Exemple #1
0
 def test_register(self):
     """
     Tests DLL registration
     """
     w = WinDivert(self.dll_path)
     w.register()
     self.assertTrue(w.is_registered())
Exemple #2
0
 def test_register(self):
     """
     Tests DLL registration
     """
     w = WinDivert(self.dll_path)
     w.register()
     self.assertTrue(w.is_registered())
Exemple #3
0
 def test_parse_packet_raise_exc(self):
     """
     Tests the parsing packet function to raise an exception when invoked with wrong number of arguments
     """
     driver = WinDivert().register()
     with pytest.raises(ValueError):
         driver.parse_packet("", "", "")
Exemple #4
0
 def test_register(self):
     """
     Tests DLL registration
     """
     d = WinDivert().register()
     assert d.is_registered()
     assert os.path.abspath(d.dll_path) == DEFAULT_DLL_PATH
Exemple #5
0
 def test_register(self):
     """
     Tests DLL registration
     """
     d = WinDivert(self.dll_path).register()
     self.assertTrue(d.is_registered())
     self.assertEquals(os.path.abspath(d.dll_path),
                       os.path.abspath(self.dll_path))
Exemple #6
0
 def test_register(self):
     """
     Tests DLL registration
     """
     d = WinDivert(self.dll_path).register()
     self.assertTrue(d.is_registered())
     self.assertEquals(os.path.abspath(d.dll_path),
                       os.path.abspath(self.dll_path))
Exemple #7
0
 def test_parse_ipv6_address(self):
     """
     Tests parsing of an ipv4 address into a network byte value
     """
     address = "2607:f0d0:1002:0051:0000:0000:0000:0004"
     driver = WinDivert(self.dll_path).register()
     result = inet_ntop(socket.AF_INET6, driver.parse_ipv6_address(address))
     self.assertEqual(inet_pton(socket.AF_INET6, address),
                      inet_pton(socket.AF_INET6, result))
Exemple #8
0
 def test_parse_ipv4_address(self):
     """
     Tests parsing of an ipv4 address into a network byte value
     """
     address = "192.168.1.1"
     driver = WinDivert()
     driver.register()
     result = driver.parse_ipv4_address(address)
     self.assertEqual(struct.unpack(">I", inet_pton(socket.AF_INET, address))[0], result)
Exemple #9
0
 def test_parse_ipv6_address(self):
     """
     Tests parsing of an ipv4 address into a network byte value
     """
     address = "2607:f0d0:1002:0051:0000:0000:0000:0004"
     driver = WinDivert(self.dll_path)
     driver.register()
     result = driver.parse_ipv6_address(address)
     self.assertEqual(struct.unpack("<HHHHHHHH", inet_pton(socket.AF_INET6, address)), tuple(result))
Exemple #10
0
 def test_open_handle(self):
     """
     Tests the open_handle method.
     """
     handle = WinDivert(self.dll_path).open_handle(filter="tcp.DstPort == 23", priority=1000)
     self.assertIsInstance(handle, Handle)
     self.assertTrue(handle.is_opened)
     handle.close()
     self.assertFalse(handle.is_opened)
Exemple #11
0
 def test_load_ok(self):
     """
     Tests DLL loading with a correct path
     """
     try:
         d = WinDivert()
         assert os.path.abspath(d.get_reference()._name) == DEFAULT_DLL_PATH
     except WindowsError as e:
         self.fail("WinDivert() constructor raised %s" % e)
Exemple #12
0
 def test_parse_ipv6_address(self):
     """
     Tests parsing of an ipv4 address into a network byte value
     """
     address = "2607:f0d0:1002:0051:0000:0000:0000:0004"
     driver = WinDivert(self.dll_path).register()
     result = inet_ntop(socket.AF_INET6, driver.parse_ipv6_address(address))
     self.assertEqual(inet_pton(socket.AF_INET6, address),
                      inet_pton(socket.AF_INET6, result))
Exemple #13
0
 def test_parse_ipv4_address(self):
     """
     Tests parsing of an ipv4 address into a network byte value
     """
     address = "192.168.1.1"
     driver = WinDivert()
     driver.register()
     result = driver.parse_ipv4_address(address)
     self.assertEqual(
         struct.unpack(">I", inet_pton(socket.AF_INET, address))[0], result)
Exemple #14
0
 def test_open_handle(self):
     """
     Tests the open_handle method.
     """
     handle = WinDivert(self.dll_path).open_handle(
         filter="tcp.DstPort == 23", priority=1000)
     self.assertIsInstance(handle, Handle)
     self.assertTrue(handle.is_opened)
     handle.close()
     self.assertFalse(handle.is_opened)
Exemple #15
0
 def test_load_ok(self):
     """
     Tests DLL loading with a correct path
     """
     try:
         d = WinDivert(self.dll_path)
         self.assertEquals(os.path.abspath(d.get_reference()._name),
                           os.path.abspath(self.dll_path))
     except WindowsError as e:
         self.fail("WinDivert() constructor raised %s" % e)
Exemple #16
0
 def test_open_handle(self):
     """
     Tests the open_handle method.
     """
     # with cd(os.path.dirname(self.dll_path)):
     handle = WinDivert().open_handle(filter="tcp.DstPort == 23")
     assert isinstance(handle, Handle)
     assert handle.is_opened
     handle.close()
     assert not handle.is_opened
Exemple #17
0
 def test_open_handle(self):
     """
     Tests the open_handle method.
     """
     # with cd(os.path.dirname(self.dll_path)):
     handle = WinDivert(self.dll_path).open_handle(filter="tcp.DstPort == 23")
     self.assertIsInstance(handle, Handle)
     self.assertTrue(handle.is_opened)
     handle.close()
     self.assertFalse(handle.is_opened)
Exemple #18
0
def test_unregister():
    w = WinDivert("false")
    w.open()
    WinDivert.unregister()
    time.sleep(0.1)
    assert WinDivert.is_registered()
    w.close()
    # may not trigger immediately.
    while WinDivert.is_registered():
        time.sleep(0.01)  # pragma: no cover
Exemple #19
0
 def test_load_ok(self):
     """
     Tests DLL loading with a correct path
     """
     try:
         d = WinDivert(self.dll_path)
         self.assertEquals(os.path.abspath(d.get_reference()._name),
                           os.path.abspath(self.dll_path))
     except WindowsError as e:
         self.fail("WinDivert() constructor raised %s" % e)
Exemple #20
0
 def test_open_handle(self):
     """
     Tests the open_handle method.
     """
     # with cd(os.path.dirname(self.dll_path)):
     handle = WinDivert(
         self.dll_path).open_handle(filter="tcp.DstPort == 23")
     self.assertIsInstance(handle, Handle)
     self.assertTrue(handle.is_opened)
     handle.close()
     self.assertFalse(handle.is_opened)
Exemple #21
0
 def test_parse_ipv6_address(self):
     """
     Tests parsing of an ipv4 address into a network byte value
     """
     address = "2607:f0d0:1002:0051:0000:0000:0000:0004"
     driver = WinDivert(self.dll_path)
     driver.register()
     result = driver.parse_ipv6_address(address)
     self.assertEqual(
         struct.unpack("<HHHHHHHH", inet_pton(socket.AF_INET6, address)),
         tuple(result))
Exemple #22
0
def test_check_filter():
    res, pos, msg = WinDivert.check_filter('true')
    assert res
    assert pos == 0
    assert msg is not None
    res, pos, msg = WinDivert.check_filter('something wrong here')
    assert not res
    assert pos == 0
    assert msg is not None
    res, pos, msg = WinDivert.check_filter('outbound and something wrong here')
    assert not res
    assert pos == 13
Exemple #23
0
def testRegister():
	''' Attempt to register WinDivert '''

