def fragment_bomb(dest: str,
nb_packet: int,
payload: bytes = b"",
method: str = "") -> None:
_packet_ids = random.sample(range(0x0000, 0x10000), k=nb_packet)
pkts = plist.PacketList()
for _id in _packet_ids:
#_ip = IP(dst=dest, id=_id, proto="tcp") / payload
#for f in fragment(_ip):
# sendp( Ether(dst="00:15:5d:00:0c:3f")/f , inter=0.01, iface="eth1" )
for pkt in generate_packet(dest, _id, payload):
p = Ether(dst="00:15:5d:00:0c:3f") / pkt
#send(pkt,verbose=False)
pkts.append(p)
sendp(p, inter=0.001, iface="eth1", verbose=False)
# # some strategy attempts to better control the grooming
# if method == "poke":
# x = [ t for i, t in enumerate(_id) if i % 2 == 1 ]
# pkts.append( IP(dst=dest, proto="tcp", id=x, frag=off) )
# elif method == "full":
# x = [ t for i, t in enumerate(_id) if i % 2 == 1 ]
# pkts.append( IP(dst=dest, proto="tcp", id=x, frag=off) )
# x = [ t for i, t in enumerate(_id) if i % 2 == 0 ]
# pkts.append( IP(dst=dest, proto="tcp", id=x, frag=off) )
#send(pkts, verbose=DEBUG, inter=0.01, loop=0)
return
def run(self):
try:
self.sniff(**self.kwargs)
except socket.error as xxx_todo_changeme:
(code, msg) = xxx_todo_changeme.args
if code != errno.EINTR:
raise
except Exception as err:
log.warn(traceback.format_exc())
finally:
self.sock.close()
self.pcap = plist.PacketList(self.filtered_pcap, "Sniffed")
log.debug("Total packets received: %s", len(self.pcap))
self.update_result(len(self.pcap), len(self.corrupted_pcap))
def sniff(store=False,
prn=None,
lfilter=None,
stop_event=None,
refresh=.1,
*args,
**kwargs):
"""Sniff packets
sniff([count=0,] [prn=None,] [store=1,] [offline=None,] [lfilter=None,] + L2ListenSocket args)
store: wether to store sniffed packets or discard them
prn: function to apply to each packet. If something is returned,
it is displayed. Ex:
ex: prn = lambda x: x.summary()
lfilter: python function applied to each packet to determine
if further action may be done
ex: lfilter = lambda x: x.haslayer(Padding)
stop_event: Event that stops the function when set
refresh: check stop_event.set() every refresh seconds
"""
s = conf.L2listen(type=ETH_P_ALL, *args, **kwargs)
lst = []
try:
while True:
if stop_event and stop_event.is_set():
break
sel = select([s], [], [], refresh)
if s in sel[0]:
p = s.recv(MTU)
if p is None:
break
if lfilter and not lfilter(p):
continue
if store:
lst.append(p)
if prn:
r = prn(p)
if r is not None:
print(r)
except KeyboardInterrupt:
pass
finally:
s.close()
return plist.PacketList(lst, "Sniffed")
def generate_packet(dst: str, id: int, payload: bytes):
"""
Create packet(s) that will be re-assembled contiguously remotely
"""
MTU_MAX_SIZE = 1400 # todo adjust
_id = id
_start_offset = 0
_pkt_fragments = plist.PacketList()
_size = len(payload)
for i in range(0, _size, MTU_MAX_SIZE):
_off = int(_start_offset + i) // 8
_flags = "MF" if i + MTU_MAX_SIZE < _size else "MF"
_ip = IP(dst=dst, proto="tcp", flags=_flags, id=_id, frag=_off) / Raw(
payload[i:i + MTU_MAX_SIZE])
_pkt_fragments.append(_ip)
ok("sending IP(id={:x}, off={}, flags={})".format(
_id, _off * 8, _flags))
return _pkt_fragments
def sniff(
store=False,
prn=None,
lfilter=None,
stop_event=None,
refresh=0.1,
offline=None,
*args,
**kwargs
):
"""Sniff packets
sniff([count=0,] [prn=None,] [store=1,] [offline=None,] [lfilter=None,] + L2ListenSocket args)
Modified version of scapy.all.sniff
store : bool
wether to store sniffed packets or discard them
prn : None or callable
function to apply to each packet. If something is returned,
it is displayed.
ex: prn = lambda x: x.summary()
lfilter : None or callable
function applied to each packet to determine
if further action may be done
ex: lfilter = lambda x: x.haslayer(Padding)
stop_event : None or Event
Event that stops the function when set
refresh : float
check stop_event.set() every `refresh` seconds
"""
logger.debug("Setting up sniffer...")
if offline is None:
L2socket = conf.L2listen
s = L2socket(type=ETH_P_ALL, *args, **kwargs)
else:
s = PcapReader(offline)
# on Windows, it is not possible to select a L2socket
if WINDOWS:
from scapy.arch.pcapdnet import PcapTimeoutElapsed
read_allowed_exceptions = (PcapTimeoutElapsed,)
def _select(sockets):
return sockets
else:
read_allowed_exceptions = ()
def _select(sockets):
try:
return select(sockets, [], [], refresh)[0]
except OSError as exc:
# Catch 'Interrupted system call' errors
if exc.errno == errno.EINTR:
return []
raise
lst = []
try:
logger.debug("Started Sniffing")
while True:
if stop_event and stop_event.is_set():
break
sel = _select([s])
if s in sel:
try:
p = s.recv(MTU)
except read_allowed_exceptions:
# could add a sleep(refresh) if the CPU usage
# is too much on windows
continue
if p is None:
break
if lfilter and not lfilter(p):
continue
if store:
lst.append(p)
if prn:
r = prn(p)
if r is not None:
print(r)
except KeyboardInterrupt:
pass
finally:
logger.debug("Stopped sniffing.")
s.close()
return plist.PacketList(lst, "Sniffed")
if self.chksum and not self.checksum(p, proto):
self.corrupted_pcap.append(p)
return 1
return 0
def run(self):
try:
self.sniff(**self.kwargs)
except socket.error as (code, msg):
if code != errno.EINTR:
raise
except Exception, err:
log.warn(traceback.format_exc())
finally:
self.sock.close()
self.pcap = plist.PacketList(self.filtered_pcap, "Sniffed")
log.debug("Total packets received: %s", len(self.pcap))
self.update_result(len(self.pcap), len(self.corrupted_pcap))
def update_result(self, recv, corrupt):
result = "Received=%s\nCorrupted=%s" % (recv, corrupt)
fd = open(self.resultsfile, 'w')
fd.write(result)
fd.flush()
fd.close()
def stop(self):
self.capture = False
self.terminate()
self.sock.close()