Exemple #1
0
def srp1flood(x,
              promisc=None,
              filter=None,
              iface=None,
              nofilter=0,
              *args,
              **kargs):  # noqa: E501
    """Flood and receive packets at layer 2 and return only the first answer

    :param prn:      function applied to packets received
    :param verbose:  set verbosity level
    :param nofilter: put 1 to avoid use of BPF filters
    :param filter:   provide a BPF filter
    :param iface:    listen answers only on the given interface
    """
    s = conf.L2socket(promisc=promisc,
                      filter=filter,
                      nofilter=nofilter,
                      iface=iface)  # noqa: E501
    ans, _ = sndrcvflood(s, x, *args, **kargs)
    s.close()
    if len(ans) > 0:
        return ans[0][1]
    else:
        return None
Exemple #2
0
def srp(x,
        iface=None,
        iface_hint=None,
        filter=None,
        nofilter=0,
        type=ETH_P_ALL,
        *args,
        **kargs):
    """Send and receive packets at layer 2
nofilter: put 1 to avoid use of bpf filters
retry:    if positive, how many times to resend unanswered packets
          if negative, how many times to retry when no more packets are answered
timeout:  how much time to wait after the last packet has been sent
verbose:  set verbosity level
multi:    whether to accept multiple answers for the same stimulus
filter:   provide a BPF filter
iface:    work only on the given interface"""
    if not kargs.has_key("timeout"):
        kargs["timeout"] = -1
    if iface is None and iface_hint is not None:
        iface = conf.route.route(iface_hint)[0]
    s = conf.L2socket(iface=iface, filter=filter, nofilter=nofilter, type=type)
    a, b = sndrcv(s, x, *args, **kargs)
    s.close()
    return a, b
Exemple #3
0
def srpflood(x,
             promisc=None,
             filter=None,
             iface=None,
             iface_hint=None,
             nofilter=None,
             *args,
             **kargs):  # noqa: E501
    """Flood and receive packets at layer 2

    :param prn:      function applied to packets received
    :param unique:   only consider packets whose print
    :param nofilter: put 1 to avoid use of BPF filters
    :param filter:   provide a BPF filter
    :param iface:    listen answers only on the given interface
    """
    if iface is None and iface_hint is not None:
        iface = conf.route.route(iface_hint)[0]
    s = conf.L2socket(promisc=promisc,
                      filter=filter,
                      iface=iface,
                      nofilter=nofilter)  # noqa: E501
    r = sndrcvflood(s, x, *args, **kargs)
    s.close()
    return r
Exemple #4
0
 def __init__(self, args):
     self.interface = args.i
     self.args = args
     self.hdr = Headers()
     self.injSocket = conf.L2socket(iface=self.interface)
     if (args.m != args.i) or args.tun is True:
         self.injMac = scapy.arch.get_if_hwaddr(self.interface)
Exemple #5
0
def sendp(x,
          inter=0,
          loop=0,
          iface=None,
          iface_hint=None,
          count=None,
          verbose=None,
          realtime=None,
          return_packets=False,
          socket=None,
          *args,
          **kargs):
    """Send packets at layer 2
sendp(packets, [inter=0], [loop=0], [iface=None], [iface_hint=None], [count=None], [verbose=conf.verb],
      [realtime=None], [return_packets=False], [socket=None]) -> None"""
    if iface is None and iface_hint is not None and socket is None:
        iface = conf.route.route(iface_hint)[0]
    if socket is None:
        socket = conf.L2socket(iface=iface, *args, **kargs)
    return __gen_send(socket,
                      x,
                      inter=inter,
                      loop=loop,
                      count=count,
                      verbose=verbose,
                      realtime=realtime,
                      return_packets=return_packets)
Exemple #6
0
def sendp(x,
          inter=0,
          loop=0,
          iface=None,
          iface_hint=None,
          count=None,
          verbose=None,
          realtime=None,
          return_packets=False,
          socket=None,
          *args,
          **kargs):
    """Send packets at layer 2
sendp(packets, [inter=0], [loop=0], [iface=None], [iface_hint=None], [count=None], [verbose=conf.verb],  # noqa: E501
      [realtime=None], [return_packets=False], [socket=None]) -> None"""
    if iface is None and iface_hint is not None and socket is None:
        iface = conf.route.route(iface_hint)[0]
    need_closing = socket is None
    socket = socket or conf.L2socket(iface=iface, *args, **kargs)
    results = __gen_send(socket,
                         x,
                         inter=inter,
                         loop=loop,
                         count=count,
                         verbose=verbose,
                         realtime=realtime,
                         return_packets=return_packets)
    if need_closing:
        socket.close()
    return results
Exemple #7
0
def _verify_l2socket_setup(cap_filter):
    """Create a socket using the scapy configured l2socket.

