission)
                            # print ("intended message: %s (%s) --> %s (%s)"%\
                            #     (socket.inet_ntoa(ipIn.dst), udpIn.dport, socket.inet_ntoa(ipIn.src), udpIn.sport))
                            # send the permission information to the declassifier.
                            # print ("sending %s bytes to declassifier"%len(flowPermission))
                            declassifierSocket.send(flowPermission)
                            # time.sleep(.000001)
                        # print("flow permissions sent to declassifier.")
                        # response just indicates whether the user has
                        # permission to access it according to the 
                        # server. If you see a 0 response at the client, 
                        # something is wrong.
                        if userid == dataid:
                            message = struct.pack("i", 1)
                        else:
                            message = struct.pack("i", 0)
                        # print ("sending message back to client")
                        udpOut = UDP()
                        udpOut.sport = udpIn.dport
                        udpOut.dport = udpIn.sport
                        udpOut.data = message
                        udpOut.ulen=len(udpOut)
                        udpOut = UDP(str(udpOut))

                        ipOut = IP(src=ipIn.dst, dst=ipIn.src)
                        ipOut.p = 0x11
                        ipOut.data = UDP(str(udpOut))
                        ipOut.v = 4
                        ipOut.len = len(ipOut)

                        # put the data id into the dcsp field. (first 6 bits of tos)
                        ipOut.tos = dataid << 2

                        ethOut = Ethernet(src = ethIn.dst, dst=ethIn.src,type=ethernet.ETH_TYPE_IP, data = ipOut)
                        # print ("-----")
                        # print len(message)
                        # print len(str(udpOut))
                        # print len(str(ipOut))
                        # print len(ethOut)
                        # print len(udpIn)
                        # print len(udpOut)
                        # print "_--------_"
                        # print str(udpIn).encode('hex_codec')
                        # print str(udpOut).encode('hex_codec')
                        # print `ethOut`
                        ethOut = str(ethOut)
                        s.sendto(ethOut, srcaddr)