def Setup(self): self.name = "SF|SR Probe to Closed Port" self.expect = "detect.output.4" # Packet 1 payload = TCP(sport=555, dport=79, seq=10000, flags=dnet.TH_SYN|dnet.TH_RST) ip = IP(src=dnet.ip_aton("192.0.2.1"), dst=dnet.ip_aton("192.18.0.10"), id=5624, p=dnet.IP_PROTO_TCP) ip.data = payload ip.len += len(ip.data) self.packets.append(ip) # Packet 2 payload = TCP(sport=556, dport=79, seq=10000, flags=dnet.TH_SYN|dnet.TH_FIN) ip = IP(src=dnet.ip_aton("192.0.2.1"), dst=dnet.ip_aton("192.18.0.10"), id=5625, p=dnet.IP_PROTO_TCP) ip.data = payload ip.len += len(ip.data) self.packets.append(ip)
def sendRawRequest(socket, clientaddr, serveraddr, userid, dataid): """ sends 1 raw request from clientaddr to serveraddr. """ message = '' message += struct.pack("i", userid) message += struct.pack("i", dataid) # left off: just added this udpOut = UDP() udpOut.sport = udpIn.dport udpOut.dport = udpIn.sport udpOut.data = message udpOut.ulen=len(udpOut) udpOut = UDP(str(udpOut)) ipOut = IP(src=ipIn.dst, dst=ipIn.src) ipOut.p = 0x11 ipOut.data = UDP(str(udpOut)) ipOut.v = 4 ipOut.len = len(ipOut) # put the data id into the dcsp field. (first 6 bits of tos) ipOut.tos = dataid << 2 ethOut = Ethernet(src = ethIn.dst, dst=ethIn.src,type=ethernet.ETH_TYPE_IP, data = ipOut)
def Setup(self): self.name = "Ping" self.expect = "gen.output.1" payload = ICMP(type = 8, data=ICMP.Echo(id=123, seq=1, data="12345690")) ip = IP(src=dnet.ip_aton("192.0.2.254"), dst=dnet.ip_aton("192.18.0.10"), id=5624, p=dnet.IP_PROTO_ICMP) ip.data = payload ip.len += len(ip.data) self.packets.append(ip)
def Setup(self): self.name = "Connection to open port" self.expect = "gen.output.2" # Packet 1 payload = TCP(sport=555, dport=80, seq=10000, flags=dnet.TH_SYN) ip = IP(src=dnet.ip_aton("192.0.2.254"), dst=dnet.ip_aton("192.18.0.10"), id=5624, p=dnet.IP_PROTO_TCP) ip.data = payload ip.len += len(ip.data) self.packets.append(ip) # Packet 2 payload = TCP(sport=555, dport=80, seq=10001, ack=194595108, flags=dnet.TH_ACK) ip = IP(src=dnet.ip_aton("192.0.2.254"), dst=dnet.ip_aton("192.18.0.10"), id=5625, p=dnet.IP_PROTO_TCP) ip.data = payload ip.len += len(ip.data) self.packets.append(ip) # Packet 3 payload = TCP(sport=555, dport=80, seq=10001, ack=194595108, flags=dnet.TH_ACK) payload.data = 'Honeyd fools you' ip = IP(src=dnet.ip_aton("192.0.2.254"), dst=dnet.ip_aton("192.18.0.10"), id=5625, p=dnet.IP_PROTO_TCP) ip.data = payload ip.len += len(ip.data) self.packets.append(ip)
def Setup(self): self.name = "Routing to Open Port" self.expect = "route.output.1" # Packet 1 payload = TCP(sport=555, dport=80, seq=10000, flags=dnet.TH_SYN) ip = IP(src=dnet.ip_aton("192.0.2.1"), dst=dnet.ip_aton("192.18.3.10"), id=8143, ttl=1, p=dnet.IP_PROTO_TCP) ip.data = payload ip.len += len(ip.data) self.packets.append(ip) # Packet 2 payload = TCP(sport=555, dport=80, seq=10000, flags=dnet.TH_SYN) ip = IP(src=dnet.ip_aton("192.0.2.1"), dst=dnet.ip_aton("192.18.3.10"), id=8144, ttl=2, p=dnet.IP_PROTO_TCP) ip.data = payload ip.len += len(ip.data) self.packets.append(ip) # Packet 3 payload = TCP(sport=555, dport=80, seq=10000, flags=dnet.TH_SYN) ip = IP(src=dnet.ip_aton("192.0.2.1"), dst=dnet.ip_aton("192.18.3.10"), id=8145, ttl=3, p=dnet.IP_PROTO_TCP) ip.data = payload ip.len += len(ip.data) self.packets.append(ip)
