def input_eth(self, eth, timestamp):
src = dumbnet.eth_ntoa(str(eth.src))
dst = dumbnet.eth_ntoa(str(eth.dst))
good = False
for h in self.hosts:
(ip, rand_mac, iter, reply) = self.hosts[h]
if src == h:
eth.src = dumbnet.eth_aton(rand_mac)
ref_src = h
if good:
self.dumbnet.send(str(eth))
if self.ui == 'gtk':
self.spoof_treestore.foreach(self.inc_packet_counter,
(ref_src, ref_dst))
return
else:
good = True
if dst == rand_mac:
eth.dst = dumbnet.eth_aton(h)
ref_dst = h
if good:
self.dumbnet.send(str(eth))
if self.ui == 'gtk':
self.spoof_treestore.foreach(self.inc_packet_counter,
(ref_src, ref_dst))
return
else:
good = True
def input_eth(self, eth, timestamp):
src = dumbnet.eth_ntoa(eth.src)
if src not in self.connection_list:
dst = dumbnet.eth_ntoa(eth.dst)
self.connection_list[src] = connection(self, src, dst)
hdr = dot1x_header()
#try:
data = hdr.parse(eth.data)
self.connection_list[src].dissect(hdr, data)
def input_eth(self, eth, timestamp):
src = dumbnet.eth_ntoa(eth.src)
dst = dumbnet.eth_ntoa(eth.dst)
data = eth.data
src_dst = src + ":" + dst
if src_dst not in self.peers:
iter = self.peer_treestore.append(None, [src, dst, "", "", "", -1])
dict = self.parse_label(data, iter, {})
self.peers[src_dst] = (iter, dict)
self.log("MPLS: Got new MPLS communication: %s -> %s" % (src, dst))
else:
(iter, dict) = self.peers[src_dst]
self.parse_label(data, iter, dict)
def __repr__(self):
try:
if self.t == self.TYPE_DOMAIN:
return self.v.strip('\x00') #.encode("hex")
elif self.t == self.TYPE_STATUS:
t = "Access"
m = "Off"
d, = struct.unpack("!B", self.v[0])
if d & 0x80 > 0:
t = "Trunk"
if d & 0x07 == self.STATUS_ON: #todo: get more administative states ?
m = "On"
elif d & 0x07 == self.STATUS_DESIRABLE:
m = "Desirable"
elif d & 0x07 == self.STATUS_AUTO:
m = "Auto"
return "%s/%s" % (t, m)
elif self.t == self.TYPE_TRUNK:
t, = struct.unpack("!B", self.v[0])
if (t & 0xe0) >> 5 == self.ENCAP_8021Q:
return "802.1Q"
elif (t & 0xe0) >> 5 == self.ENCAP_ISL:
return "ISL"
return "Unknown" #todo: get more trunk states ?
elif self.t == self.TYPE_SENDER:
return dumbnet.eth_ntoa(self.v)
except:
pass
return "%d, %d, %s" % (self.t, self.l, self.v.encode("hex"))
def input_eth(self, eth, timestamp):
header = wlccp_header()
ret = header.parse(eth.data)
orig = dumbnet.eth_ntoa(header.orig_node_mac)
dst = dumbnet.eth_ntoa(header.dst_node_mac)
if header.msg_type == 0x01:
#SCM advertisment request
if not orig == "00:00:00:00:00:00":
if orig not in self.hosts:
type = self.node_types[header.orig_node_type]
iter = self.hosts_liststore.append([orig, type, ""])
self.hosts[orig] = (iter,)
elif header.msg_type == 0x41:
#SCM advertisment reply
if not dst == "00:00:00:00:00:00":
type = self.node_types[header.dst_node_type]
prio = str(ord(ret[10]))
if dst not in self.hosts:
iter = self.hosts_liststore.append([dst, type, prio])
self.hosts[dst] = (iter,)
else:
(iter,) = self.hosts[dst]
self.hosts_liststore.set(iter, self.HOSTS_TYPE_ROW, type, self.HOSTS_PRIO_ROW, prio)
def input_eth(self, eth, timestamp):
if not eth.src == self.mac:
src = dumbnet.eth_ntoa(str(eth.src))
pdu = dtp_pdu()
pdu.parse(str(eth.data)[8:])
domain = pdu.get_tlv(dtp_tlv.TYPE_DOMAIN)
status = pdu.get_tlv(dtp_tlv.TYPE_STATUS)
trunk = pdu.get_tlv(dtp_tlv.TYPE_TRUNK)
