def load_pcap_file(filename, display=True):
if display:
pkts = []
with PcapReader(filename) as plist:
for pkt in tqdm(plist, desc="Loading Pcap "):
pkts.append(pkt)
# filtering packets
pkts = [
pkt for pkt in pkts if (UDP in pkt) and (VideoProtocol in pkt)
]
plist = PacketList(pkts, name=os.path.basename(filename))
# IP defragment
plist = ip_defragment(plist)
else:
plist = rdpcap(filename)
plist = PacketList(
[p for p in plist if (UDP in p) and (VideoProtocol in p)])
plist = defragment(plist)
# convert Video
video = []
parser = VideoProtocolParser()
for pkt in plist:
image = parser.toimage(pkt)
if image is None:
continue
else:
video.append(image)
return video
def __init__(self, packets, localport=50002, remoteport=4172, isUDP=True):
'''
Initialise a conversation from a pcap file or a list otherwise obtained from scapy
using scapy.rdpcap (also available as udpanal.rdpcap).
Args:
* packets - either string representing relative or absolute filename for pcap file
or PacketList object returned by rdpcap
* localport - the UDP port you communicated from
* remoteport - the UDP port you are communicating with
* isUDP - for future use when TCP & SCTP are also implemented
'''
if type(packets) == type(''):
pktlist = rdpcap(packets)
elif type(PacketList()) == type(packets):
pktlist = packets # re-initialise, take the penalty to kill that annoying 'filter multiplicity)
else:
self = packets
self.lport = localport
self.rport = remoteport
if isUDP:
pktlist = pktlist.filter(lambda x: x.haslayer(UDP))
pktlist = pktlist.filter(
lambda x: x.getlayer(UDP).dport == self.lport or x.getlayer(
UDP).sport == self.lport or x.getlayer(UDP).dport == self.
rport or x.getlayer(UDP).sport == self.rport)
self.pktlist = PacketList(pktlist)
self.count = len(self.pktlist)
return
def _run(self,
store=False,
prn=None,
lfilter=None,
refresh=.1,
*args,
**kwargs):
s = conf.L2listen(type=ETH_P_ALL, *args, **kwargs)
lst = []
self.running = True
try:
while True:
if self.stop_event and self.stop_event.is_set():
break
sel = select([s], [], [], refresh)
if s in sel[0]:
p = s.recv(MTU)
if p is None:
break
if lfilter and not lfilter(p):
continue
if store:
lst.append(p)
if prn:
r = prn(p)
if r is not None:
print(r)
except KeyboardInterrupt:
pass
finally:
s.close()
self.results = PacketList(lst, "Sniffed")
def crypt2plain(self, pcapFile, encType, key):
"""Converts an encrypted stream to unencrypted stream
Returns the unencrypted stream input as a scapy PacketList object
Future plans involve offering a yield parameter so that pcapList,
instead returns as a generated object; should save memory this way.
Does not have the capability to diff between multiple keys encTypes
Possible workaround for this is taking the try and using except,
creating a return to let the user know which objs to retry on
For now, skipping.
"""
## Use the generator of PcapReader for memory purposes
pObj = PcapReader(pcapFile)
pcapList = []
## Deal with WEP
if encType == 'WEP':
for i in pObj:
try:
pkt, iv = pyDot11.wepDecrypt(i, key)
except:
pkt = i
pcapList.append(pkt)
## Return the stream like a normal Scapy PacketList
return PacketList(res=pcapList)
def __gen_send(
s, # type: SuperSocket
x, # type: _PacketIterable
inter=0, # type: int
loop=0, # type: int
count=None, # type: Optional[int]
verbose=None, # type: Optional[int]
realtime=False, # type: bool
return_packets=False, # type: bool
*args, # type: Any
**kargs # type: Any
):
# type: (...) -> Optional[PacketList]
"""
An internal function used by send/sendp to actually send the packets,
implement the send logic...
