def buildRequest(src,dst,c='',p=''): global debug dst_addr=eth_aton(dst) # format: "01:02:03:04:05:06" src_addr=eth_aton(src) # idem ethertype=ETH_TYPE if len(p)>0: p="\x00\x00\x00\x00\x00"+chr(len(p))+'\x00'+p # all 00 since we have no packet splitting (amount = 0) p=c+p if len(p)<50: p+=("\x00"*(50-len(p))) packet=dst_addr+src_addr+ethertype+p if verbose: print "[i] The data:" print hexdump(str(packet)) return str(packet)
def start(self, package): self.mongo = mongolib.mongodb() self.package = package #data = self.package.get_payload() data = self.package.get_data() ip_info = dpkt.ip.IP(data) tcp_info = dpkt.tcp.TCP(data) print socket.inet_ntoa(ip_info.src) + " to " + socket.inet_ntoa( ip_info.dst) self.mongo.log_collect(ipsrc=str(socket.inet_ntoa(ip_info.src)), ipdst=str(socket.inet_ntoa(ip_info.dst))) data_16 = dpkt.hexdump(str(data), 16) self.count += 1 print "----------------" + str(self.count) + "---------------------" print data_16 ##-- print dpkt.tcp.TCP(data).__class__.__name__ temp = re.findall(r' [0-9][0-9][0-9][0-9]: (.*?) ', data_16) package_after_decode = '' for i in temp: package_after_decode += i package_after_decode = package_after_decode.replace(' ', ' ') package_after_decode = package_after_decode.replace(' ', '') self.afterdecode = package_after_decode ## #print self.afterdecode if self.judge_iec61850_mms() == False: package.set_verdict(nfqueue.NF_DROP) package.set_verdict(nfqueue.NF_ACCEPT) self.mongo.log_input() self.mongo.log_bufc() ## '''
def buildRequest(src, dst, c='', p=''): global debug dst_addr = eth_aton(dst) # format: "01:02:03:04:05:06" src_addr = eth_aton(src) # idem ethertype = ETH_TYPE if len(p) > 0: p = "\x00\x00\x00\x00\x00" + chr( len(p) ) + '\x00' + p # all 00 since we have no packet splitting (amount = 0) p = c + p if len(p) < 50: p += ("\x00" * (50 - len(p))) packet = dst_addr + src_addr + ethertype + p if verbose: print "[i] The data:" print hexdump(str(packet)) return str(packet)
def buildArpReply(pair): arp_p = arp.ARP() arp_p.sha = eth_aton(pair.smac) # sender hardware addr arp_p.spa = socket.inet_aton(pair.sip) # sender ip addr arp_p.tha = eth_aton(pair.rmac) # dest hardware addr arp_p.tpa = socket.inet_aton(pair.rip) # ip addr of request arp_p.op = arp.ARP_OP_REPLY packet = ethernet.Ethernet() packet.src = eth_aton(pair.smac) packet.dst = socket.inet_aton(pair.sip) packet.data = arp_p packet.type = ethernet.ETH_TYPE_ARP if debug: print dpkt.hexdump(str(packet)) return packet
def buildArp(addr): arp_p = arp.ARP() arp_p.sha = eth_aton(mac) # sender hardware addr arp_p.spa = socket.inet_aton(inet) # sender ip addr arp_p.tha = ETH_ADDR_UNSPEC # dest hardware addr arp_p.tpa = socket.inet_aton(addr) # ip addr of request arp_p.op = arp.ARP_OP_REQUEST packet = ethernet.Ethernet() packet.src = eth_aton(mac) packet.dst = ETH_ADDR_BROADCAST packet.data = arp_p packet.type = ethernet.ETH_TYPE_ARP if debug: print dpkt.hexdump(str(packet)) return packet
def debug_packets(self, ether): #print 'Ethernet II type:%s' % hex(ether.type) radius = RADIUS_H3C(ether.data) eap = RADIUS_H3C.EAP(radius.data) print "" print "# Start of dump content #" print 'From %s to %s' % tuple( map(binascii.b2a_hex, (ether.src, ether.dst) )) print "%s" % dpkt.hexdump(str(ether), 20) print "==== RADIUS ====" print "radius_len: %d" % radius.len #print "======== EAP_HDR ========" #print "%s" % dpkt.hexdump(str(eap), 20) #print "server_response: %s" % eap_code[eap.code] print "eap_code: %d" % eap.code print "eap_id: %d" % eap.id print "eap_len: %d" % eap.len print "eap_type: %d" % eap.type #@must handle failure here #print "eap_type: %s" % eap_type[eap.type] print "======== EAP DATA ========" print "%s" % dpkt.hexdump(eap.data, 20) print "# End of dump content #" print ""
def _grep_data(self, flow, buf, arrow): if self.pat is None or self.pat.search(buf): if not self.noheader: print '-----------------' print time.strftime('%x %X', time.localtime(flow.etime)), print flow.__str__(arrow) if self.hex: self.color(dpkt.hexdump(str(buf)), arrow) elif self.raw: flow.save['rawf'].write(buf) elif not self.quiet: self.color(repr(buf), arrow) if self.kill: flow.kill()
def getPkt_infinity(self): while (True): nPkts=0 for ts, pkt in pcap.pcap(): nPkts += 1 print("Pacote puro #"+str(nPkts)) print(dpkt.hexdump(pkt)) print("Mostrando o pacote #"+str(nPkts)) eth = dpkt.ethernet.Ethernet(pkt) #extraindo dados do pacote print(ts, repr(eth)) print("Mostrando o endereco de destino do pacote #"+str(nPkts)) print(repr(eth.dst)) print("\n")
def getPkt_range(self,maxPkts): nPkts=0 for ts, pkt in pcap.pcap(): nPkts += 1 print("Pacote puro #"+str(nPkts)) print(dpkt.hexdump(pkt)) print("Mostrando o pacote #"+str(nPkts)) eth = dpkt.ethernet.Ethernet(pkt) #extraindo dados do pacote print(ts, repr(eth)) print("Mostrando o endereco de destino do pacote #"+str(nPkts)) print(repr(eth.dst)) print("\n") if (nPkts == maxPkts): break