    Try to create the socket
    to see if we have permissions
    since AsyncSniffer will do it another
    thread so we will not be able to capture
    any permission or bind errors.
    """
    conf.L2socket(filter=cap_filter)
Exemple #8
0
def srp(x, promisc=None, iface=None, iface_hint=None, filter=None,
        nofilter=0, type=ETH_P_ALL, *args, **kargs):
    """Send and receive packets at layer 2"""
    if iface is None and iface_hint is not None:
        iface = conf.route.route(iface_hint)[0]
    s = conf.L2socket(promisc=promisc, iface=iface,
                      filter=filter, nofilter=nofilter, type=type)
    result = sndrcv(s, x, *args, **kargs)
    s.close()
    return result
Exemple #9
0
def _verify_l2socket_creation_permission():
    """Create a socket using the scapy configured l2socket.

    Try to create the socket
    to see if we have permissions
    since AsyncSniffer will do it another
    thread so we will not be able to capture
    any permission or bind errors.
    """
    # disable scapy promiscuous mode as we do not need it
    conf.sniff_promisc = 0
    conf.L2socket()
Exemple #10
0
def srpflood(x, promisc=None, filter=None, iface=None, iface_hint=None, nofilter=None, *args,**kargs):
    """Flood and receive packets at layer 2
prn:      function applied to packets received. Ret val is printed if not None
store:    if 1 (default), store answers and return them
unique:   only consider packets whose print 
nofilter: put 1 to avoid use of BPF filters
filter:   provide a BPF filter
iface:    listen answers only on the given interface"""
    if iface is None and iface_hint is not None:
        iface = conf.route.route(iface_hint)[0]    
    s = conf.L2socket(promisc=promisc, filter=filter, iface=iface, nofilter=nofilter)
    r=sndrcvflood(s,x,*args,**kargs)
    s.close()
    return r
Exemple #11
0
def send_random_traffic(dst):
    dst_mac = None
    dst_ip = None
    interface = None
    #print get_if_list()
    src_mac = [get_if_hwaddr(i) for i in get_if_list() if "eth0" in i]
    interface = [i for i in get_if_list() if "eth0" in i][0]
    if len(src_mac) < 1:
        print("No interface for output")
        sys.exit(1)
    src_mac = src_mac[0]
    src_ip = None
    if src_mac == "00:00:00:00:01:01":
        src_ip = "10.0.1.1"
    elif src_mac == "00:00:00:00:02:02":
        src_ip = "10.0.2.2"
    elif src_mac == "00:00:00:00:03:03":
        src_ip = "10.0.3.3"
    else:
        print("Invalid source host")
        sys.exit(1)

    if dst in ("h1", "10.0.1.1"):
        dst_mac = "00:00:00:00:01:01"
        dst_ip = "10.0.1.1"
    elif dst in ("h2", "10.0.2.2"):
        dst_mac = "00:00:00:00:02:02"
        dst_ip = "10.0.2.2"
    elif dst in ("h3", "10.0.3.3"):
        dst_mac = "00:00:00:00:03:03"
        dst_ip = "10.0.3.3"
    else:
        print("Invalid host to send to")
        sys.exit(1)

    src_mac = "10:10:10:10:10:10"
    data = "ABCDFE"
    src_ip = "10.0.10.10"
    s = conf.L2socket(iface=interface)

    p = Ether(dst=dst_mac, src=src_mac) / IP(frag=5868, dst=dst_ip, src=src_ip)
    p = p / UDP(sport=0x00FF, dport=0x00FF) / Raw(load=data)
    s.send(p)
def demo():

