def main(): parser = argparse.ArgumentParser( description='Fragments the IPv4 packets in the given PCAP file ' 'and writes the results to another file.') parser.add_argument('input_file') parser.add_argument('output_file') parser.add_argument( '--fragment-size', '-s', type=int, default=500, help='Fragment size. Packets larger than this are fragmented ' 'if their df flag is not set. Defaults to 500.') args = parser.parse_args() reader = RawPcapReader(args.input_file) writer = PcapWriter(args.output_file, append=False, sync=True) for pkt_data in reader: p = Ether(pkt_data[0]) if isinstance( p[1], IP) and len(p[2]) > args.fragment_size and p[1].flags & 2 != 0: p = fragment(p, args.fragment_size) print 'Fragmented packet into {} fragments.'.format(len(p)) writer.write(p)
def writePCAP(src, dst, data): try: pktdump = PcapWriter(sOutfile + '.pcap', append=True, sync=True) pktinfo = Ether()/IP(src=src[0],dst=dst[0])/TCP(sport=src[1],dport=dst[1])/data pktdump.write(pktinfo) pktdump.close() except Exception as Error: #print(str(Error)) pass
def scapy_io(f_in,f_out): f = PcapReader(f_in) o = PcapWriter(f_out) pkt = f.read_packet() while pkt is not None: o.write(pkt) pkt = f.read_packet() f.close() o.close()
class ScapySniffer(ScapyProtocol): def __init__(self, pcap_filename, *arg, **kw): self.pcapwriter = PcapWriter(pcap_filename, *arg, **kw) def packetReceived(self, packet): self.pcapwriter.write(packet) def close(self): self.pcapwriter.close()
def start(self, callback): # create an sniffer output file, if needed self.logPackets = self.config.getboolean('Sniffer', 'log_packets') if self.logPackets: outputFile = self.config.get('Sniffer', 'output_file') self.pcapWriter = PcapWriter(outputFile, append=False, sync=True) # start sniffing with the given filter and callback, # the appropriate filter will be applied within each module self.callback = callback interface = self.config.get('Sniffer', 'interface') sniff(iface=interface, filter='', prn=self.__snifferCallback)
def concatenate_files(self, pcap1, pcap2): '''Appends second file's packets onto the first. For creating pcap files used in unit testing.''' pkts1 = rdpcap(pcap1) pkts1_writer = PcapWriter(pcap1, append=True, sync=True) pkts2 = rdpcap(pcap2) for pkt in pkts2: pkts1_writer.write(pkt) pkts1 = rdpcap(pcap1)
def main(): parser = argparse.ArgumentParser( description='Defragments the IPv4 packets in the given PCAP file ' 'and writes the results to another file.') parser.add_argument('input_file') parser.add_argument('output_file') args = parser.parse_args() fragments = [] reader = RawPcapReader(args.input_file) writer = PcapWriter(args.output_file, append=False, sync=True) for pkt_data in reader: p = Ether(pkt_data[0]) if not isinstance(p[1], IP): writer.write(p) continue if p[IP].flags & 1 == 0 and p[IP].frag == 0: writer.write(p) continue fragments += p fragments = defragment(fragments) defragged = [] for f in fragments: if f[IP].flags & 1 == 0 and f[IP].frag == 0: defragged.append(f) fragments = [f for f in fragments if f not in defragged] for df in defragged: print 'Defragmented packet.' writer.write(df)
def _log_packets(self, file_path, client_mac): with self.log_lock: cap_writer = PcapWriter(file_path) if not self.wpa_handshakes[client_mac]['logged']: self.wpa_handshakes[client_mac]['logged'] = True for packet in self.wpa_handshakes[client_mac]['packets']: if Dot11Beacon not in packet: cap_writer.write(packet) cap_writer.close() cap_writer = PcapWriter(file_path, append = True) for packet in self.wpa_handshakes[client_mac]['packets']: if Dot11Beacon in packet: cap_writer.write(packet) cap_writer.close()