def captura(self): #assinaturas de protocolos de camada de aplicacao expr="^[\x01\x02][\x01- ]\x06.*c\x82sc" dhcp = re.compile(expr) expr="^(\x13bittorrent protocol|azver\x01$|get /scrape\?info_hash=)" bittorrent = re.compile(expr) protocols = {"dhcp":dhcp,"bittorrent":bittorrent} #contadores cnt = {"dhcp":0,"bittorrent":0,"noClass":0} cNonIP = 0 nPkts=0 for ts, pkt in pcap.pcap("test-capture.pcap"): nPkts = nPkts + 1 eth = dpkt.ethernet.Ethernet(pkt) #extraindo dados do pacote ip = eth.data #imprimindo pacotes print("Pacote puro #"+str(nPkts)) print(dpkt.hexdump(pkt)) print("Mostrando o pacote #"+str(nPkts)) print(ts, repr(eth)) print("Mostrando o endereco de destino do pacote #"+str(nPkts)) print(repr(eth.dst)) print("\n") if isinstance(ip,dpkt.ip.IP): transp = ip.data if isinstance(transp,dpkt.tcp.TCP) or isinstance(transp,dpkt.udp.UDP): app = transp.data.lower() found = False for p in protocols.items(): if p[1].search(app): cnt[p[0]] += 1 found = True if (not found): cnt["noClass"] += 1 else: cNonIP += 1 for p in cnt.items(): print(p[0]+" Pkts:"+str(p[1])) print("Non IP Pkts:"+str(cNonIP))
packet = buildArp(addr) s.send(str(packet)) print "Results..." while 1: data = s.recv(1024) if debug: print dpkt.hexdump(data) sys.stdout.flush() answer = ethernet.Ethernet(data) arp_p = answer.data orig = socket.inet_ntoa( arp_p.spa ) mac_add = eth_ntoa( arp_p.sha) dest = socket.inet_ntoa( arp_p.tpa ) if debug:print dpkt.hexdump( str(arp_p) ) if arp_p.op != arp.ARP_OP_REQUEST:
def dumpcap( f ): pcapReader = dpkt.pcap.Reader(open(f)) for ts, data in pcapReader: ether = dpkt.ethernet.Ethernet(data) print dpkt.hexdump(str(ether))
def deal_package(self, timestamp, pkg): if (self.get_btnStop() == True): return package = {} info = {} timestamp, buf = timestamp, pkg timestamp = str(datetime.datetime.fromtimestamp(timestamp)) r = r'\d{2}:\d{2}:\d{2}' stand_time = re.findall(r, timestamp)[0] timestamp = stand_time package['timestamp'] = timestamp package['len'] = len(buf) org = dpkt.hexdump(str(buf), 20) package['buf'] = org #print type(buf) eth = dpkt.ethernet.Ethernet(buf) #print type(eth) # Make sure the Ethernet data contains an IP packet if eth.data.__class__.__name__ == "ARP": arp = eth.data package['protocol'] = 'ARP' #ARP包解析 info['hrd_type'] = arp.hrd #硬件类型 info['pro_type'] = arp.pro #协议类型 info['mac_addr_len'] = arp.hln #MAC地址长度 info['pro_addr_len'] = arp.pln #协议地址长度 info['op'] = arp.op #操作码 info['sha'] = mac_addr(arp.sha) #发送方MAC地址 info['spa'] = inet_to_str(arp.spa) #发送方IP地址 info['tha'] = mac_addr(arp.tha) #接收方MAC地址 info['tpa'] = inet_to_str(arp.tpa) #接收方IP地址 data = arp.data package['info'] = info timeItem = QTableWidgetItem(" " + package['timestamp']) srcItem = QTableWidgetItem(" " + info['sha']) dstItem = QTableWidgetItem(" " + info['tha']) protocolItem = QTableWidgetItem(" " + package['protocol']) lenItem = QTableWidgetItem(" " + str(package['len'])) #i = self.package_info.currentRow()+1 i = self.package_info.rowCount() self.package_info.insertRow(i) self.package_info.setItem(i, 0, timeItem) self.package_info.setItem(i, 1, srcItem) self.package_info.setItem(i, 2, dstItem) self.package_info.setItem(i, 3, protocolItem) self.package_info.setItem(i, 4, lenItem) show=str(info['spa'])+" --> "+str(info['tpa'])+ \ ' protocol_type:' +str(info['pro_type']) + \ ' op_code : ' +str(info['op']) infoItem = QTableWidgetItem(show) self.package_info.setItem(i, 5, infoItem) saveItem = QTableWidgetItem(json.dumps(package)) self.package_info.setItem(i, 6, saveItem) dataItem = QTableWidgetItem(data) self.package_info.setItem(i, 7, dataItem) return "ARP" elif eth.data.__class__.__name__ == "IP6": ip6 = eth.data #print 'get 6' + str(ip6.nxt) package['ip_ver'] = 6 #IP6包解析 info['fc'] = ip6.fc #优先级 info['flow'] = ip6.flow #流量标识 info['payload_len'] = ip6.plen #有效载荷长度 info['next_hdr'] = ip6.nxt #下一包头 info['hop_lim'] = ip6.hlim #条数限制 info['src'] = inet_to_str(ip6.src) #起始地址 info['dst'] = inet_to_str(ip6.dst) #目的地址 #info['extend_4'] = ip6.data if ip6.nxt != 1 and ip6.nxt != 2 and ip6.nxt != 17 and ip6.nxt != 6: print 'return ' return package['ipv6_info'] = info if ip6.nxt == 1: icmp = ip6.data package['protocol'] = 'ICMP' info['type'] = icmp.type #类型 info['code'] = icmp.code #代码 info['checksum'] = icmp.sum #校验和 data = icmp.data package['info'] = info elif ip6.nxt == 6: tcp = ip6.data package['protocol'] = 'TCP' info['sport'] = tcp.sport #源端口 info['dport'] = tcp.dport #目的端口 info['seq'] = tcp.seq #seq info['ack'] = tcp.ack #ack info['flags'] = tcp.flags #标志位 info['window'] = tcp.win #窗口大小 info['checksum'] = tcp.sum #校验和 data = tcp.data #数据 info['packet_type'] = [] #具体 if tcp.flags & dpkt.tcp.TH_SYN: info['packet_type'].append("SYN") #SYN if tcp.flags & dpkt.tcp.TH_FIN: info['packet_type'].append("FIN") #FIN if tcp.flags & dpkt.tcp.TH_RST: info['packet_type'].append("RST") #RST if tcp.flags & dpkt.tcp.TH_PUSH: info['packet_type'].append("PSH") #PSH if tcp.flags & dpkt.tcp.TH_ACK: info['packet_type'].append("ACK") #ACK if tcp.flags & dpkt.tcp.TH_URG: info['packet_type'].append("URG") #URG