def main():
if len(sys.argv) < 3:
print 'pass 3 arguments: <destination> <num>'
exit(1)
addr = socket.gethostbyname(sys.argv[1])
num = int(sys.argv[2])
iface = get_if()
print "sending on interface %s to %s" % (iface, str(addr))
while num > 0:
num = num - 1
s = "2 2 1"
i = 0
pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff')
for p in s.split(" "):
try:
pkt = pkt / SourceRoute(bos=0, port=int(p))
i = i + 1
except ValueError:
pass
if pkt.haslayer(SourceRoute):
pkt.getlayer(SourceRoute, i).bos = 1
pkt = pkt / IP(
dst=addr, options=IPOption_MRI(
count=0, pathid=1, swtraces=[])) / UDP(dport=4321, sport=1234)
pkt.show2()
sendp(pkt, iface=iface, verbose=False)
def send():
iface_tx = get_if()
global wCurr, rCurr
j = 0
pkt = Ether(src=get_if_hwaddr(iface_tx), dst="ff:ff:ff:ff:ff:ff")
for p in rCurr:
try:
pkt = pkt / SourceRoute(bos=0, port=p)
j = j + 1
except ValueError:
pass
if pkt.haslayer(SourceRoute):
pkt.getlayer(SourceRoute, j).bos = 1
# Check if sent enough packets
global totalSent
if wCurr + totalSent >= goalSent:
wCurr = goalSent - totalSent
print "Time Start: ", time_start # Recorded for FCT evaluation
totalSent = totalSent + wCurr
print("Winodow is: ", wCurr)
print("Route is: ", nCurr)
t = (time.time() -
time_start) * 1000000 # timestamp in the unit of microsecond
pkt = pkt / IP(dst=dst_ip, proto=17) / UDP(dport=4321, sport=1234) / MRI(
count=1, swtraces=[SwitchTrace(swid=100, egresst=t)]) / str(
RandString(size=1000))
sendp(pkt, iface=iface_tx, inter=0, count=wCurr, verbose=False)
def main():
if len(sys.argv)<2:
print 'pass 2 arguments: <destination>'
exit(1)
addr = socket.gethostbyname(sys.argv[1])
iface = get_if()
print "sending on interface %s to %s" % (iface, str(addr))
while True:
print
s = str(raw_input('Type space separated port nums '
'(example: "2 3 2 2 1") or "q" to quit: '))
if s == "q":
break;
print
i = 0
pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff');
for p in s.split(" "):
try:
pkt = pkt / SourceRoute(bos=0, port=int(p))
i = i+1
except ValueError:
pass
if pkt.haslayer(SourceRoute):
pkt.getlayer(SourceRoute, i).bos = 1
pkt = pkt / IP(dst=addr) / UDP(dport=4321, sport=1234)
pkt.show2()
sendp(pkt, iface=iface, verbose=False)
def get_packet(pkt):
if not pkt.getlayer(NBNSQueryRequest):
return
if pkt.FLAGS & 0x8000:
query = False
addr = unpack_ip(str(pkt.getlayer(Raw))[8:])
else:
query = True
if verbose:
print str(pkt.NAME_TRN_ID) + ":",
if query:
print "Q",
else:
print "R",
print "SRC:" + pkt.getlayer(IP).src + " DST:" + pkt.getlayer(IP).dst,
if query:
print 'NAME:"' + pkt.QUESTION_NAME + '"'
else:
print 'NAME:"' + pkt.QUESTION_NAME + '"',
print 'IP:' + addr
if query and regexp.match(pkt.QUESTION_NAME.rstrip(),1):
