def action(self, packet): targetip = utils.bin_to_ip(packet.data.src) targetport = 137 nbns_response = packet.data.data.data nbns_response.op = 0x8500 # For each question, add an answer for query in nbns_response.qd: name = decode_name(query.name).rstrip() address = self.getAddress(name) if not address: out.debug("%s: Skipped Query from %s for %s" % (self.getName(), targetip, name), 0) continue answer = NS.RR() answer.name = query.name # We reinsert in encoded format answer.type = query.type answer.cls = query.cls answer.ttl = 120 # Not very long TTL answer.rlen = 6 answer.rdata = '\x00\x00' + utils.ip_to_bin(address) # 0x0000 is flags for Unique name + B-Node nbns_response.an.append(answer) nbns_response.qd = [] if len(nbns_response.an) == 0: return False # Response is a UDP packet with 137 source port and Query's IP+Port as destination sock = socket(AF_INET, SOCK_DGRAM) sock.bind(('0.0.0.0', targetport)) sock.sendto(str(nbns_response), (targetip, packet.data.data.sport)) sock.close() for answer in nbns_response.an: out.verbose("%s: \tResponse: %s - %s" % (self.getName(), decode_name(answer.name).rstrip(), utils.bin_to_ip(answer.rdata[2:]))) return True
def loadModules(self,modules): out.debug("Started loading modules", 2) # If no modules specified through command-line args, import # all modules in modules directory. if not modules: modules = self.findModules() for module in modules: self.loadModule(module) out.debug("Finished loading modules", 2)
def loadModule(self, name): try: f, pathname, desc = imp.find_module(name, [self.mod_dir]) except ImportError: out.error("Couldn't find %s module." % name) self.stop() lm = imp.load_source(name, pathname) module = [x for x in getmembers(lm) if x[0] == name][0][1] out.debug("loaded module %s" % name, 0) self.addModule(module)
def handlePackets(self, pktlen, data, timestamp): # First, parse the packet packet = self.parseData(data) if not packet: return False # Then send it for each module's condition for module in self.modules: if module.condition(packet): out.debug("%s module accepted new packet." % module.getName(), 1) # TODO Dispatch to another thread module.action(packet)
def action(self, packet): targetip = utils.bin_to_ip(packet.data.src) targetport = 5355 llmnr_response = packet.data.data.data llmnr_response.op = 0x8000 # For each question, add an answer for query in llmnr_response.qd: address = self.getAddress(query.name, query.type) if not address: out.debug("%s: Skipped query from %s for %s" % (self.getName(), targetip, query.name), 0) continue answer = dpkt.dns.DNS.RR() answer.name = query.name answer.type = query.type answer.cls = query.cls answer.ttl = 30 if answer.type == dpkt.dns.DNS_A: answer.rlen = 4 answer.rdata = utils.ip_to_bin(address) elif answer.type == dpkt.dns.DNS_AAAA: answer.rlen = 16 answer.rdata = utils.ip6_to_bin(address) llmnr_response.an.append(answer) if len(llmnr_response.an) == 0: return False # Response is a UDP packet with 5355 source port and Query's source port # as destination port. sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.bind(('0.0.0.0', targetport)) sock.sendto(str(llmnr_response), (targetip, packet.data.data.sport)) sock.close() for answer in llmnr_response.an: if answer.type == dpkt.dns.DNS_A: out.verbose("%s: \tResponse: %s - %s" % (self.getName(), answer.name, utils.bin_to_ip(answer.rdata))) elif answer.type == dpkt.dns.DNS_AAAA: out.verbose("%s: \tResponse: %s - %s" % (self.getName(), answer.name, utils.bin_to_ip6(answer.rdata))) return True
def __init__(self, interface): self.interface = interface self.loadConfig() out.debug("Initialized " + self.getName() + " module", 2)