def main(): parser = argparse.ArgumentParser( description='Fragments the IPv4 packets in the given PCAP file ' 'and writes the results to another file.') parser.add_argument('input_file') parser.add_argument('output_file') parser.add_argument( '--fragment-size', '-s', type=int, default=500, help='Fragment size. Packets larger than this are fragmented ' 'if their df flag is not set. Defaults to 500.') args = parser.parse_args() reader = RawPcapReader(args.input_file) writer = PcapWriter(args.output_file, append=False, sync=True) for pkt_data in reader: p = Ether(pkt_data[0]) if isinstance( p[1], IP) and len(p[2]) > args.fragment_size and p[1].flags & 2 != 0: p = fragment(p, args.fragment_size) print 'Fragmented packet into {} fragments.'.format(len(p)) writer.write(p)
def scapy_io(f_in, f_out): f = PcapReader(f_in) o = PcapWriter(f_out) pkt = f.read_packet() while pkt is not None: o.write(pkt) pkt = f.read_packet() f.close() o.close()
def scapy_io(f_in,f_out): f = PcapReader(f_in) o = PcapWriter(f_out) pkt = f.read_packet() while pkt is not None: o.write(pkt) pkt = f.read_packet() f.close() o.close()
class ScapySniffer(ScapyProtocol): def __init__(self, pcap_filename, *arg, **kw): self.pcapwriter = PcapWriter(pcap_filename, *arg, **kw) def packetReceived(self, packet): self.pcapwriter.write(packet) def close(self): self.pcapwriter.close()
def writePCAP(src, dst, data): try: pktdump = PcapWriter(sOutfile + '.pcap', append=True, sync=True) pktinfo = Ether()/IP(src=src[0],dst=dst[0])/TCP(sport=src[1],dport=dst[1])/data pktdump.write(pktinfo) pktdump.close() except Exception as Error: #print(str(Error)) pass
def writePCAP(src, dst, data): try: pktdump = PcapWriter(sOutfile + '.pcap', append=True, sync=True) pktinfo = Ether() / IP(src=src[0], dst=dst[0]) / TCP( sport=src[1], dport=dst[1]) / data pktdump.write(pktinfo) pktdump.close() except Exception as Error: #print(str(Error)) pass
def concatenate_files(self, pcap1, pcap2): '''Appends second file's packets onto the first. For creating pcap files used in unit testing.''' pkts1 = rdpcap(pcap1) pkts1_writer = PcapWriter(pcap1, append=True, sync=True) pkts2 = rdpcap(pcap2) for pkt in pkts2: pkts1_writer.write(pkt) pkts1 = rdpcap(pcap1)
def _log_packets(self, file_path, client_mac): with self.log_lock: cap_writer = PcapWriter(file_path) if not self.wpa_handshakes[client_mac]['logged']: self.wpa_handshakes[client_mac]['logged'] = True for packet in self.wpa_handshakes[client_mac]['packets']: if Dot11Beacon not in packet: cap_writer.write(packet) cap_writer.close() cap_writer = PcapWriter(file_path, append = True) for packet in self.wpa_handshakes[client_mac]['packets']: if Dot11Beacon in packet: cap_writer.write(packet) cap_writer.close()
def _log_packets(self, file_path, client_mac): with self.log_lock: cap_writer = PcapWriter(file_path) if not self.wpa_handshakes[client_mac]['logged']: self.wpa_handshakes[client_mac]['logged'] = True for packet in self.wpa_handshakes[client_mac]['packets']: if Dot11Beacon not in packet: cap_writer.write(packet) cap_writer.close() cap_writer = PcapWriter(file_path, append=True) for packet in self.wpa_handshakes[client_mac]['packets']: if Dot11Beacon in packet: cap_writer.write(packet) cap_writer.close()
def foo(in_filename, out_filename): # open the input file for reading f = PcapReader(in_filename) # open the output file for writing o = PcapWriter(out_filename) # read the first packet from the input file p = f.read_packet() # while we haven't processed the last packet while p: layer = p.firstlayer() while not isinstance(layer, NoPayload): if (type(layer) is IPv6): new_layer = IP() del new_layer.ihl new_layer.ttl = layer.hlim new_layer.proto = layer.nh new_layer.src = ".".join(map(str, six2four(layer.src))) new_layer.dst = ".".join(map(str, six2four(layer.dst))) new_layer.add_payload(layer.payload) prev_layer = layer.underlayer del layer prev_layer.remove_payload() prev_layer.add_payload(new_layer) if type(prev_layer) is Ether: prev_layer.type = ETH_P_IP layer = new_layer if layer.default_fields.has_key('chksum'): del layer.chksum if layer.default_fields.has_key('len'): del layer.len # advance to the next layer layer = layer.payload # write the packet we just dissected into the output file o.write(p) # read the next packet p = f.read_packet() # close the input file f.close() # close the output file o.close()
