def test_usb_tethering_over_wifi(self): """Tests USB tethering over wifi. Steps: 1. Connects to a wifi network 2. Enables USB tethering 3. Verifies wifi is preferred upstream over data connection """ wutils.start_wifi_connection_scan_and_ensure_network_found( self.dut, self.wifi_network[SSID]) wutils.wifi_connect(self.dut, self.wifi_network) wifi_network = self.dut.droid.connectivityGetActiveNetwork() self.log.info("wifi network %s" % wifi_network) iflist_before = get_if_list() nutils.start_usb_tethering(self.dut) self.USB_TETHERED = True self.iface = nutils.wait_for_new_iface(iflist_before) self.real_hwaddr = get_if_raw_hwaddr(self.iface) output = self.dut.adb.shell(DUMSYS_CMD) for line in output.split("\n"): if UPSTREAM_WANTED_STRING in line: asserts.assert_true("true" in line, "Upstream interface is not active") self.log.info("Upstream interface is active") if CURRENT_UPSTREAM_STRING in line: asserts.assert_true("wlan" in line, "WiFi is not the upstream " "interface") self.log.info("WiFi is the upstream interface")
def cmd_dhcp_discover(iface, timeout, verbose): """Send a DHCP request and show what devices has replied. Note: Using '-v' you can see all the options (like DNS servers) included on the responses. \b # habu.dhcp_discover Ether / IP / UDP 192.168.0.1:bootps > 192.168.0.5:bootpc / BOOTP / DHCP """ conf.verb = False if iface: conf.iface = iface conf.checkIPaddr = False hw = get_if_raw_hwaddr(conf.iface) ether = Ether(dst="ff:ff:ff:ff:ff:ff") ip = IP(src="0.0.0.0",dst="255.255.255.255") udp = UDP(sport=68,dport=67) bootp = BOOTP(chaddr=hw) dhcp = DHCP(options=[("message-type","discover"),"end"]) dhcp_discover = ether / ip / udp / bootp / dhcp ans, unans = srp(dhcp_discover, multi=True, timeout=5) # Press CTRL-C after several seconds for _, pkt in ans: if verbose: print(pkt.show()) else: print(pkt.summary())
def test_dhcp(*args): """ from scapy/docs/usage """ from scapy.all import conf conf.checkIPaddr = False iface = conf.iface fam, hw = get_if_raw_hwaddr(iface) dhcp_discover = ( Ether(dst="ff:ff:ff:ff:ff:ff") / IP(src="0.0.0.0", dst="255.255.255.255") / UDP(sport=68, dport=67) / BOOTP(chaddr=hw) / DHCP(options=[("message-type","discover"),"end"]) ) ans, unans = srp(dhcp_discover, multi=True, timeout=30, iface=iface) # Press CTRL-C after several seconds for p in ans: print( p[1][Ether].src, p[1][IP].src ) raise Exception()
def cmd_dhcp_discover(iface, timeout, verbose): """Send a DHCP request and show what devices has replied. Note: Using '-v' you can see all the options (like DNS servers) included on the responses. \b # habu.dhcp_discover Ether / IP / UDP 192.168.0.1:bootps > 192.168.0.5:bootpc / BOOTP / DHCP """ conf.verb = False if iface: conf.iface = iface conf.checkIPaddr = False hw = get_if_raw_hwaddr(conf.iface) ether = Ether(dst="ff:ff:ff:ff:ff:ff") ip = IP(src="0.0.0.0", dst="255.255.255.255") udp = UDP(sport=68, dport=67) bootp = BOOTP(chaddr=hw) dhcp = DHCP(options=[("message-type", "discover"), "end"]) dhcp_discover = ether / ip / udp / bootp / dhcp ans, unans = srp(dhcp_discover, multi=True, timeout=5) # Press CTRL-C after several seconds for _, pkt in ans: if verbose: print(pkt.show()) else: print(pkt.summary())