sender = pdu.get_tlv(dtp_tlv.TYPE_SENDER)
if domain is None or status is None or trunk is None or sender is None:
return
if src not in self.peers:
if self.ui == "gtk":
row_iter = self.liststore.append([
src,
str(domain),
str(status),
str(trunk),
str(sender), ""
])
elif self.ui == "urw":
button = self.parent.menu_button(
"%s - DOMAIN(%s) %s %s %s" %
(src, str(domain), str(status), str(trunk),
str(sender)), self.urw_peerlist_activated, src)
self.peerlist.append(button)
row_iter = self.peerlist.index(button)
peer = {"pdu": pdu, "row_iter": row_iter}
self.peers[src] = peer
self.log("DTP: Got new peer %s" % src)
else:
if self.ui == "gtk":
self.liststore.set(self.peers[src]["row_iter"],
self.STORE_DOMAIN_ROW,
str(domain), self.STORE_STATUS_ROW,
str(status), self.STORE_TRUNK_ROW,
str(trunk), self.STORE_SENDER_ROW,
str(sender))
elif self.ui == "urw":
new_button = self.parent.menu_button(
"%s - DOMAIN(%s) %s %s %s" %
(src, str(domain), str(status), str(trunk),
str(sender)), self.urw_peerlist_activated, src)
self.peerlist[self.peers[src]["row_iter"]] = new_button
def input_ip6(self, eth, ip6, timestamp):
if eth.src == self.mac:
return
if ip6.nxt == dpkt.ip.IP_PROTO_ICMP6:
icmp6 = dpkt.icmp6.ICMP6(str(ip6.data))
mac = dumbnet.eth_ntoa(str(eth.src))
if self.mac:
if icmp6.type == dpkt.icmp6.ND_NEIGHBOR_SOLICIT:
ip6_dst = dumbnet.ip6_ntoa(str(icmp6.data)[4:20])
for h in self.hosts:
if mac == h:
(ip6_src, rand_mac_src, iter_src,
reply_src) = self.hosts[mac]
for i in self.hosts:
(ip6, rand_mac_dst, iter_dst,
reply_dst) = self.hosts[i]
if ip6_dst == ip6:
break
if reply_src and reply_dst:
_icmp6 = dpkt.icmp6.ICMP6(
type=dpkt.icmp6.ND_NEIGHBOR_SOLICIT,
code=0,
data=struct.pack("!L16sBB6s", 0x60000000,
dumbnet.ip6_aton(ip6_dst),
1, 1, rand_mac_dst))
_eth = dpkt.ethernet.Ethernet(
dst=eth.src,
src=dumbnet.eth_aton(rand_mac_dst),
type=dpkt.ip.IP_PROTO_IP6,
data=str(_icmp6))
self.dumbnet.send(str(_eth))
break
if icmp6.type == dpkt.icmp6.ND_ROUTER_ADVERT:
if mac in self.hosts:
(ip, random_mac, iter, reply) = self.hosts[mac]
if self.ui == 'gtk':
self.hosts_liststore.set(iter, 2, "R")
for h in self.hosts:
if mac == h:
return
(ip, random_mac, iter, reply) = self.hosts[h]
if mac == random_mac:
return
ip = dumbnet.ip6_ntoa(ip6.src)
if ip == "::":
return
rand_mac = [
0x00,
random.randint(0x00, 0xff),
random.randint(0x00, 0xff),
random.randint(0x00, 0xff),
random.randint(0x00, 0xff),
random.randint(0x00, 0xff)
]
rand_mac = ':'.join(map(lambda x: "%02x" % x, rand_mac))
if self.ui == 'gtk':
iter = self.hosts_liststore.append(
[mac, ip, "", self.mac_to_vendor(mac)])
elif self.ui == 'urw':
self.hostlist.append(
self.parent.menu_button(
"%s(%s) - %s" % (mac, self.mac_to_vendor(mac), ip),
self.urw_hostlist_activated, mac))
iter = None
self.hosts[mac] = (dumbnet.ip6_ntoa(ip6.src), rand_mac, iter,
False)
if self.ui == 'gtk':
self.mappings_liststore.append([mac, rand_mac])
def input_udp(self, eth, ip, udp, timestamp):
header = wlccp_header()
ret = header.parse(udp.data)
try:
if DEBUG:
print "WLCCP-TYPE %X" % header.msg_type
if header.msg_type & 0x3f == 0x0b:
#EAP AUTH
eap_auth = wlccp_eap_auth()
ret = eap_auth.parse(ret)
host = dumbnet.eth_ntoa(eap_auth.requestor_mac)
if DEBUG:
print "addr %s, type %X @ %s" % (dumbnet.eth_ntoa(eap_auth.requestor_mac), eap_auth.aaa_msg_type, timestamp)
if host in self.comms:
(iter, leap, leap_pw, nsk, nonces, ctk) = self.comms[host]
elif not host == "00:00:00:00:00:00":
iter = self.comms_treestore.append(None, ["%s\n <=>\n%s" % (dumbnet.eth_ntoa(header.orig_node_mac), dumbnet.eth_ntoa(header.dst_node_mac)), self.node_types[eap_auth.requestor_type], "", host])
self.comms[host] = (iter, (None, None, None, None), None, None, (None, None, None, None, None, (None, None)), None)
(eapol_version, eapol_type, eapol_len) = struct.unpack("!BBH", ret[2:6])
ret = ret[6:]
#check EAP-TYPE
if eapol_type == 0x00:
(eap_code, eap_id, eap_len) = struct.unpack("!BBH", ret[:4])
ret = ret[4:]
#check EAP-CODE
if eap_code == 0x01:
(leap_type, leap_version, leap_reserved, leap_count) = struct.unpack("!BBBB", ret[:4])
ret = ret[4:]
#EAP-REQUEST
#check the leap hdr
if leap_type == 0x11 and leap_version == 0x01 and leap_reserved == 0x00 and leap_count == 0x08:
(leap_auth_chall, leap_auth_resp, leap_supp_chall, leap_supp_resp) = leap
if not leap_auth_chall and not leap_auth_resp and not leap_supp_chall and not leap_supp_resp:
id = eap_id
chall = ret[:8]
user = ret[8:16]
self.comms_treestore.set(iter, self.COMMS_STATE_ROW, "EAP-AUTH challenge from authenticator seen")
self.comms_treestore.append(iter, [ "User", user, "", "" ])
self.log("WLCCP: EAP-AUTH challenge from authenticator seen for %s" % host)
self.comms[host] = (iter, ((id, chall, user), leap_auth_resp, leap_supp_chall, leap_supp_resp), leap_pw, nsk, nonces, ctk)
elif leap_auth_chall and leap_auth_resp and not leap_supp_chall and not leap_supp_resp:
chall = ret[:8]
self.comms_treestore.set(iter, self.COMMS_STATE_ROW, "EAP-AUTH challenge from supplicant seen")
self.log("WLCCP: EAP-AUTH challenge from supplicant seen for %s" % host)
self.comms[host] = (iter, (leap_auth_chall, leap_auth_resp, chall, leap_supp_resp), leap_pw, nsk, nonces, ctk)
else:
if DEBUG:
self.log("WLCCP: fail 5 %s %s %s %s" % (leap_auth_chall, leap_auth_resp, leap_supp_chall, leap_supp_resp))
else:
if DEBUG:
self.log("WLCCP: fail 3 %X %X %X %X" % (leap_type, leap_version, leap_reserved, leap_count))
elif eap_code == 0x02:
(leap_type, leap_version, leap_reserved, leap_count) = struct.unpack("!BBBB", ret[:4])
ret = ret[4:]
#EAP-RESPONSE
#check the leap hdr
if leap_type == 0x11 and leap_version == 0x01 and leap_reserved == 0x00 and leap_count == 0x18:
(leap_auth_chall, leap_auth_resp, leap_supp_chall, leap_supp_resp) = leap
if leap_auth_chall and not leap_auth_resp and not leap_supp_chall and not leap_supp_resp:
resp = ret[:24]
self.comms_treestore.set(iter, self.COMMS_STATE_ROW, "EAP-AUTH response from authenticator seen")
self.log("WLCCP: EAP-AUTH response from authenticator seen for %s" % host)
self.comms[host] = (iter, (leap_auth_chall, resp, leap_supp_chall, leap_supp_resp), leap_pw, nsk, nonces, ctk)
elif leap_auth_chall and leap_auth_resp and leap_supp_chall and not leap_supp_resp:
resp = ret[:24]
self.comms_treestore.set(iter, self.COMMS_STATE_ROW, "EAP-AUTH response from supplicant seen")
self.comms_treestore.append(iter, [ "Password", "*ready to crack*", "", "" ])
self.log("WLCCP: EAP-AUTH response from supplicant seen for %s" % host)
