def sendack(self, target, bytecount, keepalive=0):
"""Function sending an acknowledgement to target. bytes is the number
of bytes which get acknowledged."""
tcp = ImpactPacket.TCP()
if target == Connection.HEAD:
thost = self.head
shost = self.tail
out = TCPConnection.stdout
else:
thost = self.tail
shost = self.head
out = TCPConnection.alt_stdout
tcp.set_th_dport(thost.port)
tcp.set_th_sport(shost.port)
tcp.set_th_ack(thost.expectedAcknr(bytecount))
# ACK does not increment seq-nr.
tcp.set_th_seq(thost.expectedSeqnr(0))
tcp.set_th_win(thost.winsize)
tcp.set_ACK()
packet = self.packet(target, tcp)
if s.verbosity:
s.logfile.write("ACK sent to " + target + ".\n")
s.logfile.write("Seqnr.: " + str(tcp.get_th_seq()) + "\n")
s.logfile.write("ACKNr.: " + str(tcp.get_th_ack()) + "\n")
if s.verbosity > 9:
s.logfile.write(str(packet) + "\n")
packet = vdepad(cksum(packet))
send(target, self, packet, 0)
def ip_tcp_pack(src_ip="127.0.0.1",
dst_ip="127.0.0.1",
src_port=2333,
dst_port=80,
ip_id=0,
seq_num=0,
ack_num=0,
syn=0,
ack=0,
windows=64):
ip = ImpactPacket.IP()
ip.set_ip_src(src_ip)
ip.set_ip_dst(dst_ip)
if ip_id != 0:
ip.set_ip_id(ip_id)
ip.set_ip_p(6)
# ip.set_ip_len(40)
tcp = ImpactPacket.TCP()
tcp.set_th_sport(src_port)
tcp.set_th_dport(dst_port)
if seq_num != 0:
tcp.set_th_seq(seq_num)
if ack_num != 0:
tcp.set_th_ack(ack_num)
if syn:
tcp.set_SYN()
if ack:
tcp.set_ACK()
tcp.set_th_win(windows)
ip.contains(tcp)
tcp.calculate_checksum()
return ip.get_packet()
def decode(self, aBuffer):
t = ImpactPacket.TCP(aBuffer)
self.set_decoded_protocol(t)
off = t.get_header_size()
self.data_decoder = DataDecoder()
packet = self.data_decoder.decode(aBuffer[off:])
t.contains(packet)
return t
def fakeConnection(self, argv, argc):
dhost = argv[1] # The remote host
dport = int(argv[2]) # The same port as used by the server
sport = dport # The source port
shost = argv[3] # The source host
if argc >= 5:
SYN = int(argv[4])
if argc == 6:
ACK = int(argv[5])
# Create a new IP packet and set its source and destination addresses.
ip = ImpactPacket.IP()
ip.set_ip_src(shost)
ip.set_ip_dst(dhost)
# Create a new TCP
tcp = ImpactPacket.TCP()
# Set the parameters for the connection
tcp.set_th_sport(sport)
tcp.set_th_dport(dport)
tcp.set_th_seq(SYN)
tcp.set_SYN()
if argc == 6:
tcp.set_th_ack(ACK)
tcp.set_ACK()
# Have the IP packet contain the TCP packet
ip.contains(tcp)
# Open a raw socket. Special permissions are usually required.
protocol_num = socket.getprotobyname('tcp')
self.s = socket.socket(socket.AF_INET, socket.SOCK_RAW, protocol_num)
self.s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
# Calculate its checksum.
tcp.calculate_checksum()
tcp.auto_checksum = 1
# Send it to the target host.
self.s.sendto(ip.get_packet(), (dhost, dport))
# Instantiate an IP packets decoder.
# As all the packets include their IP header, that decoder only is enough.
decoder = ImpactDecoder.IPDecoder()
while 1:
packet = self.s.recvfrom(4096)[0]
# Packet received. Decode and display it.
packet = decoder.decode(packet)
print 'source:', packet.get_ip_src()
#print packet.get_ip_src(), packet.child().get_th_sport()
if isinstance(packet.child(),ImpactPacket.TCP) and \
packet.child().get_th_sport() > 50000:
self._sniffed(packet)
def buildAnswer(self, in_onion):
out_onion = IPResponder.buildAnswer(self, in_onion)
tcp = ImpactPacket.TCP()
out_onion[O_IP].contains(tcp)
out_onion.append(tcp)
tcp.set_th_dport(in_onion[O_TCP].get_th_sport())
tcp.set_th_sport(in_onion[O_TCP].get_th_dport())
return out_onion
def main():
if len(sys.argv) < 3:
print("Use: %s <src ip> <dst ip>" % sys.argv[0])
print("Use: %s <src ip> <dst ip> <cnt>" % sys.argv[0])
sys.exit(1)
elif len(sys.argv) == 3:
src = sys.argv[1]
dst = sys.argv[2]
cnt = 1
elif len(sys.argv) == 4:
src = sys.argv[1]
dst = sys.argv[2]
cnt = sys.argv[3]
else:
print("Input error!")