	dll_path3 = r"c:\Python276\lib\site-packages\pydivert-0.0.2-py2.7.egg\lib\1.1\amd64\WinDivert.dll"
	driver_path = r"c:\Python276\lib\site-packages\pydivert-0.0.2-py2.7.egg\lib\1.1\amd64"
	
	os.chdir(driver_path)

	handle = WinDivert(dll_path3)
	print "HANDLE:", handle
	handle.register()
	print "REGISTERED:", handle.is_registered()
Exemple #24
0
def test_check_filter():

    res, pos, msg = WinDivert.check_filter('true')
    assert res
    assert pos == 0
    assert msg is not None
    res, pos, msg = WinDivert.check_filter('something wrong here')
    assert not res
    assert pos == 0
    assert msg is not None
    res, pos, msg = WinDivert.check_filter('outbound and something wrong here')
    assert not res
    assert pos == 13
Exemple #25
0
class WinDivertAsyncTestCase(BaseTestCase):
    def setUp(self):
        super(WinDivertAsyncTestCase, self).setUp()
        # Initialize the fake tcp server
        self.server = FakeTCPServerIPv4(("127.0.0.1", 0), EchoUpperTCPHandler)
        filter = "outbound and tcp.DstPort == %d and tcp.PayloadLength > 0" % self.server.server_address[
            1]
        self.driver = WinDivert(os.path.join(self.driver_dir, "WinDivert.dll"))
        self.driver.register()

        self.handle = self.driver.open_handle(filter=filter)

        self.server_thread = threading.Thread(target=self.server.serve_forever)
        self.server_thread.start()

        # Initialize the fake tcp client
        self.text = "Hello World!"
        self.client = FakeTCPClient(self.server.server_address,
                                    self.text.encode("UTF-8"))
        self.client_thread = threading.Thread(target=self.client.send)
        self.client_thread.start()

    def test_async_pass_through(self):
        """

        """
        def callback(*args):
            self.handle._send_async(*args)

        if not self.handle.driver.is_legacy_driver():
            for future in self.handle._receive_async(callback=callback):
                if not future.is_complete():
                    pass
                else:
                    break
            self.client_thread.join(timeout=10)
            self.assertEqual(self.text.upper(),
                             self.client.response.decode("UTF-8"))
        else:
            self.assertRaises(MethodUnsupportedException,
                              self.handle._receive_async,
                              callback=callback)

    def tearDown(self):
        try:
            self.handle.close()
        except:
            pass
        self.server.shutdown()
        self.server.server_close()
        super(WinDivertAsyncTestCase, self).tearDown()
Exemple #26
0
def test_unregister():
    w = WinDivert("false")
    w.open()
    WinDivert.unregister()
    time.sleep(0.1)
    assert WinDivert.is_registered()
    w.close()
    # may not trigger immediately.
    while WinDivert.is_registered():
        time.sleep(0.01)  # pragma: no cover
Exemple #27
0
    def __init__(self,
                 redirect_ports=(80, 443),
                 proxy_addr=False, proxy_port=8080,
                 api_host="localhost", api_port=PROXY_API_PORT,
                 cache_size=65536):
        """
        :param redirect_ports: if the destination port is in this tuple, the requests are redirected to the proxy.
        :param proxy_addr: IP address of the proxy (IP within a network, 127.0.0.1 does not work). By default,
        this is detected automatically.
        :param proxy_port: Port the proxy is listenting on.
        :param api_host: Host the forward module API is listening on.
        :param api_port: Port the forward module API is listening on.
        :param cache_size: Maximum number of connection tuples that are stored. Only relevant in very high
        load scenarios.
        """

        if not proxy_addr:
            # Auto-Detect local IP.
            # https://stackoverflow.com/questions/166506/finding-local-ip-addresses-using-pythons-stdlib
            s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
            s.connect(("8.8.8.8", 80))
            proxy_addr = s.getsockname()[0]
            s.close()

        self.client_server_map = OrderedDict()
        self.proxy_addr, self.proxy_port = proxy_addr, proxy_port
        self.connection_cache_size = cache_size

        self.api_server = APIServer((api_host, api_port), APIRequestHandler)
        self.api_server.proxifier = self
        self.api_server_thread = threading.Thread(target=self.api_server.serve_forever)
        self.api_server_thread.daemon = True

        arch = "amd64" if platform.architecture()[0] == "64bit" else "x86"
        self.driver = WinDivert(os.path.join(os.path.dirname(__file__), "..", "contrib",
                                             "windivert", arch, "WinDivert.dll"))
        self.driver.register()

        filter_forward = " or ".join(
            ("tcp.DstPort == %d" % p) for p in redirect_ports)
        self.handle_forward = self.driver.open_handle(filter=filter_forward, layer=Layer.NETWORK_FORWARD)
        self.forward_thread = threading.Thread(target=self.redirect)
        self.forward_thread.daemon = True

        filter_local = "outbound and tcp.SrcPort == %d" % proxy_port
        self.handle_local = self.driver.open_handle(filter=filter_local, layer=Layer.NETWORK)
        self.local_thread = threading.Thread(target=self.adjust_source)
        self.local_thread.daemon = True

