def create_tunnel_stream_l2o4(self, src_if, tunnel_src, tunnel_dst):
pkts = []
for i in range(0, 257):
info = self.create_packet_info(src_if, src_if)
payload = self.info_to_payload(info)
p = (
Ether(dst=src_if.local_mac, src=src_if.remote_mac) /
IP(src=tunnel_src, dst=tunnel_dst) / GRE() /
Ether(dst=RandMAC('*:*:*:*:*:*'), src=RandMAC('*:*:*:*:*:*')) /
IP(src=str(RandIP()), dst=str(RandIP())) /
UDP(sport=1234, dport=1234) / Raw(payload))
info.data = p.copy()
pkts.append(p)
return pkts
def get_random_mac_address():
# mac = []
# for i in range(6):
# mac.append('%02x' % random.randint(0, 255))
# return ':'.join(mac)
from scapy.volatile import RandMAC
return RandMAC()
def __init__(self, interface, name=None, mac=None, vlan=None):
self._mac = None
self._chaddr = None
self._vlan = vlan
self._xid = RandInt()
self._vendor_class = None
self.lease = None
self.lease_start_time = None
# to do request for an ip (to start initial dhcp with an request instead of discover)
self._yiaddr = None
self._siaddr = None
self.hostname = name if name is not None else 'host{}'.format(id(self))
self.setup_logger()
self.log.debug("================ New host %s ==================",
self.hostname)
if mac is None:
mac = str(RandMAC())
self.use_mac_addr(mac)
if vlan:
self._interface = '{}.{}'.format(interface, vlan)
else:
self._interface = interface
def generate_new(opt):
"""
Generate new client id with random MAC address.
"""
if opt == 'client':
client_id(RandMAC())
ia_id()
elif opt == 'Client_ID':
client_id(RandMAC())
elif opt == 'IA':
ia_id()
elif opt == 'IA_PD':
ia_pd()
else:
assert False, opt + " generation unsupported"
def in6_getLocalUniquePrefix():
# type: () -> str
"""
Returns a pseudo-randomly generated Local Unique prefix. Function
follows recommendation of Section 3.2.2 of RFC 4193 for prefix
generation.
"""
# Extracted from RFC 1305 (NTP) :
# NTP timestamps are represented as a 64-bit unsigned fixed-point number,
# in seconds relative to 0h on 1 January 1900. The integer part is in the
# first 32 bits and the fraction part in the last 32 bits.
# epoch = (1900, 1, 1, 0, 0, 0, 5, 1, 0)
# x = time.time()
# from time import gmtime, strftime, gmtime, mktime
# delta = mktime(gmtime(0)) - mktime(self.epoch)
# x = x-delta
tod = time.time() # time of day. Will bother with epoch later
i = int(tod)
j = int((tod - i) * (2**32))
btod = struct.pack("!II", i, j)
mac = RandMAC()
# construct modified EUI-64 ID
eui64 = inet_pton(socket.AF_INET6, '::' + in6_mactoifaceid(mac))[8:]
import hashlib
globalid = hashlib.sha1(btod + eui64).digest()[:5]
return inet_ntop(socket.AF_INET6, b'\xfd' + globalid + b'\x00' * 10)
def starvationAttack(self, delay, iteration, forks):
for i in range(forks):
os.fork()
for i in range(iteration):
request = self.generatePacketClient("discover", RandMAC())
sendp(request)
time.sleep(int(delay))
def negotiate_trunk(iface=conf.iface, mymac=str(RandMAC())):
print("Trying to negotiate a trunk on interface %s" % iface)
p = Dot3(src=mymac, dst="01:00:0c:cc:cc:cc") / LLC()
p /= SNAP()
p /= DTP(tlvlist=[
