Exemplo n.º 1
0
class ListenThread(threading.Thread):
	def __init__(self,host,port):
		try:
			Thread.__init__(self)
	        	self.host='0.0.0.0'
	        	self.port=port
	        	self.server = SocketServer.TCPServer((self.host,self.port), ListenHandler)
			self.logger = logging.getLogger('ListenMon')
			self.logger.debug(GREEN+'[+] Listener Initialized.')
			self.connT = ConnThread()
			self.connT.start()
		except Exception as e:
			self.logger = logging.getLogger('ListenMon')
			self.logger.error(RED+'[!] Failed to Initialize: '+str(e))

    	def run(self):
		try:
			self.server.allow_reuse_address = True 
			#self.server.server_bind()     
			#self.server.server_activate() 
	        	self.server.serve_forever()
		except Exception as e:
			self.logger.error(RED+'[!] Failed Run: '+str(e))

	def end(self):
		try:
			self.logger = logging.getLogger('ListenMon')
			self.logger.info(RED+'[!] Shutting Down SocketServer')
			self.server.shutdown()
		except Exception as e:
			self.logger.error(RED+'[!] Failed to Shutdown() Server: '+str(e))
Exemplo n.º 2
0
class ListenHandler(SocketServer.StreamRequestHandler):    

    def later_check(self,lport,rport,rhost):
	try:
		self.logger = logging.getLogger('ListenMon')
		while True:
			pid=self.connT.retPid(lport,rport,rhost)
			if (pid > 1):
				self.logger.info(YELLOW+'[!] Found corresponding pid='+str(pid)+". Tainting.")
				self.taintDb.taint_pid(pid)
				return
			else:
				time.sleep(CHK_DELAY)
	except Exception as e:
		self.logger.info(RED+'[-] Failed Later_Check: '+str(e))

    
    def handle(self):
	try:
		self.logger = logging.getLogger('ListenMon')
		self.laterCheck = None
	    	self.taintDb = TaintClass.TaintDb(FNAME)
	        self.data = self.rfile.readline().strip()
		self.connT = ConnThread()
		self.connT.start()
	        ctl_msg = self.data.split(',')
	        if ('taint' in ctl_msg[0].lower()):
		        rhost = ipaddr.IPAddress(ctl_msg[1])
		        rport = ctl_msg[2]
			lport = ctl_msg[3]

		msg="[+] Rcvd Tainted Conn: "+str(self.data)
	       	self.logger.info(BLUE+msg)

		if ((rhost) and (int(rport) > 0) and (int(rport) < 65535)):
			rtn_msg = 'ack,'+str(rhost)+','+str(rport)+","+str(lport)+'\n'
		        self.wfile.write(rtn_msg)
		        self.wfile.close()
			pid=self.connT.retPid(lport,rport,rhost)
			if (pid > 1):
				self.logger.info(YELLOW+'[+] Found corresponding pid='+str(pid)+". Tainting.")
				self.taintDb.taint_pid(pid)
			else:
				self.logger.debug('[-] Could Not Find Corresponding Process. Checking Later.')
				self.later_check(lport,rport,rhost)
	except Exception as e:
			self.logger.error('[!] Failed Handler: '+str(e))
Exemplo n.º 3
0
class NetThread(threading.Thread):
	def __init__(self):
		try:
	   		Thread.__init__(self)
	        	self.running = True
	                self.logger = logging.getLogger('NetMon')
	                self.logger.debug(GREEN+'[+] NetMonitor Initialized.')
			self.connT = ConnThread()
			self.connT.start()
		except Exception as e:
			self.logger = logging.getLogger('NetMon')
			self.logger.error(RED+'[!] Failed to Initialize: '+str(e))
	
###############################################################################
# Handle_Pkt: Checks PKT against the naughty list of PIDs
##############################################################################
	def handle_pkt(self,p):
		try:
	    		pkt = IP(p.get_payload())

	   		if ((pkt.haslayer(TCP)) and (pkt['TCP'].flags==0x02) and (int(pkt['TCP'].dport)==int(9999))):
				self.logger.info(BLUE+"[+] Permitting SDN Message Through NetFilter.")			
	   		elif ((pkt.haslayer(TCP)) and (pkt['TCP'].flags==0x02) and (int(pkt['TCP'].dport)!=int(8888))):
				if (pkt.src in MY_ADDRS):
					lport = int(pkt['TCP'].sport)
					rport = int(pkt['TCP'].dport)
					rhost = str(pkt.dst)
					msg="[+] Detected OUTBOUND TCP-SYN: "+str(lport)+","+"->"+str(rhost)+":"+str(rport)
					self.logger.info(BLUE+msg)

				else:
					r_port = int(pkt['TCP'].sport)
					r_host = str(pkt.src)
					lport = int(pkt['TCP'].dport)
					rhost = str("0.0.0.0")
					rport = int(0)
					msg="[+] Detected INBOUND TCP-SYN: "+str(r_host)+":"+str(r_port)+"->"+str(lport)
					self.logger.info(BLUE+msg)
				
				time.sleep(SYN_DELAY)				
				pid=self.connT.retPid(lport,rport,rhost)
				self.taintDb = TaintClass.TaintDb(FNAME)
				
				if (pid < 2):
					count = 0					
					while ((count < 5) and (pid < 2)):
						count = count +1
						pid=self.connT.retPid(lport,rport,rhost)
						time.sleep(1)
				
				msg="[+] PID ={"+str(pid)+"} for SYN:"+str(lport)+","+"->"+str(rhost)+":"+str(rport)				
				self.logger.debug(BLUE+msg)

				if (self.taintDb.is_tainted_p(pid)):
					self.logger.info(YELLOW+'[!] Tainted Connection: '+str(lport)+"<->"+str(rhost)+":"+str(rport))
					self.logger.info(YELLOW+'[!] Connection Tainted By PID: '+str(pid))
					self.send_ctl_msg(rhost,rport,lport)
				

			p.accept()
		except Exception as e:
			self.logger.error(RED+'[!] Failed to Handle Pkt: '+str(e))

	def send_ctl_msg(self,rhost,rport,lport):
		# THIS IS HACK, NEED TO CLEANUP
		# CAN'T USE SOCKET HERE SINCE PKT_HANDLE() IS WAITING ON IT AND QUEUES ITSELF RECUSRIVELY
		# SO INSTEAD DOING A ECHO "CTL_MSG" | nc sdn_ip sdn_port &
		# WILL FIX LATER		
		try:
			msg = "taint,"+str(rhost)+","+str(rport)+","+str(lport)+"\n"
			cmd = "echo \""+msg+"\" | nc "+SDN_IP+" 9999 &"
			os.system(cmd)
		except Exception as e:
			self.logger.error(RED+'[!] Send_ctl_msg Failed: '+str(e))

						
    	def run(self):
		try:
			while (self.running):

				nfqueue = NetfilterQueue()
				nfqueue.bind(1, self.handle_pkt)
			        nfqueue.run()

		
		except Exception as e:
			self.logger.error(RED+'NetFilter Failed: '+str(e))

	def end(self):
     		self.running = False