        self.handle_icmp = self.driver.open_handle(filter="icmp", layer=Layer.NETWORK, flags=Flag.DROP)
Exemple #28
0
def test_register():
    if WinDivert.is_registered():
        WinDivert.unregister()
    while WinDivert.is_registered():
        time.sleep(0.01)  # pragma: no cover
    assert not WinDivert.is_registered()
    WinDivert.register()
    assert WinDivert.is_registered()
Exemple #29
0
def test_register():
    if WinDivert.is_registered():
        WinDivert.unregister()
    while WinDivert.is_registered():
        time.sleep(0.01)  # pragma: no cover
    assert not WinDivert.is_registered()
    WinDivert.register()
    assert WinDivert.is_registered()
Exemple #30
0
class WinDivertAsyncTestCase(BaseTestCase):
    def setUp(self):
        super(WinDivertAsyncTestCase, self).setUp()
        # Initialize the fake tcp server
        self.server = FakeTCPServerIPv4(("127.0.0.1", 0), EchoUpperTCPHandler)
        filter = "outbound and tcp.DstPort == %d and tcp.PayloadLength > 0" % self.server.server_address[1]
        self.driver = WinDivert(os.path.join(self.driver_dir, "WinDivert.dll"))
        self.driver.register()

        self.handle = self.driver.open_handle(filter=filter)

        self.server_thread = threading.Thread(target=self.server.serve_forever)
        self.server_thread.start()

        # Initialize the fake tcp client
        self.text = "Hello World!"
        self.client = FakeTCPClient(self.server.server_address, self.text.encode("UTF-8"))
        self.client_thread = threading.Thread(target=self.client.send)
        self.client_thread.start()


    def test_async_pass_through(self):
        """

        """

        def callback(*args):
            self.handle._send_async(*args)

        if not self.handle.driver.is_legacy_driver():
            for future in self.handle._receive_async(callback=callback):
                if not future.is_complete():
                    pass
                else:
                    break
            self.client_thread.join(timeout=10)
            self.assertEqual(self.text.upper(), self.client.response.decode("UTF-8"))
        else:
            self.assertRaises(MethodUnsupportedException, self.handle._receive_async, callback=callback)

    def tearDown(self):
        try:
            self.handle.close()
        except:
            pass
        self.server.shutdown()
        self.server.server_close()
        super(WinDivertAsyncTestCase, self).tearDown()
Exemple #31
0
 def test_load_ok(self):
     """
     Tests DLL loading with a correct path
     """
     try:
         WinDivert(self.dll_path)
     except WindowsError as e:
         self.fail("WinDivert() constructor raised %s" % e)
Exemple #32
0
 def test_construct_handle(self):
     """
     Tests constructing an handle from a WinDivert instance
     """
     driver = WinDivert()
     handle = Handle(driver, filter="tcp.DstPort == 23", priority=1000)
     self.assertIsInstance(handle, Handle)
     self.assertFalse(handle.is_opened)
Exemple #33
0
    def setUp(self):
        super(WinDivertUDPTestCase, self).setUp()
        # Initialize the fake tcp server
        self.server = FakeUDPServer(("127.0.0.1", 0), EchoUpperUDPHandler)
        self.driver = WinDivert(os.path.join(self.driver_dir, "WinDivert.dll"))

        self.server_thread = threading.Thread(target=self.server.serve_forever)
        self.server_thread.start()
Exemple #34
0
    def setUp(self):
        super(WinDivertTCPIPv6TestCase, self).setUp()
        # Initialize the fake tcp server
        self.server = FakeTCPServerIPv6(("::1", 0), EchoUpperTCPHandler)
        WinDivert(os.path.join(self.driver_dir, "WinDivert.dll")).register()

        self.server_thread = threading.Thread(target=self.server.serve_forever)
        self.server_thread.start()
Exemple #35
0
    def setUp(self):
        os.chdir(driver_dir)
        # Initialize the fake tcp server
        self.server = FakeTCPServerIPv4(("127.0.0.1", 0), EchoUpperTCPHandler)
        self.driver = WinDivert(os.path.join(driver_dir, "WinDivert.dll"))

        self.server_thread = threading.Thread(target=self.server.serve_forever)
        self.server_thread.start()
Exemple #36
0
 def test_load_already_registered(self):
     """
     Tests WinDivert loading from the default path (DLLs dir inside python's home).
     This assumes the driver has been previously registered
     """
     try:
         WinDivert()
     except WindowsError as e:
         self.fail("WinDivert() constructor raised %s" % e)
Exemple #37
0
    def setUp(self):
        super(WinDivertTCPIPv4TestCase, self).setUp()
        # Initialize the fake tcp server
        self.server = FakeTCPServerIPv4(("127.0.0.1", 0),
                                        EchoUpperTCPHandler)
        self.driver = WinDivert()

        self.server_thread = threading.Thread(target=self.server.serve_forever)
        self.server_thread.start()
Exemple #38
0
    def setUp(self):
        super(WinDivertExternalInterfaceTestCase, self).setUp()
        # Initialize the fake tcp server
        self.server = FakeTCPServerIPv4((socket.gethostbyname(socket.gethostname()), 0),
                                        EchoUpperTCPHandler)
        WinDivert().register()

        self.server_thread = threading.Thread(target=self.server.serve_forever)
        self.server_thread.start()
Exemple #39
0
    def setUp(self):
        super(WinDivertAsyncTestCase, self).setUp()
        # Initialize the fake tcp server
        self.server = FakeTCPServerIPv4(("127.0.0.1", 0), EchoUpperTCPHandler)
        filter = "outbound and tcp.DstPort == %d and tcp.PayloadLength > 0" % self.server.server_address[1]
        self.driver = WinDivert()
        self.driver.register()

        self.handle = self.driver.open_handle(filter=filter)

        self.server_thread = threading.Thread(target=self.server.serve_forever)
        self.server_thread.start()