sys.exit(1)
# print src, dst
ip = ImpactPacket.IP()
ip.set_ip_src(src)
ip.set_ip_dst(dst)
# Create a new ICMP packet of type ECHO.
icmp = ImpactPacket.ICMP()
tcp = ImpactPacket.TCP()
tcp.set_th_sport(55968)
tcp.set_th_dport(80)
tcp.set_th_seq(1)
tcp.set_th_ack(1)
tcp.set_th_flags(0x18)
tcp.set_th_win(64)
tcp.contains(
ImpactPacket.Data(
"GET /att/DIYLife/41264/528 HTTP/1.1\r\nHost: 192.168.111.1\r\nAccept-Encoding: identity\r\n\r\n"
))
ip.contains(tcp)
# Open a raw socket. Special permissions are usually required.
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
seq_id = 0
while cnt >= 1:
# Calculate its checksum.
seq_id = seq_id + 1
tcp.set_th_seq(seq_id)
tcp.calculate_checksum()
# Send it to the target host.
s.sendto(ip.get_packet(), (dst, 80))
cnt = cnt - 1
def fakeConnection(self, table):
for i in (0, 1):
port = 50007
dhost = table[i][0][0] # The remote host
shost = table[(i + 1) % 2][0][0] # The source host
dport = port # The same port as used by the server
sport = dport # The source port
SYN = table[(i + 1) % 2][1]
ACK = table[i][1] + 1
# Create a new IP packet and set its source and destination addresses.
ip = ImpactPacket.IP()
print 'IPs:', shost, dhost
ip.set_ip_src(shost)
ip.set_ip_dst(dhost)
# Create a new TCP
tcp = ImpactPacket.TCP()
# Set the parameters for the connection
print 'Ports:', sport, dport
tcp.set_th_sport(sport)
tcp.set_th_dport(dport)
print 'SYN-ACK:', SYN, ACK
tcp.set_th_seq(SYN)
tcp.set_SYN()
tcp.set_th_ack(ACK)
tcp.set_ACK()
# Have the IP packet contain the TCP packet
ip.contains(tcp)
# Open a raw socket. Special permissions are usually required.
protocol_num = socket.getprotobyname('tcp')
self.s = socket.socket(socket.AF_INET, socket.SOCK_RAW,
protocol_num)
self.s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
#self._bind()
# Calculate its checksum.
tcp.calculate_checksum()
tcp.auto_checksum = 1
# Send it to the target host.
self.s.sendto(ip.get_packet(), (dhost, dport))
def fakeConnection(self, argv, argc):
dhost = argv[1] # The remote host
dport = int(argv[2]) # The same port as used by the server
sport = dport # The source port
shost = argv[3] # The source host
if argc >= 5:
SYN = int(argv[4])
if argc == 6:
ACK = int(argv[5])
# Create a new IP packet and set its source and destination addresses.
ip = ImpactPacket.IP()
ip.set_ip_src(shost)
ip.set_ip_dst(dhost)
# Create a new TCP
tcp = ImpactPacket.TCP()
# Set the parameters for the connection
tcp.set_th_sport(sport)
tcp.set_th_dport(dport)
tcp.set_th_seq(SYN)
tcp.set_SYN()
if argc == 6:
tcp.set_th_ack(ACK)
tcp.set_ACK()
# Have the IP packet contain the TCP packet
ip.contains(tcp)
# Open a raw socket. Special permissions are usually required.
protocol_num = socket.getprotobyname('tcp')
self.s = socket.socket(socket.AF_INET, socket.SOCK_RAW, protocol_num)
self.s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
# Calculate its checksum.
tcp.calculate_checksum()
tcp.auto_checksum = 1
# Send it to the target host.
self.s.sendto(ip.get_packet(), (dhost, dport))
def tcppacket(con, data):
"""Function returning a tcppacket for the given connection with data as
payload with target con.tail."""