def main(): """ Entry point """ # Parsing command line parser = OptionParser() parser.add_option("-t", "--timeout", type="float", dest="timeout", default=1, help="timeout in seconds for waiting answers", metavar="TIME") (options, args) = parser.parse_args() conf.checkIPaddr = False fam, hw = get_if_raw_hwaddr(conf.iface) mac = ":".join(map(lambda x: "%.02x" % ord(x), list(hw))) print 'Requesting DHCP servers for', mac ether = Ether(dst="ff:ff:ff:ff:ff:ff", src=hw) ip = IP(src="0.0.0.0", dst="255.255.255.255") udp = UDP(sport=68, dport=67) bootp = BOOTP(chaddr=hw) dhcp = DHCP(options=[("message-type", "discover"), "end"]) dhcp_discover = ether / ip / udp / bootp / dhcp ans, unans = srp(dhcp_discover, multi=True, timeout=options.timeout) print 'Discovered DHCP servers:' for p in ans: print p[1][Ether].src, p[1][IP].src
def check_dhcp_on_eth(iface, timeout): """Check if there is roque dhcp server in network on given iface @iface - name of the ethernet interface @timeout - scapy timeout for waiting on response >>> check_dhcp_on_eth('eth1') """ scapy.conf.iface = iface scapy.conf.checkIPaddr = False dhcp_options = [("message-type", "discover"), ("param_req_list", utils.format_options( [1, 2, 3, 4, 5, 6, 11, 12, 13, 15, 16, 17, 18, 22, 23, 28, 40, 41, 42, 43, 50, 51, 54, 58, 59, 60, 66, 67])), "end"] fam, hw = scapy.get_if_raw_hwaddr(iface) dhcp_discover = ( scapy.Ether(src=hw, dst="ff:ff:ff:ff:ff:ff") / scapy.IP(src="0.0.0.0", dst="255.255.255.255") / scapy.UDP(sport=68, dport=67) / scapy.BOOTP(chaddr=hw) / scapy.DHCP(options=dhcp_options)) ans, unans = scapy.srp(dhcp_discover, multi=True, nofilter=1, timeout=timeout, verbose=0) return ans
def craft_dhcp_request(self, hw=None): """Generates a DHCPREQUEST packet Args: hw (str|bytes, optional): Defaults to MAC of Scapy's `conf.iface`. Client MAC address to place in `chaddr`. Returns: scapy.layers.inet.IP: DHCPREQUEST packet https://www.freesoft.org/CIE/RFC/2131/24.htm """ if not hw: _, hw = get_if_raw_hwaddr(conf.iface) else: hw = mac_str_to_bytes(hw) # server identifier => DHCP server that sent the DHCPOFFER # Client inserts the address of the selected server in 'server # identifier', 'ciaddr' MUST be zero, 'requested IP address' MUST be # filled in with the yiaddr value from the chosen DHCPOFFER. options = [("message-type", "request"), ("server_id", self.server_id), ("requested_addr", self.offered_address), "end"] dhcp_request = (IP(src="0.0.0.0", dst="255.255.255.255") / UDP(sport=68, dport=67) / BOOTP(chaddr=hw, xid=self.xid, flags=0x8000) / DHCP(options=options)) # TODO: param req list if settings.DEBUG: print(dhcp_request.show()) return dhcp_request
def cmd_dhcp_discover(iface, timeout, verbose): conf.verb = False if iface: conf.iface = iface conf.checkIPaddr = False hw = get_if_raw_hwaddr(conf.iface) ether = Ether(dst="ff:ff:ff:ff:ff:ff") ip = IP(src="0.0.0.0",dst="255.255.255.255") udp = UDP(sport=68,dport=67) bootp = BOOTP(chaddr=hw) dhcp = DHCP(options=[("message-type","discover"),"end"]) dhcp_discover = ether / ip / udp / bootp / dhcp ans, unans = srp(dhcp_discover, multi=True, timeout=5) # Press CTRL-C after several seconds for _, pkt in ans: if verbose: print(pkt.show()) else: print(pkt.summary())