        # Initialize the fake tcp client
        self.text = "Hello World!"
        self.client = FakeTCPClient(self.server.server_address, self.text.encode("UTF-8"))
        self.client_thread = threading.Thread(target=self.client.send)
        self.client_thread.start()
Exemple #40
0
 def check_driver_path(cls, path):
     """
     Checks driver registration after installation
     :param path: The path where is expected to find the WinDivert.dll
     """
     try:
         return WinDivert(dll_path=path).register()
     except Exception as e:
         sys.stderr.write("Driver registration failed: %s" % str(e))
Exemple #41
0
    def setUp(self):
        os.chdir(driver_dir)
        # Initialize the fake tcp server
        self.server = FakeTCPServerIPv4(
            (socket.gethostbyname(socket.gethostname()), 0),
            EchoUpperTCPHandler)
        WinDivert(os.path.join(driver_dir, "WinDivert.dll")).register()

        self.server_thread = threading.Thread(target=self.server.serve_forever)
        self.server_thread.start()
Exemple #42
0
    def __init__(
        self,
        redirect_ports=(80, 443),
        proxy_addr=False,
        proxy_port=8080,
        api_host="localhost",
        api_port=PROXY_API_PORT,
        cache_size=65536,
    ):
        """
        :param redirect_ports: if the destination port is in this tuple, the requests are redirected to the proxy.
        :param proxy_addr: IP address of the proxy (IP within a network, 127.0.0.1 does not work). By default,
        this is detected automatically.
        :param proxy_port: Port the proxy is listenting on.
        :param api_host: Host the forward module API is listening on.
        :param api_port: Port the forward module API is listening on.
        :param cache_size: Maximum number of connection tuples that are stored. Only relevant in very high
        load scenarios.
        """

        if not proxy_addr:
            # Auto-Detect local IP.
            # https://stackoverflow.com/questions/166506/finding-local-ip-addresses-using-pythons-stdlib
            s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
            s.connect(("8.8.8.8", 80))
            proxy_addr = s.getsockname()[0]
            s.close()

        self.client_server_map = OrderedDict()
        self.proxy_addr, self.proxy_port = proxy_addr, proxy_port
        self.connection_cache_size = cache_size

        self.api_server = APIServer((api_host, api_port), APIRequestHandler)
        self.api_server.proxifier = self
        self.api_server_thread = threading.Thread(target=self.api_server.serve_forever)
        self.api_server_thread.daemon = True

        arch = "amd64" if platform.architecture()[0] == "64bit" else "x86"
        self.driver = WinDivert(
            os.path.join(os.path.dirname(__file__), "..", "contrib", "windivert", arch, "WinDivert.dll")
        )
        self.driver.register()

        filter_forward = " or ".join(("tcp.DstPort == %d" % p) for p in redirect_ports)
        self.handle_forward = self.driver.open_handle(filter=filter_forward, layer=Layer.NETWORK_FORWARD)
        self.forward_thread = threading.Thread(target=self.redirect)
        self.forward_thread.daemon = True

        filter_local = "outbound and tcp.SrcPort == %d" % proxy_port
        self.handle_local = self.driver.open_handle(filter=filter_local, layer=Layer.NETWORK)
        self.local_thread = threading.Thread(target=self.adjust_source)
        self.local_thread.daemon = True

        self.handle_icmp = self.driver.open_handle(filter="icmp", layer=Layer.NETWORK, flags=Flag.DROP)
Exemple #43
0
 def test_load_from_registry(self):
     """
     Tesst WinDivert loading from registry key. This assumes the driver has been
     previously registered
     """
     try:
         reg_key = "SYSTEM\\CurrentControlSet\\Services\\WinDivert1.0"
         if get_reg_values(reg_key):
             WinDivert(reg_key=reg_key)
     except WindowsError as e:
         self.fail("WinDivert() constructor raised %s" % e)
Exemple #44
0
    def setUp(self):
        os.chdir(driver_dir)
        # Initialize the fake tcp server
        self.server = FakeTCPServerIPv4(("127.0.0.1", 0), EchoUpperTCPHandler)
        filter = "outbound and tcp.DstPort == %d and tcp.PayloadLength > 0" % self.server.server_address[1]
        self.driver = WinDivert(os.path.join(driver_dir, "WinDivert.dll"))
        self.handle = self.driver.open_handle(filter=filter)

        self.server_thread = threading.Thread(target=self.server.serve_forever)
        self.server_thread.start()

        # Initialize the fake tcp client
        self.text = "Hello World!"
        self.client = FakeTCPClient(self.server.server_address, self.text.encode("UTF-8"))
        self.client_thread = threading.Thread(target=self.client.send)
        self.client_thread.start()
Exemple #45
0
    def setUp(self):
        super(WinDivertTCPDataCaptureTestCase, self).setUp()
        # Initialize the fake tcp server
        self.server = FakeTCPServerIPv4(("127.0.0.1", 0), EchoUpperTCPHandler)
        filter = "outbound and tcp.DstPort == %d and tcp.PayloadLength > 0" % self.server.server_address[1]
        self.driver = WinDivert()
        self.driver.register()

        self.handle = self.driver.open_handle(filter=filter)

        self.server_thread = threading.Thread(target=self.server.serve_forever)
        self.server_thread.start()

        # Initialize the fake tcp client
        self.text = "Hello World!"
        self.client = FakeTCPClient(self.server.server_address, self.text.encode("UTF-8"))
        self.client_thread = threading.Thread(target=self.client.send)
        self.client_thread.start()
Exemple #46
0
    def __init__(self, parent, server_ip=None, dll=None, running=True, priority=1000):
        ''' consructor, set variables '''
        super(PacketSniffer, self).__init__(parent)

        # Store reference to parent for emiting
        self.parent = parent

        # Store server IP determined earlier
        self.server_ip = server_ip

        # Build dll path
        if dll is None:
            if is_python_64bit() and is_windows_64bit():
                version = "amd64"
            elif not is_python_64bit() and not is_windows_64bit():
                version = "x86"
            else:
                raise InterpreterArchitectureMisMatch
            self.dll = os.path.abspath(os.path.join("assets","libs","WinDivert",version,"WinDivert.dll")).replace('\\','\\\\')
        else:
            self.dll = dll

        # Executing Flag
        self.running = running

        # Listen Packet Priority
        self.priority = priority

        # Build sniffer object
        self.interface = WinDivert(self.dll)

        # Build Packet Decryption Class
        self.tcp = TCP(self)

        # Build our session for http requests we make
        self.session = requests.Session()
        self.session.headers.update({'User-Agent': 'CMO3D', 'Accept': 'application/text'}) # TODO: Compare to what is actually being sent in Wireshark
Exemple #47
0
class TransparentProxy(object):
    """
    Transparent Windows Proxy for mitmproxy based on WinDivert/PyDivert.

    Requires elevated (admin) privileges. Can be started separately by manually running the file.