package['info'] = info #elif isinstance(ip6.data, dpkt.udp.UDP): elif ip6.nxt == 17: udp = ip6.data package['protocol'] = 'UDP' info['sport'] = udp.sport #源端口 info['dport'] = udp.dport #目的端口 info['ulen'] = udp.ulen #长度 info['checksum'] = udp.sum #校验和 data = udp.data package['info'] = info print package #elif isinstance(ip6.data, dpkt.igmp.IGMP): elif ip6.nxt == 2: igmp = ip6.data package['protocol'] = 'IGMP' info['type'] = igmp.type #类型 info['maxresp'] = igmp.maxresp #最大响应延迟 info['checksum'] = igmp.sum #校验和 info['group'] = igmp.group #组地址 data = igmp.data package['info'] = info if package: #i = self.package_info.currentRow()+1 i = self.package_info.rowCount() self.package_info.insertRow(i) timeItem = QTableWidgetItem(" " + package['timestamp']) srcItem = QTableWidgetItem(" " + info['src']) dstItem = QTableWidgetItem(" " + info['dst']) protocolItem = QTableWidgetItem(" " + package['protocol']) lenItem = QTableWidgetItem(" " + str(package['len'])) self.package_info.setItem(i, 0, timeItem) self.package_info.setItem(i, 1, srcItem) self.package_info.setItem(i, 2, dstItem) self.package_info.setItem(i, 3, protocolItem) self.package_info.setItem(i, 4, lenItem) #self.package_info. if (package['protocol']) == 'UDP': info = package['info'] show = str(info['sport']) + ' -> ' + str( info['dport']) + ' len :' + str( info['ulen']) + ' sum : ' + str(info['checksum']) infoItem = QTableWidgetItem(show) self.package_info.setItem(i, 5, infoItem) elif (package['protocol']) == 'TCP': info = package['info'] show=str(info['sport'])+' -> '+str(info['dport']) + ' ['+','.join(info['packet_type'])+'] seq :'+str(info['seq'])+' ack : ' + str(info['ack'])+\ ' window : '+ str(info['window']) infoItem = QTableWidgetItem(show) self.package_info.setItem(i, 5, infoItem) elif (package['protocol']) == 'ICMP': info = package['info'] show='type : '+str(info['type'])+ \ ' code : '+str(info['code']) + \ ' sum : '+str(info['checksum']) infoItem = QTableWidgetItem(show) self.package_info.setItem(i, 5, infoItem) print data dataItem = QTableWidgetItem(data) self.package_info.setItem(i, 7, dataItem) saveItem = QTableWidgetItem(json.dumps(package)) self.package_info.setItem(i, 6, saveItem) else: ip = eth.data package['ip_ver'] = 4 #版本 if isinstance(eth.data, dpkt.ip.IP): package['ip_hl'] = ip.hl #头长度 package['ip_tos'] = ip.tos #服务类型 package['ip_len'] = ip.len #总长度 package['ip_id'] = ip.id #标识 package['ip_DF'] = bool(ip.off & dpkt.ip.IP_DF) #DF标识位 package['ip_MF'] = bool(ip.off & dpkt.ip.IP_MF) #MF标识位 #package['ip_offset']=ip.off & dpkt.ip.IP_OFFMASK #分段偏移量 package['ip_offset'] = ip.offset package['ip_ttl'] = ip.ttl #生存期 package['ip_protocol'] = ip.p #协议类型 package['ip_sum'] = ip.sum #头校验和 package['src_ip'] = inet_to_str(ip.src) #源地址 package['dst_ip'] = inet_to_str(ip.dst) #目的地址 if isinstance(ip.data, dpkt.icmp.ICMP): icmp = ip.data package['protocol'] = 'ICMP' #package['src_ip'] = inet_to_str(ip.src) #package['dst_ip'] = inet_to_str(ip.dst) #print 'get icmp' info['type'] = icmp.type #类型 info['code'] = icmp.code #代码 info['checksum'] = icmp.sum #校验和 pkg = {} data = icmp.data pkg['ip_offset'] = ip.offset pkg['ip_MF'] = ip.mf tmp_pkt_icmp = {} if (ip.offset != 0 and ip.mf == 0): print 'end of package' list = self.get_pkg_icmp()[ip.id] offset = [] list.sort(key=lambda k: k.get('ip_offset')) #按照offset大小排序 print len(list) data = '' for slice in list: if isinstance(slice['ip_data'], dpkt.icmp.ICMP.Echo): data = data + (slice['ip_data']['data']) # 数据重组 print 'echo' elif isinstance(slice['ip_data'], dpkt.icmp.ICMP.Unreach): data = data + slice['ip_data']['data'] print 'unreach' elif isinstance(slice['ip_data'], dpkt.icmp.ICMP.Quench): data = data + slice['ip_data']['data'] print 'quench' elif isinstance(slice['ip_data'], dpkt.icmp.ICMP.Redirect): data = data + slice['ip_data']['data'] print 'redirect' elif isinstance(slice['ip_data'], dpkt.icmp.ICMP.TimeExceed): data = data + slice['ip_data']['data'] print 'timeexceed' else: data = data + slice['ip_data'] print 'prue data' #组装完成 data = data + icmp.data #以下为测试分片重组用 #data="数据部分长度:"+str(len(data)) #print "组装数据:"+data package['info'] = info self.del_pkg_icmp(ip.id) # 收集分片 elif (ip.mf != 0): #如果允许分段 并且MF标记为为1,说明是分片包,将其存入内存 pkg['ip_data'] = (icmp.data) if self.get_pkg_icmp().has_key(ip.id): list = [] for i in self.get_pkg_icmp()[ip.id]: list.append(i) list.append(pkg) else: list = [] list.append(pkg) print len(list) tmp_pkt_icmp[ip.id] = list self.set_pkg_icmp(tmp_pkt_icmp) print 'package length= ' + str(len(self.get_pkg_icmp())) #清空数据,等待组装完毕再返回 package['info'] = info else: #如果不涉及ip分片,则直接返回 print '不涉及分片' package['info'] = info elif isinstance(ip.data, dpkt.tcp.TCP): tcp = ip.data package['protocol'] = 'TCP' if isinstance(ip.data, dpkt.tftp.TFTP): print 'ftp' info['sport'] = tcp.sport #源端口 info['dport'] = tcp.dport #目的端口 info['seq'] = tcp.seq #seq info['ack'] = tcp.ack #ack info['flags'] = tcp.flags #标记 info['window'] = tcp.win #窗口大小 info['checksum'] = tcp.sum #校验和 data = tcp.data #数据 