def __init__(self, client: AbstractAioSocket, server: AbstractAioSocket, protocols: Collection[ApplicationProtocol] = (), loop: AbstractEventLoop = None, write_to: PcapWriter = None): self.client = client self.server = server self.client_to_server = Lock() self.server_to_client = Lock() self.active = True self.protocols = protocols self.loop = loop if loop is None: self.loop = get_event_loop() server_info = Tunnel.ip_to_ipv6( server.get_real_socket().getpeername() [0]), server.get_real_socket().getpeername()[1] client_info = Tunnel.ip_to_ipv6( client.get_real_socket().getpeername() [0]), client.get_real_socket().getpeername()[1] if write_to is None: write_to = PcapWriter(BytesIO()) self.writer = PacketWriter(client_info, server_info, write_to)
async def mainloop(sock, config, providers): loop = asyncio.get_event_loop() buffer = io.BytesIO() writer = PcapWriter(buffer, sync=True) loop.create_task(buffer_to_file(f"pcap/{int(time.time())}.pcap", buffer)) while True: connection, _ = await loop.sock_accept(sock) loop.create_task( do_proxy_stuff(loop, connection, config, providers, writer))
class ConnectionHandler(threading.Thread): templates = {} pcapw = PcapWriter(config['Output']['FilePcap']) def set_templates(self, templates): self.templates = templates def run(self): # This method is executed in a thread. It will relay data between the local # host and the remote host, while letting modules work on the data before # passing it on. # this is the socket we will listen on for incoming connections proxy_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) proxy_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) # print("Setting second ip to Broker IP") # p = subprocess.Popen(['ip', 'addr', 'add', config['Broker']['Host'] + '/' + config['Broker']['Mask'], 'dev', # config['Fuzzer']['Interface']]) # p.wait() print("Binding to Port") try: proxy_socket.bind(('', config['Broker'].getint('Port'))) except socket.error as e: print(e.strerror) sys.exit(5) # Listens for up to 10 connections proxy_socket.listen(10) print("Intercepting for {} seconds".format( config['Fuzzer'].getint('Total'))) alive = MQTTAlive(config['Fuzzer'].getint('Total')) alive.start() while alive.is_alive(): print('Waiting for connection') proxy_socket.settimeout(1.) timeout = True while alive.is_alive() and timeout: timeout = False try: in_socket, in_addrinfo = proxy_socket.accept() except socket.timeout: timeout = True if not timeout: print('Connection from {}'.format(in_addrinfo)) proxy_thread = MultInterceptor(self.templates, in_socket, alive, in_addrinfo, self.pcapw) proxy_thread.start() alive.add_thread(proxy_thread) self.pcapw.close()
class IDSPcapSniffer: def __init__(self, config): self.config = config def start(self, callback): # create an sniffer output file, if needed self.logPackets = self.config.getboolean('Sniffer', 'log_packets') if self.logPackets: outputFile = self.config.get('Sniffer', 'output_file') self.pcapWriter = PcapWriter(outputFile, append=False, sync=True) # start sniffing with the given filter and callback, # the appropriate filter will be applied within each module self.callback = callback interface = self.config.get('Sniffer', 'interface') sniff(iface=interface, filter='', prn=self.__snifferCallback) def __snifferCallback(self, packet): # append output file with packet if self.logPackets: self.pcapWriter.write(packet) # parse packet self.callback(str(packet))
def scapy_io(f_in, f_out): f = PcapReader(f_in) o = PcapWriter(f_out) pkt = f.read_packet() while pkt is not None: o.write(pkt) pkt = f.read_packet() f.close() o.close()
def writePCAP(src, dst, data): try: pktdump = PcapWriter(sOutfile + '.pcap', append=True, sync=True) pktinfo = Ether() / IP(src=src[0], dst=dst[0]) / TCP( sport=src[1], dport=dst[1]) / data pktdump.write(pktinfo) pktdump.close() except Exception as Error: #print(str(Error)) pass