    This module can be used to intercept and redirect all traffic that is forwarded by the user's machine and
    traffic sent from the machine itself.

    How it works:

    (1) First, we intercept all packages that match our filter (destination port 80 and 443 by default).
    We both consider traffic that is forwarded by the OS (WinDivert's NETWORK_FORWARD layer) as well as traffic
    sent from the local machine (WinDivert's NETWORK layer). In the case of traffic from the local machine, we need to
    distinguish between traffc sent from applications and traffic sent from the proxy. To accomplish this, we use
    Windows' GetTcpTable2 syscall to determine the source application's PID.

    For each intercepted package, we
        1. Store the source -> destination mapping (address and port)
        2. Remove the package from the network (by not reinjecting it).
        3. Re-inject the package into the local network stack, but with the destination address changed to the proxy.

    (2) Next, the proxy receives the forwarded packet, but does not know the real destination yet (which we overwrote
    with the proxy's address). On Linux, we would now call getsockopt(SO_ORIGINAL_DST), but that unfortunately doesn't
    work on Windows. However, we still have the correct source information. As a workaround, we now access the forward
    module's API (see APIRequestHandler), submit the source information and get the actual destination back (which the
    forward module stored in (1.3)).

    (3) The proxy now establish the upstream connection as usual.

    (4) Finally, the proxy sends the response back to the client. To make it work, we need to change the packet's source
    address back to the original destination (using the mapping from (1.3)), to which the client believes he is talking
    to.

    Limitations:

    - No IPv6 support. (Pull Requests welcome)
    - TCP ports do not get re-used simulateously on the client, i.e. the proxy will fail if application X
      connects to example.com and example.org from 192.168.0.42:4242 simultaneously. This could be mitigated by
      introducing unique "meta-addresses" which mitmproxy sees, but this would remove the correct client info from
      mitmproxy.

    """

    def __init__(
        self,
        mode="both",
        redirect_ports=(80, 443),
        custom_filter=None,
        proxy_addr=False,
        proxy_port=8080,
        api_host="localhost",
        api_port=PROXY_API_PORT,
        cache_size=65536,
    ):
        """
        :param mode: Redirection operation mode: "forward" to only redirect forwarded packets, "local" to only redirect
        packets originating from the local machine, "both" to redirect both.
        :param redirect_ports: if the destination port is in this tuple, the requests are redirected to the proxy.
        :param custom_filter: specify a custom WinDivert filter to select packets that should be intercepted. Overrides
        redirect_ports setting.
        :param proxy_addr: IP address of the proxy (IP within a network, 127.0.0.1 does not work). By default,
        this is detected automatically.
        :param proxy_port: Port the proxy is listenting on.
        :param api_host: Host the forward module API is listening on.
        :param api_port: Port the forward module API is listening on.
        :param cache_size: Maximum number of connection tuples that are stored. Only relevant in very high
        load scenarios.
        """
        if proxy_port in redirect_ports:
            raise ValueError("The proxy port must not be a redirect port.")

        if not proxy_addr:
            # Auto-Detect local IP.
            # https://stackoverflow.com/questions/166506/finding-local-ip-addresses-using-pythons-stdlib
            s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
            s.connect(("8.8.8.8", 80))
            proxy_addr = s.getsockname()[0]
            s.close()

        self.mode = mode
        self.proxy_addr, self.proxy_port = proxy_addr, proxy_port
        self.connection_cache_size = cache_size

        self.client_server_map = OrderedDict()

        self.api = APIServer(self, (api_host, api_port), APIRequestHandler)
        self.api_thread = threading.Thread(target=self.api.serve_forever)
        self.api_thread.daemon = True

        self.driver = WinDivert()
        self.driver.register()

        self.request_filter = custom_filter or " or ".join(("tcp.DstPort == %d" % p) for p in redirect_ports)
        self.request_forward_handle = None
        self.request_forward_thread = threading.Thread(target=self.request_forward)
        self.request_forward_thread.daemon = True

        self.addr_pid_map = dict()
        self.trusted_pids = set()
        self.tcptable2 = MIB_TCPTABLE2(0)
        self.tcptable2_size = DWORD(0)
        self.request_local_handle = None
        self.request_local_thread = threading.Thread(target=self.request_local)
        self.request_local_thread.daemon = True

        # The proxy server responds to the client. To the client,
        # this response should look like it has been sent by the real target
        self.response_filter = "outbound and tcp.SrcPort == %d" % proxy_port
        self.response_handle = None
        self.response_thread = threading.Thread(target=self.response)
        self.response_thread.daemon = True

        self.icmp_handle = None

    @classmethod
    def setup(cls):
        # TODO: Make sure that server can be killed cleanly. That's a bit difficult as we don't have access to
        # controller.should_exit when this is called.
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        server_unavailable = s.connect_ex(("127.0.0.1", PROXY_API_PORT))
        if server_unavailable:
            proxifier = TransparentProxy()
            proxifier.start()

    def start(self):
        self.api_thread.start()

        # Block all ICMP requests (which are sent on Windows by default).
        # In layman's terms: If we don't do this, our proxy machine tells the client that it can directly connect to the
        # real gateway if they are on the same network.
        self.icmp_handle = self.driver.open_handle(filter="icmp", layer=Layer.NETWORK, flags=Flag.DROP)

        self.response_handle = self.driver.open_handle(filter=self.response_filter, layer=Layer.NETWORK)
        self.response_thread.start()

        if self.mode == "forward" or self.mode == "both":
            self.request_forward_handle = self.driver.open_handle(
                filter=self.request_filter, layer=Layer.NETWORK_FORWARD
            )
            self.request_forward_thread.start()
        if self.mode == "local" or self.mode == "both":
            self.request_local_handle = self.driver.open_handle(filter=self.request_filter, layer=Layer.NETWORK)
            self.request_local_thread.start()

    def shutdown(self):
        if self.mode == "local" or self.mode == "both":
            self.request_local_handle.close()
        if self.mode == "forward" or self.mode == "both":
            self.request_forward_handle.close()

        self.response_handle.close()
        self.icmp_handle.close()
        self.api.shutdown()

    def recv(self, handle):
        """
        Convenience function that receives a packet from the passed handler and handles error codes.
        If the process has been shut down, (None, None) is returned.
        """
        try:
            raw_packet, metadata = handle.recv()
            return self.driver.parse_packet(raw_packet), metadata
        except WindowsError, e:
            if e.winerror == 995:
                return None, None
            else:
                raise
Exemple #48
0
class PacketSniffer(QObject):
    ''' A class to sniff packets and alter them '''
    interface = None
    countPacketsCaptured = 0
    _filter="ip and (ip.DstAddr == %s or ip.SrcAddr == %s)"
    dropOutbound = False
    dropInbound = False

    def __init__(self, parent, server_ip=None, dll=None, running=True, priority=1000):
        ''' consructor, set variables '''
        super(PacketSniffer, self).__init__(parent)