def main(serverInterface, serverIp): dstaddr = (serverInterface, 2048, 0, 1, clientMac.decode('hex')) # where to send the packets. serveripn = socket.inet_aton(serverIp) # bind on an extra socket, so the kernel knows the udp port is opened. s1 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) s1.bind((serverIp, serverport)) s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.htons(3)) # 3 = ETH_P_ALL, all protocol. # s.bind((serverip, serverport)) s.bind((serverInterface, 0)) print ("generating flows.") flows = [] for i in range(flowct): dstip, srcip, dstport, srcport = getFlowKey(serverIp) flow = [] for j in range(pktsPerFlow): message = struct.pack("i", 1) udpOut = UDP() udpOut.sport = srcport udpOut.dport = dstport udpOut.data = message udpOut.ulen=len(udpOut) udpOut = UDP(str(udpOut)) ipOut = IP(src=srcip, dst=dstip) ipOut.p = 0x11 ipOut.data = UDP(str(udpOut)) ipOut.v = 4 ipOut.len = len(ipOut) ethOut = Ethernet(src=serverMac.decode('hex'), dst=clientMac.decode('hex'), type=ethernet.ETH_TYPE_IP, data = ipOut) eo = str(ethOut) flow.append(str(ethOut)) flows.append(flow) print ("%s flows generated, with %s packets each."%(len(flows), len(flows[0]))) print ("sending flows packets to: %s"%str(dstaddr)) for flow in flows: for pktstr in flow: s.sendto(pktstr, dstaddr) time.sleep(delay) print ("everything send. exiting.") return
def modify_pkt_rnd(net_packet): # net.data is layer 4 packet # so net.data.data is layer 5 or just a payload of layer 4 net = IP(net_packet.get_payload()) tran_len = len(net.data) payload_len = net.len - tran_len if not payload_len: return net.pack() new_data = bytearray(net.data.pack()) for idx in range(10): rnd_byte = randrange(0, payload_len) # God, please, i hope there's no off-by-one error new_data[(tran_len - payload_len) + rnd_byte] = rnd_byte # new_data[rnd_byte] = bytes([rnd_byte]) net.data = new_data return net.pack()
def setUp(self): # echo = dpkt.icmp.ICMP.Echo() # echo.id = random.randint(0, 0xffff) # echo.seq = random.randint(0, 0xffff) # echo.data = 'hello world' # # icmp = dpkt.icmp.ICMP() # icmp.type = dpkt.icmp.ICMP_ECHO # icmp.data = echo # packet generation is done directly using dpkt package and self.packet = Ethernet() ip = IP(src='\x01\x02\x03\x04', dst='\x05\x06\x07\x08', p=1) icmp = ICMP(type=8, data=ICMP.Echo(id=123, seq=1, data='foobar')) ip.data = icmp self.packet.src = "\x00\x00\x55\x55\x00\x00" self.packet.dst = "\x00\x00\x11\x11\x00\x00" self.packet.data = ip self.print_packet(self.packet) self.max_pkt_size = 1400 self.pld_gen = CTRexPktBuilder.CTRexPayloadGen(self.packet, self.max_pkt_size)
def main(serverInterface, serverIp): # open a socket to the switch here. Just do a send when you have a # permission that you want to add. You can work in the controller # interface later on, connect right to the switch, for now. declassifierSocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) declassifierSocket.connect((declassifierIp, declassifierPort)) print ("connected to declassifier.") serveripn = socket.inet_aton(serverIp) # bind on an extra socket, so the kernel knows the udp port is opened. s1 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) s1.bind((serverIp, serverport)) s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.htons(3)) # 3 = ETH_P_ALL, all