response = Ether(dst=pkt.src,src=mac_addr)
response /= IP(dst=pkt.getlayer(IP).src,src=ip)
response /= UDP(sport=137,dport=137)
response /= NBNSQueryRequest(
NAME_TRN_ID=pkt.getlayer(NBNSQueryRequest).NAME_TRN_ID,\
FLAGS=0x8500,\
QDCOUNT=0,\
ANCOUNT=1,\
NSCOUNT=0,\
ARCOUNT=0,\
QUESTION_NAME=pkt.getlayer(NBNSQueryRequest).QUESTION_NAME,\
SUFFIX=pkt.getlayer(NBNSQueryRequest).SUFFIX,\
NULL=0,\
QUESTION_TYPE=pkt.getlayer(NBNSQueryRequest).QUESTION_TYPE,\
QUESTION_CLASS=pkt.getlayer(NBNSQueryRequest).QUESTION_CLASS)
response /= Raw()
# Time to live: 3 days, 11 hours, 20 minutes
response.getlayer(Raw).load += '\x00\x04\x93\xe0'
# Data length: 6
response.getlayer(Raw).load += '\x00\x06'
# Flags: (B-node, unique)
response.getlayer(Raw).load += '\x00\x00'
# The IP we're giving them:
response.getlayer(Raw).load += pack_ip(ip)
sendp(response,iface=interface,verbose=0)
if verbose:
print 'Sent spoofed reply to #' + str(response.getlayer(NBNSQueryRequest).NAME_TRN_ID)
def handle_read(self):
# | 4 bytes | 4 bytes | 18 bytes | 1500 bytes |
# Tap VLAN Ether Header Frame
buf = self.read(1526)
eth_rcvd_frame = Ether(buf[4:])
#if DEBUG:
# os.write(1,"Received from %s\n" % ifname)
# if VERB:
# os.write(1,"%s\n" % eth_rcvd_frame.summary())
# Prepare Dot11 frame for injection
dot11_sent_frame = self.radiotap()
dot11_sent_frame /= Dot11(
type = "Data",
FCfield = "from-DS",
addr1 = eth_rcvd_frame.getlayer(Ether).dst,
addr2 = self._tap.bssid)
# It doesn't seem possible to set tuntap interface MAC address
# when we create it, so we set source MAC here
if self._tap.smac == '':
dot11_sent_frame.addr3 = eth_rcvd_frame.getlayer(Ether).src
else:
dot11_sent_frame.addr3 = self._tap.smac
if self._tap.has_wep:
dot11_sent_frame.FCfield |= 0x40
dot11_sent_frame /= Dot11WEP(
iv = "111",
keyid = self._tap.key_id)
dot11_sent_frame /= LLC(ctrl = 3)/SNAP(code=eth_rcvd_frame.getlayer(Ether).type)/eth_rcvd_frame.getlayer(Ether).payload
#if DEBUG:
# os.write(1,"Sending from-DS to %s\n" % OUT_IFACE)
# if VERB:
# os.write(1,"%s\n" % dot11_sent_frame.summary())
# Frame injection :
sendp(dot11_sent_frame,verbose=0) # Send from-DS frame
def handle_read(self):
# | 4 bytes | 4 bytes | 18 bytes | 1500 bytes |
# Tap VLAN Ether Header Frame
buf = self.read(1526)
eth_rcvd_frame = Ether(buf[4:])
#if DEBUG:
# os.write(1,"Received from %s\n" % ifname)
# if VERB:
# os.write(1,"%s\n" % eth_rcvd_frame.summary())
# Prepare Dot11 frame for injection
dot11_sent_frame = self.radiotap()
dot11_sent_frame /= Dot11(type="Data",
FCfield="from-DS",
addr1=eth_rcvd_frame.getlayer(Ether).dst,
addr2=self._tap.bssid)
# It doesn't seem possible to set tuntap interface MAC address
# when we create it, so we set source MAC here
if self._tap.smac == '':