def main(): parser = argparse.ArgumentParser( description='Defragments the IPv4 packets in the given PCAP file ' 'and writes the results to another file.') parser.add_argument('input_file') parser.add_argument('output_file') args = parser.parse_args() fragments = [] reader = RawPcapReader(args.input_file) writer = PcapWriter(args.output_file, append=False, sync=True) for pkt_data in reader: p = Ether(pkt_data[0]) if not isinstance(p[1], IP): writer.write(p) continue if p[IP].flags & 1 == 0 and p[IP].frag == 0: writer.write(p) continue fragments += p fragments = defragment(fragments) defragged = [] for f in fragments: if f[IP].flags & 1 == 0 and f[IP].frag == 0: defragged.append(f) fragments = [f for f in fragments if f not in defragged] for df in defragged: print 'Defragmented packet.' writer.write(df)
class IDSPcapSniffer: def __init__(self, config): self.config = config def start(self, callback): # create an sniffer output file, if needed self.logPackets = self.config.getboolean('Sniffer', 'log_packets') if self.logPackets: outputFile = self.config.get('Sniffer', 'output_file') self.pcapWriter = PcapWriter(outputFile, append=False, sync=True) # start sniffing with the given filter and callback, # the appropriate filter will be applied within each module self.callback = callback interface = self.config.get('Sniffer', 'interface') sniff(iface=interface, filter='', prn=self.__snifferCallback) def __snifferCallback(self, packet): # append output file with packet if self.logPackets: self.pcapWriter.write(packet) # parse packet self.callback(str(packet))
from scapy.all import IPv6, Dot1Q, IP, Ether, UDP, TCP except ModuleNotFoundError as err: print(err + ": Scapy") import sys path = str(sys.argv[1]) + "/pcap/fuzzy.pcap" pktdump = PcapWriter(path, append=False, sync=True) for i in range(0, 2000): # Generate random protocol bases, use a fuzz() over the combined packet # for full fuzzing. eth = Ether(src=RandMAC(), dst=RandMAC()) vlan = Dot1Q() ipv4 = IP(src=RandIP(), dst=RandIP()) ipv6 = IPv6(src=RandIP6(), dst=RandIP6()) udp = UDP(dport=RandShort(), sport=RandShort()) tcp = TCP(dport=RandShort(), sport=RandShort()) # IPv4 packets with fuzzing pktdump.write(fuzz(eth / ipv4 / udp)) pktdump.write(fuzz(eth / ipv4 / tcp)) pktdump.write(fuzz(eth / vlan / ipv4 / udp)) pktdump.write(fuzz(eth / vlan / ipv4 / tcp)) # IPv6 packets with fuzzing pktdump.write(fuzz(eth / ipv6 / udp)) pktdump.write(fuzz(eth / ipv6 / tcp)) pktdump.write(fuzz(eth / vlan / ipv6 / udp)) pktdump.write(fuzz(eth / vlan / ipv6 / tcp))
class LAN(Module): """ Sniff packets on a local area network. """ # Prevent newlines when generating delimiter = b"" # Global variables pcap = None regex = None xregex = None debug = False @classmethod def add_arguments(self, parser): parser.add_argument("-n", "--interface", action="append", help="network interface(s) on which to sniff)") parser.add_argument("-c", "--count", type=int, default=0, help="number of packets to sniff (all)") parser.add_argument("-t", "--timeout", type=int, default=None, help="number of seconds to sniff (infinite)") parser.add_argument("-f", "--filter", type=str, help="BPF filter to apply") parser.add_argument("-r", "--regex", type=str, action="append", default=[], help="expression(s) to qualify packet (AND)") parser.add_argument("-x", "--xregex", type=str, action="append", default=[], help="expression(s) to disqualify packet (OR)") parser.add_argument("-m", "--monitor", action="store_true", help="listen in monitor mode (False)") parser.add_argument("-p", "--pcap", action="store_true", help="output packets as pcap (False)") parser.add_argument("-d", "--debug", action="store_true", help="unpack and display each captured packet") def handle(self, input, interface=None, count=0, timeout=None, filter=None, regex=None, xregex=None, monitor=False, pcap=False, debug=False): self.debug = debug # Compile expressions if regex: self.regex = [ re.compile(r.encode(), re.DOTALL | re.MULTILINE) for r in list(regex) ] if xregex: self.xregex = [ re.compile(x.encode(), re.DOTALL | re.MULTILINE) for x in list(xregex) ] # Output pcap to infinitely iterable file with IterWriter() as