def check_dhcp_request(iface, server, range_start, range_end, timeout=5): """Provide interface, server endpoint and pool of ip adresses Should be used after offer received >>> check_dhcp_request('eth1','10.10.0.5','10.10.0.10','10.10.0.15') """ scapy.conf.iface = iface scapy.conf.checkIPaddr = False fam, hw = scapy.get_if_raw_hwaddr(iface) ip_address = next(utils.pick_ip(range_start, range_end)) # note lxc dhcp server does not respond to unicast dhcp_request = (scapy.Ether(src=hw, dst="ff:ff:ff:ff:ff:ff") / scapy.IP(src="0.0.0.0", dst="255.255.255.255") / scapy.UDP(sport=68, dport=67) / scapy.BOOTP(chaddr=hw) / scapy.DHCP(options=[("message-type", "request"), ("server_id", server), ("requested_addr", ip_address), "end"])) ans, unans = scapy.srp(dhcp_request, nofilter=1, multi=True, timeout=timeout, verbose=0) return ans
def check_dhcp_on_eth(iface, timeout): """Check if there is roque dhcp server in network on given iface @iface - name of the ethernet interface @timeout - scapy timeout for waiting on response >>> check_dhcp_on_eth('eth1') """ scapy.conf.iface = iface scapy.conf.checkIPaddr = False dhcp_options = [("message-type", "discover"), ("param_req_list", utils.format_options([ 1, 2, 3, 4, 5, 6, 11, 12, 13, 15, 16, 17, 18, 22, 23, 28, 40, 41, 42, 43, 50, 51, 54, 58, 59, 60, 66, 67 ])), "end"] fam, hw = scapy.get_if_raw_hwaddr(iface) dhcp_discover = (scapy.Ether(src=hw, dst="ff:ff:ff:ff:ff:ff") / scapy.IP(src="0.0.0.0", dst="255.255.255.255") / scapy.UDP(sport=68, dport=67) / scapy.BOOTP(chaddr=hw) / scapy.DHCP(options=dhcp_options)) ans, unans = scapy.srp(dhcp_discover, multi=True, nofilter=1, timeout=timeout, verbose=0) return ans
def get_mac(interface: str) -> str: """ Get the mac address for a specified interface """ try: mac = get_if_hwaddr(interface) except Scapy_Exception: mac = ":".join( format(x, "02x") for x in get_if_raw_hwaddr(interface)[1]) return mac
def build_msg(opts): conf.checkIPaddr = False msg_flag = 0 import sys if sys.platform != "darwin": fam, hw = get_if_raw_hwaddr(str(world.cfg["iface"])) else: # TODO fix this for MAC OS, this is temporary quick fix just for my local system hw = convert_MAC("0a:00:27:00:00:00") tmp_hw = None # we need to choose if we want to use chaddr, or client id. # also we can include both: client_id and chaddr if world.cfg["values"]["chaddr"] is None or world.cfg["values"][ "chaddr"] == "default": tmp_hw = hw elif world.cfg["values"]["chaddr"] == "empty": tmp_hw = convert_MAC("00:00:00:00:00:00") else: tmp_hw = convert_MAC(world.cfg["values"]["chaddr"]) if world.cfg["values"]["broadcastBit"]: # value for setting 1000 0000 0000 0000 in bootp message in field 'flags' for broadcast msg. msg_flag = 32768 else: msg_flag = 0 msg = Ether(dst="ff:ff:ff:ff:ff:ff", src=hw) msg /= IP( src=world.cfg["source_IP"], dst=world.cfg["destination_IP"], ) msg /= UDP(sport=world.cfg["source_port"], dport=world.cfg["destination_port"]) msg /= BOOTP(chaddr=tmp_hw, giaddr=world.cfg["values"]["giaddr"], flags=msg_flag, hops=world.cfg["values"]["hops"]) # BOOTP requests can be optionless if len(opts) > 0: opts += ["end"] # end option msg /= DHCP(options=opts) #transaction id if world.cfg["values"]["tr_id"] is None: msg.xid = randint(0, 256 * 256 * 256) else: msg.xid = int(world.cfg["values"]["tr_id"]) world.cfg["values"]["tr_id"] = msg.xid msg.siaddr = world.cfg["values"]["siaddr"] msg.ciaddr = world.cfg["values"]["ciaddr"] msg.yiaddr = world.cfg["values"]["yiaddr"] msg.htype = world.cfg["values"]["htype"] return msg