dot11_sent_frame.addr3 = eth_rcvd_frame.getlayer(Ether).src
else:
dot11_sent_frame.addr3 = self._tap.smac
if self._tap.has_wep:
dot11_sent_frame.FCfield |= 0x40
dot11_sent_frame /= Dot11WEP(iv="111", keyid=self._tap.key_id)
dot11_sent_frame /= LLC(ctrl=3) / SNAP(code=eth_rcvd_frame.getlayer(
Ether).type) / eth_rcvd_frame.getlayer(Ether).payload
#if DEBUG:
# os.write(1,"Sending from-DS to %s\n" % OUT_IFACE)
# if VERB:
# os.write(1,"%s\n" % dot11_sent_frame.summary())
# Frame injection :
sendp(dot11_sent_frame, verbose=0) # Send from-DS frame
def encapsulate(cls, packet_or_frame, src_mac, dst_mac):
if dst_mac == None:
dst_mac = Ethernet.DefaultDst
if src_mac == None:
src_mac = Ethernet.DefaultSrc
try:
if not packet_or_frame.haslayer(Ether):
packet_or_frame = Ether() / packet_or_frame
packet_or_frame.getlayer(Ether).src = src_mac
packet_or_frame.getlayer(Ether).dst = dst_mac
except AttributeError:
pass
return packet_or_frame
def encapsulate(cls, packet_or_frame, src_mac, dst_mac):
if dst_mac == None:
dst_mac = Ethernet.DefaultDst
if src_mac == None:
src_mac = Ethernet.DefaultSrc
try:
if not packet_or_frame.haslayer(Ether):
packet_or_frame = Ether()/packet_or_frame
packet_or_frame.getlayer(Ether).src = src_mac
packet_or_frame.getlayer(Ether).dst = dst_mac
except AttributeError:
pass
return packet_or_frame
def main():
if len(sys.argv) < 2:
print 'pass 2 arguments: <destination>'
exit(1)
#addr = socket.gethostbyname(sys.argv[1])
iface = get_if()
print "sending on interface %s to %s" % (iface, sys.argv[1])
print
s = str(
raw_input('Type space separated port nums '
'(example: "4 3 1 2 2 ") or "q" to quit: '))
if s == "q":
exit(1)
print
i = 0
pkt = Ether(src=get_if_hwaddr(iface), dst='00:00:00:00:02:02')
for p in s.split(" "):
try:
pkt = pkt / SourceRoute(bos=0, port=int(p))
i = i + 1
except ValueError:
pass
if pkt.haslayer(SourceRoute):
pkt.getlayer(SourceRoute, i).bos = 1
#pkt = pkt / IPv6(dst=sys.argv[1], nh=150) / Bitmap(bit_label=228, bit_reserve=0) / MRI1(count=0, swtraces=[])
pkt = pkt / IPv6(dst=sys.argv[1], nh=150)
while True:
with open('flag.txt', 'r') as f:
t = float(f.readline())
if (t != MAX_t):
p = pkt / Bitmap(bit_label=255, bit_reserve=0) / MRI1(count=0,
swtraces=[])
else:
p = pkt / Bitmap(bit_label=228, bit_reserve=0) / MRI2(count=0,
swtraces=[])
#p = pkt / Bitmap(bit_label=255, bit_reserve=0) / MRI1(count=0, swtraces=[])
p.show2()
sendp(p, iface=iface, verbose=False)
sleep(t)
def parse_dhcp_offer_or_ack(self, pkt, xid):
'''Use Scapy to parse and obtain the interesting fields from a DHCPACK
or DHCPOFFER packet received from the network.'''
parse_result = dict()
e = Ether(pkt)
