def run(self, challenger, subject, conf): self.conf = conf self.subject = subject # set up network challenger.set_wifi(ssid=conf.ADHOC_SSID, mode="ad-hoc") ip = conf.ADHOC_CHALLENGER_IP nm = conf.ADHOC_NETMASK gw = conf.ADHOC_GW challenger.set_ip(ip, nm, gw) subject.set_wifi(ssid=conf.ADHOC_SSID, mode="ad-hoc") # start challenger listening for arp packets, then launch link-local on # subject. To avoid missing the first arp probe from the subject, these # two things must be done in this order. But because we want to block # waiting for arp packets, this is a bit tricky. The solution is to use # a timer to launch the subjects link local. t = Timer(1, subject.start_ipv4ll) t.start() mac = challenger.get_mac() arp_p = arp.ARP() arp_p.sha = myeth.eth_aton(mac) # sender hardware addr arp_p.tha = myeth.ETH_ADDR_UNSPEC # dest hardware addr arp_p.op = arp.ARP_OP_REPLY try: probe = challenger.recv_arp(3) ip = probe.target_ip arp_p.tpa = socket.inet_aton(ip) # ip addr of request arp_p.spa = socket.inet_aton(ip) # sender ip addr # send response to arp probe. challenger.send_arp(arp_p, myeth.ETH_ADDR_BROADCAST) # now we should see a probe with a new address. probe = challenger.recv_arp(3) new_ip = probe.target_ip subject.stop_ipv4ll() if new_ip == ip: return "Subject failed to choose new IP after probe response." return "" except socket.timeout: subject.stop_ipv4ll() return "Challenger failed to collect all arp traffic."
def buildArp(addr): arp_p = arp.ARP() arp_p.sha = eth_aton(mac) # sender hardware addr arp_p.spa = socket.inet_aton(inet) # sender ip addr arp_p.tha = ETH_ADDR_UNSPEC # dest hardware addr arp_p.tpa = socket.inet_aton(addr) # ip addr of request arp_p.op = arp.ARP_OP_REQUEST packet = ethernet.Ethernet() packet.src = eth_aton(mac) packet.dst = ETH_ADDR_BROADCAST packet.data = arp_p packet.type = ethernet.ETH_TYPE_ARP if debug: print dpkt.hexdump(str(packet)) return packet
def buildArpReply(pair): arp_p = arp.ARP() arp_p.sha = eth_aton(pair.smac) # sender hardware addr arp_p.spa = socket.inet_aton(pair.sip) # sender ip addr arp_p.tha = eth_aton(pair.rmac) # dest hardware addr arp_p.tpa = socket.inet_aton(pair.rip) # ip addr of request arp_p.op = arp.ARP_OP_REPLY packet = ethernet.Ethernet() packet.src = eth_aton(pair.smac) packet.dst = socket.inet_aton(pair.sip) packet.data = arp_p packet.type = ethernet.ETH_TYPE_ARP if debug: print dpkt.hexdump(str(packet)) return packet
def build_arp_reply(self, rec_mac, rec_ip, send_mac, impersonate_ip): """ Build an ARP-Reply-Packet """ # (1) Building the ARP-Packet arp_p = arp.ARP() # sender's hardware address arp_p.sha = dnet.eth_aton(send_mac) # sender's protocol address arp_p.spa = socket.inet_aton(impersonate_ip) # target's hardware address arp_p.tha = dnet.eth_aton(rec_mac) # target's protocol address arp_p.tpa = socket.inet_aton(rec_ip) # type of operation arp_p.op = arp.ARP_OP_REPLY # (2) Building the wrapping Ethernet-Packet packet = ethernet.Ethernet() # sender's hardware address packet.src = dnet.eth_aton(send_mac) # target's hardware address packet.dst = dnet.eth_aton(rec_mac) # payload (ARP-Packet) packet.data = arp_p # type of ethernet packet packet.type = ethernet.ETH_TYPE_ARP return packet