def run(self): baseip = ".".join(self.router.split('.')[0:-1]) + '.' targetip = baseip+self.last confs.checkIPaddr = False hw = get_if_raw_hwaddr(confs.iface) dhcp_discover = Ether(src=RandMAC(),dst="ff:ff:ff:ff:ff:ff")/\ IP(src="0.0.0.0",dst="255.255.255.255")/\ UDP(sport=68, dport=67)/\ BOOTP(chaddr=RandString(RandNum(1,50)))/\ DHCP(options=[("message-type","discover"),"end"]) sendp(dhcp_discover, verbose=0)
def build_msg(opts): conf.checkIPaddr = False msg_flag = 0 import sys if sys.platform != "darwin": fam, hw = get_if_raw_hwaddr(str(world.cfg["iface"])) else: # TODO fix this for MAC OS, this is temporary quick fix just for my local system hw = convert_MAC("0a:00:27:00:00:00") tmp_hw = None # we need to choose if we want to use chaddr, or client id. # also we can include both: client_id and chaddr if world.cfg["values"]["chaddr"] is None or world.cfg["values"]["chaddr"] == "default": tmp_hw = hw elif world.cfg["values"]["chaddr"] == "empty": tmp_hw = convert_MAC("00:00:00:00:00:00") else: tmp_hw = convert_MAC(world.cfg["values"]["chaddr"]) if world.cfg["values"]["broadcastBit"]: # value for setting 1000 0000 0000 0000 in bootp message in field 'flags' for broadcast msg. msg_flag = 32768 else: msg_flag = 0 msg = Ether(dst="ff:ff:ff:ff:ff:ff", src=hw) msg /= IP(src=world.cfg["source_IP"], dst=world.cfg["destination_IP"],) msg /= UDP(sport=world.cfg["source_port"], dport=world.cfg["destination_port"]) msg /= BOOTP(chaddr=tmp_hw, giaddr=world.cfg["values"]["giaddr"], flags=msg_flag, hops=world.cfg["values"]["hops"]) # BOOTP requests can be optionless if len(opts) > 0: opts += ["end"] # end option msg /= DHCP(options=opts) #transaction id if world.cfg["values"]["tr_id"] is None: msg.xid = randint(0, 256*256*256) else: msg.xid = int(world.cfg["values"]["tr_id"]) world.cfg["values"]["tr_id"] = msg.xid msg.siaddr = world.cfg["values"]["siaddr"] msg.ciaddr = world.cfg["values"]["ciaddr"] msg.yiaddr = world.cfg["values"]["yiaddr"] msg.htype = world.cfg["values"]["htype"] return msg
def craft_discover(self, hw=None): """Generates a DHCPDICSOVER packet""" if not hw: _, hw = get_if_raw_hwaddr(conf.iface) else: hw = mac_str_to_bytes(hw) dhcp_discover = (IP(src="0.0.0.0", dst="255.255.255.255") / UDP(sport=68, dport=67) / BOOTP(chaddr=hw, xid=self.xid, flags=0x8000) / DHCP(options=[("message-type", "discover"), "end"])) # TODO: param req list if DEBUG: print(dhcp_discover.show()) return dhcp_discover
def main(): iface = get_iface() fam, hw = get_if_raw_hwaddr(iface) print "sending on interface %s" % (iface) pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') # A spoofed ARP packet with modified src protocol (IP) address pkt = pkt / ARP(op=2, hwsrc=hw, psrc='10.0.1.2', hwdst='ff:ff:ff:ff:ff:ff', pdst='255.255.255.255') pkt.show2() # for a developed view of the assembled packet sendp(pkt, iface=iface, verbose=False) # sendp works at layer 2)
def get_dhcp_discovery(interface, verbose=False): # get interface hw addr _, hw = get_if_raw_hwaddr(interface) if verbose: print(f"Interface: {interface} -> {hw}") dhcp_discovery = Ether(dst="ff:ff:ff:ff:ff:ff") / IP( src="0.0.0.0", dst="255.255.255.255") / UDP( sport=68, dport=67) / BOOTP(chaddr=hw) / DHCP( options=[("message-type", "discover"), "end"]) if verbose: dhcp_discovery.show() return dhcp_discovery