protocol. # s.bind((serverip, serverport)) s.bind((serverInterface, 0)) print ("Starting listening loop.") currentPermissions = set() # cache of the current permissions for flows. while True: pkt, srcaddr = s.recvfrom(1514) # 1500 is the mtu.. but still will this work? print srcaddr # print srcaddr # srcaddr = list(srcaddr) # srcaddr[2] = 4 # srcaddr = tuple(srcaddr) if len(pkt)>4: ethIn = Ethernet(pkt) if type(ethIn.data) == IP: ipIn = ethIn.data if type(ipIn.data) == UDP: udpIn = ipIn.data if (ipIn.dst == serveripn) and (ipIn.data.dport == serverport): # print ("got server packet") userid, dataid = struct.unpack("ii", udpIn.data) # print ("got request for user id: %s data id: %s"%(userid, dataid)) # print ("writing flow information to file. ") # flowData = "%s,%s,%s,%s:%s\n"%(socket.inet_ntoa(ipIn.src), socket.inet_ntoa(ipIn.dst), udpIn.sport, udpIn.dport, userid) # f = open(flowDataFile, "a") # f.write(flowData) # f.close() # pack the information about the flow, that # you send to the declassifier. permission = userid flowPermission = '' flowPermission += ipIn.dst flowPermission += ipIn.src flowPermission += struct.pack("!H", udpIn.dport) flowPermission += struct.pack("!H", udpIn.sport) flowPermission += struct.pack("!i", permission) # add the permissions, if they're not added yet. if flowPermission not in currentPermissions: currentPermissions.add(flowPermission) # print ("intended message: %s (%s) --> %s (%s)"%\ # (socket.inet_ntoa(ipIn.dst), udpIn.dport, socket.inet_ntoa(ipIn.src), udpIn.sport)) # send the permission information to the declassifier. # print ("sending %s bytes to declassifier"%len(flowPermission)) declassifierSocket.send(flowPermission) # time.sleep(.000001) # print("flow permissions sent to declassifier.") # response just indicates whether the user has # permission to access it according to the # server. If you see a 0 response at the client, # something is wrong. if userid == dataid: message = struct.pack("i", 1) else: message = struct.pack("i", 0) # print ("sending message back to client") udpOut = UDP() udpOut.sport = udpIn.dport udpOut.dport = udpIn.sport udpOut.data = message udpOut.ulen=len(udpOut) udpOut = UDP(str(udpOut)) ipOut = IP(src=ipIn.dst, dst=ipIn.src) ipOut.p = 0x11 ipOut.data = UDP(str(udpOut)) ipOut.v = 4 ipOut.len = len(ipOut) # put the data id into the dcsp field. (first 6 bits of tos) ipOut.tos = dataid << 2 ethOut = Ethernet(src = ethIn.dst, dst=ethIn.src,type=ethernet.ETH_TYPE_IP, data = ipOut) # print ("-----") # print len(message) # print len(str(udpOut)) # print len(str(ipOut)) # print len(ethOut) # print len(udpIn) # print len(udpOut) # print "_--------_" # print str(udpIn).encode('hex_codec') # print str(udpOut).encode('hex_codec') # print `ethOut` ethOut = str(ethOut) s.sendto(ethOut, srcaddr)