output: if pcap: self.pcap = PcapWriter(output, sync=True) # Configure sniffer and produce sniffer stream try: stream = AsyncSniffer( started_callback=lambda: self.log.info( "Sniffing interface(s): %s...", interface or conf.iface ), iface=interface or conf.iface, count=count, timeout=timeout, filter=filter, lfilter=self._lfilter, prn=self._prn, store=False, monitor=monitor, ) # Start sniffer stream stream.start() # Output pcap data if pcap: for data in output: yield data if not stream.running and not output.closed: output.close() # Wait for stream to complete stream.join() except Scapy_Exception as e: self.log.error(e) def _prn(self, pkt): """ Handle captured packet. :param object pkt: captured packet """ # Show packet summary self.log.logger.debug(pkt.summary()) # Show packet details if self.debug: self.log.logger.info(pkt.show(dump=True)) # Output full pcap if self.pcap: self.pcap.write(pkt) def _lfilter(self, pkt): """ Assess potential packet for capture. :param object pkt: potential packet :return: whether to capture packet :rtype: bool """ # Check xregex are excluded (OR) if self.xregex: for x in self.xregex: if x.search(raw(pkt)): return False # Check regex are included (AND) if self.regex: for r in self.regex: if not r.search(raw(pkt)): return False return True
def anonymize_file(input_file: str, output_file: str) -> None: logger = logging.getLogger(inspect.stack()[0][3]) with PcapReader(input_file) as reader: writer = PcapWriter(output_file, sync=True) ssid_number = 0 address_hash = {} ssid_hash = {} for frame in reader: if frame.haslayer(Dot11): frame_fcs = frame.fcs logger.info("frame_fcs: %s", hex(frame_fcs)) # raw_fcs = struct.unpack("I", bytes(frame.payload)[-4:])[0] # matches frame.fcs crc_bytes = struct.pack( "I", zlib.crc32(bytes(frame.payload)[:-4]) & 0xFFFF_FFFF) crc_int = int.from_bytes(crc_bytes, byteorder="little") logger.info("crc_int: %s", hex(crc_int)) fcs_match = frame_fcs == crc_int logger.info("fcs_match: %s", fcs_match) # anonymize mac addresses frame[Dot11].addr1 = anonymize_mac(frame.addr1, address_hash) frame[Dot11].addr2 = anonymize_mac(frame.addr2, address_hash) frame[Dot11].addr3 = anonymize_mac(frame.addr3, address_hash) # anonymize SSID and address fields (this code seems problematic in py3) if args.skip: logger.info("skipping anonymizing SSID: %s", args.skip) else: dot11elt = frame.getlayer(Dot11Elt) while dot11elt: logger.info("ie: %s", dot11elt.ID) if dot11elt.ID == 0: ssid = anonymize_ssid(dot11elt.info, ssid_number, ssid_hash) dot11elt.len = len(ssid) dot11elt.info = ssid dot11elt = dot11elt.payload.getlayer(Dot11Elt) if fcs_match: # if fcs and crc originally matched, recompute new valid fcs: fcs = struct.pack( "I", zlib.crc32(bytes(frame.payload)[:-4]) & 0xFFFF_FFFF) else: # otherwise throw garbage in the fcs which will not validate fcs = b"\x00\x00\x00\x00" logger.info("new fcs: %s", hex(int.from_bytes(fcs, byteorder="little"))) # write anonymized packet writer.write(RadioTap(bytes(frame)[:-4] + fcs)) logger.info("done")
def _log_packets(self, file_path, client_mac): cap_writer = PcapWriter(file_path, append=True, sync=True) for packet in self.wpa_handshakes[client_mac]['packets']: cap_writer.write(packet) self.wpa_handshakes[client_mac]['logged'] = True
mac_addr_dst = "80:FF:FF:FF:FF:{:02X}".format(i % 0xff) src_port = 200 + (i % 20) dst_port = 1000 + (i % 20) eth = Ether(src=mac_addr_src, dst=mac_addr_dst) vlan = Dot1Q(vlan=(i % 10)) udp = UDP(dport=src_port, sport=dst_port) # IPv4 address range limits to 255 and IPv6 limit to 65535 ipv4_addr_src = "192.168.150." + str((i % 255)) ipv4_addr_dst = "200.100.198." + str((i % 255)) ipv6_addr_src = "2001:0db8:85a3:0000:0000:8a2e:0370:{:04x}" \ .format(i % 0xffff) ipv6_addr_dst = "3021:ffff:85a3:ffff:0000:8a2e:0480:{:04x}" \ .format(i % 0xffff) ipv4 = IP(src=ipv4_addr_src, dst=ipv4_addr_dst) ipv6 = IPv6(src=ipv6_addr_src, dst=ipv6_addr_dst) tcp = TCP(dport=src_port, sport=dst_port, flags='S') # IPv4 packets pkt.append(eth / ipv4 / udp) pkt.append(eth / ipv4 / tcp) pkt.append(eth / vlan / ipv4 / udp) pkt.append(eth / vlan / ipv4 / tcp) # IPv6 packets pkt.append(eth / ipv6 / udp) pkt.append(eth / ipv6 / tcp) pkt.append(eth / vlan / ipv6 / udp) pkt.append(eth / vlan / ipv6 / tcp) pktdump.write(pkt)