parse_result['ether_src_address'] = e.src
# Some conditions ought to be true by the time we get here; assert that they are.
assert e.type == 0x0800
i = e.getlayer('IP')
parse_result['ip_src_address'] = i.src
parse_result['ip_dst_address'] = i.dst
assert i.proto == 17
u = i.getlayer('UDP')
assert u.sport == 67
assert u.dport == 68
b = u.getlayer('BOOTP')
assert b.op == 2
assert b.xid == xid
parse_result['siaddr'] = b.siaddr
parse_result['yiaddr'] = b.yiaddr
d = b.getlayer('DHCP')
for option in d.options:
if isinstance(option, str):
assert option == 'end'
break
assert isinstance(option, tuple)
assert isinstance(option[0], str)
parse_result[option[0]] = option[1]
for key in parse_result:
logging.debug('Packet parse result: "{}" => "{}"'.format(
key, parse_result[key]))
return parse_result
def send_ack(pkt):
iface = get_if()
options = getOptions(sys.argv[1:])
list_switches, dict_host_ip, dict_link_weight, dict_link_port = get_network(
options.topo)
global dict_mri
flag = 0
for i in range(0, len(pkt[MRI].swtraces)):
dict_mri[pkt[MRI].swtraces[i].swid] = pkt[MRI].swtraces[i].qdepth
if pkt[MRI].swtraces[i].qdepth > 5:
flag = 1
src_ip = pkt[IP].src
dst_ip = pkt[IP].dst
src_host = dict_host_ip.keys()[dict_host_ip.values().index(src_ip)]
dst_host = dict_host_ip.keys()[dict_host_ip.values().index(dst_ip)]
sp_nodes, sp_ports = update_shorest_path(dict_mri,
dict_link_weight,
dict_link_port,
src=dst_host,
dst=src_host)
ack = Ether(src=get_if_hwaddr(iface), dst="ff:ff:ff:ff:ff:ff")
j = 0
for p in sp_ports:
try:
ack = ack / SourceRoute(bos=0, port=p)
j = j + 1
except ValueError:
pass
if ack.haslayer(SourceRoute):
ack.getlayer(SourceRoute, j).bos = 1
ack = ack / IP(dst=pkt[IP].src, proto=17) / UDP(
dport=4322, sport=1235) / MRI(count=pkt[MRI].count,
swtraces=pkt[MRI].swtraces)
# ack.show2()
sendp(ack, iface=iface, verbose=False)
print("ACK sent at time: ", time.time())
def main():
if len(sys.argv) < 2:
print 'pass 2 arguments: <destination>'
exit(1)
#addr = socket.gethostbyname(sys.argv[1])
iface = get_if()
print "sending on interface %s to %s" % (iface, sys.argv[1])
while True:
print
s = str(
raw_input('Type space separated port nums '
'(example: "4 3 1 2 2 ") or "q" to quit: '))
if s == "q":
break
print
i = 0
#pkt = Ether(src=get_if_hwaddr(iface), dst='00:aa:00:00:00:01');
pkt = Ether()
for p in s.split(" "):
try:
pkt = pkt / SourceRoute(bos=0, port=int(p))
i = i + 1
except ValueError:
pass
if pkt.haslayer(SourceRoute):
pkt.getlayer(SourceRoute, i).bos = 1
pkt = pkt / IPv6(dst=sys.argv[1], nh=150) / MRI(count=0, swtraces=[])
#pkt = pkt / SwitchTrace(swid=0, in_port=0, out_port=0, qdepth=0, in_time=0, out_time=0, bos=0)
#pkt = pkt / SwitchTrace(swid=0, in_port=0, out_port=0, qdepth=0, in_time=0, out_time=0, bos=0)
#pkt = pkt / UDP(dport=4321, sport=1234) / "P4 is cool"
pkt.show2()
for i in range(int(sys.argv[2])):
sendp(pkt, iface=iface, verbose=False)
sleep(1)
if f in r:
# tuntap frame max. size is 1522 (ethernet, see RFC3580) + 4
buf = os.read(f, 1526)
