예제 #1
0
def compute_tcp_checksum(pkt):

    ph = get_pseudoheader(pkt)
    tcp_checksum = sharkPy.get_node_by_name(pkt,
                                            'tcp.checksum')[0].attributes.data
    sharkPy.find_replace_data(pkt,
                              tcp_checksum,
                              'tcp.checksum',
                              "0000",
                              up_propagate=True)

    tcp = sharkPy.get_node_by_name(pkt, 'tcp')[0].attributes.data
    tcp_offset = int(sharkPy.get_node_by_name(pkt, 'tcp')[0].attributes.offset)
    tcp_seg = ph + sharkPy.get_node_by_name(
        pkt, 'frame')[0].attributes.data[tcp_offset * 2:]

    while (len(tcp_seg) % 4):
        tcp_seg += "00"

    sums = 0
    for cnt in xrange(0, len(tcp_seg), 4):

        val = int(tcp_seg[cnt:cnt + 4], 16)

        sums += val

    #4 most significant bits are carry bits.
    carry = (sums >> 16) & 0xffff

    #16 least significant bits are sum
    sums &= 0xffff

    while (True):

        #break when carry bits == 0
        if (0 == carry):
            break

        #carry gets added to sum
        sums += carry

        #repeat carry/sum addition if carry bits != 0
        carry = (sums >> 16) & 0xffff
        sums &= 0xffff

    #flip all bits in sum to get checksum, convert to hex string, and pad as needed
    chksum = hex(0xffff ^ sums)[2:].zfill(4)

    return chksum
예제 #2
0
def get_pseudoheader(pkt):

    srcaddr = sharkPy.get_node_by_name(pkt, 'ip.src')[0].attributes.data
    dstaddr = sharkPy.get_node_by_name(pkt, 'ip.dst')[0].attributes.data
    res = "00"
    protocol = "06"

    pseudo_len = 12
    hdr_len = int(
        sharkPy.get_node_by_name(pkt, 'tcp.hdr_len')[0].attributes.fvalue)
    tcp_len = int(
        sharkPy.get_node_by_name(pkt, 'tcp.len')[0].attributes.fvalue)

    total_len = hex((hdr_len + tcp_len) & 0xffff)[2:].zfill(4)
    ph = srcaddr + dstaddr + res + protocol + total_len
    return ph
예제 #3
0
def tcp_find_replace(pkt,
                     src_match_value=None,
                     dst_match_value=None,
                     new_srcport=None,
                     new_dstport=None,
                     update_checksum=True,
                     condition_funct=sharkPy.condition_data_equals):

    old_checksum = None
    new_checksum = None
    checksum_target = None
    tcp_node = None
    tcp_data = None
    tcp_first_byte = None
    cf = condition_funct
    new_str_data = None
    frame_data = sharkPy.get_node_by_name(pkt, 'frame')[0].attributes.data

    #nothing to do if not tcp packet. ignore and return original frame data.
    try:
        tcp_node = sharkPy.get_node_by_name(pkt, 'tcp')[0]
    except Exception as e:
        return None

    #replace src/dst ports.
    if (new_srcport is not None):
        new_str_data = sharkPy.find_replace_data(pkt,
                                                 src_match_value,
                                                 r'tcp.srcport',
                                                 new_srcport,
                                                 condition_funct=cf,
                                                 up_propagate=True)
    if (new_dstport is not None):
        new_str_data = sharkPy.find_replace_data(pkt,
                                                 dst_match_value,
                                                 r'tcp.dstport',
                                                 new_dstport,
                                                 condition_funct=cf,
                                                 up_propagate=True)

    if (update_checksum):
        tcp_checksum_fixup(pkt)
예제 #4
0
def write_packet(fw, pkt, outfile, new_utime=None, new_ltime=None):

    #make error buffer
    errbuf = fw.make_pcap_error_buffer()

    #get details required to write to output pcap file
    pkt_frame = sharkPy.get_node_by_name(pkt, 'frame')
    fdl, ffb, flb, fd, fbd = sharkPy.get_node_data_details(pkt_frame[0])
    utime, ltime = sharkPy.get_pkt_times(pkt)

    if (new_utime is not None):
        utime = new_utime

    if (new_ltime is not None):
        ltime = new_ltime

    #make bin data and write packet to file
    newbd = binascii.a2b_hex(fd)
    fw.pcap_write_packet(outfile, utime, ltime, fdl, newbd, errbuf)
예제 #5
0
    

