def foo(in_filename, out_filename):
# open the input file for reading
f = PcapReader(in_filename)
# open the output file for writing
o = PcapWriter(out_filename)
# read the first packet from the input file
p = f.read_packet()
# while we haven't processed the last packet
while p:
layer = p.firstlayer()
while not isinstance(layer, NoPayload):
if (type(layer) is IPv6):
new_layer = IP()
del new_layer.ihl
new_layer.ttl = layer.hlim
new_layer.proto = layer.nh
new_layer.src = ".".join(map(str, six2four(layer.src)))
new_layer.dst = ".".join(map(str, six2four(layer.dst)))
new_layer.add_payload(layer.payload)
prev_layer = layer.underlayer
del layer
prev_layer.remove_payload()
prev_layer.add_payload(new_layer)
if type(prev_layer) is Ether:
prev_layer.type = ETH_P_IP
layer = new_layer
if layer.default_fields.has_key('chksum'):
del layer.chksum
if layer.default_fields.has_key('len'):
del layer.len
# advance to the next layer
layer = layer.payload
# write the packet we just dissected into the output file
o.write(p)
# read the next packet
p = f.read_packet()
# close the input file
f.close()
# close the output file
o.close()
def run(self, args):
self.sniff_sess = None
filepath = None
if self.client.is_windows():
from modules.lib.windows.winpcap import init_winpcap
init_winpcap(self.client)
pktwriter = None
if args.save_pcap:
config = self.client.pupsrv.config
filepath = config.get_file('pcaps',
{'%c': self.client.short_name()})
pktwriter = PcapWriter(filepath, append=True, sync=True)
tcpdump = self.client.remote('tcpdump', 'run', False)
self.wait.clear()
try:
name, self.terminate = tcpdump(self.printer(pcap_writer=pktwriter),
self.on_error,
args.iface,
args.bpf,
args.timeout,
count=args.count)
self.success(u'Scapy tcpdump on "{}" - started'.format(name))
self.wait.wait()
self.success(u'Scapy tcpdump on "{}" - completed'.format(name))
if filepath:
self.info('Pcap stored to: {}'.format(filepath))
except Exception, e:
self.wait.set()
self.error('Error: ' +
' '.join(x
for x in e.args if type(x) in (str, unicode)))
def __init__(self, pcap_filename, *arg, **kw):
self.pcapwriter = PcapWriter(pcap_filename, *arg, **kw)
def setup_packet_save(filename):
"""Sets up a global object that is used to save the files
to a .pcap file"""
global pktdump
pktdump = PcapWriter(filename + '.pcap', append=False, sync=True)
#!/usr/bin/python3
try:
from scapy.all import RandMAC, RandIP, PcapWriter, RandIP6, RandShort, fuzz
from scapy.all import IPv6, Dot1Q, IP, Ether, UDP, TCP
except ModuleNotFoundError as err:
print(err + ": Scapy")
import sys
path = str(sys.argv[1]) + "/pcap/fuzzy.pcap"
pktdump = PcapWriter(path, append=False, sync=True)
for i in range(0, 2000):
# Generate random protocol bases, use a fuzz() over the combined packet
# for full fuzzing.
eth = Ether(src=RandMAC(), dst=RandMAC())
vlan = Dot1Q()
ipv4 = IP(src=RandIP(), dst=RandIP())
ipv6 = IPv6(src=RandIP6(), dst=RandIP6())
udp = UDP(dport=RandShort(), sport=RandShort())
tcp = TCP(dport=RandShort(), sport=RandShort())
# IPv4 packets with fuzzing
pktdump.write(fuzz(eth / ipv4 / udp))
pktdump.write(fuzz(eth / ipv4 / tcp))
pktdump.write(fuzz(eth / vlan / ipv4 / udp))
pktdump.write(fuzz(eth / vlan / ipv4 / tcp))
# IPv6 packets with fuzzing
pktdump.write(fuzz(eth / ipv6 / udp))
pktdump.write(fuzz(eth / ipv6 / tcp))
def packets_to_datasource_events(packets: List[Packet]) -> PCAP:
f = BytesIO()
PcapWriter(f).write(packets)
f.seek(0)
return PCAP(f) # type: ignore
def handle(self,
input,
interface=None,
count=0,
timeout=None,
filter=None,
regex=None,
xregex=None,
monitor=False,
pcap=False,
debug=False):
self.debug = debug
# Compile expressions
if regex:
self.regex = [
re.compile(r.encode(), re.DOTALL | re.MULTILINE)