def _get_dhcp_discover_message(iface): dhcp_options = [("message-type", "discover"), ("param_req_list", utils.format_options([ 1, 2, 3, 4, 5, 6, 11, 12, 13, 15, 16, 17, 18, 22, 23, 28, 40, 41, 42, 43, 50, 51, 54, 58, 59, 60, 66, 67 ])), "end"] fam, hw = scapy.get_if_raw_hwaddr(iface) dhcp_discover = (scapy.Ether(src=hw, dst="ff:ff:ff:ff:ff:ff") / scapy.IP(src="0.0.0.0", dst="255.255.255.255") / scapy.UDP(sport=68, dport=67) / scapy.BOOTP(chaddr=hw) / scapy.DHCP(options=dhcp_options)) return dhcp_discover
def create_discover(options): opts = [("message-type","discover")] if options: opts += options else: assert False conf.checkIPaddr = False fam,hw = get_if_raw_hwaddr(conf.iface) discover = Ether(dst="ff:ff:ff:ff:ff:ff")/IP(src=world.cfg["rel4_addr"],dst=world.cfg["srv4_addr"]) discover /= UDP(sport=68,dport=67)/BOOTP(chaddr=hw, giaddr="192.0.2.1") dhcp = DHCP(options=opts) discover /= dhcp return discover
def main(): iface = get_iface() fam, hw = get_if_raw_hwaddr(iface) print "sending on interface %s" % (iface) pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') pkt = pkt / IP(dst='255.255.255.255') / UDP(dport=67, sport=68) / BOOTP( op=1, chaddr=hw) / DHCP(options=[('message-type', 'request'), ('end')]) pkt.show2() # Send a broadcast packet from this unknown client MAC address not present in the DHCP bindings table sendp(pkt, iface=iface, verbose=False) pkt = Ether(src=get_if_hwaddr(iface), dst='00:00:00:00:01:01') pkt = pkt / IP(dst='10.0.1.1') / UDP(dport=68, sport=67) / BOOTP( op=2, chaddr=hw) / DHCP(options=[('message-type', 'ack'), ('end')]) pkt.show2() # Send an ack packet from untrusted server not presented in the DHCP trusted server IP table sendp(pkt, iface=iface, verbose=False)
def main(): iface = get_iface() fam, hw = get_if_raw_hwaddr( iface) # returns family and hardware address of the interface print "sending on interface %s" % (iface) pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') # pkt 1: a non-DHCP pkt with src IP 0.0.0.0 to simulate a client which hasn't been assigned IP addr yet # DROPPED pkt1 = pkt / IP(src='0.0.0.0', dst='255.255.255.255') / TCP( dport=1234, sport=random.randint(49152, 65535)) pkt1.show2() # for a developed view of the assembled packet sendp(pkt1, iface=iface, verbose=False) # sendp works at layer 2 # pkt 2: a DHCP discover pkt with src IP 0.0.0.0 # FORWARDED pkt2 = pkt / IP(src='0.0.0.0', dst='255.255.255.255') / UDP( dport=67, sport=68) / BOOTP(op=1, chaddr=hw) / DHCP( options=[('message-type', 'discover'), ('end')]) pkt2.show2() sendp(pkt2, iface=iface, verbose=False) # pkt 3: a DHCP request pkt with its original src IP # FORWARDED pkt3 = pkt / IP(dst='255.255.255.255') / UDP(dport=67, sport=68) / BOOTP( op=1, chaddr=hw) / DHCP(options=[('message-type', 'request'), ('end')]) pkt3.show2() sendp(pkt3, iface=iface, verbose=False) # pkt 4: a non-DHCP pkt with its original src IP # FORWARDED pkt4 = pkt / IP(dst='255.255.255.255') / TCP( dport=1234, sport=random.randint(49152, 65535)) pkt4.show2() sendp(pkt4, iface=iface, verbose=False) # pkt 5: a non-DHCP pkt with spoofed src IP 10.0.1.3, which doesn't exist in the DHCP bindings table # DROPPED pkt5 = pkt / IP(src='10.0.1.3', dst='255.255.255.255') / TCP( dport=1234, sport=random.randint(49152, 65535)) pkt5.show2() sendp(pkt5, iface=iface, verbose=False)
