def craft(spoofed_ip, dest):
global pkt
#char = ord(character) # covert character to decimal value
#pkt=scapy.IP(dst=dest)/scapy.TCP(sport=char, dport=scapy.RandNum(0, 65535), flags="E")
pkt = scapy.IP(src=spoofed_ip, dst=dest) / scapy.TCP(
sport=scapy.RandNum(0, 65535),
dport=scapy.RandNum(0, 65535),
flags="E")
#print("Packet IP is: " + pkt.src)
return pkt
def flagfuzzer(self, dst, port):
r = {
'R': [], # RST
'RA': [], # RST-ACK
'SA': [], # SYN-ACK
'--': [], # no response
'??': [] # ICMP error msgs (?)
}
scanflags = [
'', 'F', 'S', 'FS', 'R', 'RF', 'RS', 'RSF', 'A', 'AF', 'AS', 'ASF',
'AR', 'ARF', 'ARS', 'ARSF'
]
for flagval in scanflags:
pkt = scapy.IP(dst=dst)
pkt /= scapy.TCP(dport=port,
sport=scapy.RandNum(1024, 65535),
flags=flagval)
x = scapy.sr1(pkt, timeout=.5)
sys.stderr.write(" %s \r" % flagval)
sent = pkt.sprintf("%TCP.flags%")
if sent == '':
sent = '-'
if x is not None:
recvd = x.sprintf("%TCP.flags%")
#self.r[recvd].append(sent+"."+str(x[scapy.IP].ttl))
r[recvd].append(sent)
else:
r['--'].append(sent)
log.msg("finished")
del r['--']
for k in r.keys():
log.msg("%4s: %s" % (k, " ".join(r[k])))
def flagfuzzer(self, dst, port):
r = {
'R': [], # RST
'RA': [], # RST-ACK
'SA': [], # SYN-ACK
'--': [], # no response
'??': [] # ICMP error msgs (maybe... inspect this manually)
}
for flagval in self.scanflags:
pkt = scapy.IP(dst=dst)
pkt /= scapy.TCP(dport=port,
sport=scapy.RandNum(1024, 65535),
flags=flagval)
x = scapy.sr1(pkt, timeout=.5)
sys.stderr.write(" %s \r" % flagval)
sent = pkt.sprintf("%TCP.flags%")
if sent == '':
sent = '-'
if x is not None:
recvd = x.sprintf("%TCP.flags%")
#self.r[recvd].append(sent+"."+str(x[scapy.IP].ttl))
r[recvd].append(sent)
else:
r['--'].append(sent)
self.msg("finished")
del r['--']
self.msg("%4s: %s" % ('Recv', 'Sent'))
for k in r.keys():
self.msg("%4s: %s" % (k, " ".join(r[k])))
def rr_tcp(self, dst, dport):
pkt = scapy.IP(dst=dst, proto=6, options=scapy.IPOption('\x01\x07\x27\x04' + '\x00'*36))
pkt/= scapy.TCP(sport=scapy.RandNum(1024,65535), dport=int(dport), flags="S",window=8192,
options=[('MSS', 1460), ('NOP', None), ('WScale', 2), ('NOP', None),
('NOP', None), ('SAckOK', '')])
intr_tcp = scapy.sr1(pkt, timeout=2)
if intr_tcp is not None:
return intr_tcp.options[0].routers
def __init__(self, params=None):
try:
self.dst = params[0]
self.dport = int(params[1])
self.mpackets = int(params[2])
self.tolerance = int(params[3])
self.sport = scapy.RandNum(1024, 65535)
except:
print self.__doc__
if params is not None: exit(1)
def __do_tsfu(self, prev_ip, target_ip, port, test_ip):
# Opt_header________ IP1______________________ TS1_____ IP2______________________ TS2_____
tsopts = '\x44\x14\x05\x03' + IPAddress(
prev_ip).packed + '\x00' * 4 + IPAddress(
test_ip).packed + '\x00' * 4
pkt = scapy.IP(dst=target_ip, proto=6, options=scapy.IPOption(tsopts))
pkt /= scapy.TCP(sport=scapy.RandNum(1024, 65535), dport=port)
ret = scapy.sr1(pkt, timeout=1)
if ret == None:
return None, None, None
#ret.show()
optval = ret.options[0].value
ts2bin = optval[14:]
ts2 = struct.unpack('I', optval[14:])[0]
ptr, x = struct.unpack('BB', optval[0:2])
oflw = x >> 4
flag = x & 0xF
if (ts2):
return ptr, oflw, flag
return None, None, None
def send(raw, host):
for byte in raw:
pkt = scapy.IP(dst=host) / scapy.TCP(
sport=byte, dport=scapy.RandNum(0, 65535), flags="E")
scapy.send(pkt)
def craft(character, dest):
global pkt
char = ord(character) # covert character to decimal value
pkt=scapy.IP(dst=dest)/scapy.TCP(sport=char, dport=scapy.RandNum(0, 65535), flags="P")
return pkt