for r in list(regex)
]
if xregex:
self.xregex = [
re.compile(x.encode(), re.DOTALL | re.MULTILINE)
for x in list(xregex)
]
# Output pcap to infinitely iterable file
with IterWriter() as output:
if pcap:
self.pcap = PcapWriter(output, sync=True)
# Configure sniffer and produce sniffer stream
try:
stream = AsyncSniffer(
started_callback=lambda: self.log.info(
"Sniffing interface(s): %s...", interface or conf.iface
),
iface=interface or conf.iface,
count=count,
timeout=timeout,
filter=filter,
lfilter=self._lfilter,
prn=self._prn,
store=False,
monitor=monitor,
)
# Start sniffer stream
stream.start()
# Output pcap data
if pcap:
for data in output:
yield data
if not stream.running and not output.closed:
output.close()
# Wait for stream to complete
stream.join()
except Scapy_Exception as e:
self.log.error(e)
def anonymize_file(input_file: str, output_file: str) -> None:
logger = logging.getLogger(inspect.stack()[0][3])
with PcapReader(input_file) as reader:
writer = PcapWriter(output_file, sync=True)
ssid_number = 0
address_hash = {}
ssid_hash = {}
for frame in reader:
if frame.haslayer(Dot11):
frame_fcs = frame.fcs
logger.info("frame_fcs: %s", hex(frame_fcs))
# raw_fcs = struct.unpack("I", bytes(frame.payload)[-4:])[0]
# matches frame.fcs
crc_bytes = struct.pack(
"I",
zlib.crc32(bytes(frame.payload)[:-4]) & 0xFFFF_FFFF)
crc_int = int.from_bytes(crc_bytes, byteorder="little")
logger.info("crc_int: %s", hex(crc_int))
fcs_match = frame_fcs == crc_int
logger.info("fcs_match: %s", fcs_match)
# anonymize mac addresses
frame[Dot11].addr1 = anonymize_mac(frame.addr1, address_hash)
frame[Dot11].addr2 = anonymize_mac(frame.addr2, address_hash)
frame[Dot11].addr3 = anonymize_mac(frame.addr3, address_hash)
# anonymize SSID and address fields (this code seems problematic in py3)
if args.skip:
logger.info("skipping anonymizing SSID: %s", args.skip)
else:
dot11elt = frame.getlayer(Dot11Elt)
while dot11elt:
logger.info("ie: %s", dot11elt.ID)
if dot11elt.ID == 0:
ssid = anonymize_ssid(dot11elt.info, ssid_number,
ssid_hash)
dot11elt.len = len(ssid)
dot11elt.info = ssid
dot11elt = dot11elt.payload.getlayer(Dot11Elt)
if fcs_match:
# if fcs and crc originally matched, recompute new valid fcs:
fcs = struct.pack(
"I",
zlib.crc32(bytes(frame.payload)[:-4]) & 0xFFFF_FFFF)
else:
# otherwise throw garbage in the fcs which will not validate
fcs = b"\x00\x00\x00\x00"
logger.info("new fcs: %s",
hex(int.from_bytes(fcs, byteorder="little")))
# write anonymized packet
writer.write(RadioTap(bytes(frame)[:-4] + fcs))
logger.info("done")
def _log_packets(self, file_path, client_mac):
cap_writer = PcapWriter(file_path, append=True, sync=True)
for packet in self.wpa_handshakes[client_mac]['packets']:
cap_writer.write(packet)
self.wpa_handshakes[client_mac]['logged'] = True
if netstatResult not in ([], ['0', '-']):
with open(
additoinsDir + str(p.time).split('.')[0] + '-' + sport + '-' +
dport + '.yml', 'w') as yamlFile:
pInfo = {'uid': int(netstatResult[0])}
if len(netstatResult) > 2:
pInfo.update({
'pid': int(netstatResult[1]),
'comm': netstatResult[2],
'cmd': ' '.join(netstatResult[3:])
})
yaml.dump(pInfo, yamlFile)
if os.system('ip > /dev/null 2>&1') == 32512:
print('ip Not Found. Please install iproute2!')
exit()
if os.system('ip a s ' + args.interface + ' > /dev/null 2>&1') == 256:
print('iface ' + args.interface +
' Not Found. Please check the arguments!')
exit()
if os.system('netstat > /dev/null 2>&1') == 32512:
print('netstat Not Found. Please install net-tools!')
exit()
pDump = PcapWriter(workDir + 'package.pcap', append=True, sync=True)
sniff(iface=args.interface,
prn=lambda p: threading.Thread(target=process_sniffed_packet, args=(p, ))
.start())