self.comms[host] = (iter, (leap_auth_chall, leap_auth_resp, leap_supp_chall, resp), leap_pw, nsk, nonces, ctk)
else:
if DEBUG:
self.log("WLCCP: fail 6 %s %s %s %s" % (leap_auth_chall, leap_auth_resp, leap_supp_chall, leap_supp_resp))
else:
if DEBUG:
self.log("WLCCP: fail 4 %X %X %X %X" % (leap_type, leap_version, leap_reserved, leap_count))
else:
if DEBUG:
self.log("WLCCP: fail 2 %X" % eap_code)
else:
if DEBUG:
self.log("WLCCP: fail 1 %X" % eapol_type)
elif header.msg_type & 0x3f == 0x0c:
host = dumbnet.eth_ntoa(header.orig_node_mac)
if header.msg_type & 0xc0 == 0x40:
#cmPathInit_Reply found
if host in self.comms:
(iter, leap, leap_pw, nsk, (supp_node, dst_node, nonce_req, nonce_repl, counter, mic), ctk) = self.comms[host]
#skip WTLV_CM_PATH_INIT header
ret = ret[18:]
#skip WTLV_INIT_SESSION header
ret = ret[8:]
(type, len) = struct.unpack("!HH", ret[:4])
if not type == 0x10a or not len == 0x5a:
if DEBUG:
self.log("WLCCP: malformed WTLV_IN_SECURE_CONTEXT_REPLY header")
return
#get nonces from WTLV_IN_SECURE_CONTEXT_REPLY header
counter = ret[4:8]
supp_node = ret[8:16]
dst_node = ret[16:24]
nonces = ret[24:56]
#skip session timeout in WTLV_IN_SECURE_CONTEXT_REPLY header
ret = ret[60:]
#check for WTLV_MIC header
(type, len) = struct.unpack("!HH", ret[:4])
if not type == 0x108 or not len == 0x1e:
if DEBUG:
self.log("WLCCP: malformed WTLV_MIC header")
return
mic = ret[14:30]
if DEBUG:
self.log("WLCCP: found MIC %s" % mic.encode("hex"))
self.log("WLCCP: PATH-REPLY seen for %s" % host)
self.comms[host] = (iter, leap, leap_pw, nsk, (supp_node, dst_node, nonce_req, nonces, counter, (mic, udp.data)), ctk)
else:
#cmPathInit_Request found
if host in self.comms:
(iter, leap, leap_pw, nsk, (supp_node, dst_node, nonce_req, nonce_repl, counter, mic), ctk) = self.comms[host]
#skip WTLV_CM_PATH_INIT header
ret = ret[18:]
#skip WTLV_INIT_SESSION header
ret = ret[8:]
#get nonces from WTLV_IN_SECURE_CONTEXT_REPLY header
nonces = ret[26:58]
self.log("WLCCP: PATH-REQUEST seen for %s" % host)
self.comms[host] = (iter, leap, leap_pw, nsk, (supp_node, dst_node, nonces, nonce_repl, counter, mic), ctk)
elif header.msg_type & 0x3f == 0x09:
host = dumbnet.eth_ntoa(header.orig_node_mac)
if header.msg_type & 0xc0 == 0x40:
#PreRegistration_Reply found
if host in self.comms:
(iter, leap, leap_pw, nsk, (supp_node, dst_node, nonce_req, nonce_repl, counter, mic), ctk) = self.comms[host]
#skip PreRegistration header
ret = ret[22:]
(contextreq_len,) = struct.unpack("!H", ret[2:4])
#substract WLCCP_MIC_len
contextreq_len = contextreq_len - 30
#get Supplicant-ID from WLCCP_MN_SECURE_CONTEXT_REQ
id = ret[16:24]
(id_type,) = struct.unpack("!H", id[:2])
if id_type == self.NODE_TYPE_CLIENT:
client = dumbnet.eth_ntoa(id[2:])
if client in self.clients:
(iter, org_host, ssid, key_mgmt, ap, crypt, msc, pmk) = self.clients[client]
#get Destination-ID from WLCCP_MN_SECURE_CONTEXT_REQ
ap = dumbnet.eth_ntoa(ret[10:16])
crypt = ret[24:contextreq_len]
#skip WLCCP_MN_SECURE_CONTEXT_REPLY
ret = ret[contextreq_len:]
#get Message Sequence Counter from WLCCP_MIC
msc = ret[4:12]
self.clients[client] = (iter, org_host, ssid, key_mgmt, ap, crypt, msc, pmk)
self.log("WLCCP: PREREGISTRATION-REPLY seen for %s" % client)
self.get_pmk(client)
else:
#PreRegistration_Request found
if host in self.comms:
(iter, leap, leap_pw, nsk, (supp_node, dst_node, nonce_req, nonce_repl, counter, mic), ctk) = self.comms[host]
#skip PreRegistration header
ret = ret[22:]
(type, len) = struct.unpack("!HH", ret[:4])
if type == 0x10b and len == 0x95:
#get Supplicant-ID from WLCCP_MN_SECURE_CONTEXT_REQ
id = ret[16:24]
(id_type,) = struct.unpack("!H", id[:2])
if id_type == self.NODE_TYPE_CLIENT:
client = dumbnet.eth_ntoa(id[2:])
#get key management type
key_mgmt = ret[25:26]
#get ssid len and ssid
(ssid_len,) = struct.unpack("!H", ret[68:70])
ssid = ret[70:70 + ssid_len]
if client not in self.clients:
iter = self.clients_liststore.append([client, ssid, ""])
self.clients[client] = (iter, None, ssid, key_mgmt, None, None, None, None)
else:
(iter, org_host, org_ssid, org_key_mgmt, ap, crypt, msc, pmk) = self.clients[client]
self.clients[client] = (iter, host, ssid, key_mgmt, ap, crypt, msc, pmk)
self.log("WLCCP: PREREGISTRATION-REQUEST seen for %s on ssid %s" % (client, ssid))
else:
if DEBUG:
self.log("WLCCP: FAIL 3 %s" % id.encode("hex"))
else:
if DEBUG:
self.log("WLCCP: FAIL 2 %i:%i" % (type, len))
else:
if DEBUG:
self.log("WLCCP: FAIL 1 %s" % host)
except:
if DEBUG:
print '-'*60
traceback.print_exc(file=sys.stdout)
print '-'*60
def set_dumbnet(self, dumbnet_thread):
self.dumbnet = dumbnet_thread
self.mac = dumbnet.eth_ntoa(dumbnet_thread.eth.get())
self.mac_entry.set_text(self.mac)
def check_eth(self, eth):
if dumbnet.eth_ntoa(str(eth.dst)) == DTP_DEST_MAC:
return (True, True)
return (False, False)
def input_udp(self, eth, ip, udp, timestamp):
if ip.src != self.ip:
pkg = glbp_packet()
data = pkg.parse(str(udp.data))
req_resp = []
auth = None
nonce = None
auth_str = "Unauthenticated"
while len(data) > 0:
#~ print "len: %d data: %s" % (len(data), data.encode("hex"))
tlv = glbp_tlv()
tlv.parse(data)
if tlv.tlv_type == glbp_tlv.TYPE_HELLO:
hello = glbp_tlv_hello()
data = hello.parse(data)
elif tlv.tlv_type == glbp_tlv.TYPE_REQ_RESP:
tmp = glbp_tlv_req_resp()
data = tmp.parse(data)
if not tmp.vmac == "\x00\x00\x00\x00\x00\x00":
req_resp.append(tmp)
elif tlv.tlv_type == glbp_tlv.TYPE_AUTH:
auth = glbp_tlv_auth()
data = auth.parse(data)
if auth.auth_type == glbp_tlv_auth.TYPE_PLAIN:
auth_str = "Plaintext: '%s'" % auth.secret[:-1]
elif auth.auth_type == glbp_tlv_auth.TYPE_MD5_STRING:
auth_str = "MD5 String: '%s'" % auth.secret.encode(
"hex")
elif auth.auth_type == glbp_tlv_auth.TYPE_MD5_CHAIN:
auth_str = "MD5 Chain: '%s'" % auth.secret.encode(
"hex")
else:
auth_str = "Unknown"
else:
#~ print "type: %d len: %d" % (tlv.tlv_type, tlv.tlv_length)
data = data[tlv.tlv_length:]
try:
src = dumbnet.ip_ntoa(ip.src)
except:
pass
if ip.src in self.peers:
(iter, _, _, req_resp_old, _, _, _) = self.peers[ip.src]
for i in req_resp:
if not i in req_resp_old:
req_resp_old.append(i)
self.treestore.append(
iter,
["", "", i.weight,
dumbnet.eth_ntoa(i.vmac), ""])
else:
iter = self.treestore.append(None, [
src,
dumbnet.ip_ntoa(hello.addr), hello.prio, "Seen", auth_str
])
for req in req_resp:
self.treestore.append(
iter,
["", "", req.weight,
dumbnet.eth_ntoa(req.vmac), ""])
self.peers[ip.src] = (iter, pkg, hello, req_resp, auth, False,
False)
self.log("GLBP: Got new peer %s" % (src))