        # Store reference to parent for emiting
        self.parent = parent

        # Store server IP determined earlier
        self.server_ip = server_ip

        # Build dll path
        if dll is None:
            if is_python_64bit() and is_windows_64bit():
                version = "amd64"
            elif not is_python_64bit() and not is_windows_64bit():
                version = "x86"
            else:
                raise InterpreterArchitectureMisMatch
            self.dll = os.path.abspath(os.path.join("assets","libs","WinDivert",version,"WinDivert.dll")).replace('\\','\\\\')
        else:
            self.dll = dll

        # Executing Flag
        self.running = running

        # Listen Packet Priority
        self.priority = priority

        # Build sniffer object
        self.interface = WinDivert(self.dll)

        # Build Packet Decryption Class
        self.tcp = TCP(self)

        # Build our session for http requests we make
        self.session = requests.Session()
        self.session.headers.update({'User-Agent': 'CMO3D', 'Accept': 'application/text'}) # TODO: Compare to what is actually being sent in Wireshark

    def stop(self):
        ''' Stop Execution '''
        self.running = False

    def register(self):
        ''' register pyDivert with the system '''

        if self.interface is not None and is_elevated_priv():
            self.interface.register()
        else:
            raise RequireElevatedPrivileges

    def isRegistered(self):
        ''' Bool. Is our sniffer properly registered '''

        if self.interface is not None:
            return self.interface.is_registered()
        else:
            return False

    def listen(self):
        ''' Core listen loop. Listen on interface for packets '''

        # Listen Packet Filter
        if self.server_ip is not None:
            self.filter = self._filter % (self.server_ip, self.server_ip)
        else:
            raise TargetServerIPNotSet

        if self.interface is not None and self.isRegistered():
            with Handle(self.interface, filter=self.filter, priority=self.priority, flags=1024) as handle:
                while self.running:

                    # Read in Packet
                    packet = handle.receive()

                    # Note the new packet
                    self.countPacketsCaptured += 1

                    # Parse Packet Payload (data)
                    payload = hexlify(packet.payload)

                    # Log IP headers
                    log.debug("[Packet]{}:{}:{}".format(packet.dst_addr, packet.dst_port, payload))

                    # Determine flow direction
                    self.outbound = False
                    if packet.meta.is_outbound():
                        self.outbound = True
                    
                    # Decode Packet, emit
                    if len(payload) is not 0:
                        self.tcp.checkPacket(payload)

                    # Send Packet on its way, if allowed
                    if self.outbound and not self.dropOutbound:
                        handle.send(packet)
                    elif not self.outbound and not self.dropInbound:
                        handle.send(packet)

                    
                handle.close()
Exemple #49
0
def test_open():
    w = WinDivert("false")
    w.open()
    assert w.is_open
    w.close()
    assert not w.is_open

    with w:
        # open a second one.
        with WinDivert("false") as w2:
            assert w2.is_open

        assert w.is_open
        assert "open" in repr(w)

        with pytest.raises(RuntimeError):
            w.open()

    assert not w.is_open
    assert "closed" in repr(w)

    with pytest.raises(RuntimeError):
        w.recv()
    with pytest.raises(RuntimeError):
        w.close()
Exemple #50
0
class TransparentProxy(object):
    """
    Transparent Windows Proxy for mitmproxy based on WinDivert/PyDivert.

    Requires elevated (admin) privileges. Can be started separately by manually running the file.

    This module can be used to intercept and redirect all traffic that is forwarded by the user's machine.
    This does NOT include traffic sent from the machine itself, which cannot be accomplished by this approach for
    technical reasons (we cannot distinguish between requests made by the proxy or by regular applications. Altering the
    destination the proxy is seeing to some meta address does not work with TLS as the address doesn't match the
    signature.)

    How it works:

    (1) First, we intercept all packages that are forwarded by the OS (WinDivert's NETWORK_FORWARD layer) and whose
    destination port matches our filter (80 and 443 by default).
    For each intercepted package, we
        1. Store the source -> destination mapping (address and port)
        2. Remove the package from the network (by not reinjecting it).
        3. Re-inject the package into the local network stack, but with the destination address changed to the proxy.

    (2) Next, the proxy receives the forwarded packet, but does not know the real destination yet (which we overwrote
    with the proxy's address). On Linux, we would now call getsockopt(SO_ORIGINAL_DST), but that unfortunately doesn't
    work on Windows. However, we still have the correct source information. As a workaround, we now access the forward
    module's API (see APIRequestHandler), submit the source information and get the actual destination back (which the
    forward module stored in (1.3)).

    (3) The proxy now establish the upstream connection as usual.

    (4) Finally, the proxy sends the response back to the client. To make it work, we need to change the packet's source
    address back to the original destination (using the mapping from (1.3)), to which the client believes he is talking
    to.
    """

    def __init__(self,
                 redirect_ports=(80, 443),
                 proxy_addr=False, proxy_port=8080,
                 api_host="localhost", api_port=PROXY_API_PORT,
                 cache_size=65536):
        """
        :param redirect_ports: if the destination port is in this tuple, the requests are redirected to the proxy.
        :param proxy_addr: IP address of the proxy (IP within a network, 127.0.0.1 does not work). By default,
        this is detected automatically.
        :param proxy_port: Port the proxy is listenting on.
        :param api_host: Host the forward module API is listening on.
        :param api_port: Port the forward module API is listening on.
        :param cache_size: Maximum number of connection tuples that are stored. Only relevant in very high
        load scenarios.
        """

        if not proxy_addr:
            # Auto-Detect local IP.
            # https://stackoverflow.com/questions/166506/finding-local-ip-addresses-using-pythons-stdlib
            s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
            s.connect(("8.8.8.8", 80))
            proxy_addr = s.getsockname()[0]
            s.close()

        self.client_server_map = OrderedDict()
        self.proxy_addr, self.proxy_port = proxy_addr, proxy_port
        self.connection_cache_size = cache_size