def _get_dhcp_discover_message(iface): dhcp_options = [("message-type", "discover"), ("param_req_list", utils.format_options( [1, 2, 3, 4, 5, 6, 11, 12, 13, 15, 16, 17, 18, 22, 23, 28, 40, 41, 42, 43, 50, 51, 54, 58, 59, 60, 66, 67])), "end"] fam, hw = scapy.get_if_raw_hwaddr(iface) dhcp_discover = ( scapy.Ether(src=hw, dst="ff:ff:ff:ff:ff:ff") / scapy.IP(src="0.0.0.0", dst="255.255.255.255") / scapy.UDP(sport=68, dport=67) / scapy.BOOTP(chaddr=hw) / scapy.DHCP(options=dhcp_options)) return dhcp_discover
def build_msg(opts): conf.checkIPaddr = False msg_flag = 0 fam, hw = get_if_raw_hwaddr(str(world.cfg["iface"])) tmp_hw = None # we need to choose if we want to use chaddr, or client id. # also we can include both: client_id and chaddr if world.cfg["values"]["chaddr"] is None or world.cfg["values"]["chaddr"] == "default": tmp_hw = hw elif world.cfg["values"]["chaddr"] == "empty": tmp_hw = convert_MAC("00:00:00:00:00:00") else: tmp_hw = convert_MAC(world.cfg["values"]["chaddr"]) if world.cfg["values"]["broadcastBit"]: # value for setting 1000 0000 0000 0000 in bootp message in field 'flags' for broadcast msg. msg_flag = 32768 msg = Ether(dst = "ff:ff:ff:ff:ff:ff", src = hw) msg /= IP(src = world.cfg["source_IP"], dst = world.cfg["destination_IP"],) msg /= UDP(sport = world.cfg["source_port"], dport = world.cfg["destination_port"]) msg /= BOOTP(chaddr = tmp_hw, giaddr = world.cfg["values"]["giaddr"], flags = msg_flag, hops = world.cfg["values"]["hops"]) # BOOTP requests can be optionless if (len(opts) > 0): opts += ["end"] # end option msg /= DHCP(options = opts) msg.xid = randint(0, 256*256*256) msg.siaddr = world.cfg["values"]["siaddr"] msg.ciaddr = world.cfg["values"]["ciaddr"] msg.yiaddr = world.cfg["values"]["yiaddr"] return msg
def craft_dhcp_request(self, hw=None): """Generates a DHCPv6 Request packet Args: hw (str|bytes, optional): Defaults to MAC of Scapy's `conf.iface`. Client MAC address to use for DUID LL. Returns: scapy.layers.inet.IPv6: DHCPv6 Request packet """ if not hw: _, hw = get_if_raw_hwaddr(conf.iface) else: hw = mac_str_to_bytes(hw) # TODO # Request Message # - sent by clients # - includes a server identifier option # - the content of Server Identifier option must match server's DUID # - includes a client identifier option # - must include an ORO Option (even with hints) p40 # - can includes a reconfigure Accept option indicating whether or # not the client is willing to accept Reconfigure messages from # the server (p40) # - When the server receives a Request message via unicast from a # client to which the server has not sent a unicast option, the server # discards the Request message and responds with a Reply message # containing Status Code option with the value UseMulticast, a Server # Identifier Option containing the server's DUID, the client # Identifier option from the client message and no other option. dhcp_request = (IPv6(dst="ff02::1:2") / UDP(sport=546, dport=547) / DHCP6_Request(trid=self.xid) / DHCP6OptServerId(duid=self.server_id) / DHCP6OptElapsedTime() / DHCP6OptClientId(duid=DUID_LL(lladdr=hw)) / DHCP6OptIA_NA(iaid=0)) if settings.DEBUG: print(dhcp_request.show()) return dhcp_request