def run(self, args): self.sniff_sess = None filepath = None if self.client.is_windows(): from modules.lib.windows.winpcap import init_winpcap init_winpcap(self.client) pktwriter = None if args.save_pcap: config = self.client.pupsrv.config filepath = config.get_file('pcaps', {'%c': self.client.short_name()}) pktwriter = PcapWriter(filepath, append=True, sync=True) tcpdump = self.client.remote('tcpdump', 'run', False) self.wait.clear() try: name, self.terminate = tcpdump(self.printer(pcap_writer=pktwriter), self.on_error, args.iface, args.bpf, args.timeout, count=args.count) self.success(u'Scapy tcpdump on "{}" - started'.format(name)) self.wait.wait() self.success(u'Scapy tcpdump on "{}" - completed'.format(name)) if filepath: self.info('Pcap stored to: {}'.format(filepath)) except Exception, e: self.wait.set() self.error('Error: ' + ' '.join(x for x in e.args if type(x) in (str, unicode)))
def foo(in_filename, out_filename): # open the input file for reading f = PcapReader(in_filename) # open the output file for writing o = PcapWriter(out_filename) # read the first packet from the input file p = f.read_packet() # while we haven't processed the last packet while p: layer = p.firstlayer() while not isinstance(layer, NoPayload): if (type(layer) is IPv6): new_layer = IP() del new_layer.ihl new_layer.ttl = layer.hlim new_layer.proto = layer.nh new_layer.src = ".".join(map(str, six2four(layer.src))) new_layer.dst = ".".join(map(str, six2four(layer.dst))) new_layer.add_payload(layer.payload) prev_layer = layer.underlayer del layer prev_layer.remove_payload() prev_layer.add_payload(new_layer) if type(prev_layer) is Ether: prev_layer.type = ETH_P_IP layer = new_layer if layer.default_fields.has_key('chksum'): del layer.chksum if layer.default_fields.has_key('len'): del layer.len # advance to the next layer layer = layer.payload # write the packet we just dissected into the output file o.write(p) # read the next packet p = f.read_packet() # close the input file f.close() # close the output file o.close()
def __init__(self, pcap_filename, *arg, **kw): self.pcapwriter = PcapWriter(pcap_filename, *arg, **kw)
import sys from scapy.all import RandMAC, RandIP, PcapWriter, RandIP6, RandShort, fuzz from scapy.all import IPv6, Dot1Q, IP, Ether, UDP, TCP, random # Path for the pcap file location. path = str(sys.argv[1]) # The number of packets generated will be size * 8. size = int(sys.argv[2]) # Traffic option is used to choose between fuzzy or simple packet type. if len(sys.argv) > 3: traffic_opt = str(sys.argv[3]) else: traffic_opt = "" pktdump = PcapWriter(path, append=False, sync=True) pkt = [] for i in range(0, size): if traffic_opt == "fuzzy": eth = Ether(src=RandMAC(), dst=RandMAC()) vlan = Dot1Q() udp = UDP(dport=RandShort(), sport=RandShort()) ipv4 = IP(src=RandIP(), dst=RandIP(), len=random.randint(0, 100)) ipv6 = IPv6(src=RandIP6(), dst=RandIP6(), plen=random.randint(0, 100)) tcp = TCP(dport=RandShort(), sport=RandShort(), flags='S', dataofs=random.randint(0, 15)) # IPv4 packets with fuzzing
def setup_packet_save(filename): """Sets up a global object that is used to save the files to a .pcap file""" global pktdump pktdump = PcapWriter(filename + '.pcap', append=False, sync=True)
#!/usr/bin/python3 try: from scapy.all import RandMAC, RandIP, PcapWriter, RandIP6, RandShort, fuzz from scapy.all import IPv6, Dot1Q, IP, Ether, UDP, TCP except ModuleNotFoundError as err: print(err + ": Scapy") import sys path = str(sys.argv[1]) + "/pcap/fuzzy.pcap" pktdump = PcapWriter(path, append=False, sync=True) for i in range(0, 2000): # Generate random protocol bases, use a fuzz() over the combined packet # for full fuzzing. eth = Ether(src=RandMAC(), dst=RandMAC()) vlan = Dot1Q() ipv4 = IP(src=RandIP(), dst=RandIP()) ipv6 = IPv6(src=RandIP6(), dst=RandIP6()) udp = UDP(dport=RandShort(), sport=RandShort()) tcp = TCP(dport=RandShort(), sport=RandShort()) # IPv4 packets with fuzzing pktdump.write(fuzz(eth / ipv4 / udp)) pktdump.write(fuzz(eth / ipv4 / tcp)) pktdump.write(fuzz(eth / vlan / ipv4 / udp)) pktdump.write(fuzz(eth / vlan / ipv4 / tcp)) # IPv6 packets with fuzzing pktdump.write(fuzz(eth / ipv6 / udp)) pktdump.write(fuzz(eth / ipv6 / tcp))