        self.api_server = APIServer((api_host, api_port), APIRequestHandler)
        self.api_server.proxifier = self
        self.api_server_thread = threading.Thread(target=self.api_server.serve_forever)
        self.api_server_thread.daemon = True

        arch = "amd64" if platform.architecture()[0] == "64bit" else "x86"
        self.driver = WinDivert(os.path.join(os.path.dirname(__file__), "..", "contrib",
                                             "windivert", arch, "WinDivert.dll"))
        self.driver.register()

        filter_forward = " or ".join(
            ("tcp.DstPort == %d" % p) for p in redirect_ports)
        self.handle_forward = self.driver.open_handle(filter=filter_forward, layer=Layer.NETWORK_FORWARD)
        self.forward_thread = threading.Thread(target=self.redirect)
        self.forward_thread.daemon = True

        filter_local = "outbound and tcp.SrcPort == %d" % proxy_port
        self.handle_local = self.driver.open_handle(filter=filter_local, layer=Layer.NETWORK)
        self.local_thread = threading.Thread(target=self.adjust_source)
        self.local_thread.daemon = True

        self.handle_icmp = self.driver.open_handle(filter="icmp", layer=Layer.NETWORK, flags=Flag.DROP)

    @classmethod
    def setup(cls, options):
        # TODO: Make sure that server can be killed cleanly. That's a bit difficult as we don't have access to
        # controller.should_exit when this is called.
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        server_unavailable = s.connect_ex(("127.0.0.1", PROXY_API_PORT))
        if server_unavailable:
            proxifier = TransparentProxy(proxy_addr=options.addr, proxy_port=options.port)
            proxifier.start()

    def start(self):
        self.api_server_thread.start()
        self.local_thread.start()
        self.forward_thread.start()

    def shutdown(self):
        self.handle_forward.close()
        self.handle_local.close()
        self.handle_icmp.close()
        self.api_server.shutdown()

    def recv(self, handle):
        """
        Convenience function that receives a packet from the passed handler and handles error codes.
        If the process has been shut down, (None, None) is returned.
        """
        try:
            raw_packet, metadata = handle.recv()
            return self.driver.parse_packet(raw_packet), metadata
        except WindowsError, e:
            if e.winerror == 995:
                return None, None
            else:
                raise e
Exemple #51
0
 def setUp(self):
     super(WinDivertTestCase, self).setUp()
     WinDivert(self.dll_path).register()
Exemple #52
0
    def __init__(
        self,
        mode="both",
        redirect_ports=(80, 443),
        custom_filter=None,
        proxy_addr=False,
        proxy_port=8080,
        api_host="localhost",
        api_port=PROXY_API_PORT,
        cache_size=65536,
    ):
        """
        :param mode: Redirection operation mode: "forward" to only redirect forwarded packets, "local" to only redirect
        packets originating from the local machine, "both" to redirect both.
        :param redirect_ports: if the destination port is in this tuple, the requests are redirected to the proxy.
        :param custom_filter: specify a custom WinDivert filter to select packets that should be intercepted. Overrides
        redirect_ports setting.
        :param proxy_addr: IP address of the proxy (IP within a network, 127.0.0.1 does not work). By default,
        this is detected automatically.
        :param proxy_port: Port the proxy is listenting on.
        :param api_host: Host the forward module API is listening on.
        :param api_port: Port the forward module API is listening on.
        :param cache_size: Maximum number of connection tuples that are stored. Only relevant in very high
        load scenarios.
        """
        if proxy_port in redirect_ports:
            raise ValueError("The proxy port must not be a redirect port.")

        if not proxy_addr:
            # Auto-Detect local IP.
            # https://stackoverflow.com/questions/166506/finding-local-ip-addresses-using-pythons-stdlib
            s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
            s.connect(("8.8.8.8", 80))
            proxy_addr = s.getsockname()[0]
            s.close()

        self.mode = mode
        self.proxy_addr, self.proxy_port = proxy_addr, proxy_port
        self.connection_cache_size = cache_size

        self.client_server_map = OrderedDict()

        self.api = APIServer(self, (api_host, api_port), APIRequestHandler)
        self.api_thread = threading.Thread(target=self.api.serve_forever)
        self.api_thread.daemon = True

        self.driver = WinDivert()
        self.driver.register()

        self.request_filter = custom_filter or " or ".join(("tcp.DstPort == %d" % p) for p in redirect_ports)
        self.request_forward_handle = None
        self.request_forward_thread = threading.Thread(target=self.request_forward)
        self.request_forward_thread.daemon = True

        self.addr_pid_map = dict()
        self.trusted_pids = set()
        self.tcptable2 = MIB_TCPTABLE2(0)
        self.tcptable2_size = DWORD(0)
        self.request_local_handle = None
        self.request_local_thread = threading.Thread(target=self.request_local)
        self.request_local_thread.daemon = True

        # The proxy server responds to the client. To the client,
        # this response should look like it has been sent by the real target
        self.response_filter = "outbound and tcp.SrcPort == %d" % proxy_port
        self.response_handle = None
        self.response_thread = threading.Thread(target=self.response)
        self.response_thread.daemon = True

        self.icmp_handle = None
Exemple #53
0
class WinDivertTCPDataCaptureTestCase(BaseTestCase):
    """
    Tests capturing TCP traffic with payload
    """

    def setUp(self):
        super(WinDivertTCPDataCaptureTestCase, self).setUp()
        # Initialize the fake tcp server
        self.server = FakeTCPServerIPv4(("127.0.0.1", 0), EchoUpperTCPHandler)
        filter = "outbound and tcp.DstPort == %d and tcp.PayloadLength > 0" % self.server.server_address[1]
        self.driver = WinDivert(os.path.join(self.driver_dir, "WinDivert.dll"))
        self.driver.register()

        self.handle = self.driver.open_handle(filter=filter)

        self.server_thread = threading.Thread(target=self.server.serve_forever)
        self.server_thread.start()