It will take care of iterating through the different packets
"""
if isinstance(x, str):
x = conf.raw_layer(load=x)
if not isinstance(x, Gen):
x = SetGen(x)
if verbose is None:
verbose = conf.verb
n = 0
if count is not None:
loop = -count
elif not loop:
loop = -1
if return_packets:
sent_packets = PacketList()
try:
while loop:
dt0 = None
for p in x:
if realtime:
ct = time.time()
if dt0:
st = dt0 + float(p.time) - ct
if st > 0:
time.sleep(st)
else:
dt0 = ct - float(p.time)
s.send(p)
if return_packets:
sent_packets.append(p)
n += 1
if verbose:
os.write(1, b".")
time.sleep(inter)
if loop < 0:
loop += 1
except KeyboardInterrupt:
pass
if verbose:
print("\nSent %i packets." % n)
if return_packets:
return sent_packets
return None
def parse(self, plist):
"""Update the builder using the provided `plist`. `plist` can
be either a Packet() or a PacketList().
"""
if not isinstance(plist, PacketList):
plist = PacketList(plist)
for pkt in plist[LLTD]:
if LLTDQueryLargeTlv in pkt:
key = "%s:%s:%d" % (pkt.real_dst, pkt.real_src, pkt.seq)
self.types_offsets[key] = (pkt[LLTDQueryLargeTlv].type,
pkt[LLTDQueryLargeTlv].offset)
elif LLTDQueryLargeTlvResp in pkt:
try:
key = "%s:%s:%d" % (pkt.real_src, pkt.real_dst, pkt.seq)
content, offset = self.types_offsets[key]
except KeyError:
continue
loc = slice(offset, offset + pkt[LLTDQueryLargeTlvResp].len)
key = "%s > %s [%s]" % (
pkt.real_src,
pkt.real_dst,
LLTDQueryLargeTlv.fields_desc[0].i2s.get(content, content),
)
data = self.data.setdefault(key, array("B"))
datalen = len(data)
if datalen < loc.stop:
data.extend(array("B", b"\x00" * (loc.stop - datalen)))
data[loc] = array("B", pkt[LLTDQueryLargeTlvResp].value)
def __init__(self,
init_session=None,
init_security_level=None,
init_communication_control=None,
logging=True,
verbose=True,
store_supported_responses=True):
"""
Initialize an Ecu object
:param init_session: An initial session
:param init_security_level: An initial security level
:param init_communication_control: An initial communication control
setting
:param logging: Turn logging on or off. Default is on.
:param verbose: Turn tracking on or off. Default is on.
:param store_supported_responses: Turn creation of supported responses
on or off. Default is on.
"""
self.state = EcuState(session=init_session or 1,
security_level=init_security_level or 0,
communication_control=init_communication_control
or 0)
self.verbose = verbose
self.logging = logging
self.store_supported_responses = store_supported_responses
self.log = defaultdict(list)
self._supported_responses = list()
self._unanswered_packets = PacketList()
def make_reply(self, req):
if self.supported_responses is not None:
for resp in self.supported_responses:
if not isinstance(resp, EcuResponse):
raise Scapy_Exception("Unsupported type for response. "
"Please use `EcuResponse` objects. ")
if not resp.in_correct_session(self.ecu_state.current_session):
continue
if not resp.has_security_access(
self.ecu_state.current_security_level):
continue
if not resp.answers(req):
continue
for r in resp.responses:
for layer in r.layers():
if hasattr(layer, "modifies_ecu_state"):
layer.modifies_ecu_state(r, self.ecu_state)
return resp.responses
return PacketList([self.basecls(b"\x7f" + bytes(req)[0:1] + b"\x10")])
def make_reply(self, req):
# type: (Packet) -> PacketList
"""
Checks if a given request can be answered by the internal list of
EcuResponses. First, it's evaluated if the internal EcuState of this
AnsweringMachine is supported by an EcuResponse, next it's evaluated if
a request answers the key_response of this EcuResponse object. The
first fitting EcuResponse is used. If this EcuResponse modified the
EcuState, the internal EcuState of this AnsweringMachine is updated,
and the list of response Packets of the selected EcuResponse is
returned. If no EcuResponse if found, a PacketList with a generic
NegativeResponse is returned.