datalength = len(str(data))
data = ImpactPacket.Data(data)
tcp = ImpactPacket.TCP()
tcp.set_th_dport(con.tail.port)
tcp.set_th_sport(con.head.port)
# Set ack to the expected value.
tcp.set_th_ack(con.tail.expectedAcknr(0))
# Increment expected seqnr (tail) by number of sent bytes.
tcp.set_th_seq(con.tail.expectedSeqnr(datalength))
if s.verbosity > 1:
s.logfile.write("SeqNr: " + str(tcp.get_th_seq()) + "\n")
tcp.set_ACK()
tcp.contains(data)
con.tail.acknr(datalength)
ethhead = con.packet(Connection.TAIL, tcp)
packet = vdepad(cksum(ethhead))
return packet
def reset(self, target):
"""Function returning a TCP-RST packet to target.
"""
tcp = ImpactPacket.TCP()
if target == Connection.HEAD:
thost = self.head
shost = self.tail
# target == TCPConnection.TAIL
else:
thost = self.tail
shost = self.head
tcp.set_th_dport(thost.port)
tcp.set_th_sport(shost.port)
tcp.set_th_seq(thost.expectedSeqnr())
tcp.set_th_ack(thost.expectedAcknr())
tcp.set_RST()
tcp.set_ACK()
if s.verbosity:
s.logfile.write("RST packet sent!\n")
s.logfile.write("SeqNr: " + str(tcp.get_th_seq()) + "\n")
s.logfile.write("AckNr: " + str(tcp.get_th_ack()) + "\n")
return self.packet(target, tcp)
def sendfin(self, target, answer, datalen=0):
"""Method sending a FIN/ACK to target. If answer is set, this should
be the answer to a received FIN/ACK. Else this is the initiation of
the connection closing mechanism."""
tcp = ImpactPacket.TCP()
if target == Connection.HEAD:
thost = self.head
shost = self.tail
out = TCPConnection.stdout
else:
thost = self.tail
shost = self.head
out = TCPConnection.alt_stdout
tcp.set_th_dport(thost.port)
tcp.set_th_sport(shost.port)
tcp.set_th_seq(thost.expectedSeqnr(1))
if answer:
tcp.set_th_ack(thost.expectedAcknr(datalen + 1))
# Increment seqnr.
thost.seqnr(1)
else:
tcp.set_th_ack(thost.expectedAcknr(0))
tcp.set_th_win(shost.winsize)
tcp.set_FIN()
tcp.set_ACK()
if s.verbosity:
s.logfile.write("FIN/ACK packet sent!\n")
s.logfile.write("SeqNr: " + str(tcp.get_th_seq()) + "\n")
s.logfile.write("AckNr: " + str(tcp.get_th_ack()) + "\n")
# Acknr changed, even if there was no data.
packet = self.packet(target, tcp)
packet = encode(packet)
thost.acknr(1)
send(target, self, packet)
def build_rst(self, packet, path, personality, win, ip_id, tcp_seq):
"""Function creates a response RST packet according to personality of the device
Args:
packet : intercepted packet
path : length of path in the virtual network
personality : personality description of the device
win : window size used in the RST packet
ip_id : IP ID used in the RST packet
tcp_seq : TCP SEQ number used in the RST packet
Return:
reply ip packet
"""
tcp_pkt = packet.child()
# tcp packet
reply_tcp = ImpactPacket.TCP()
reply_tcp.set_th_sport(tcp_pkt.get_th_dport())
reply_tcp.set_th_dport(tcp_pkt.get_th_sport())
# reply_tcp.set_th_flags(20) # RST + ACK
reply_tcp.set_RST()
reply_tcp.set_ACK()
reply_tcp.set_th_ack(tcp_pkt.get_th_seq() + 1)
reply_tcp.set_th_seq(tcp_seq())
reply_tcp.set_th_win(win)
reply_tcp.auto_checksum = 1
reply_tcp.calculate_checksum()
# ip packet
reply_ip = ImpactPacket.IP()
reply_ip.set_ip_v(4)
reply_ip.set_ip_p(1)
reply_ip.set_ip_rf(True)
reply_ip.set_ip_df(False)
reply_ip.set_ip_mf(False)
reply_ip.set_ip_src(packet.get_ip_dst())
reply_ip.set_ip_dst(packet.get_ip_src())
reply_ip.set_ip_id(ip_id())
# check T
ttl = 0x7f
if 'T' in personality:
try:
ttl = personality['T'].split('-')
# using minimum ttl
ttl = int(ttl[0], 16)
except BaseException:
raise Exception('Unsupported Ti:T=%s', personality['T'])
# check TG
if 'TG' in personality:
try:
ttl = int(personality['TG'], 16)
except BaseException:
raise Exception('Unsupported Ti:TG=%s', personality['TG'])
delta_ttl = ttl - path
if delta_ttl < 1:
logger.debug('Reply packet dropped: TTL reached 0 within virtual network.')
