def Setup(self):
self.name = "SF|SR Probe to Closed Port"
self.expect = "detect.output.4"
# Packet 1
payload = TCP(sport=555, dport=79, seq=10000,
flags=dnet.TH_SYN|dnet.TH_RST)
ip = IP(src=dnet.ip_aton("192.0.2.1"),
dst=dnet.ip_aton("192.18.0.10"),
id=5624,
p=dnet.IP_PROTO_TCP)
ip.data = payload
ip.len += len(ip.data)
self.packets.append(ip)
# Packet 2
payload = TCP(sport=556, dport=79, seq=10000,
flags=dnet.TH_SYN|dnet.TH_FIN)
ip = IP(src=dnet.ip_aton("192.0.2.1"),
dst=dnet.ip_aton("192.18.0.10"),
id=5625,
p=dnet.IP_PROTO_TCP)
ip.data = payload
ip.len += len(ip.data)
self.packets.append(ip)
def incoming(pktlen, pkt, timestamp):
eth = Ethernet(pkt)
ip = IP(str(eth.data))
tcp = TCP(str(ip.data))
print str(len(tcp.data)).zfill(2) + ' bytes <- ',
global first_in
global seed_in
global rc4_in
if first_in:
s = tcp.data[:4]
seed_in = ord(s[0]) * 0x01000000 + ord(s[1]) * 0x010000 + ord(
s[2]) * 0x0100 + ord(s[3]) * 0x01
Skype_RC4_Expand_IV(seed_in, rc4_in)
plaintext = RC4_crypt(tcp.data[4:14], rc4_in)
print '\t' + str2hex(plaintext)
rc4_in = RC4_Context()
if len(tcp.data) > 14:
Skype_RC4_Expand_IV(seed_in, rc4_in)
plaintext = RC4_crypt(str(tcp.data[14:]), rc4_in)
print '\t' + str2hex(plaintext)
first_in = False
else:
Skype_RC4_Expand_IV(seed_in, rc4_in)
plaintext = RC4_crypt(str(tcp.data), rc4_in)
print '\t' + str2hex(plaintext)
def get_test_array(pcap_file, proto):
labels = []
actuals = []
arra = []
pcapa = pcap.pcap(pcap_file)
i = 0
for ts, pkt in pcapa:
i = i + 1
try:
ether = Ethernet(pkt)
ip = ether.data
if isinstance(ip, str):
ip = IP(ether.data)
except Exception as e:
try:
ip = IP(pkt)
except:
continue
if isinstance(ip.data, str):
tcp = TCP(ip.data)
else:
tcp = ip.data
tmpstr = ""
#tmparr = []
arra.append(conv(tcp.data))
labels.append(proto)
actuals.append(i)
return (arra, labels, actuals)
def get_array(pcap_file, proto):
labels = []
arr = get_array_i(pcap_file, proto)
arra = []
pcapa = pcap.pcap(pcap_file)
i = 0
for ts, pkt in pcapa:
i = i + 1
if i not in arr:
continue
try:
ether = Ethernet(pkt)
ip = ether.data
if isinstance(ip, str):
ip = IP(ether.data)
except Exception as e:
try:
ip = IP(pkt)
except:
continue
tcp = ip.data
if isinstance(ip.data, str):
tcp = TCP(ip.data)
#tmparr = []
arra.append(conv(tcp.data))
labels.append(proto)
return (arra, labels)
def get_whole_packet_array(pcap_file, proto):
labels = []
arr = get_array_i(pcap_file, proto)
arra = []
pcapa = pcap.pcap(pcap_file)
i = 0
for ts, pkt in pcapa:
i = i + 1
if i not in arr:
continue
try:
ether = Ethernet(pkt)
ip = ether.data
if isinstance(ip, str):
ip = IP(ether.data)
except Exception as e:
try:
ip = IP(pkt)
except:
continue
tcp = ip.data
if isinstance(ip.data, str):
tcp = TCP(ip.data)
#tmparr = []
arra.append(str(pkt).encode("hex"))
return arra
def iterate(pktlen, pkt, timestamp):
eth = Ethernet(pkt)
if eth.type == ETH_TYPE_IP:
ip = IP(str(eth.data))
if ip.p == IP_PROTO_TCP:
tcp = TCP(str(ip.data))
f = {
'src': ip.src,
'sport': tcp.sport,
'dst': ip.dst,
'dport': tcp.dport
}
if not f in self.streams:
self.streams.append(f)
def Setup(self):
self.name = "Routing to Open Port"
self.expect = "route.output.1"
# Packet 1
payload = TCP(sport=555, dport=80, seq=10000, flags=dnet.TH_SYN)
ip = IP(src=dnet.ip_aton("192.0.2.1"),
dst=dnet.ip_aton("192.18.3.10"),
id=8143,
ttl=1,
p=dnet.IP_PROTO_TCP)
ip.data = payload
ip.len += len(ip.data)
self.packets.append(ip)
# Packet 2
payload = TCP(sport=555, dport=80, seq=10000, flags=dnet.TH_SYN)
ip = IP(src=dnet.ip_aton("192.0.2.1"),
dst=dnet.ip_aton("192.18.3.10"),
id=8144,
ttl=2,
p=dnet.IP_PROTO_TCP)
ip.data = payload
ip.len += len(ip.data)
self.packets.append(ip)
# Packet 3
payload = TCP(sport=555, dport=80, seq=10000, flags=dnet.TH_SYN)
ip = IP(src=dnet.ip_aton("192.0.2.1"),
dst=dnet.ip_aton("192.18.3.10"),
id=8145,
ttl=3,
p=dnet.IP_PROTO_TCP)
ip.data = payload
ip.len += len(ip.data)