#TEST main#####TEST main#####TEST maim########TEST main#####TEST main#####TEST main#####TEST maim########TEST main
if __name__=='__main__':

    import sharkPy
    
    fw=file_writer()
    errbuf=fw.make_pcap_error_buffer()
    outfile=fw.pcap_write_file(r'/home/me/test_output_file.pcap', errbuf)

    sorted_rtn_list=sharkPy.dissect_file(r'/home/me/tst.pcap',timeout=20)
    
    
    for pkt in sorted_rtn_list:
        pkt_frame = sharkPy.get_node_by_name(pkt, 'frame')
        src_eth = sharkPy.get_node_by_name(pkt, 'eth.src')
        dst_eth = sharkPy.get_node_by_name(pkt, 'eth.dst')
        
        fdl, ffb, flb, fd, fbd = sharkPy.get_node_data_details(pkt_frame[0])
        utime, ltime = sharkPy.get_pkt_times(pkt)
        
        esdl, esfb, eslb, esd, esbd = sharkPy.get_node_data_details(src_eth[0])
        eddl, edfb, edlb, edd, edbd = sharkPy.get_node_data_details(dst_eth[0])
        
        #swap dst and src eth addresses
        new_str_data=esd
        new_str_data+=edd
        new_str_data+=fd[(eslb+1)*2:]
        
        newbd = binascii.a2b_hex(new_str_data)
예제 #6
0
    new_client_port = hex(55555)[2:].zfill(4)

    #open output packet capture
    fw = sharkPy.file_writer()
    errbuf = fw.make_pcap_error_buffer()
    outfile = fw.pcap_write_file(new_pcap, errbuf)

    while (dissection is not None and True):

        try:
            #get pkt
            pkt = sharkPy.get_next_from_file(dissection)

            sharkPy.walk_print(pkt)

        except Exception as e:
            break

        pkt_src = sharkPy.get_node_by_name(pkt,
                                           'tcp.srcport')[0].attributes.data
        if (pkt_src == client_port):
            tcp_find_replace(pkt, client_port, server_port, new_client_port,
                             new_server_port)
        else:
            tcp_find_replace(pkt, server_port, client_port, new_server_port,
                             new_client_port)

        write_packet(fw, pkt, outfile)

    fw.pcap_close(outfile)
예제 #7
0
def ipv4_find_replace(pkt,
                      src_match_value=None,
                      dst_match_value=None,
                      new_srcaddr=None,
                      new_dstaddr=None,
                      update_checksum=True,
                      condition_funct=sharkPy.condition_data_equals):

    cf = condition_funct
    new_str_data = None
    frame_data = sharkPy.get_node_by_name(pkt, 'frame')[0].attributes.data

    #nothing to do if not ip packet. return original frame data
    try:
        sharkPy.get_node_by_name(pkt, 'ip')
    except Exception as e:

        return frame_data

    #nothing to do if not requesting changes. return orig frame data
    if (new_srcaddr is None and new_dstaddr is None):

        return frame_data

    if (new_srcaddr is not None):
        new_str_data = sharkPy.find_replace_data(pkt,
                                                 src_match_value,
                                                 r'ip.src',
                                                 new_srcaddr,
                                                 condition_funct=cf,
                                                 up_propagate=update_checksum)
    if (new_dstaddr is not None):
        new_str_data = sharkPy.find_replace_data(pkt,
                                                 dst_match_value,
                                                 r'ip.dst',
                                                 new_dstaddr,
                                                 condition_funct=cf,
                                                 up_propagate=update_checksum)

    if (True == update_checksum):

        ip = None
        new_checksum = None

        try:
            ip = sharkPy.get_node_by_name(pkt, 'ip')[0].attributes.data
        except Exception as e:
            print str(e)
            raise e  #something bad and unexpected happened

        #If changes have been made to ip header, fixup ip checksum
        if (ip is not None):
            old_checksum = sharkPy.get_node_by_name(
                pkt, r'ip.checksum')[0].attributes.data
            new_checksum = ipv4_checksum_fixup(ip)
            new_str_data = sharkPy.find_replace_data(
                pkt,
                new_checksum,
                r'ip.checksum',
                new_checksum,
                condition_funct=sharkPy.condition_data_not_equals,
                up_propagate=True)

    #return str hex rep of new packet data (after changes)
    return new_str_data