return None
reply_ip.set_ip_ttl(delta_ttl)
reply_ip.auto_checksum = 1
reply_ip.contains(reply_tcp)
return reply_ip
def build_reply(self, packet, path, personality, cb_ip_id, cb_tcp_seq, cb_tcp_ts):
"""Function creates a reply according to the personality of the device
Args:
packet : intercepted packet
path : length of path in the virtual network
personality : personality description of the device
cb_ipid, cb_tcp_seq, cb_tcp_ts : callback functions for IP ID, TCP SEQ and TCP TS generation
Return
reply ip packet
"""
# fingerprint fields R, DF, T, TG, W, S, A, F, O, RD, Q & CC
# tcp packet
tcp_pkt = packet.child()
reply_tcp = ImpactPacket.TCP()
reply_tcp.set_th_sport(tcp_pkt.get_th_dport())
reply_tcp.set_th_dport(tcp_pkt.get_th_sport())
reply_tcp.set_th_flags(0)
reply_tcp.auto_checksum = 1
# ip packet
reply_ip = ImpactPacket.IP()
reply_ip.set_ip_v(4)
reply_ip.set_ip_p(6)
reply_ip.set_ip_rf(False)
reply_ip.set_ip_df(False)
reply_ip.set_ip_mf(False)
reply_ip.set_ip_src(packet.get_ip_dst())
reply_ip.set_ip_dst(packet.get_ip_src())
reply_ip.set_ip_id(cb_ip_id())
reply_ip.auto_checksum = 1
# check DF
if 'DF' in personality:
if personality['DF'] == 'N':
reply_ip.set_ip_df(False)
elif personality['DF'] == 'Y':
reply_ip.set_ip_df(True)
else:
raise Exception('Unsupported Ti:DF=%s', personality['DF'])
# check T
ttl = 0x7f
if 'T' in personality:
try:
ttl = personality['T'].split('-')
# using minimum ttl
ttl = int(ttl[0], 16)
except BaseException:
raise Exception('Unsupported Ti:T=%s', personality['T'])
# check TG
if 'TG' in personality:
try:
ttl = int(personality['TG'], 16)
except BaseException:
raise Exception('Unsupported Ti:TG=%s', personality['TG'])
delta_ttl = ttl - path
if delta_ttl < 1:
logger.debug('Reply packet dropped: TTL reached 0 within virtual network.')
return None
reply_ip.set_ip_ttl(delta_ttl)
# check W
win = 0
if 'W' in personality:
try:
win = int(personality['W'], 16)
except BaseException:
raise Exception('Unsupported Ti:W=%s', personality['W'])
reply_tcp.set_th_win(win)
# check CC
if 'CC' in personality:
if personality['CC'] == 'N':
reply_tcp.reset_ECE()
reply_tcp.reset_CWR()
elif personality['CC'] == 'Y':
reply_tcp.set_ECE()
reply_tcp.reset_CWR()
elif personality['CC'] == 'S':
reply_tcp.set_ECE()
reply_tcp.set_CWR()
elif personality['CC'] == 'O':
reply_tcp.reset_ECE()
reply_tcp.set_CWR()
# check S
if 'S' in personality:
if personality['S'] == 'Z':
reply_tcp.set_th_seq(0)
elif personality['S'] == 'A':
reply_tcp.set_th_seq(tcp_pkt.get_th_ack())
elif personality['S'] == 'A+':
reply_tcp.set_th_seq(tcp_pkt.get_th_ack() + 1)
elif personality['S'] == 'O':
seq = cb_tcp_seq()
reply_tcp.set_th_seq(seq)
else:
raise Exception('Unsupported Ti:S=%s', personality['S'])
# check A
if 'A' in personality:
if personality['A'] == 'Z':
reply_tcp.set_th_ack(0)
elif personality['A'] == 'S':
reply_tcp.set_th_ack(tcp_pkt.get_th_seq())
elif personality['A'] == 'S+':
reply_tcp.set_th_ack(tcp_pkt.get_th_seq() + 1)
elif personality['A'] == 'O':
temp = random.randint(1, 10)
reply_tcp.set_th_ack(temp)
else:
try:
temp = int(personality['A'], 16)
reply_tcp.set_th_ack(temp)
except BaseException:
raise Exception('Unsupported Ti:A=%s', personality['A'])
# check O
if 'O' in personality:
options = personality['O']
i = 0
while i < len(options):
opt = options[i]
i += 1
if opt == 'L':
reply_tcp.add_option(ImpactPacket.TCPOption(ImpactPacket.TCPOption.TCPOPT_EOL))
if opt == 'N':
reply_tcp.add_option(ImpactPacket.TCPOption(ImpactPacket.TCPOption.TCPOPT_NOP))
if opt == 'S':
reply_tcp.add_option(ImpactPacket.TCPOption(ImpactPacket.TCPOption.TCPOPT_SACK_PERMITTED))
if opt == 'T':
opt = ImpactPacket.TCPOption(ImpactPacket.TCPOption.TCPOPT_TIMESTAMP)
if options[i] == '1':
ts = cb_tcp_ts()
opt.set_ts(ts)
if options[i + 1] == '1':
opt.set_ts_echo(0xffffffff)
reply_tcp.add_option(opt)
i += 2
if opt == 'M':
maxseg, i = self.get_value(options, i)
reply_tcp.add_option(ImpactPacket.TCPOption(ImpactPacket.TCPOption.TCPOPT_MAXSEG, maxseg))
if opt == 'W':
window, i = self.get_value(options, i)
reply_tcp.add_option(ImpactPacket.TCPOption(ImpactPacket.TCPOption.TCPOPT_WINDOW, window))
# check F
if 'F' in personality:
if 'E' in personality['F']:
reply_tcp.set_ECE()
if 'U' in personality['F']:
reply_tcp.set_URG()
if 'A' in personality['F']:
reply_tcp.set_ACK()
if 'P' in personality['F']:
reply_tcp.set_PSH()
if 'R' in personality['F']:
reply_tcp.set_RST()
if 'S' in personality['F']:
reply_tcp.set_SYN()
if 'F' in personality['F']:
reply_tcp.set_FIN()
# check Q
if 'Q' in personality:
if 'R' in personality['Q']:
reply_tcp.set_flags(0x800)
if 'U' in personality['Q']:
reply_tcp.set_th_urp(0xffff)
# check RD
if 'RD' in personality:
try:
crc = int(personality['RD'], 16)
if crc != 0:
data = 'TCP Port is closed\x00'
data += self.compensate(data, crc)
pkt_data = ImpactPacket.Data(data)
reply_tcp.contains(pkt_data)
except BaseException:
raise Exception('Unsupported Ti:RD=%s', personality['RD'])
reply_tcp.calculate_checksum()
reply_ip.contains(reply_tcp)
return reply_ip
def main():
#if len(sys.argv) < 3:
# print
# "Use: %s <src ip> <dst ip>" % sys.argv[0]
# print
# "Use: %s <src ip> <dst ip> <cnt>" % sys.argv[0]
# sys.exit(1)
#elif len(sys.argv) == 3:
# #源IP
# src = sys.argv[1]
# #目标IP
# dst = sys.argv[2]
# #发送次数
# cnt = 1
#elif len(sys.argv) == 4:
# #源IP
# src = sys.argv[1]
# #目标IP
# dst = sys.argv[2]
# #发送次数
# cnt = sys.argv[3]
#else:
# print
# "Input error!"
# sys.exit(1)
src="127.0.0.1"
dst="127.0.0.1"
cnt=10
# print src, dst
ip = ImpactPacket.IP()
ip.set_ip_src(src)
ip.set_ip_dst(dst)
# Create a new ICMP packet of type ECHO.
icmp = ImpactPacket.ICMP()
tcp = ImpactPacket.TCP()
tcp.set_th_sport(8081)
tcp.set_th_dport(8009)
tcp.set_th_seq(1)
tcp.set_th_ack(1)
tcp.set_th_flags(0x18)
tcp.set_th_win(64)
tcp.contains(ImpactPacket.Data(
"GET /att/DIYLife/41264/528 HTTP/1.1\r\nHost: 172.16.11.4\r\nAccept-Encoding: identity\r\n\r\n"))
ip.contains(tcp)
# Open a raw socket. Special permissions are usually required.
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
seq_id = 0
while cnt >= 1:
# Calculate its checksum.
seq_id = seq_id + 1
tcp.set_th_seq(seq_id)
tcp.calculate_checksum()
# Send it to the target host.
s.sendto(ip.get_packet(), (dst, 8007))
cnt = cnt - 1
print("已发送:源IP:{},".format(ip.get_ip_src()))
print("目标IP{}\n".format(ip.set_ip_dst()))