def craft_discover(self, hw=None): """Generates a DHCPv6 Solicit packet Args: hw (str|bytes, optional): Defaults to MAC of Scapy's `conf.iface`. Client MAC address to use for DUID LL. Returns: scapy.layers.inet.IPv6: DHCPv6 Solicit packet """ if not hw: _, hw = get_if_raw_hwaddr(conf.iface) else: hw = mac_str_to_bytes(hw) dhcp_solicit = (IPv6(dst="ff02::1:2") / UDP(sport=546, dport=547) / DHCP6_Solicit(trid=self.xid) / DHCP6OptElapsedTime() / DHCP6OptClientId(duid=DUID_LL(lladdr=hw)) / DHCP6OptIA_NA(iaid=0)) if settings.DEBUG: print(dhcp_solicit.show()) return dhcp_solicit
def craft_discover(self, hw=None): """Generates a DHCPDICSOVER packet Args: hw (str|bytes, optional): Defaults to MAC of Scapy's `conf.iface`. Client MAC address to place in `chaddr`. Returns: scapy.layers.inet.IP: DHCPDISCOVER packet """ if not hw: _, hw = get_if_raw_hwaddr(conf.iface) else: hw = mac_str_to_bytes(hw) dhcp_discover = (IP(src="0.0.0.0", dst="255.255.255.255") / UDP(sport=68, dport=67) / BOOTP(chaddr=hw, xid=self.xid, flags=0x8000) / DHCP(options=[("message-type", "discover"), "end"])) # TODO: param req list if settings.DEBUG: print(dhcp_discover.show()) return dhcp_discover
from scapy.all import get_if_raw_hwaddr, Ether, IP, UDP, BOOTP, conf netcard = raw_input("Please enter network card name: ") fam, hw = get_if_raw_hwaddr(netcard) bcast = Ether(dst="ff:ff:ff:ff:ff:ff") ipbcast = IP(src='0.0.0.0', dst='255.255.255.255') dhcpclisrvports = UDP(sport=68, dport=67) dhcpproto = BOOTP(chaddr=hw) pktboot = bcast / ipbcast / dhcpclisrvports / dhcpproto conf.checkIPaddr = False
except getopt.GetoptError, e: print str(e) showhelp() exit(1) opts = dict([(k.lstrip('-'), v) for (k,v) in opts]) if 'h' in opts or len(args) != 1 or 's' not in opts: showhelp() exit(0) conf.iface = opts.get('i', DEFAULT_IFACE) ssid = opts.get('s') sourcemac = opts.get('m', None) start = int(opts.get('f', 0)) check = int(opts.get('c', DEFAULT_CHECK)) outf = opts.get('o', None) pcapfile = args[0] if sourcemac is None: # Get local MAC address sourcemac = str2mac(get_if_raw_hwaddr(conf.iface)[1]) replypackets(pcapfile, sourcemac = sourcemac, ssid = ssid, start = start, check = check, outfile = outf) if __name__ == "__main__": main()
exit(1) opts = dict([(k.lstrip('-'), v) for (k, v) in opts]) if 'h' in opts or len(args) != 1 or 's' not in opts: showhelp() exit(0) conf.iface = opts.get('i', DEFAULT_IFACE) ssid = opts.get('s') sourcemac = opts.get('m', None) start = int(opts.get('f', 0)) check = int(opts.get('c', DEFAULT_CHECK)) outf = opts.get('o', None) pcapfile = args[0] if sourcemac is None: # Get local MAC address sourcemac = str2mac(get_if_raw_hwaddr(conf.iface)[1]) replypackets(pcapfile, sourcemac=sourcemac, ssid=ssid, start=start, check=check, outfile=outf) if __name__ == "__main__": main()
__author__ = 'Yuxibro' import logging #import socket logging.getLogger("scapy").setLevel(1) from scapy.all import conf, sendp, srp1, sniff, Ether, IP, ARP, UDP, BOOTP, DHCP, get_if_raw_hwaddr fam, hw = get_if_raw_hwaddr(conf.iface) #sendp(Ether(dst="ff:ff:ff:ff:ff:ff")/IP(src="0.0.0.0",dst="255.255.255.255")/UDP(sport=68,dport=67)/BOOTP(chaddr=hw)/DHCP(options=[("message-type","discover")]),count=1) sendp(Ether(dst="ff:ff:ff:ff:ff:ff") / IP(src="0.0.0.0", dst="255.255.255.255") / UDP(sport=68, dport=67) / BOOTP(chaddr=hw) / DHCP(options=[("message-type", 1)]), count=1)
def set_up_sul(opts): if ('h' in opts or 'i' not in opts or 't' not in opts or 's' not in opts or 'p' not in opts or 'm' not in