        # Initialize the fake tcp client
        self.text = "Hello World!"
        self.client = FakeTCPClient(self.server.server_address, self.text.encode("UTF-8"))
        self.client_thread = threading.Thread(target=self.client.send)
        self.client_thread.start()

    def test_packet_metadata(self):
        """
        Tests if metadata is right
        """
        raw_packet, metadata = self.handle.recv()
        self.assertTrue(metadata.is_outbound())
        self.assertTrue(metadata.is_loopback())

    def test_pass_through_tuple(self):
        """
        Tests receiving and resending data
        """
        self.handle.send(self.handle.recv())
        self.client_thread.join(timeout=10)
        self.assertEqual(self.text.upper(), self.client.response.decode("UTF-8"))

    def test_pass_through_no_tuple(self):
        """
        Tests receiving and resending data. Sends using 2 arguments instead of tuple
        """
        raw_packet, meta = self.handle.recv()
        self.handle.send(raw_packet, meta)
        self.client_thread.join(timeout=10)
        self.assertEqual(self.text.upper(), self.client.response.decode("UTF-8"))

    def test_pass_through_packet(self):
        """
        Tests receiving and resending data. Sends using an higher level packet object
        """
        self.handle.send(self.handle.receive())
        self.client_thread.join(timeout=10)
        self.assertEqual(self.text.upper(), self.client.response.decode("UTF-8"))

    def test_parse_packet(self):
        """
        Tests parsing packets to intercept the payload
        """
        raw_packet, metadata = self.handle.recv()
        packet = self.driver.parse_packet(raw_packet)
        self.assertEqual("{}:{}".format(packet.dst_addr, packet.dst_port),
                         "{}:{}".format(*self.server.server_address))
        self.assertEqual(self.text.encode("UTF-8"), packet.payload)

    def test_parse_packet_meta(self):
        """
        Tests parsing packets to intercept the payload and store meta in result
        """
        raw_packet, metadata = self.handle.recv()
        packet = self.driver.parse_packet(raw_packet, metadata)
        self.assertEqual("%s:%d" % (packet.dst_addr, packet.dst_port),
                         "%s:%d" % self.server.server_address)
        self.assertEqual(self.text.encode("UTF-8"), packet.payload)
        self.assertEqual(packet.meta, metadata)

    def test_dump_data(self):
        """
        Tests receiving, print and resending data
        """
        raw_packet, metadata = self.handle.recv()
        packet = self.handle.driver.parse_packet(raw_packet)
        self.assertEqual(raw_packet[len(packet.payload) * -1:],
                         packet.raw[len(packet.payload) * -1:])
        self.handle.send((raw_packet, metadata))
        self.client_thread.join(timeout=10)
        self.assertEqual(self.text.upper(), self.client.response.decode("UTF-8"))

    def test_raw_packet_from_captured(self):
        """
        Tests reconstructing raw packet from a captured one
        """
        raw_packet1, metadata = self.handle.recv()
        packet = self.handle.driver.parse_packet(raw_packet1)
        raw_packet2 = packet.raw
        self.assertEqual(hexlify(raw_packet1), hexlify(raw_packet2))

    def test_raw_packet_len(self):
        """
        Tests reconstructing raw packet from a captured and modified one
        """
        raw_packet1, metadata = self.handle.recv()
        packet1 = self.handle.driver.parse_packet(raw_packet1)
        packet1.dst_port = 80
        packet1.dst_addr = "10.10.10.10"
        raw_packet2 = packet1.raw
        self.assertEqual(len(raw_packet1), len(raw_packet2))

    def test_packet_checksum(self):
        """
        Tests checksum without changes
        """
        raw_packet1, metadata = self.handle.recv()
        raw_packet2 = self.handle.driver.calc_checksums(raw_packet1)
        self.assertEqual(hexlify(raw_packet1), hexlify(raw_packet2))

    def test_packet_checksum_recalc(self):
        """
        Tests checksum with changes
        """
        raw_packet1, metadata = self.handle.recv()
        packet = self.handle.driver.parse_packet(raw_packet1)
        packet.dst_port = 80
        packet.dst_addr = "10.10.10.10"
        raw_packet2 = self.handle.driver.calc_checksums(packet.raw)
        self.assertNotEqual(hexlify(raw_packet1), hexlify(raw_packet2))

    def test_packet_reconstruct_checksummed(self):
        """
        Tests reconstruction of a packet after checksum calculation
        """
        raw_packet1, metadata = self.handle.recv()
        packet1 = self.handle.driver.parse_packet(raw_packet1)
        packet1.dst_port = 80
        packet1.dst_addr = "10.10.10.10"
        raw_packet2 = self.handle.driver.calc_checksums(packet1.raw)
        packet2 = self.handle.driver.parse_packet(raw_packet2)
        self.assertEqual(packet1.dst_port, packet2.dst_port)
        self.assertEqual(packet1.dst_addr, packet2.dst_addr)
        self.assertNotEqual(hexlify(raw_packet1), hexlify(raw_packet2))
        self.assertEqual(len(raw_packet1), len(packet2.raw))

    def test_packet_to_string(self):
        """
        Tests string conversions
        """
        packet = self.handle.receive()
        self.assertIn(str(packet.tcp_hdr), str(packet))
        self.assertIn(str(packet.ipv4_hdr), str(packet))
        self.assertEqual(packet.tcp_hdr.raw.decode("UTF-8"), repr(packet.tcp_hdr))
        self.handle.send(packet)

    def test_packet_repr(self):
        """
        Tests repr conversion
        """
        packet = self.handle.receive()
        self.assertEqual(repr(packet), hexlify(packet.raw).decode("UTF-8"))
        self.handle.send(packet)

    def test_modify_address(self):
        """
        Tests address changing
        """
        packet = self.handle.receive()
        current = packet.ipv4_hdr.DstAddr
        packet.dst_addr = "10.0.2.15"
        self.assertEqual(packet.ipv4_hdr.DstAddr, 251789322)
        packet.ipv4_hdr.DstAddr = current
        self.assertEqual(packet.dst_addr, "127.0.0.1")
        self.handle.send(packet)

    def test_modify_port(self):
        """
        Tests port changing
        """
        packet = self.handle.receive()
        current = packet.tcp_hdr.DstPort
        packet.dst_port = 23
        self.assertEqual(packet.tcp_hdr.DstPort, 5888)
        packet.tcp_hdr.DstPort = current
        self.assertEqual(packet.dst_port, self.server.server_address[1])
        self.handle.send(packet)

    def test_send_wrong_args(self):
        """
        Tests send with wrong number of arguments
        """
        packet = self.handle.receive()
        self.assertRaises(ValueError, self.handle.send, "test")

    def tearDown(self):
        try:
            self.handle.close()
        except Exception as e:
            pass
        self.server.shutdown()
        self.server.server_close()
        super(WinDivertTCPDataCaptureTestCase, self).tearDown()