:param req: A request packet
:return: A list of response packets
"""
if self._supported_responses is not None:
for resp in self._supported_responses:
if not isinstance(resp, EcuResponse):
raise TypeError("Unsupported type for response. "
"Please use `EcuResponse` objects.")
with self._ecu_state_mutex:
if not resp.supports_state(self._ecu_state):
continue
if not resp.answers(req):
continue
EcuState.get_modified_ecu_state(
resp.key_response, req, self._ecu_state, True)
return resp.responses
return PacketList([self._basecls(
b"\x7f" + bytes(req)[0:1] + b"\x10")])
def toEthernet(self):
data = map(lambda x:x.getlayer(Dot11), filter(lambda x : x.haslayer(Dot11) and x.type == 2, self.res))
r2 = []
for p in data:
q = p.copy()
q.unwep()
r2.append(Ether()/q.payload.payload.payload) #Dot11/LLC/SNAP/IP
return PacketList(r2,name="Ether from %s"%self.listname)
def toEthernet(self):
data = [x[Dot11] for x in self.res if Dot11 in x and x.type == 2]
r2 = []
for p in data:
q = p.copy()
q.unwep()
r2.append(Ether() / q.payload.payload.payload) # Dot11/LLC/SNAP/IP
return PacketList(r2, name="Ether from %s" % self.listname)
def refresh():
Vault.__threading_packet_list = PacketList()
Vault.__mapping = Counter()
Vault.__packet_count = 0
Vault.__session_dict = {}
Vault.__session_header = []
Vault.__flagged_dict = {}
Vault.__carved_files = []
def get_capture(self,
expected_count=None,
remark=None,
timeout=1,
filter_out_fn=is_ipv6_misc):
""" Get captured packets
:param expected_count: expected number of packets to capture, if None,
then self.test.packet_count_for_dst_pg_idx is
used to lookup the expected count
:param remark: remark printed into debug logs
:param timeout: how long to wait for packets
:param filter_out_fn: filter applied to each packet, packets for which
the filter returns True are removed from capture
:returns: iterable packets
"""
remaining_time = timeout
capture = None
name = self.name if remark is None else "%s (%s)" % (self.name, remark)
based_on = "based on provided argument"
if expected_count is None:
expected_count = \
self.test.get_packet_count_for_if_idx(self.sw_if_index)
based_on = "based on stored packet_infos"
if expected_count == 0:
raise Exception(
"Internal error, expected packet count for %s is 0!" %
name)
self.test.logger.debug("Expecting to capture %s (%s) packets on %s" %
(expected_count, based_on, name))
while remaining_time > 0:
before = time.time()
capture = self._get_capture(remaining_time, filter_out_fn)
elapsed_time = time.time() - before
if capture:
if len(capture.res) == expected_count:
# bingo, got the packets we expected
return capture
elif len(capture.res) > expected_count:
self.test.logger.error(
ppc("Unexpected packets captured:", capture))
break
else:
self.test.logger.debug("Partial capture containing %s "
"packets doesn't match expected "
"count %s (yet?)" %
(len(capture.res), expected_count))
elif expected_count == 0:
# bingo, got None as we expected - return empty capture
return PacketList()
remaining_time -= elapsed_time
if capture:
self.generate_debug_aid("count-mismatch")
raise Exception("Captured packets mismatch, captured %s packets, "
"expected %s packets on %s" %
(len(capture.res), expected_count, name))
else:
raise Exception("No packets captured on %s" % name)
def _do_control(self, ready, *args, **kargs):
with self.started:
self.threadid = threading.currentThread().ident
# Update default parameters
a = args + self.init_args[len(args):]
k = self.init_kargs.copy()
k.update(kargs)
self.parse_args(*a, **k)
# Start the automaton
self.state = self.initial_states[0](self)
self.send_sock = self.send_sock_class(**self.socket_kargs)
self.listen_sock = self.recv_sock_class(**self.socket_kargs)
self.packets = PacketList(name="session[%s]" % self.__class__.__name__) # noqa: E501
singlestep = True
iterator = self._do_iter()
self.debug(3, "Starting control thread [tid=%i]" % self.threadid)
# Sync threads
ready.set()