eth_rcvd_frame = Ether(buf[4:])
if DEBUG:
os.write(1, "Received from %s\n" % ifname)
if VERB:
os.write(1, "%s\n" % eth_rcvd_frame.summary())
# Prepare Dot11 frame for injection
dot11_sent_frame = RadioTap() / Dot11(
type="Data",
FCfield="from-DS",
addr1=eth_rcvd_frame.getlayer(Ether).dst,
addr2=BSSID)
# It doesn't seem possible to set tuntap interface MAC address
# when we create it, so we set source MAC here
if not HAS_SMAC:
dot11_sent_frame.addr3 = eth_rcvd_frame.getlayer(Ether).src
else:
dot11_sent_frame.addr3 = SMAC
if WEP:
dot11_sent_frame.FCfield |= 0x40
dot11_sent_frame /= Dot11WEP(iv="111", keyid=KEYID)
dot11_sent_frame /= LLC(ctrl=3) / SNAP(
code=eth_rcvd_frame.getlayer(
Ether).type) / eth_rcvd_frame.getlayer(Ether).payload
if DEBUG:
if f in r:
# tuntap frame max. size is 1522 (ethernet, see RFC3580) + 4
buf = os.read(f,1526)
eth_rcvd_frame=Ether(buf[4:])
if DEBUG:
os.write(1,"Received from %s\n" % ifname)
if VERB:
os.write(1,"%s\n" % eth_rcvd_frame.summary())
# Prepare Dot11 frame for injection
dot11_sent_frame = RadioTap()/Dot11(
type = "Data",
FCfield = "from-DS",
addr1 = eth_rcvd_frame.getlayer(Ether).dst,
addr2 = BSSID)
# It doesn't seem possible to set tuntap interface MAC address
# when we create it, so we set source MAC here
if not HAS_SMAC:
dot11_sent_frame.addr3 = eth_rcvd_frame.getlayer(Ether).src
else:
dot11_sent_frame.addr3 = SMAC
if WEP:
dot11_sent_frame.FCfield |= 0x40
dot11_sent_frame /= Dot11WEP(
iv = "111",
keyid = KEYID)
dot11_sent_frame /= LLC(ctrl = 3)/SNAP(code=eth_rcvd_frame.getlayer(Ether).type)/eth_rcvd_frame.getlayer(Ether).payload
if DEBUG:
def collector(pkt):
global COUNT, COUNT_SERVER, COUNT_CLIENT, NEW_BIND_PORTS
COUNT += 1
if savepcap:
pcap_dump.write(pkt)
print(f'[*] running... {put_color(next(roll), "green")}', end='\r')
tcp_layer = pkt.getlayer('TCP')
if tcp_layer is None:
return
IP_layer = pkt.getlayer("IP") or pkt.getlayer("IPv6")
src_ip = IP_layer.src
src_port = pkt.getlayer("TCP").sport
dst_ip = IP_layer.dst
dst_port = pkt.getlayer("TCP").dport
layer = get_attr(tcp_layer[0], 'msg')
if not layer:
# 有两种情况会导致为空
# 1. 可能不为 TLS/SSL
# 2. 也可能是 Scapy 认为这个端口不会传输 TLS/SSL,
# 见 github.com/secdev/scapy/issues/2806
if pkt.lastlayer().name != 'Raw':
# 如果最后一层不是 Raw,
# 那么就可以排除第二种情况
# 直接舍弃
return
if src_port in NEW_BIND_PORTS[0] and dst_port in NEW_BIND_PORTS[1]:
# 如果之前已经加过这两个端口
# 依旧没有识别出来,就可以排除第二种情况
return
# 新增端口,
# 告诉 scapy 遇到这对端口也要尝试解析 TLS/SSL
# _注意这里的端口并非成对的,而是可以随意组合的_
bind_layers(TCP, TLS, sport=src_port) # noqa: F821
bind_layers(TCP, TLS, dport=dst_port) # noqa: F821
NEW_BIND_PORTS[0].add(src_port)
NEW_BIND_PORTS[1].add(dst_port)
# 新增端口之后还需要重新解析数据包
pkt = Ether(pkt.do_build())
tcp_layer = pkt.getlayer('TCP')
layer = get_attr(tcp_layer[0], 'msg')
if not layer:
# 一顿操作之后还是为空的话就舍弃
return
layer = layer[0]
name = layer.name
if not name.endswith('Hello'):
return
from_type = 0
from_name = 'Server'
fp_name = 'ja3s'
if name.startswith('TLS') or name.startswith('SSL'):