info['packet_type'] = [] #具体lean l if tcp.flags & dpkt.tcp.TH_SYN: info['packet_type'].append("SYN") if tcp.flags & dpkt.tcp.TH_FIN: info['packet_type'].append("FIN") if tcp.flags & dpkt.tcp.TH_RST: info['packet_type'].append("RST") if tcp.flags & dpkt.tcp.TH_PUSH: info['packet_type'].append("PSH") if tcp.flags & dpkt.tcp.TH_ACK: info['packet_type'].append("ACK") if tcp.flags & dpkt.tcp.TH_URG: info['packet_type'].append("URG") ####################IP分片检测与重组#################### pkg = {} tmp_pkt_tcp = {} pkg['ip_offset'] = ip.offset if (ip.offset != 0 and ip.mf == 0): print 'end of package' list = self.get_pkg_tcp()[ip.id] data = '' list.sort(key=lambda k: k.get('ip_offset')) #按照offset大小排序 for slice in list: data = data + slice['ip_data'] #组装完成 print data data = data info['data'] = data package['info'] = info #清理内存数据 self.del_pkg_tcp(ip.id) # 收集分片 elif (ip.mf != 0 and ip.df != 1): #如果允许分段 并且MF标记为为1,说明是分片包,将其存入内存 pkg['ip_data'] = (tcp.data) if self.get_pkg_tcp().has_key(ip.id): list = [] for i in self.get_pkg_tcp()[ip.id]: list.append(i) list.append(pkg) else: list = [] list.append(pkg) #print len(list) tmp_pkt_tcp[ip.id] = list self.set_pkg_tcp(tmp_pkt_tcp) print 'package length= ' + str(len(self.get_pkg_tcp())) #清空数据,等待组装完毕再返回 package.clear() ###################################################### else: #如果不涉及ip分片,则直接返回 package['info'] = info elif isinstance(ip.data, dpkt.udp.UDP): udp = ip.data package['protocol'] = 'UDP' info['sport'] = udp.sport #源端口 info['dport'] = udp.dport #目的端口 info['ulen'] = udp.ulen #长度 info['checksum'] = udp.sum #校验和 data = udp.data pkg = {} tmp_pkt_udp = {} pkg['ip_offset'] = ip.offset if (ip.offset != 0 and ip.mf == 0): print 'end of package' list = self.get_pkg_udp()[ip.id] data = '' list.sort(key=lambda k: k.get('ip_offset')) #按照offset大小排序 for slice in list: data = data + slice['ip_data'] #组装完成 info['data'] = data package['info'] = info #清理内存数据 self.del_pkg_udp(ip.id) # 收集分片 elif (ip.mf != 0 and ip.df != 1): #如果允许分段 并且MF标记为为1,说明是分片包,将其存入内存 pkg['ip_data'] = (udp.data) if self.get_pkg_udp().has_key(ip.id): list = [] for i in self.get_pkg_udp()[ip.id]: list.append(i) list.append(pkg) else: list = [] list.append(pkg) #print len(list) tmp_pkt_udp[ip.id] = list self.set_pkg_udp(tmp_pkt_udp) print 'package length= ' + str(len(self.get_pkg_udp())) #清空数据,等待组装完毕再返回 package.clear() ###################################################### else: #如果不涉及ip分片,则直接返回 package['info'] = info elif isinstance(ip.data, dpkt.igmp.IGMP): igmp = ip.data package['protocol'] = 'IGMP' info['type'] = igmp.type #类型 info['maxresp'] = igmp.maxresp #最大响应延迟 info['checksum'] = igmp.sum #校验和 info['group'] = igmp.group #组地址 data = igmp.data package['info'] = info else: package['protocol'] = eth.data.__class__.__name__ if package: #i = self.package_info.currentRow()+1 i = self.package_info.rowCount() self.package_info.insertRow(i) timeItem = QTableWidgetItem(" " + package['timestamp']) srcItem = QTableWidgetItem(" " + package['src_ip']) dstItem = QTableWidgetItem(" " + package['dst_ip']) protocolItem = QTableWidgetItem(" " + package['protocol']) lenItem = QTableWidgetItem(" " + str(package['len'])) self.package_info.setItem(i, 0, timeItem) self.package_info.setItem(i, 1, srcItem) self.package_info.setItem(i, 2, dstItem) self.package_info.setItem(i, 3, protocolItem) self.package_info.setItem(i, 4, lenItem) #self.package_info. if (package['protocol']) == 'UDP': info = package['info'] show = str(info['sport']) + " ->" + str( info['dport']) + ' id:' + str( package['ip_id']) + ' MF:' + str(package['ip_MF']) infoItem = QTableWidgetItem(show) self.package_info.setItem(i, 5, infoItem) elif (package['protocol']) == 'TCP': info = package['info'] show=str(info['sport'])+' -> '+str(info['dport']) + ' ['+','.join(info['packet_type'])+'] id :'+str(package['ip_id'])+' MF:'+str(package['ip_MF'])+\ ' window : '+ str(info['window']) infoItem = QTableWidgetItem(show) self.package_info.setItem(i, 5, infoItem) elif (package['protocol']) == 'ICMP': info = package['info'] show='type : '+str(info['type'])+ \ ' code : '+str(info['code']) + \ ' sum : '+str(info['checksum'])+ \ ' offset: '+str(ip.offset)+ \ ' ttl :'+str(package['ip_ttl']) infoItem = QTableWidgetItem(show) self.package_info.setItem(i, 5, infoItem) saveItem = QTableWidgetItem(json.dumps(package)) self.package_info.setItem(i, 6, saveItem) dataItem = QTableWidgetItem(str(data)) self.package_info.setItem(i, 7, dataItem)