DTPDomain(),
DTPStatus(),
DTPType(),
DTPNeighbor(neighbor=mymac)
]) # noqa: E501
sendp(p)
def spam(self):
""" Begin spamming the switch with ARP packets from
random MAC's
"""
arp = ARP(op=2, psrc='0.0.0.0', hwdst=self.switch)
while self.running:
pkt = Ether(src=RandMAC(),dst=self.switch)
pkt /= arp
sendp(pkt)
self.sent += 1
if self.sent % 50 == 0: self.log_msg('Sent %d requests...'%(self.sent))
def flood(self):
"""
泛洪攻击
"""
randmac = RandMAC()
randip = RandIP()
arp_packet = Ether(src=randmac, dst=randmac) / IP(src=randip,
dst=randip)
sendp(arp_packet,
iface=self.ether_name,
count=sys.maxsize,
interval=0.2,
verbose=self.verbose)
def rnd_aps(iface):
s = conf.L2socket(iface=iface)
rnd_mac = RandMAC()
itx = 0
try:
while True:
s.send(
RadioTap() / Dot11(addr1="ff:ff:ff:ff:ff:ff",
addr2=rnd_mac,
addr3=rnd_mac,
addr4=rnd_mac) / Dot11Beacon(cap="ESS") /
Dot11Elt(ID="SSID", info=b"VOTA " + LEL_AP[itx]) /
Dot11Elt(ID="Rates", info="\x0c\x12\x18\x24\x30\x48\x60\x6c") /
Dot11Elt(ID="DSset", info=chr(1)))
itx = (itx + 1) % len(LEL_AP)
time.sleep(0.001)
except Exception as e:
print(e)
s.close()
def client_does_include(sender_type, opt_type, value):
"""
Include options to message. This function refers to @step in lettuce
"""
assert sender_type in ["Client", "RelayAgent", "Relay-Supplied-Option"], "Two sender type accepted: Client or" \
" RelayAgent, your choice is: " \
+ sender_type
world.sender_type = sender_type
# value variable not used in v6
# If you want to use options of received message to include it,
# please use 'Client copies (\S+) option from received message.' step.
if world.cfg["values"]["DUID"] is not None:
world.cfg["values"]["cli_duid"] = convert_DUID(
world.cfg["values"]["DUID"])
if opt_type == "client-id":
add_client_option(
dhcp6.DHCP6OptClientId(duid=world.cfg["values"]["cli_duid"]))
if opt_type == "wrong-client-id":
#used for backwards compatibility
add_client_option(
dhcp6.DHCP6OptClientId(duid=dhcp6.DUID_LLT(
timeval=int(time.time()), lladdr=RandMAC())))
elif opt_type == "empty-client-id":
add_client_option(dhcp6.DHCP6OptClientId())
elif opt_type == "wrong-server-id":
#used for backwards compatibility
add_client_option(
dhcp6.DHCP6OptServerId(
duid=convert_DUID(world.cfg["values"]["server_id"])))
elif opt_type == "server-id":
add_client_option(
dhcp6.DHCP6OptServerId(
duid=convert_DUID(world.cfg["values"]["server_id"])))
elif opt_type == "empty-server-id":
add_client_option(dhcp6.DHCP6OptServerId())
elif opt_type == "preference":
add_client_option(
dhcp6.DHCP6OptPref(prefval=world.cfg["values"]["prefval"]))
elif opt_type == "rapid-commit":
add_client_option(dhcp6.DHCP6OptRapidCommit())
elif opt_type == "time":
add_client_option(
dhcp6.DHCP6OptElapsedTime(
elapsedtime=world.cfg["values"]["elapsedtime"]))
elif opt_type == "relay-msg":
add_client_option(
dhcp6.DHCP6OptRelayMsg(message=dhcp6.DHCP6_Solicit()))
elif opt_type == "server-unicast":
add_client_option(
dhcp6.DHCP6OptServerUnicast(
srvaddr=world.cfg["values"]["srvaddr"]))
elif opt_type == "status-code":
add_client_option(