def main(serverInterface, serverIp): dstaddr = (serverInterface, 2048, 0, 1, clientMac.decode('hex')) # where to send the packets. # open a socket to the switch here. Just do a send when you have a # permission that you want to add. You can work in the controller # interface later on, connect right to the switch, for now. declassifierSocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) declassifierSocket.connect((declassifierIp, declassifierPort)) print ("connected to declassifier.") serveripn = socket.inet_aton(serverIp) # bind on an extra socket, so the kernel knows the udp port is opened. s1 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) s1.bind((serverIp, serverport)) s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.htons(3)) # 3 = ETH_P_ALL, all protocol. # s.bind((serverip, serverport)) s.bind((serverInterface, 0)) print ("generating permissions") permissionrecords = set() for i in range(permissionct): dstip = socket.inet_aton(socket.inet_ntoa(struct.pack('>I', random.randint(1, 0xffffffff)))) srcip = socket.inet_aton(serverIp) dstport = random.randint(1, 50000) srcport = serverport permissionrecord = (dstip, srcip, dstport, srcport) permissionrecords.add(permissionrecord) permission = 1 # the valid permission is always 1. flowPermission = '' flowPermission += srcip flowPermission += dstip flowPermission += struct.pack("!H", srcport) flowPermission += struct.pack("!H", dstport) flowPermission += struct.pack("!i", permission) declassifierSocket.send(flowPermission) time.sleep(permissionDelay) declassifierSocket.close() print ("%s unique flow permissions generated and send to declassifier."%len(permissionrecords)) print ("generating valid flows.") validflows = [] permissionrecords = list(permissionrecords) for i in range(validflowct): validrecord = permissionrecords[i] dstip, srcip, dstport, srcport = validrecord flow = [] for j in range(pktsPerFlow): message = struct.pack("i", 1) udpOut = UDP() udpOut.sport = srcport udpOut.dport = dstport udpOut.data = message udpOut.ulen=len(udpOut) udpOut = UDP(str(udpOut)) ipOut = IP(src=srcip, dst=dstip) ipOut.p = 0x11 ipOut.data = UDP(str(udpOut)) ipOut.v = 4 ipOut.len = len(ipOut) ipOut.tos = 1 << 2 # these are valid flows, so put 1 into the ip dscp field. ethOut = Ethernet(src=serverMac.decode('hex'), dst=clientMac.decode('hex'), type=ethernet.ETH_TYPE_IP, data = ipOut) eo = str(ethOut) flow.append(str(ethOut)) validflows.append(flow) print ("%s valid flows generated, with %s packets each."%(len(validflows), len(validflows[0]))) print ("generating invalidflows") invalidflows = [] for i in range(len(validflows), len(validflows)+invalidflowct): validrecord = permissionrecords[i] dstip, srcip, dstport, srcport = validrecord flow = [] for j in range(pktsPerFlow): message = struct.pack("i", 1) udpOut = UDP() udpOut.sport = srcport udpOut.dport = dstport udpOut.data = message udpOut.ulen=len(udpOut) udpOut = UDP(str(udpOut)) ipOut = IP(src=srcip, dst=dstip) ipOut.p = 0x11 ipOut.data = UDP(str(udpOut)) ipOut.v = 4 ipOut.len = len(ipOut) if j == invalidPacketLoc: ipOut.tos = 0 << 2 # mark the invalid packet. else: ipOut.tos = 1 << 2 # mark the valid packets. ethOut = Ethernet(src=serverMac.decode('hex'), dst=clientMac.decode('hex'), type=ethernet.ETH_TYPE_IP, data = ipOut) flow.append(str(ethOut)) invalidflows.append(flow) print ("%s invalid flows generated, with %s packets each."%(len(invalidflows), len(invalidflows[0]))) print ("sending valid flows packets to: %s"%str(dstaddr)) for flow in validflows: for pktstr in flow: s.sendto(pktstr, dstaddr) time.sleep(delay) print ("sending invalid flow packets to: %s"%str(dstaddr)) for flow in invalidflows: for pktstr in flow: s.sendto(pktstr, dstaddr) time.sleep(delay) print ("everything send. exiting.") return