def main(): global debug,defaultInterface,verbose parser=OptionParser() parser.add_option("-i","--interface",dest="interface",help="destination LAN (ethernet) "+\ "interface (e.g. eth0, eth1)",metavar="interface") parser.add_option("-d","--debug",action="store_true",default=debug,dest="debug", help="debug mode switch",metavar="debug") parser.add_option("-v","--verbose",action="store_true",default=debug,dest="verbose", help="same as debug mode (-d)",metavar="verbose") parser.add_option("-s","--ssid",dest="ssid",help="ESSID, network name",metavar="ssid") parser.add_option("-c","--channel",type="int",dest="channel",help="channel number, from"+\ " 0 (auto) to 11, does NOT influence ssid search",metavar="channel") parser.add_option("-n","--noauth",action="store_true",default=False,dest="noauth", help="network authentication disabled",metavar="noauth") parser.add_option("-w","--wep",action="store_true",default=False,dest="wep", help="network authentication using WEP",metavar="wep") parser.add_option("-p","--wpa",action="store_true",default=False,dest="wpa", help="network authentication using WPA",metavar="wpa") parser.add_option("-a","--wpa2",action="store_true",default=False,dest="wpa2", help="network authentication using WPA2",metavar="wpa2") parser.add_option("-k","--key",dest="key",help="network passphrase, password, key", metavar="key") parser.add_option("-t","--strong",action="store_true",default=False,dest="strong", help="128 bit strong encryption",metavar="strong") (options,args)=parser.parse_args() interface="" if not options.interface is None: interface=options.interface if not interface: interface=defaultInterface if options.verbose: verbose=True if options.debug: debug=True print "[i] Interface name to use: "+interface if not options.channel is None: tmpChannel=int(options.channel) if tmpChannel<0 or tmpChannel>12: print "[-] Error: channel number must be 0 (auto) or between 1 and 11" exit(1) if not options.ssid is None: if len(options.ssid)<1 or len(options.ssid)>32: print "[-] Error: ESSID network name must be less than 32 alphanumeric characters" exit(1) # options.noauth options.wep options.wpa options.wpa2 options.key if options.noauth and not options.key is None: print "[-] Error: if noauth mode is used you can't specify a network key" exit(1) exlusiveOption=0 for i in (options.noauth,options.wep,options.wpa,options.wpa2): if i: exlusiveOption+=1 if exlusiveOption>1: print "[-] Error: you can only use one security protocol (e.g. WEP,WPA2) at a time" exit(1) # START # our raw socket s=socket(PF_PACKET,SOCK_RAW,htons(ETH_ALL)) s.bind((interface,ETH_ALL)) src=getHwAddr(s,interface) # first request: check if there are some devices connected s.send(buildRequest(src,ETH_BROADCAST)) (msg,address)=read(s) if verbose: print "[i] The response:" print hexdump(str(msg)) dst=eth_rev_aton(address[-1]) if debug: print "[i] Got response from device on interface '%s' with mac %s" % (address[0],dst) # force rescan of ssids (networks) s.send(buildRequest(src,dst,COMMAND_DEVICE_STATUS)) read(s) s.send(buildRequest(src,dst,COMMAND_CONFIG+'\x01',str(DATA_REQUEST_SCAN)+DATA_END)) read(s) s.send(buildRequest(src,dst,COMMAND_REQUEST_RESPONSE+'\x02')) read(s) time.sleep(4) # we need this, otherwise we always get an empty network list # get device info start: s.send(buildRequest(src,dst,COMMAND_CONFIG+'\x01',str(DATA_REQUEST_CONFIG)+DATA_END)) (msg,address)=read(s) if verbose: print "[i] The response:" print hexdump(str(msg)) # fetch the info: s.send(buildRequest(src,dst,COMMAND_REQUEST_RESPONSE+'\x02')) (msg,address)=read(s) if verbose: print "[i] The response:" print hexdump(str(msg)) if debug: print "[i] Box data:" print msg[26:-1] if "VAP11G" not in msg: print "[-] Box data does NOT contain the right BOX_NAME identifier. EXIT" exit(1) finalMsg="" # get SURVEY (next packet) msg=read(s,False) while not msg is None: if verbose: print "[i] The response:" print hexdump(str(msg[0])) finalMsg+=msg[0] msg=read(s,False) s.send(buildRequest(src,dst,COMMAND_REQUEST_RESPONSE+'\x03')) finalMsg=finalMsg.replace('\x0b','\n') # next column splitMsg=finalMsg.split("7021 SURVEY:") configCurr=splitMsg[0][26:] if debug: print "[i] Current settings:" print configCurr config=parseCurrentConfig(configCurr) num=0 netList=() if not (options.key or options.noauth or options.wep or options.wpa or options.wpa2 or options.channel or options.ssid): print "[i] Networks:" if len(splitMsg)>1 and splitMsg[1]: try: bandIndex=splitMsg[1].index("7022 BAND:") except: if verbose: print "[i] BAND indication NOT found:" if bandIndex>0: networkStr=splitMsg[1][0:bandIndex].strip() else: networkStr=splitMsg[1].strip() netList=parseNetworkStr(networkStr) printNetworks(netList) while num<1 or num>len(netList)+1: try: num=int(raw_input("[i] Please choose one of the options above: ")) except KeyboardInterrupt: print "\n" exit(1) except: num=0 else: num=1 # initialization, default options essid="" channel=0 secmode=SECURITY_OPTIONS.index("WPA2-PSK") keylen=32 key0="" key1="" key2="" key3="" authen=0 # first one psk="" band=0 # auto if num-1<len(netList): try: (macAddress,netDetails)=netList.items()[num-1] except: print "[-] Could not read network details for configuration number %d" % num exit(1) try: essid=netDetails["name"] if not essid or len(essid)<2: essid=raw_input("[i] Please insert the hidden SSID: ") except: essid="" try: tmpChannel=int(netDetails["channel"]) if tmpChannel>0 and tmpChannel<12: channel=tmpChannel except: channel=0 secmode=int(netDetails["security"]) else: if not options.ssid is None and len(options.ssid)>0: essid=options.ssid else: while len(essid)<1 or len(essid)>32: essid=raw_input("[i] Please insert the SSID: ") if not options.channel is None: channel=options.channel else: channel=-1 while channel<0 or channel>11: try: channel=int(raw_input("[i] Please choose the channel number from 0 (auto)"+\ " to 11: ")) except KeyboardInterrupt: print "\n" exit(1) except: channel=-1 if options.noauth or options.wep or options.wpa or options.wpa2: if options.noauth: secmode=SECURITY_OPTIONS.index("Disable") elif options.wep: secmode=SECURITY_OPTIONS.index("WEP") elif options.wpa: secmode=SECURITY_OPTIONS.index("WPA-PSK") elif options.wpa2: secmode=SECURITY_OPTIONS.index("WPA2-PSK") else: secmode=getSecmodeSelection() if not secmode==SECURITY_OPTIONS.index("Disable"): # do nothing for disabled if secmode==SECURITY_OPTIONS.index("WEP"): passphrase="" if not options.key is None and len(options.key)>0: passphrase=options.key if options.strong: num=2 else: num=1 else: count=1 # print all WEP options: print "[i] WEP key input method:" for i in WEP_OPTIONS: print str(count)+") "+i count+=1 num=0 while num<1 or num>len(WEP_OPTIONS): try: num=int(raw_input("[i] Please choose one of the options above: ")) except KeyboardInterrupt: print "\n" exit(1) except: num=0 if num==1 or num==2: # WEP using passphrases (key0,key1,key2,key3)=passphrase2WepKeys(num==2,passphrase) else: (key0,key1,key2,key3)=inputWepKeys(num==4) if num==3: authen=-1 while authen<0 or channel>11: try: authen=int(raw_input("[i] Please choose the key index to be used 1-4:")) except KeyboardInterrupt: print "\n" exit(1) except: authen=-1 authen-=1 # this is the index VAP11g uses 0-3, NOT 1-4 # set the keylen variable if num==2 or num==4: # 128 bits keylen=13 else: # 64 bits keylen=5 else: if options.key: psk=options.key length=len(psk) while length<8 or length>64: psk=getpass.getpass("[i] Please insert the passphrase (min 8 chars,will NOT be "+\ "displayed): ") length=len(psk) if psk and not secmode==SECURITY_OPTIONS.index('WPA-PSK'): pskset=1 else: pskset=0 payload="7000 :"+essid+"\n7001 :16\n7002 :"+str(channel)+"\n7003 :"+\ str(secmode)+"\n7004 :"+str(keylen)+"\n7005 :0\n7006 :"+key0+"\n7007 :"+\ key1+"\n7008 :"+key2+"\n7009 :"+key3+"\n7012 :"+str(authen)+"\n7013 :0"+\ "\n7018 :"+str(pskset)+"\n7019 :"+psk+"\n7022 :0\n"; # send changes: # 7000: SSID 7001: domain, # 7002: channel (0==auto) 7003: secmode (WPA TYPE? 0,1,2,3), # 7004: keylen(e.g.5 or 13) 7005: defaultkey, # 7006: key0, (wep) 7007: key1, (wep) # 7008: key2, (wep) 7009: key3, (wep) # 7012: authen (WEP TYPE?), 7013: mode (0), # 7014: linkinfo (NO SET), 7017: wpamode (WPA) NO DIRECT SET, # 7018: pskalset, 7019: pskkey, # 7020: pskal (TKIT,AES), 7021: survey (NO SET), # 7022: band (0==auto) s.send(buildRequest(src,dst,COMMAND_CONFIG+'\x01',payload)) s.send(buildRequest(src,dst,COMMAND_REQUEST_RESPONSE+'\x02')) # get OKAY status s.send(buildRequest(src,dst,COMMAND_DEVICE_STATUS)) success=read(s); if verbose: print "[i] The response:" print hexdump(str(success[0])) if success[0][22]=='\x02': print "[+] Device did accept the configuration and will reboot now" print "[i] The device's led will become blue when the ssid was found, this does NOT\n"+\ " imply that the connection was indeed successful. You should test that with"+\ ":\n sudo dhclient3 %s\n ping www.google.com # example\n" % interface +\ " while disabling all other interfaces (e.g. wlan0)" print "[i] Please re-execute the script to see the (new) wireless configuration" else: print "[-] It seems that the device did not accept your configuration:\n"+\ "status code was: %02x, will reboot anyway" % ord(success[0][22]) s.send(buildRequest(src,dst,COMMAND_CONFIG+'\x01',str(DATA_REQUEST_RESET)+DATA_END)) s.send(buildRequest(src,dst,COMMAND_REQUEST_RESPONSE+'\x02'))
if mitm.is_alive():pass #check if the mitm process exited else:sys.exit(0) else: print 'Targets are not valid IP addresses' sys.exit(0) print 'Listening on %s:\n' % options.interface if options.dumpfile: print 'Writing packets to file %s....\n' % options.dumpfile writer = dpkt.pcap.Writer(open(options.dumpfile, 'wb')) # create Writer and open dump file for ts, pkt in pc: writer.writepkt(pkt) # write packets. elif options.hexdump: for ts, pkt in pc: print '\n', dpkt.hexdump(pkt) # print hex and ASCII else: pc.loop(functs.eth_cap_desc) # describe ethernet packets. except KeyboardInterrupt: if options.targets: mitm.join(3) mitm.terminate() if options.dumpfile: writer.close() precv, pdrop, pifdrop = pc.stats() # print statistics print '\n%d packets received by filter' % precv print '%d packets dropped by kernel' % pdrop print '%d packets dropped by interface' % pifdrop else: print 'Interface not specified\n'
import pcap, dpkt maxPkts = 10 nPkts=0 for ts, pkt in pcap.pcap(): nPkts += 1 print("Pacote puro #"+str(nPkts)) print(dpkt.hexdump(pkt)) print("Mostrando o pacote #"+str(nPkts)) eth = dpkt.ethernet.Ethernet(pkt) #extraindo dados do pacote print(ts, repr(eth)) print("Mostrando o endereco de destino do pacote #"+str(nPkts)) print(repr(eth.dst)) print("\n") if (nPkts == maxPkts): break
