def __on_merge(self, action):
tab = PMApp().main_window.get_tab('PropertyTab')
if self.active_diff:
tab.remove_notify_for(self.active_diff, self.__diff_editing)
self.active_diff = None
if not self.active_layer or not self.active_packets:
return
log.debug("Merging %d packets" % len(self.active_packets))
self.active_diff = backend.MetaPacket(self.active_layer())
self.session.set_active_packet(self.active_diff)
# Now we should connect the property tree signals to our
# but we should check if the packet edited is our or not
# because the property manages the edit phase of multiple
# packets in multiple changes.
tab.register_notify_for(self.active_diff, self.__diff_editing)
def __on_filter(self, combo):
self.active_layer = self.combo.get_active_protocol()
if self.active_layer:
self.merging = True
self.tree.get_selection().set_mode(gtk.SELECTION_MULTIPLE)
self.refilter()
self.tree.set_model(self.filter_store)
else:
self.merging = False
self.tree.get_selection().set_mode(gtk.SELECTION_SINGLE)
self.tree.set_model(self.store)
if self.active_diff:
tab = PMApp().main_window.get_tab('PropertyTab')
tab.remove_notify_for(self.active_diff, self.__diff_editing)
self.active_diff = None
self.active_packets = []
self.active_layer = None
self.tree.get_selection().select_path((0, ))
def start(self, reader):
self.status = PMApp().main_window.get_tab('StatusTab').status
a, self.item = self.add_menu_entry('ARPPoison', 'ARP cache poisoning ...',
_('Poison the ARP cache of an host.'),
gtk.STOCK_EXECUTE)
class ARPCachePoison(Plugin, ActiveAudit):
__inputs__ = (
('host', ('0.0.0.0', _('The host you wish to intercept packets for'
' (usually the local gateway)'))),
('target', ('0.0.0.0', _('Optional: IP address of a particular host '
'to ARP poison. (if not specified, all the '
'hosts on the LAN)'))),
('hwsrc', ('', _('The source MAC address (leave it empty and will be '
'automatically filled with the MAC of your NIC'))),
('packets', (0, _('Number of packets to send. 0 for infinite'))),
('delay', (300, _('Delay in msec between consecutive sends'))),
)
def start(self, reader):
self.status = PMApp().main_window.get_tab('StatusTab').status
a, self.item = self.add_menu_entry('ARPPoison', 'ARP cache poisoning ...',
_('Poison the ARP cache of an host.'),
gtk.STOCK_EXECUTE)
def stop(self):
self.remove_menu_entry(self.item)
def on_resolved(self, send, mpkt, reply, udata):
hwdst = reply.get_field('arp.hwsrc')
sess, host, target, hwsrc, packets, delay = udata
self.status.info(_('IP %s is-at %s') % (reply.get_field('arp.pdst'), hwsrc))
self.poison(sess, host, target, hwsrc, hwdst, packets, delay)
def on_error(self, send, status, udata):
if udata:
self.status.warning(_('Unable to resolve %s (Errno: %d)') \
% (send.mpkts[0].get_field('arp.pdst'), status))
def execute_audit(self, sess, inp_dict):
datalink = sess.context.datalink()
if datalink not in (IL_TYPE_ETH, IL_TYPE_TR, IL_TYPE_FDDI):
self.status.error(_('Could not run arpcachepoison. Datalink '
'not supported. Ethernet needed.'))
return False
host = inp_dict['host']
hwsrc = inp_dict['hwsrc']
target = inp_dict['target']
packets = inp_dict['packets']
delay = max(300, inp_dict['delay'])
if packets <= 0:
packets = -1
if not is_ip(host):
self.status.error(_('Not a valid IP address for host'))
return False
if not is_ip(target):
self.status.error(_('Not a valid IP address for target'))
return False
if hwsrc and not is_mac(hwsrc):
self.status.error(_('Not a valid MAC address for hwsrc'))
return False
if target != '0.0.0.0':
# We have to solve the IP as MAC address
pkt = MetaPacket.new('arp')
pkt.set_field('arp.pdst', target)
sess.context.sr_l3(pkt, timeout=4,
onerror=self.on_error,
onreply=self.on_resolved,
udata=(sess, host, target, hwsrc, packets, delay))
self.status.info(_('Trying to resolve IP: %s') % target)
else:
self.poison(sess, host, target, hwsrc, '', packets, delay)
return True
def poison(self, sess, host, target, hwsrc, hwdst, packets, delay):
pkt = MetaPacket.new('eth') / MetaPacket.new('arp')
if hwdst:
pkt.set_field('eth.dst', hwdst)
pkt.set_field('arp.hwdst', hwdst)
else:
pkt.set_field('arp.hwdst', 'ff:ff:ff:ff:ff:ff')
pkt.set_field('arp.op', 'is-at')
pkt.set_field('arp.psrc', host)
pkt.set_field('arp.pdst', target)
if hwsrc:
pkt.set_field('arp.hwsrc', hwsrc)
self.status.info(_('Starting ARP cache poison against %s '
'(capturing packets directed to %s)') % (target, host))
send = sess.context.s_l2(pkt, repeat=packets, delay=delay)
def __on_refresh(self, btn):
self.__load_session(PMApp().bus.call('pm.sessions',
'get_current_session'))
def stop(self):
PMApp().main_window.deregister_tab(self.geo_tab)