	# Capture a TKIP Frame.
	print "[+] Capturing a TKIP Frame..."
	sock = conf.L2socket( type=ETH_P_ALL , iface=IFACE )
	l = sniff( lfilter=isTKIP , count=1 , timeout=120 , opened_socket=sock )
	if len(l) <= 0:
		print "[-] Failed to capture a TKIP Frame."
		exit()
	packet = l[0].getlayer(Dot11)
	print "[+]", packet.summary()

	# Perform the chop-chop attack, and recover the plaintext of an ARP Message.
	mic , icv = chopchop( sock=sock , packet=packet )
	plaintext = decryptARP( mic=mic , icv=icv )

	# Show the results.
	if plaintext is not None:
		plaintext.show()
Exemple #13
0
def sendp(x,
          inter=0,
          loop=0,
          iface=None,
          iface_hint=None,
          count=None,
          verbose=None,
          realtime=None,
          return_packets=False,
          socket=None,
          *args,
          **kargs):
    """
    Send packets at layer 2

    :param x: the packets
    :param inter: time (in s) between two packets (default 0)
    :param loop: send packet indefinetly (default 0)
    :param count: number of packets to send (default None=1)
    :param verbose: verbose mode (default None=conf.verbose)
    :param realtime: check that a packet was sent before sending the next one
    :param return_packets: return the sent packets
    :param socket: the socket to use (default is conf.L3socket(kargs))
    :param iface: the interface to send the packets on
    :param monitor: (not on linux) send in monitor mode
    :returns: None
    """
    if iface is None and iface_hint is not None and socket is None:
        iface = conf.route.route(iface_hint)[0]
    need_closing = socket is None
    socket = socket or conf.L2socket(iface=iface, *args, **kargs)
    results = __gen_send(socket,
                         x,
                         inter=inter,
                         loop=loop,
                         count=count,
                         verbose=verbose,
                         realtime=realtime,
                         return_packets=return_packets)
    if need_closing:
        socket.close()
    return results
Exemple #14
0
 def sendPackets(self):
     self.isSending = True
     self.shouldStop = False
     PktList = self.constructPacketList()
     sendNetcard = self.netcardList[self.cmbNetCard.currentIndex()][0]
     socket = conf.L2socket(iface=sendNetcard)
     sendInvterval = int(
         self.edtInter.text()) if self.edtInter.text().isdigit() else 0
     sendLoop = int(
         self.edtLoop.text()) if self.edtLoop.text().isdigit() else 1
     self.SendProgress.setMaximum(sendLoop)
     if self.cboxRepeat.checkState():
         self.SendProgress.setMaximum(0)
         self.SendProgress.setValue(0)
         sendLoop = sys.maxsize
     now_time = time.time()
     old_time = now_time
     pktCount = 0
     old_pktCount = pktCount
     pktRate = 0
     time_count = 0
     for loopInx in range(sendLoop):
         QtWidgets.QApplication.processEvents()
         for pkt in PktList:
             socket.send(pkt)
             pktCount += 1
             qtsleep(sendInvterval)
             if time_count > 1000:
                 now_time = time.time()
                 pktRate = int(
                     (pktCount - old_pktCount) / (now_time - old_time))
                 time_count = 0
             time_count += sendInvterval
             self.lblSendStatus.setText("已发:%d  %d/s" % (pktCount, pktRate))
             if self.shouldStop:
                 break
         if not self.cboxRepeat.checkState():
             self.SendProgress.setValue(loopInx + 1)
         if self.shouldStop:
             break
     self.isSending = False
Exemple #15
0
def rnd_aps(iface):
    s = conf.L2socket(iface=iface)

    rnd_mac = RandMAC()
    itx = 0

    try:
        while True:
            s.send(
                RadioTap() / Dot11(addr1="ff:ff:ff:ff:ff:ff",
                                   addr2=rnd_mac,
                                   addr3=rnd_mac,
                                   addr4=rnd_mac) / Dot11Beacon(cap="ESS") /
                Dot11Elt(ID="SSID", info=b"VOTA " + LEL_AP[itx]) /
                Dot11Elt(ID="Rates", info="\x0c\x12\x18\x24\x30\x48\x60\x6c") /
                Dot11Elt(ID="DSset", info=chr(1)))
            itx = (itx + 1) % len(LEL_AP)
            time.sleep(0.001)
    except Exception as e:
        print(e)
        s.close()
def poc():