def main(): global debug, defaultInterface, verbose parser = OptionParser() parser.add_option("-i","--interface",dest="interface",help="destination LAN (ethernet) "+\ "interface (e.g. eth0, eth1)",metavar="interface") parser.add_option("-d", "--debug", action="store_true", default=debug, dest="debug", help="debug mode switch", metavar="debug") parser.add_option("-v", "--verbose", action="store_true", default=debug, dest="verbose", help="same as debug mode (-d)", metavar="verbose") parser.add_option("-s", "--ssid", dest="ssid", help="ESSID, network name", metavar="ssid") parser.add_option("-c","--channel",type="int",dest="channel",help="channel number, from"+\ " 0 (auto) to 11, does NOT influence ssid search",metavar="channel") parser.add_option("-n", "--noauth", action="store_true", default=False, dest="noauth", help="network authentication disabled", metavar="noauth") parser.add_option("-w", "--wep", action="store_true", default=False, dest="wep", help="network authentication using WEP", metavar="wep") parser.add_option("-p", "--wpa", action="store_true", default=False, dest="wpa", help="network authentication using WPA", metavar="wpa") parser.add_option("-a", "--wpa2", action="store_true", default=False, dest="wpa2", help="network authentication using WPA2", metavar="wpa2") parser.add_option("-k", "--key", dest="key", help="network passphrase, password, key", metavar="key") parser.add_option("-t", "--strong", action="store_true", default=False, dest="strong", help="128 bit strong encryption", metavar="strong") (options, args) = parser.parse_args() interface = "" if not options.interface is None: interface = options.interface if not interface: interface = defaultInterface if options.verbose: verbose = True if options.debug: debug = True print "[i] Interface name to use: " + interface if not options.channel is None: tmpChannel = int(options.channel) if tmpChannel < 0 or tmpChannel > 12: print "[-] Error: channel number must be 0 (auto) or between 1 and 11" exit(1) if not options.ssid is None: if len(options.ssid) < 1 or len(options.ssid) > 32: print "[-] Error: ESSID network name must be less than 32 alphanumeric characters" exit(1) # options.noauth options.wep options.wpa options.wpa2 options.key if options.noauth and not options.key is None: print "[-] Error: if noauth mode is used you can't specify a network key" exit(1) exlusiveOption = 0 for i in (options.noauth, options.wep, options.wpa, options.wpa2): if i: exlusiveOption += 1 if exlusiveOption > 1: print "[-] Error: you can only use one security protocol (e.g. WEP,WPA2) at a time" exit(1) # START # our raw socket s = socket(PF_PACKET, SOCK_RAW, htons(ETH_ALL)) s.bind((interface, ETH_ALL)) src = getHwAddr(s, interface) # first request: check if there are some devices connected s.send(buildRequest(src, ETH_BROADCAST)) (msg, address) = read(s) if verbose: print "[i] The response:" print hexdump(str(msg)) dst = eth_rev_aton(address[-1]) if debug: print "[i] Got response from device on interface '%s' with mac %s" % ( address[0], dst) # force rescan of ssids (networks) s.send(buildRequest(src, dst, COMMAND_DEVICE_STATUS)) read(s) s.send( buildRequest(src, dst, COMMAND_CONFIG + '\x01', str(DATA_REQUEST_SCAN) + DATA_END)) read(s) s.send(buildRequest(src, dst, COMMAND_REQUEST_RESPONSE + '\x02')) read(s) time.sleep( 4) # we need this, otherwise we always get an empty network list # get device info start: s.send( buildRequest(src, dst, COMMAND_CONFIG + '\x01', str(DATA_REQUEST_CONFIG) + DATA_END)) (msg, address) = read(s) if verbose: print "[i] The response:" print hexdump(str(msg)) # fetch the info: s.send(buildRequest(src, dst, COMMAND_REQUEST_RESPONSE + '\x02')) (msg, address) = read(s) if verbose: print "[i] The response:" print hexdump(str(msg)) if debug: print "[i] Box data:" print msg[26:-1] if "VAP11G" not in msg: print "[-] Box data does NOT contain the right BOX_NAME identifier. EXIT" exit(1) finalMsg = "" # get SURVEY (next packet) msg = read(s, False) while not msg is None: if verbose: print "[i] The response:" print hexdump(str(msg[0])) finalMsg += msg[0] msg = read(s, False) s.send(buildRequest(src, dst, COMMAND_REQUEST_RESPONSE + '\x03')) finalMsg = finalMsg.replace('\x0b', '\n') # next column splitMsg = finalMsg.split("7021 SURVEY:") configCurr = splitMsg[0][26:] if debug: print "[i] Current settings:" print configCurr config = parseCurrentConfig(configCurr) num = 0 netList = () if not (options.key or options.noauth or options.wep or options.wpa or options.wpa2 or options.channel or options.ssid): print "[i] Networks:" if len(splitMsg) > 1 and splitMsg[1]: try: bandIndex = splitMsg[1].index("7022 BAND:") except: if verbose: print "[i] BAND indication NOT found:" if bandIndex > 0: networkStr = splitMsg[1][0:bandIndex].strip() else: networkStr = splitMsg[1].strip() netList = parseNetworkStr(networkStr) printNetworks(netList) while num < 1 or num > len(netList) + 1: try: num = int( raw_input("[i] Please choose one of the options above: ")) except KeyboardInterrupt: print "\n" exit(1) except: num = 0 else: num = 1 # initialization, default options essid = "" channel = 0 secmode = SECURITY_OPTIONS.index("WPA2-PSK") keylen = 32 key0 = "" key1 = "" key2 = "" key3 = "" authen = 0 # first one psk = "" band = 0 # auto if num - 1 < len(netList): try: (macAddress, netDetails) = netList.items()[num - 1] except: print "[-] Could not read network details for configuration number %d" % num exit(1) try: essid = netDetails["name"] if not essid or len(essid) < 2: essid = raw_input("[i] Please insert the hidden SSID: ") except: essid = "" try: tmpChannel = int(netDetails["channel"]) if tmpChannel > 0 and tmpChannel < 12: channel = tmpChannel except: channel = 0 secmode = int(netDetails["security"]) else: if not options.ssid is None and len(options.ssid) > 0: essid = options.ssid else: while len(essid) < 1 or len(essid) > 32: essid = raw_input("[i] Please insert the SSID: ") if not options.channel is None: channel = options.channel else: channel = -1 while channel < 0 or channel > 11: try: channel=int(raw_input("[i] Please choose the channel number from 0 (auto)"+\ " to 11: ")) except KeyboardInterrupt: print "\n" exit(1) except: channel = -1 if options.noauth or options.wep or options.wpa or options.wpa2: if options.noauth: secmode = SECURITY_OPTIONS.index("Disable") elif options.wep: secmode = SECURITY_OPTIONS.index("WEP") elif options.wpa: secmode = SECURITY_OPTIONS.index("WPA-PSK") elif options.wpa2: secmode = SECURITY_OPTIONS.index("WPA2-PSK") else: secmode = getSecmodeSelection() if not secmode == SECURITY_OPTIONS.index( "Disable"): # do nothing for disabled if secmode == SECURITY_OPTIONS.index("WEP"): passphrase = "" if not options.key is None and len(options.key) > 0: passphrase = options.key if options.strong: num = 2 else: num = 1 else: count = 1 # print all WEP options: print "[i] WEP key input method:" for i in WEP_OPTIONS: print str(count) + ") " + i count += 1 num = 0 while num < 1 or num > len(WEP_OPTIONS): try: num = int( raw_input( "[i] Please choose one of the options above: ") ) except KeyboardInterrupt: print "\n" exit(1) except: num = 0 if num == 1 or num == 2: # WEP using passphrases (key0, key1, key2, key3) = passphrase2WepKeys(num == 2, passphrase) else: (key0, key1, key2, key3) = inputWepKeys(num == 4) if num == 3: authen = -1 while authen < 0 or channel > 11: try: authen = int( raw_input( "[i] Please choose the key index to be used 1-4:" )) except KeyboardInterrupt: print "\n" exit(1) except: authen = -1 authen -= 1 # this is the index VAP11g uses 0-3, NOT 1-4 # set the keylen variable if num == 2 or num == 4: # 128 bits keylen = 13 else: # 64 bits keylen = 5 else: if options.key: psk = options.key length = len(psk) while length < 8 or length > 64: psk=getpass.getpass("[i] Please insert the passphrase (min 8 chars,will NOT be "+\ "displayed): ") length = len(psk) if psk and not secmode == SECURITY_OPTIONS.index('WPA-PSK'): pskset = 1 else: pskset = 0 payload="7000 :"+essid+"\n7001 :16\n7002 :"+str(channel)+"\n7003 :"+\ str(secmode)+"\n7004 :"+str(keylen)+"\n7005 :0\n7006 :"+key0+"\n7007 :"+\ key1+"\n7008 :"+key2+"\n7009 :"+key3+"\n7012 :"+str(authen)+"\n7013 :0"+\ "\n7018 :"+str(pskset)+"\n7019 :"+psk+"\n7022 :0\n" # send changes: # 7000: SSID 7001: domain, # 7002: channel (0==auto) 7003: secmode (WPA TYPE? 0,1,2,3), # 7004: keylen(e.g.5 or 13) 7005: defaultkey, # 7006: key0, (wep) 7007: key1, (wep) # 7008: key2, (wep) 7009: key3, (wep) # 7012: authen (WEP TYPE?), 7013: mode (0), # 7014: linkinfo (NO SET), 7017: wpamode (WPA) NO DIRECT SET, # 7018: pskalset, 7019: pskkey, # 7020: pskal (TKIT,AES), 7021: survey (NO SET), # 7022: band (0==auto) s.send(buildRequest(src, dst, COMMAND_CONFIG + '\x01', payload)) s.send(buildRequest(src, dst, COMMAND_REQUEST_RESPONSE + '\x02')) # get OKAY status s.send(buildRequest(src, dst, COMMAND_DEVICE_STATUS)) success = read(s) if verbose: print "[i] The response:" print hexdump(str(success[0])) if success[0][22] == '\x02': print "[+] Device did accept the configuration and will reboot now" print "[i] The device's led will become blue when the ssid was found, this does NOT\n"+\ " imply that the connection was indeed successful. You should test that with"+\ ":\n sudo dhclient3 %s\n ping www.google.com # example\n" % interface +\ " while disabling all other interfaces (e.g. wlan0)" print "[i] Please re-execute the script to see the (new) wireless configuration" else: print "[-] It seems that the device did not accept your configuration:\n"+\ "status code was: %02x, will reboot anyway" % ord(success[0][22]) s.send( buildRequest(src, dst, COMMAND_CONFIG + '\x01', str(DATA_REQUEST_RESET) + DATA_END)) s.send(buildRequest(src, dst, COMMAND_REQUEST_RESPONSE + '\x02'))