try:
while True:
c = self.cmdin.recv()
self.debug(5, "Received command %s" % c.type)
if c.type == _ATMT_Command.RUN:
singlestep = False
elif c.type == _ATMT_Command.NEXT:
singlestep = True
elif c.type == _ATMT_Command.FREEZE:
continue
elif c.type == _ATMT_Command.STOP:
break
while True:
state = next(iterator)
if isinstance(state, self.CommandMessage):
break
elif isinstance(state, self.Breakpoint):
c = Message(type=_ATMT_Command.BREAKPOINT, state=state) # noqa: E501
self.cmdout.send(c)
break
if singlestep:
c = Message(type=_ATMT_Command.SINGLESTEP, state=state) # noqa: E501
self.cmdout.send(c)
break
except StopIteration as e:
c = Message(type=_ATMT_Command.END,
result=self.final_state_output)
self.cmdout.send(c)
except Exception as e:
exc_info = sys.exc_info()
self.debug(3, "Transferring exception from tid=%i:\n%s" % (self.threadid, traceback.format_exception(*exc_info))) # noqa: E501
m = Message(type=_ATMT_Command.EXCEPTION, exception=e, exc_info=exc_info) # noqa: E501
self.cmdout.send(m)
self.debug(3, "Stopping control thread (tid=%i)" % self.threadid)
self.threadid = None
def __sr_loop(srfunc, pkts, prn=lambda x: x[1].summary(),
prnfail=lambda x: x.summary(),
inter=1, timeout=None, count=None, verbose=None, store=1,
*args, **kargs):
n = 0
r = 0
ct = conf.color_theme
if verbose is None:
verbose = conf.verb
parity = 0
ans = []
unans = []
if timeout is None:
timeout = min(2 * inter, 5)
try:
while True:
parity ^= 1
col = [ct.even, ct.odd][parity]
if count is not None:
if count == 0:
break
count -= 1
start = time.time()
if verbose > 1:
print("\rsend...\r", end=' ')
res = srfunc(pkts, timeout=timeout, verbose=0, chainCC=True, *args, **kargs) # noqa: E501
n += len(res[0]) + len(res[1])
r += len(res[0])
if verbose > 1 and prn and len(res[0]) > 0:
msg = "RECV %i:" % len(res[0])
print("\r" + ct.success(msg), end=' ')
for p in res[0]:
print(col(prn(p)))
print(" " * len(msg), end=' ')
if verbose > 1 and prnfail and len(res[1]) > 0:
msg = "fail %i:" % len(res[1])
print("\r" + ct.fail(msg), end=' ')
for p in res[1]:
print(col(prnfail(p)))
print(" " * len(msg), end=' ')
if verbose > 1 and not (prn or prnfail):
print("recv:%i fail:%i" % tuple(map(len, res[:2])))
if store:
ans += res[0]
unans += res[1]
end = time.time()
if end - start < inter:
time.sleep(inter + start - end)
except KeyboardInterrupt:
pass
if verbose and n > 0:
print(ct.normal("\nSent %i packets, received %i packets. %3.1f%% hits." % (n, r, 100.0 * r / n))) # noqa: E501
return SndRcvList(ans), PacketList(unans)
def __init__(self, logging=True, verbose=True,
store_supported_responses=True, lookahead=10):
# type: (bool, bool, bool, int) -> None
self.state = EcuState()
self.verbose = verbose
self.logging = logging
self.store_supported_responses = store_supported_responses
self.lookahead = lookahead
self.log = defaultdict(list) # type: Dict[str, List[Any]]
self.__supported_responses = list() # type: List[EcuResponse]
self.__unanswered_packets = PacketList()
def __init__(self,
session=1,
security_level=0,
responses=Raw(b"\x7f\x10"),
answers=None):
"""
Initialize an EcuResponse capsule
:param session: Defines the session in which this response is valid.
A integer, a callable or any iterable object can be
provided.
:param security_level: Defines the security_level in which this
response is valid. A integer, a callable or any
iterable object can be provided.
:param responses: A Packet or a list of Packet objects. By default the
last packet is asked if it answers a incoming packet.
This allows to send for example
`requestCorrectlyReceived-ResponsePending` packets.
:param answers: Optional argument to provide a custom answer here:
`lambda resp, req: return resp.answers(req)`
This allows the modification of a response depending
on a request. Custom SecurityAccess mechanisms can
be implemented in this way or generic NegativeResponse
messages which answers to everything can be realized
in this way.