opts): showhelp() exit(0) inject_iface = opts.get('i') sniff_iface = opts.get('t') ssid = opts.get('s') psk = opts.get('p') if 'u' in opts: user_id = opts.get('u') eap = True if 'a' in opts: anon_id = opts.get('a') else: anon_id = None else: eap = False mode = opts.get('m') if 'g' not in opts: gateway = '192.168.0.1' else: gateway = opts.get('g') beacon_sniff = True # Sniff for Beacons to determine channel and RSNinfo while beacon_sniff: channel = random.randrange(1, 15) os.system('iw dev %s set channel %d' % (sniff_iface, channel)) ps = sniff(timeout=0.1, iface=sniff_iface) for p in ps: if (p is None or len(p) == 0): continue if ((p.haslayer(dot11.Dot11Beacon) or p.haslayer(dot11.Dot11ProbeResp)) and p[dot11.Dot11Elt].info == ssid): try: rsnInfo = getRSNInfo(p) bssid = p[dot11.Dot11].addr3 channel = int(ord(p[dot11.Dot11Elt:3].info)) os.system('iwconfig %s channel %d' % (sniff_iface, channel)) os.system('iwconfig %s channel %d' % (inject_iface, channel)) beacon_sniff = False except TypeError: continue print('Detected beacon from %s on channel %d...' % (ssid, channel)) print('Sniffer MAC address: %s' % str2mac(get_if_raw_hwaddr(sniff_iface)[1])) print('Injector address: %s' % str2mac(get_if_raw_hwaddr(inject_iface)[1])) # SULState.py line 14 `def __init__(self, iface, ssid, psk, bssid, rsnInfo, gateway):` if not eap: sul = SULState(inject_iface, ssid, psk, bssid, rsnInfo, gateway) else: sul = SULState(inject_iface, ssid, psk, bssid, rsnInfo, gateway, user_id=user_id, anon_id=anon_id) return sul, mode, sniff_iface
fuzztype = args[0] conf.iface = opts.get('i', DEFAULT_IFACE) conf.tping = opts.get('p', DEFAULT_PING_TIMOUT) if not conf.tping.isdigit(): log("[!] Ping timeout (-p) must be a valid integer", "MAIN") exit(2) conf.tping = int(conf.tping) if conf.tping <= 0: log("[!] Ping timeout (-p) must be greater than zero", "MAIN") exit(2) conf.outdir = opts.get('o', DEFAULT_PCAP_DIR) ssid = opts.get('s') localmac = str2mac(get_if_raw_hwaddr(conf.iface)[1]) testmode = 't' in opts log("Target SSID: %s; Interface: %s; Ping timeout: %d; PCAP directory: %s; Test mode? %s; Fuzzer(s): %s;" % \ (ssid, conf.iface, conf.tping, conf.outdir, testmode, fuzztype), "MAIN") wifi = WifiDriver(ssid = ssid, tping = conf.tping, outdir = conf.outdir, localmac = localmac, testmode = testmode, verbose = 1) # Get the MAC address of the AP try: mac = wifi.waitForBeacon() except WiExceptionTimeout, e: log("No beacon from target AP after %d seconds" % conf.tping, "MAIN") sys.exit(1)
fuzztype = args[0] conf.iface = opts.get('i', DEFAULT_IFACE) conf.tping = opts.get('p', DEFAULT_PING_TIMOUT) if not conf.tping.isdigit(): log("[!] Ping timeout (-p) must be a valid integer", "MAIN") exit(2) conf.tping = int(conf.tping) if conf.tping <= 0: log("[!] Ping timeout (-p) must be greater than zero", "MAIN") exit(2) conf.outdir = opts.get('o', DEFAULT_PCAP_DIR) ssid = opts.get('s') localmac = str2mac(get_if_raw_hwaddr(conf.iface)[1]) testmode = 't' in opts log("Target SSID: %s; Interface: %s; Ping timeout: %d; PCAP directory: %s; Test mode? %s; Fuzzer(s): %s;" % \ (ssid, conf.iface, conf.tping, conf.outdir, testmode, fuzztype), "MAIN") wifi = WifiDriver(ssid=ssid, tping=conf.tping, outdir=conf.outdir, localmac=localmac, testmode=testmode, verbose=1) # Get the MAC address of the AP try: mac = wifi.waitForBeacon()