def _log_packets(self, file_path, client_mac): with self.log_lock: cap_writer = PcapWriter(file_path) if not self.wpa_handshakes[client_mac]['logged']: self.wpa_handshakes[client_mac]['logged'] = True for packet in self.wpa_handshakes[client_mac]['packets']: if Dot11Beacon not in packet: cap_writer.write(packet) cap_writer.close() cap_writer = PcapWriter(file_path, append=True) for packet in self.wpa_handshakes[client_mac]['packets']: if Dot11Beacon in packet: cap_writer.write(packet) cap_writer.close()
def packets_to_datasource_events(packets: List[Packet]) -> PCAP: f = BytesIO() PcapWriter(f).write(packets) f.seek(0) return PCAP(f) # type: ignore
def handle(self, input, interface=None, count=0, timeout=None, filter=None, regex=None, xregex=None, monitor=False, pcap=False, debug=False): self.debug = debug # Compile expressions if regex: self.regex = [ re.compile(r.encode(), re.DOTALL | re.MULTILINE) for r in list(regex) ] if xregex: self.xregex = [ re.compile(x.encode(), re.DOTALL | re.MULTILINE) for x in list(xregex) ] # Output pcap to infinitely iterable file with IterWriter() as output: if pcap: self.pcap = PcapWriter(output, sync=True) # Configure sniffer and produce sniffer stream try: stream = AsyncSniffer( started_callback=lambda: self.log.info( "Sniffing interface(s): %s...", interface or conf.iface ), iface=interface or conf.iface, count=count, timeout=timeout, filter=filter, lfilter=self._lfilter, prn=self._prn, store=False, monitor=monitor, ) # Start sniffer stream stream.start() # Output pcap data if pcap: for data in output: yield data if not stream.running and not output.closed: output.close() # Wait for stream to complete stream.join() except Scapy_Exception as e: self.log.error(e)
class LAN(Module): """ Sniff packets on a local area network. """ # Prevent newlines when generating delimiter = b"" # Global variables pcap = None regex = None xregex = None debug = False @classmethod def add_arguments(self, parser): parser.add_argument("-n", "--interface", action="append", help="network interface(s) on which to sniff)") parser.add_argument("-c", "--count", type=int, default=0, help="number of packets to sniff (all)") parser.add_argument("-t", "--timeout", type=int, default=None, help="number of seconds to sniff (infinite)") parser.add_argument("-f", "--filter", type=str, help="BPF filter to apply") parser.add_argument("-r", "--regex", type=str, action="append", default=[], help="expression(s) to qualify packet (AND)") parser.add_argument("-x", "--xregex", type=str, action="append", default=[], help="expression(s) to disqualify packet (OR)") parser.add_argument("-m", "--monitor", action="store_true", help="listen in monitor mode (False)") parser.add_argument("-p", "--pcap", action="store_true", help="output packets as pcap (False)") parser.add_argument("-d", "--debug", action="store_true", help="unpack and display each captured packet") def handle(self, input, interface=None, count=0, timeout=None, filter=None, regex=None, xregex=None, monitor=False, pcap=False, debug=False): self.debug = debug # Compile expressions if regex: self.regex = [ re.compile(r.encode(), re.DOTALL | re.MULTILINE) for r in list(regex) ] if xregex: self.xregex = [ re.compile(x.encode(), re.DOTALL | re.MULTILINE) for x in list(xregex) ] # Output pcap to infinitely iterable file with IterWriter() as output: if pcap: self.pcap = PcapWriter(output, sync=True) # Configure sniffer and produce sniffer stream try: stream = AsyncSniffer( started_callback=lambda: self.log.info( "Sniffing interface(s): %s...", interface or conf.iface ), iface=interface or conf.iface, count=count, timeout=timeout, filter=filter, lfilter=self._lfilter, prn=self._prn, store=False, monitor=monitor, ) # Start sniffer