def run(self, challenger, subject, conf): self.conf = conf self.subject = subject # set up network challenger.set_wifi(ssid=conf.ADHOC_SSID, mode="ad-hoc") ip = conf.ADHOC_CHALLENGER_IP nm = conf.ADHOC_NETMASK gw = conf.ADHOC_GW challenger.set_ip(ip, nm, gw) subject.set_wifi(ssid=conf.ADHOC_SSID, mode="ad-hoc") # start challenger listening for arp packets, then launch link-local on # subject. To avoid missing the first arp probe from the subject, these # two things must be done in this order. But because we want to block # waiting for arp packets, this is a bit tricky. The solution is to use # a timer to launch the subjects link local. t = Timer(1, subject.start_ipv4ll) t.start() mac = challenger.get_mac() arp_p = arp.ARP() arp_p.sha = myeth.eth_aton(mac) # sender hardware addr arp_p.tha = myeth.ETH_ADDR_UNSPEC # dest hardware addr arp_p.op = arp.ARP_OP_REPLY try: probe = challenger.recv_arp(3) ip = probe.target_ip arp_p.tpa = socket.inet_aton(ip) # ip addr of request arp_p.spa = socket.inet_aton(ip) # sender ip addr # send response to arp probe. challenger.send_arp(arp_p, myeth.ETH_ADDR_BROADCAST) # now we should see a probe with a new address. probe = challenger.recv_arp(3) new_ip = probe.target_ip subject.stop_ipv4ll() if new_ip == ip: return "Subject failed to choose new IP after probe response." return "" except socket.timeout: subject.stop_ipv4ll() return "Challenger failed to collect all arp traffic."
def buildArp(addr):
arp_p = arp.ARP()
arp_p.sha = eth_aton(mac) # sender hardware addr
arp_p.spa = socket.inet_aton(inet) # sender ip addr
arp_p.tha = ETH_ADDR_UNSPEC # dest hardware addr
arp_p.tpa = socket.inet_aton(addr) # ip addr of request
arp_p.op = arp.ARP_OP_REQUEST
packet = ethernet.Ethernet()
packet.src = eth_aton(mac)
packet.dst = ETH_ADDR_BROADCAST
packet.data = arp_p
packet.type = ethernet.ETH_TYPE_ARP
if debug: print dpkt.hexdump(str(packet))
return packet
def buildArpReply(pair): arp_p = arp.ARP() arp_p.sha = eth_aton(pair.smac) # sender hardware addr arp_p.spa = socket.inet_aton(pair.sip) # sender ip addr arp_p.tha = eth_aton(pair.rmac) # dest hardware addr arp_p.tpa = socket.inet_aton(pair.rip) # ip addr of request arp_p.op = arp.ARP_OP_REPLY packet = ethernet.Ethernet() packet.src = eth_aton(pair.smac) packet.dst = socket.inet_aton(pair.sip) packet.data = arp_p packet.type = ethernet.ETH_TYPE_ARP if debug: print dpkt.hexdump(str(packet)) return packet
def build_arp_reply(self, rec_mac, rec_ip, send_mac, impersonate_ip):
""" Build an ARP-Reply-Packet
"""
# (1) Building the ARP-Packet
arp_p = arp.ARP()
# sender's hardware address
arp_p.sha = dnet.eth_aton(send_mac)
# sender's protocol address
arp_p.spa = socket.inet_aton(impersonate_ip)
# target's hardware address
arp_p.tha = dnet.eth_aton(rec_mac)
# target's protocol address
arp_p.tpa = socket.inet_aton(rec_ip)
# type of operation
arp_p.op = arp.ARP_OP_REPLY
# (2) Building the wrapping Ethernet-Packet
packet = ethernet.Ethernet()
# sender's hardware address
packet.src = dnet.eth_aton(send_mac)
# target's hardware address
packet.dst = dnet.eth_aton(rec_mac)
# payload (ARP-Packet)
packet.data = arp_p
# type of ethernet packet
packet.type = ethernet.ETH_TYPE_ARP
return packet