"""
self.__session = session \
if hasattr(session, "__iter__") or callable(session) else [session]
self.__security_level = security_level \
if hasattr(security_level, "__iter__") or callable(security_level)\
else [security_level]
if isinstance(responses, PacketList):
self.responses = responses
elif isinstance(responses, Packet):
self.responses = PacketList([responses])
elif hasattr(responses, "__iter__"):
self.responses = PacketList(responses)
else:
self.responses = PacketList([responses])
self.__custom_answers = answers
def arpleak(target, plen=255, hwlen=255, **kargs):
# type: (str, int, int, **Any) -> Tuple[SndRcvList, PacketList]
"""Exploit ARP leak flaws, like NetBSD-SA2017-002.
https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2017-002.txt.asc
"""
# We want explicit packets
pkts_iface = {} # type: Dict[str, List[Ether]]
for pkt in ARP(pdst=target):
# We have to do some of Scapy's work since we mess with
# important values
iface = conf.route.route(pkt.pdst)[0]
psrc = get_if_addr(iface)
hwsrc = get_if_hwaddr(iface)
pkt.plen = plen
pkt.hwlen = hwlen
if plen == 4:
pkt.psrc = psrc
else:
pkt.psrc = inet_aton(psrc)[:plen]
pkt.pdst = inet_aton(pkt.pdst)[:plen]
if hwlen == 6:
pkt.hwsrc = hwsrc
else:
pkt.hwsrc = mac2str(hwsrc)[:hwlen]
pkts_iface.setdefault(iface, []).append(
Ether(src=hwsrc, dst=ETHER_BROADCAST) / pkt
)
ans, unans = SndRcvList(), PacketList(name="Unanswered")
for iface, pkts in viewitems(pkts_iface):
ans_new, unans_new = srp(pkts, iface=iface, filter="arp", **kargs)
ans += ans_new
unans += unans_new
ans.listname = "Results"
unans.listname = "Unanswered"
for _, rcv in ans:
if ARP not in rcv:
continue
rcv = rcv[ARP]
psrc = rcv.get_field('psrc').i2m(rcv, rcv.psrc)
if plen > 4 and len(psrc) > 4:
print("psrc")
hexdump(psrc[4:])
print()
hwsrc = rcv.get_field('hwsrc').i2m(rcv, rcv.hwsrc)
if hwlen > 6 and len(hwsrc) > 6:
print("hwsrc")
hexdump(hwsrc[6:])
print()
return ans, unans
def __gen_send(s,
x,
inter=0,
loop=0,
count=None,
verbose=None,
realtime=None,
return_packets=False,
*args,
**kargs): # noqa: E501
if isinstance(x, str):
x = conf.raw_layer(load=x)
if not isinstance(x, Gen):
x = SetGen(x)
if verbose is None:
verbose = conf.verb
n = 0
if count is not None:
loop = -count
elif not loop:
loop = -1
if return_packets:
sent_packets = PacketList()
try:
while loop:
dt0 = None
for p in x:
if realtime:
ct = time.time()
if dt0:
st = dt0 + float(p.time) - ct
if st > 0:
time.sleep(st)
else:
dt0 = ct - float(p.time)
s.send(p)
if return_packets:
sent_packets.append(p)
n += 1
if verbose:
os.write(1, b".")
time.sleep(inter)
if loop < 0:
loop += 1
except KeyboardInterrupt:
pass
if verbose:
print("\nSent %i packets." % n)
if return_packets:
return sent_packets
def read_all(self, count=-1):
"""return a list of all packets in the candump file
"""
res = []
while count != 0:
try:
p = self.read_packet()
if p is None:
continue
except EOFError:
break
count -= 1
res.append(p)
return PacketList(res, name=os.path.basename(self.filename))
def convert_packet_list_to_data_frame(self, pcap):
"""Convert scapy packet list to pandas data frame.