    # Capture a TKIP Frame.
    print "[+] Capturing a TKIP Frame..."
    sock = conf.L2socket(type=ETH_P_ALL, iface=IFACE)
    l = sniff(lfilter=isTKIP, count=1, timeout=120, opened_socket=sock)
    if len(l) <= 0:
        print "[-] Failed to capture a TKIP Frame."
        exit()
    packet = l[0].getlayer(Dot11)
    print "[+]", packet.summary()

    # Inject a Message with enabled Power Management, followed by a PS-Poll Message.
    packet = modifyTKIP(packet)
    sock.send(RadioTap() / packet)
    sock.send(RadioTap() / getPSPoll())

    # Attempt to capture a Null-Data Message.
    l = sniff(lfilter=isNullData, count=1, timeout=1, opened_socket=sock)
    if len(l) > 0:
        print "[+] Received a Null Data Frame."
    else:
        print "[-] Did not Receive a Null Data Frame."
Exemple #17
0
def srp(x,
        promisc=None,
        iface=None,
        iface_hint=None,
        filter=None,
        nofilter=0,
        type=ETH_P_ALL,
        *args,
        **kargs):  # noqa: E501
    """Send and receive packets at layer 2
nofilter: put 1 to avoid use of BPF filters
retry:    if positive, how many times to resend unanswered packets
          if negative, how many times to retry when no more packets are answered  # noqa: E501
timeout:  how much time to wait after the last packet has been sent
verbose:  set verbosity level
multi:    whether to accept multiple answers for the same stimulus
filter:   provide a BPF filter
iface:    work only on the given interface
store_unanswered: whether to store not-answered packets or not. Default True.
                  setting it to False will increase speed, and will return None
                  as the unans list.
process:  if specified, only result from process(pkt) will be stored.
          the function should follow the following format:
            lambda sent, received: (func(sent), func2(received))
          if the packet is unanswered, `received` will be None.
          if `store_unanswered` is False, the function won't be called on un-answered packets."""  # noqa: E501
    if iface is None and iface_hint is not None:
        iface = conf.route.route(iface_hint)[0]
    s = conf.L2socket(promisc=promisc,
                      iface=iface,
                      filter=filter,
                      nofilter=nofilter,
                      type=type)  # noqa: E501
    result = sndrcv(s, x, *args, **kargs)
    s.close()
    return result
Exemple #18
0
 def start(self):
     self.s = conf.L2socket(iface=self.iface)
Exemple #19
0
# limitations under the License

from scapy.all import Ether, IP, sendp, get_if_hwaddr, get_if_list, TCP, Raw, UDP
from scapy.config import conf
import sys
from time import sleep, time
from multiprocessing import Process

src_mac = "00:00:00:00:01:01"
data = "ABCDFE"
src_ip = "10.0.1.1"
dst_mac = "00:00:00:00:02:02"
dst_ip = "10.0.2.2"

interface = [i for i in get_if_list() if "eth0" in i][0]
s = conf.L2socket(iface=interface)

p = Ether(dst=dst_mac, src=src_mac) / IP(frag=0, dst=dst_ip, src=src_ip)
p = p / UDP(sport=0x11FF, dport=0x22FF) / Raw(load=data)


def send(id):
    pkt_cnt = 0
    last_sec = time()
    while True:
        s.send(p)
        pkt_cnt += 1
        if time() - last_sec > 1.0:
            print("[%d]Pkt/s: %d" % (id, pkt_cnt))
            pkt_cnt = 0
            last_sec = time()
Exemple #20
0
 def __init__(self, interface_name):
     PacketVerifier.__init__(self, interface_name)
     self._sock = conf.L2socket(iface=interface_name, type=ETH_P_ALL)
Exemple #21
0
 def start(self):
     # type: () -> None
     self.s = conf.L2socket(iface=self.iface)