dhcp6.DHCP6OptStatusCode(
statuscode=world.cfg["values"]["statuscode"],
statusmsg=world.cfg["values"]["statusmsg"]))
elif opt_type == "interface-id":
add_client_option(
dhcp6.DHCP6OptIfaceId(ifaceid=world.cfg["values"]["ifaceid"]))
elif opt_type == "reconfigure":
add_client_option(
dhcp6.DHCP6OptReconfMsg(
msgtype=world.cfg["values"]["reconfigure_msg_type"]))
elif opt_type == "reconfigure-accept":
add_client_option(dhcp6.DHCP6OptReconfAccept())
elif opt_type == "option-request":
# later we can make it adjustable
add_client_option(
dhcp6.DHCP6OptOptReq(reqopts=world.cfg["values"]["reqopts"]))
elif opt_type == "IA-PD":
if len(world.iapd) > 0:
add_client_option(
dhcp6.DHCP6OptIA_PD(iaid=int(world.cfg["values"]["ia_pd"]),
T1=world.cfg["values"]["T1"],
T2=world.cfg["values"]["T2"],
iapdopt=world.iapd))
world.iapd = []
else:
add_client_option(
dhcp6.DHCP6OptIA_PD(iaid=int(world.cfg["values"]["ia_pd"]),
T1=world.cfg["values"]["T1"],
T2=world.cfg["values"]["T2"]))
elif opt_type == "IA-NA":
if len(world.iaad) > 0:
add_client_option(
dhcp6.DHCP6OptIA_NA(iaid=int(world.cfg["values"]["ia_id"]),
T1=world.cfg["values"]["T1"],
T2=world.cfg["values"]["T2"],
ianaopts=world.iaad))
world.iaad = []
else:
add_client_option(
dhcp6.DHCP6OptIA_NA(iaid=int(world.cfg["values"]["ia_id"]),
T1=world.cfg["values"]["T1"],
T2=world.cfg["values"]["T2"]))
elif opt_type == "IA_Prefix":
world.iapd.append(
dhcp6.DHCP6OptIAPrefix(preflft=world.cfg["values"]["preflft"],
validlft=world.cfg["values"]["validlft"],
plen=world.cfg["values"]["plen"],
prefix=world.cfg["values"]["prefix"]))
elif opt_type == "IA_Address":
world.iaad.append(
dhcp6.DHCP6OptIAAddress(addr=world.cfg["values"]["IA_Address"],
preflft=world.cfg["values"]["preflft"],
validlft=world.cfg["values"]["validlft"]))
elif opt_type == "user-class":
if world.cfg["values"]["user_class_data"] == "":
add_client_option(dhcp6.DHCP6OptUserClass())
else:
add_client_option(
dhcp6.DHCP6OptUserClass(userclassdata=dhcp6.USER_CLASS_DATA(
data=str(world.cfg["values"]["user_class_data"]))))
elif opt_type == "vendor-class":
if world.cfg["values"]["vendor_class_data"] == "":
add_client_option(
dhcp6.DHCP6OptVendorClass(
enterprisenum=world.cfg["values"]["enterprisenum"]))
else:
add_client_option(
dhcp6.DHCP6OptVendorClass(
enterprisenum=world.cfg["values"]["enterprisenum"],
vcdata=dhcp6.VENDOR_CLASS_DATA(
data=world.cfg["values"]["vendor_class_data"])))
elif opt_type == "vendor-specific-info":
# convert data for world.vendor with code == 1 (option request)
# that is the only one option that needs converting.
vendor_option_request_convert()
# build VENDOR_CPECIDIC_OPTIONs depending on world.vendor:
vso_tmp = []
for each in world.vendor:
vso_tmp.append(
dhcp6.VENDOR_SPECIFIC_OPTION(optcode=each[0], optdata=each[1]))
add_client_option(
dhcp6.DHCP6OptVendorSpecificInfo(
enterprisenum=world.cfg["values"]["enterprisenum"],
vso=vso_tmp))
# clear vendor list
world.vendor = []
elif opt_type == "fqdn":
if world.cfg["values"]["FQDN_flags"] is None:
assert False, "Please define FQDN flags first."