:param pcap: scapy packet list
"""
try:
pcap = PacketList(pcap)
except TypeError as err:
print(f"Convert to PacketList failed...error is: {err}")
# Create blank DataFrame
df = pd.DataFrame(columns=self.dataframe_fields)
for packet in pcap[IP]:
# Field array for each row of DataFrame
field_values = []
# Add all IP fields to dataframe
for field in self.ip_fields:
if field == 'options':
# Retrieving number of options defined in IP Header
field_values.append(len(packet[IP].fields[field]))
else:
field_values.append(packet[IP].fields[field])
field_values.append(str(packet.time))
layer_type = type(packet[IP].payload)
for field in self.tcp_fields:
try:
if field == 'options':
field_values.append(len(packet[layer_type].fields[field]))
else:
field_values.append(packet[layer_type].fields[field])
except:
field_values.append(None)
# Append payload
field_values.append(len(packet[layer_type].payload))
field_values.append(packet[layer_type].payload.original)
field_values.append(binascii.hexlify(packet[layer_type].payload.original))
# Add row to DF
df_append = pd.DataFrame([field_values],
columns=self.dataframe_fields)
df = pd.concat([df, df_append], axis=0)
# Reset Index
df = df.reset_index()
# Drop old index column
df = df.drop(columns="index")
self.df = df
def __init__(self, state=None, responses=Raw(b"\x7f\x10"), answers=None):
# type: (Optional[Union[EcuState, Iterable[EcuState]]], Union[Iterable[Packet], PacketList, Packet], Optional[Callable[[Packet, Packet], bool]]) -> None # noqa: E501
if state is None:
self.__states = None # type: Optional[List[EcuState]]
else:
if hasattr(state, "__iter__"):
state = cast(List[EcuState], state)
self.__states = state
else:
state = cast(EcuState, state)
self.__states = [state]
if isinstance(responses, PacketList):
self.__responses = responses # type: PacketList
elif isinstance(responses, Packet):
self.__responses = PacketList([responses])
elif hasattr(responses, "__iter__"):
responses = cast(List[Packet], responses)
self.__responses = PacketList(responses)
else:
raise TypeError(
"Can't handle type %s as response" % type(responses))
self.__custom_answers = answers
def __init__(self, *args, **kargs):
# type: (Any, Any) -> None
external_fd = kargs.pop("external_fd", {})
self.send_sock_class = kargs.pop("ll", conf.L3socket)
self.recv_sock_class = kargs.pop("recvsock", conf.L2listen)
self.is_atmt_socket = kargs.pop("is_atmt_socket", False)
self.started = threading.Lock()
self.threadid = None # type: Optional[int]
self.breakpointed = None
self.breakpoints = set() # type: Set[_StateWrapper]
self.interception_points = set() # type: Set[_StateWrapper]
self.intercepted_packet = None # type: Union[None, Packet]
self.debug_level = 0
self.init_args = args
self.init_kargs = kargs
self.io = type.__new__(type, "IOnamespace", (), {})
self.oi = type.__new__(type, "IOnamespace", (), {})
self.cmdin = ObjectPipe[Message]("cmdin")
self.cmdout = ObjectPipe[Message]("cmdout")
self.ioin = {}
self.ioout = {}
self.packets = PacketList() # type: PacketList
for n in self.__class__.ionames:
extfd = external_fd.get(n)
if not isinstance(extfd, tuple):
extfd = (extfd, extfd)
ioin, ioout = extfd
if ioin is None:
ioin = ObjectPipe("ioin")
else:
ioin = self._IO_fdwrapper(ioin, None)
if ioout is None:
ioout = ObjectPipe("ioout")
else:
ioout = self._IO_fdwrapper(None, ioout)
self.ioin[n] = ioin
self.ioout[n] = ioout
ioin.ioname = n
ioout.ioname = n
setattr(self.io, n, self._IO_mixer(ioout, ioin))
setattr(self.oi, n, self._IO_mixer(ioin, ioout))
for stname in self.states:
setattr(self, stname,
_instance_state(getattr(self, stname)))
self.start()
def _update_supported_responses(self, pkt):
self._unanswered_packets += PacketList([pkt])
answered, unanswered = self._unanswered_packets.sr()
for _, resp in answered:
ecu_resp = EcuResponse(session=self.current_session,
security_level=self.current_security_level,
responses=resp)
if ecu_resp not in self._supported_responses:
if self.verbose:
print("[+] ", repr(ecu_resp))
self._supported_responses.append(ecu_resp)
else:
if self.verbose:
print("[-] ", repr(ecu_resp))
self._unanswered_packets = unanswered
def read_all(self, count=-1):
# type: (int) -> PacketList
"""Read a specific number or all packets from a candump file.
:param count: Specify a specific number of packets to be read.
All packets can be read by count=-1.