stream stream.start() # Output pcap data if pcap: for data in output: yield data if not stream.running and not output.closed: output.close() # Wait for stream to complete stream.join() except Scapy_Exception as e: self.log.error(e) def _prn(self, pkt): """ Handle captured packet. :param object pkt: captured packet """ # Show packet summary self.log.logger.debug(pkt.summary()) # Show packet details if self.debug: self.log.logger.info(pkt.show(dump=True)) # Output full pcap if self.pcap: self.pcap.write(pkt) def _lfilter(self, pkt): """ Assess potential packet for capture. :param object pkt: potential packet :return: whether to capture packet :rtype: bool """ # Check xregex are excluded (OR) if self.xregex: for x in self.xregex: if x.search(raw(pkt)): return False # Check regex are included (AND) if self.regex: for r in self.regex: if not r.search(raw(pkt)): return False return True
if netstatResult not in ([], ['0', '-']): with open( additoinsDir + str(p.time).split('.')[0] + '-' + sport + '-' + dport + '.yml', 'w') as yamlFile: pInfo = {'uid': int(netstatResult[0])} if len(netstatResult) > 2: pInfo.update({ 'pid': int(netstatResult[1]), 'comm': netstatResult[2], 'cmd': ' '.join(netstatResult[3:]) }) yaml.dump(pInfo, yamlFile) if os.system('ip > /dev/null 2>&1') == 32512: print('ip Not Found. Please install iproute2!') exit() if os.system('ip a s ' + args.interface + ' > /dev/null 2>&1') == 256: print('iface ' + args.interface + ' Not Found. Please check the arguments!') exit() if os.system('netstat > /dev/null 2>&1') == 32512: print('netstat Not Found. Please install net-tools!') exit() pDump = PcapWriter(workDir + 'package.pcap', append=True, sync=True) sniff(iface=args.interface, prn=lambda p: threading.Thread(target=process_sniffed_packet, args=(p, )) .start())
def _log_packets(self, file_path, client_mac): cap_writer = PcapWriter(file_path, append=True, sync=True) for packet in self.wpa_handshakes[client_mac]['packets']: cap_writer.write(packet) self.wpa_handshakes[client_mac]['logged'] = True
def __init__(self, *arg, **kw): PcapWriter.__init__(self, *arg, **kw) fdesc.setNonBlocking(self.f)
def anonymize_file(input_file: str, output_file: str) -> None: logger = logging.getLogger(inspect.stack()[0][3]) with PcapReader(input_file) as reader: writer = PcapWriter(output_file, sync=True) ssid_number = 0 address_hash = {} ssid_hash = {} for frame in reader: if frame.haslayer(Dot11): frame_fcs = frame.fcs logger.info("frame_fcs: %s", hex(frame_fcs)) # raw_fcs = struct.unpack("I", bytes(frame.payload)[-4:])[0] # matches frame.fcs crc_bytes = struct.pack( "I", zlib.crc32(bytes(frame.payload)[:-4]) & 0xFFFF_FFFF) crc_int = int.from_bytes(crc_bytes, byteorder="little") logger.info("crc_int: %s", hex(crc_int)) fcs_match = frame_fcs == crc_int logger.info("fcs_match: %s", fcs_match) # anonymize mac addresses frame[Dot11].addr1 = anonymize_mac(frame.addr1, address_hash) frame[Dot11].addr2 = anonymize_mac(frame.addr2, address_hash) frame[Dot11].addr3 = anonymize_mac(frame.addr3, address_hash) # anonymize SSID and address fields (this code seems problematic in py3) if args.skip: logger.info("skipping anonymizing SSID: %s", args.skip) else: dot11elt = frame.getlayer(Dot11Elt) while dot11elt: logger.info("ie: %s", dot11elt.ID) if dot11elt.ID == 0: ssid = anonymize_ssid(dot11elt.info, ssid_number, ssid_hash) dot11elt.len = len(ssid) dot11elt.info = ssid dot11elt = dot11elt.payload.getlayer(Dot11Elt) if fcs_match: # if fcs and crc originally matched, recompute new valid fcs: fcs = struct.pack( "I", zlib.crc32(bytes(frame.payload)[:-4]) & 0xFFFF_FFFF) else: # otherwise throw garbage in the fcs which will not validate fcs = b"\x00\x00\x00\x00" logger.info("new fcs: %s", hex(int.from_bytes(fcs, byteorder="little"))) # write anonymized packet writer.write(RadioTap(bytes(frame)[:-4] + fcs)) logger.info("done")