self.packets.append(ip)
def send_packet(fp, msg):
http = u"HTTP/1.1 %s\r\n\r\njust for fun" % msg
tcp = TCP(sport=80,
dport=random.uniform(0, 65535), data=http)
ip = IP(src=inet_aton('19.89.6.4'), dst=inet_aton('20.13.9.27'),
p=IP_PROTO_TCP, data=tcp, len=20 + len(str(tcp)))
eth = Ethernet(src='\xac\xf7\xf3\x00\x00\x00',
dst='\x00\x00\x00\x00\x00\x00',
data=ip)
packet = str(eth)
if (pcap_sendpacket(fp, build_packet(packet), len(packet)) != 0):
print("Error sending the packet:\n %s" % pcap_geterr(fp))
def sendPacket(self):
packet = [{}, {}]
p = Ethernet()
packet[0]['Mac Destination'] = self.lineEditMacDestination.text()
packet[0]['Mac Source'] = self.lineEditMacSource.text()
p.dst = binascii.unhexlify("".join(packet[0]['Mac Destination'].split(':')))
p.src = binascii.unhexlify("".join(packet[0]['Mac Source'].split(":")))
p.data = IP()
p.type = 0x0800
print(p)
packet[0]['Time'] = self.lineEditTime.text()
packet[0]['Version'] = int(self.lineEditVersion.text())
packet[0]['Header Length'] = int(self.lineEditHeaderLength.text())
packet[0]['TTL'] = int(self.lineEditTTL.text())
packet[0]['Protocol'] = self.lineEditProtocol.text()
packet[0]['IP Source'] = self.lineEditIPSource.text()
packet[0]['IP Destination'] = self.lineEditIPDestination.text()
p.data.ttl = packet[0]['TTL']
p.data.src=socket.inet_aton(packet[0]['IP Source'])
p.data.dst=socket.inet_aton(packet[0]['IP Destination'] )
if self.groupBoxTCPPart.isEnabled():
payload = TCP()
packet[1]['Source Port'] = int(self.lineEditSourcePort.text())
payload.seq = int(self.lineEditSequence.text())
packet[1]['Destination Port'] = int(self.lineEditDestinationPort.text())
packet[1]['Sequence'] = self.lineEditSequence.text()
packet[1]['Reconnaissance'] = self.lineEditReconnaissance.text()
packet[1]['Header TCP'] = self.lineEditHeaderTCP.text()
elif self.groupBoxUDPPart.isEnabled():
payload = UDP()
packet[1]['Source Port'] = int(self.lineEditSourcePortUDP.text())
packet[1]['Destination Port'] = int(self.lineEditDestinationPortUDP.text())
packet[1]['Header Length'] = int(self.lineEditSizeUDP.text())
packet[1]['Checksum'] = hex(self.lineEditChecksumUDP.text())
document = self.plainTextEditData.document()
payload.data = binascii.unhexlify(document.toPlainText())
payload.dport = packet[1]['Source Port']
payload.sport = packet[1]['Destination Port']
# except:
# print("error")
# pass
self.s.send("INJECT"+str(p))
return
def iterate(pktlen, pkt, timestamp):
eth = Ethernet(pkt)
if eth.type == ETH_TYPE_IP:
ip = IP(str(eth.data))
if ip.p == IP_PROTO_TCP:
tcp = TCP(str(ip.data))
if len(tcp.data) > 0:
if (outgoing is not None
and ip.src == self.stream['src']
and tcp.sport == self.stream['sport']
and ip.dst == self.stream['dst']
and tcp.dport == self.stream['dport']):
outgoing(pktlen, pkt, timestamp)
if (incoming is not None
and ip.src == self.stream['dst']
and tcp.sport == self.stream['dport']
and ip.dst == self.stream['src']
and tcp.dport == self.stream['sport']):
incoming(pktlen, pkt, timestamp)
def Setup(self):
self.name = "Connection to open port"
self.expect = "gen.output.2"
# Packet 1
payload = TCP(sport=555, dport=80, seq=10000, flags=dnet.TH_SYN)
ip = IP(src=dnet.ip_aton("192.0.2.254"),
dst=dnet.ip_aton("192.18.0.10"),
id=5624,
p=dnet.IP_PROTO_TCP)
ip.data = payload
ip.len += len(ip.data)
self.packets.append(ip)
# Packet 2
payload = TCP(sport=555, dport=80,
seq=10001, ack=194595108,
flags=dnet.TH_ACK)
ip = IP(src=dnet.ip_aton("192.0.2.254"),
dst=dnet.ip_aton("192.18.0.10"),
id=5625, p=dnet.IP_PROTO_TCP)
ip.data = payload
ip.len += len(ip.data)
self.packets.append(ip)
# Packet 3
payload = TCP(sport=555, dport=80,
seq=10001, ack=194595108,
flags=dnet.TH_ACK)
payload.data = 'Honeyd fools you'
ip = IP(src=dnet.ip_aton("192.0.2.254"),
dst=dnet.ip_aton("192.18.0.10"),
id=5625, p=dnet.IP_PROTO_TCP)
ip.data = payload
ip.len += len(ip.data)
self.packets.append(ip)