converted_fqdn = world.cfg["values"]["FQDN_domain_name"]
add_client_option(
dhcp6.DHCP6OptClientFQDN(flags=str(
world.cfg["values"]["FQDN_flags"]),
fqdn=converted_fqdn))
elif opt_type == "client-link-layer-addr":
add_client_option(
dhcp6.DHCP6OptClientLinkLayerAddr(
lltype=world.cfg["values"]["address_type"],
clladdr=world.cfg["values"]["link_local_mac_addr"]))
elif opt_type == "remote-id":
add_client_option(
dhcp6.DHCP6OptRemoteID(
enterprisenum=world.cfg["values"]["enterprisenum"],
remoteid=world.cfg["values"]["remote_id"].replace(
':', '').decode('hex')))
elif opt_type == "subscriber-id":
add_client_option(
dhcp6.DHCP6OptSubscriberID(
subscriberid=world.cfg["values"]["subscriber_id"].replace(
':', '').decode('hex')))
elif opt_type == "interface-id":
add_client_option(
dhcp6.DHCP6OptIfaceId(ifaceid=world.cfg["values"]["ifaceid"]))
elif opt_type == "nii":
add_client_option(
dhcp6.DHCP6OptClientNetworkInterId(
iitype=world.cfg["values"]["iitype"],
iimajor=world.cfg["values"]["iimajor"],
iiminor=world.cfg["values"]["iiminor"]))
elif opt_type == "client-arch-type":
add_client_option(
dhcp6.DHCP6OptClientArchType(
archtypes=world.cfg["values"]["archtypes"]))
elif opt_type == "erp-local-domain-name":
add_client_option(
dhcp6.DHCP6OptERPDomain(
erpdomain=[world.cfg["values"]["erpdomain"]]))
elif opt_type == "rsoo":
add_client_option(
dhcp6.DHCP6OptRelaySuppliedOpt(relaysupplied=world.rsoo))
else:
assert "unsupported option: " + opt_type
from scapy.layers.dot11 import Dot11, Dot11Beacon, Dot11Elt
from scapy.volatile import RandMAC
# interface to use to send beacon frames, must be in monitor mode
iface = "wlan0mon"
# gerate a random MAC address (built-in in scapy)
sender_mac = RandMAC()
# SSID (name of access point
ssid = "Test"
# 802.11 frame
dot11 = Dot11(type=0,
subtype=8,
addr1="ff:ff:ff:ff:ff:ff",
addr2=sender_mac,
addr3=sender_mac)
# beacon layer
beacon = Dot11Beacon()
# putting ssid in the frame
essid = Dot11Elt(ID="SSID", info=ssid, len=len(ssid))
# stack all the layers and add a RadioTap
frame = RadioTap() / dot11 / beacon / essid
# send the frame in layer 2 every 100 milliseconds forever
# using the `iface` interface
sendp(frame, inter=0.1, iface=iface, loop=1)
"""
We generate a random MAC address as well as setting a name of our access point we want to create and then we create a 802.11 frame, the fields are:
type=0: indicates that it is a management frame.
subtype=8: indicates that this management frame is a beacon frame.
addr1: refers to the destination MAC address, in other words, the receiver's MAC address, we use the broadcast address here ("ff:ff:ff:ff:ff:ff"), if you want this fake access point to appear only in a target device, you can use the target's MAC address.
addr2: source MAC address, the sender's MAC address.
def randval(self):
return RandMAC()
def macof():
pkt = Ether(dst=RandMAC(), src=RandMAC()) / IP(dst=RandIP(),
src=RandIP()) / ICMP()
sendp(pkt, loop=1, count=10000)
def __generate_packet(self):
'''Generates the ARP packet. IP Addresses and src mac addresses are randomized.'''
return ARP(op=2, pdst=self.dst, psrc=RandIP(f"{self.dst}/{self.subnet_bits}"), hwsrc=RandMAC())
def __generate_packet(self):
'''Generates the Ping packet. IP Addresses are randomized in the destination's subnet range'''
return Ether(src=RandMAC())/IP(src=RandIP(f"{self.dst}/{self.subnet_bits}"), dst=self.dst)/ICMP()/("Hello, I am bored" * 10)
def __init__(self, IProuter, InjectFackeRouter):
self.IProuter = IProuter
self.InjectFackeRouter = InjectFackeRouter
self.MAC = RandMAC()