:return: A PacketList object containing read CAN messages
"""
res = []
while count != 0:
try:
p = self.read_packet()
if p is None:
continue
except EOFError:
break
count -= 1
res.append(p)
return PacketList(res, name=os.path.basename(self.filename))
def ip_defragment(plist):
"""defrag(plist) -> plist defragmented as much as possible """
frags = defaultdict(lambda: [])
final = []
pos = 0
for p in plist:
p._defrag_pos = pos
pos += 1
if IP in p:
ip = p[IP]
if ip.frag != 0 or ip.flags & 1:
ip = p[IP]
uniq = (ip.id, ip.src, ip.dst, ip.proto)
frags[uniq].append(p)
continue
final.append(p)
pbar = tqdm(total=len(frags), desc="IP defrag(1/2) ")
defrag = []
missfrag = []
for lst in six.itervalues(frags):
pbar.update(1)
lst.sort(key=lambda x: x.frag)
p = lst[0]
lastp = lst[-1]
if p.frag > 0 or lastp.flags & 1 != 0: # first or last fragment missing
missfrag += lst
continue
p = p.copy()
if conf.padding_layer in p:
del (p[conf.padding_layer].underlayer.payload)
ip = p[IP]
if ip.len is None or ip.ihl is None:
clen = len(ip.payload)
else:
clen = ip.len - (ip.ihl << 2)
txt = conf.raw_layer()
for q in lst[1:]:
if clen != q.frag << 3: # Wrong fragmentation offset
if clen > q.frag << 3:
warning("Fragment overlap (%i > %i) %r || %r || %r" %
(clen, q.frag << 3, p, txt, q))
missfrag += lst
break
if q[IP].len is None or q[IP].ihl is None:
clen += len(q[IP].payload)
else:
clen += q[IP].len - (q[IP].ihl << 2)
if conf.padding_layer in q:
del (q[conf.padding_layer].underlayer.payload)
txt.add_payload(q[IP].payload.copy())
else:
ip.flags &= ~1 # !MF
del (ip.chksum)
del (ip.len)
p = p / txt
p._defrag_pos = max(x._defrag_pos for x in lst)
defrag.append(p)
pbar.close()
defrag2 = []
for p in tqdm(defrag, desc="IP defrag(2/2) "):
q = p.__class__(raw(p))
q._defrag_pos = p._defrag_pos
defrag2.append(q)
final += defrag2
final += missfrag
final.sort(key=lambda x: x._defrag_pos)
for p in final:
del (p._defrag_pos)
if hasattr(plist, "listname"):
name = "Defragmented %s" % plist.listname
else:
name = "Defragmented"
return PacketList(final, name=name)
def toPacketList(self):
# type: () -> PacketList
if self._supersession:
return PacketList(self._supersession.lst, "Sniffed")
else:
return PacketList(self.lst, "Sniffed")
def __init__(self,
pks,
pkt,
timeout=None,
inter=0,
verbose=None,
chainCC=False,
retry=0,
multi=False,
rcv_pks=None,
prebuild=False,
_flood=None):
# Instantiate all arguments
if verbose is None:
verbose = conf.verb
if conf.debug_match:
debug.recv = PacketList([], "Received")
debug.sent = PacketList([], "Sent")
debug.match = SndRcvList([], "Matched")
self.nbrecv = 0
self.ans = []
self.pks = pks
self.rcv_pks = rcv_pks or pks
self.inter = inter
self.verbose = verbose
self.chainCC = chainCC
self.multi = multi
self.timeout = timeout
# Instantiate packet holders
if _flood:
self.tobesent = pkt
self.notans = _flood[0]
else:
if isinstance(pkt, types.GeneratorType) or prebuild:
self.tobesent = [p for p in pkt]
self.notans = len(self.tobesent)
else:
self.tobesent = (SetGen(pkt)
if not isinstance(pkt, Gen) else pkt)
self.notans = self.tobesent.__iterlen__()
if retry < 0:
autostop = retry = -retry
else:
autostop = 0
if timeout is not None and timeout < 0:
self.timeout = None
while retry >= 0:
self.hsent = {}
# Send packets in thread.
# https://github.com/secdev/scapy/issues/1791
snd_thread = Thread(target=self._sndrcv_snd)
snd_thread.setDaemon(True)
# Start routine with callback
self._sndrcv_rcv(snd_thread.start)
# Ended. Let's close gracefully
if _flood:
# Flood: stop send thread
_flood[1]()
snd_thread.join()
if multi:
remain = [
p for p in itertools.chain(*six.itervalues(self.hsent))
if not hasattr(p, '_answered')
]
else:
remain = list(itertools.chain(*six.itervalues(self.hsent)))
if autostop and len(remain) > 0 and \
len(remain) != len(self.tobesent):
retry = autostop
self.tobesent = remain
if len(self.tobesent) == 0:
break
retry -= 1
if conf.debug_match:
debug.sent = PacketList(remain[:], "Sent")
debug.match = SndRcvList(self.ans[:])
# Clean the ans list to delete the field _answered
if multi:
for snd, _ in self.ans:
if hasattr(snd, '_answered'):
del snd._answered
if verbose:
print("\nReceived %i packets, got %i answers, "
"remaining %i packets" %
(self.nbrecv + len(self.ans), len(self.ans), self.notans))
self.ans_result = SndRcvList(self.ans)
self.unans_result = PacketList(remain, "Unanswered")
class debug:
recv = PacketList([], "Received")
sent = PacketList([], "Sent")
match = SndRcvList([], "Matched")
crashed_on = None # type: Optional[Tuple[Type[Packet], bytes]]
def __init__(self,
pks, # type: SuperSocket
pkt, # type: _PacketIterable
timeout=None, # type: Optional[int]
inter=0, # type: int
verbose=None, # type: Optional[int]
chainCC=False, # type: bool
retry=0, # type: int
multi=False, # type: bool
rcv_pks=None, # type: Optional[SuperSocket]
prebuild=False, # type: bool
_flood=None, # type: Optional[Tuple[int, Callable[[], None]]] # noqa: E501
threaded=False, # type: bool
session=None # type: Optional[_GlobSessionType]
):
# type: (...) -> None
# Instantiate all arguments
if verbose is None:
verbose = conf.verb
if conf.debug_match:
debug.recv = PacketList([], "Received")
debug.sent = PacketList([], "Sent")
debug.match = SndRcvList([], "Matched")
self.nbrecv = 0
self.ans = [] # type: List[QueryAnswer]
self.pks = pks
self.rcv_pks = rcv_pks or pks
self.inter = inter
self.verbose = verbose
self.chainCC = chainCC
self.multi = multi
self.timeout = timeout
self.session = session
# Instantiate packet holders
if _flood:
self.tobesent = pkt # type: Union[_PacketIterable, SetGen[Packet]]
self.notans = _flood[0]
else:
if isinstance(pkt, types.GeneratorType) or prebuild:
self.tobesent = list(pkt)
self.notans = len(self.tobesent)
else:
self.tobesent = (
SetGen(pkt) if not isinstance(pkt, Gen) else pkt
)
self.notans = self.tobesent.__iterlen__()
if retry < 0:
autostop = retry = -retry
else:
autostop = 0
if timeout is not None and timeout < 0:
self.timeout = None
while retry >= 0:
self.hsent = {} # type: Dict[bytes, List[Packet]]
if threaded or _flood:
# Send packets in thread.
# https://github.com/secdev/scapy/issues/1791
snd_thread = Thread(
target=self._sndrcv_snd
)
snd_thread.setDaemon(True)
# Start routine with callback
self._sndrcv_rcv(snd_thread.start)
# Ended. Let's close gracefully
if _flood:
# Flood: stop send thread
_flood[1]()
snd_thread.join()
else:
self._sndrcv_rcv(self._sndrcv_snd)
if multi:
remain = [
p for p in itertools.chain(*six.itervalues(self.hsent))
if not hasattr(p, '_answered')
]
else:
remain = list(itertools.chain(*six.itervalues(self.hsent)))
if autostop and len(remain) > 0 and \
len(remain) != len(self.tobesent):
retry = autostop
self.tobesent = remain
if len(self.tobesent) == 0:
break
retry -= 1
if conf.debug_match:
debug.sent = PacketList(remain[:], "Sent")
debug.match = SndRcvList(self.ans[:])
# Clean the ans list to delete the field _answered
if multi:
for snd, _ in self.ans:
if hasattr(snd, '_answered'):
del snd._answered
if verbose:
print(
"\nReceived %i packets, got %i answers, "
"remaining %i packets" % (
self.nbrecv + len(self.ans), len(self.ans), self.notans
)
)
self.ans_result = SndRcvList(self.ans)
self.unans_result = PacketList(remain, "Unanswered")