if 'Client' in name:
from_type = 1
from_name = 'Client'
fp_name = 'ja3'
else:
return
server_name = 'unknown'
Version = layer.version
Cipher = get_attr(layer, 'ciphers' if from_type else 'cipher')
exts = get_attr(layer, 'ext')
if exts:
Extensions_Type = list(map(lambda c: c.type, exts))
# 下面几个字段可能是出现在固定的位置
# 但是这样写保险一点
if from_type:
# 版本(TLS ClientHello Version)、可接受的加密算法(Ciphers)、扩展列表各个段的长度(Extensions Length)
# 椭圆曲线密码(TLS_Ext_SupportedGroups)、椭圆曲线密码格式(ec_point_formats)
# 使用 `,` 来分隔各个字段,并通过 `-` 来分隔每个字段中的各个值
# 最后变成一个字符串
try:
loc = Extensions_Type.index(0)
except ValueError:
server_name = 'unknown'
else:
server_names = get_attr(exts[loc], 'servernames')
if server_names:
server_name = get_attr(server_names[0], 'servername',
'unknown').decode('utf8')
try:
loc = Extensions_Type.index(11)
except IndexError:
EC_Point_Formats = []
else:
EC_Point_Formats = get_attr(exts[loc], 'ecpl')
try:
loc = Extensions_Type.index(10)
except IndexError:
Elliptic_Curves = []
else:
Elliptic_Curves = get_attr(exts[loc], 'groups')
raw_fp = concat([
Version, Cipher, Extensions_Type, Elliptic_Curves,
EC_Point_Formats
])
else:
Extensions_Type = Elliptic_Curves = EC_Point_Formats = []
if from_type:
COUNT_CLIENT += 1
raw_fp = concat([
Version, Cipher, Extensions_Type, Elliptic_Curves, EC_Point_Formats
])
else:
COUNT_SERVER += 1
raw_fp = concat([Version, Cipher, Extensions_Type])
md5_fp = hashlib.md5(raw_fp.encode('utf8')).hexdigest()
handshake_type = name.split(' ')[0]
if need_json:
json_data = {
'from': from_name,
'type': handshake_type,
'src': {
'ip': src_ip,
'port': src_port,
},
'dst': {
'ip': dst_ip,
'port': dst_port,
},
fp_name: {
'str': raw_fp,
'md5': md5_fp
}
}
if from_type:
json_data['dst']['server_name'] = server_name
Print(json_data)
else:
color_data = '\n'.join([
f'[+] Hello from {put_color(from_name, "cyan", bold=False)}',
f' [-] type: {put_color(handshake_type, "green")}',
f' [-] src ip: {put_color(src_ip, "cyan")}',
f' [-] src port: {put_color(src_port, "white")}',
f' [-] dst ip: {put_color(dst_ip, "blue")}' +
(f' ({put_color(server_name, "white")})' if from_type else ''),
f' [-] dst port: {put_color(dst_port, "white")}',
f' [-] {fp_name}: {raw_fp}',
f' [-] md5: {put_color(md5_fp, "yellow")}'
])
Print(color_data)
def main():
pathIDs = []
portpaths = []
info = psutil.net_if_addrs()
for cname in info.keys():
if cname!='lo':
hostname = cname.split('-')[0]
print hostname
#if len(sys.argv)<5:
# print 'pass 5 arguments: <destination> <num> <pathID> <path>'
# exit(1)
f = open("pinglist16-1.txt", "r")
line = f.readline()
while line:
line = line[0:-1]
paras = line.split(" ")
if hostname==paras[1].split(",")[0]:
#pathID = int(paras[0])
pathIDs.append(int(paras[0]))
#s = paras[2]
portpaths.append(paras[2])
line = f.readline()
addr = socket.gethostbyname("10.0.0.2")
num = 0
#pathID = int(sys.argv[3])
#s=sys.argv[4]
iface = get_if()
#print "sending on interface %s to %s" % (iface, str(addr))
pathnum = len(pathIDs)
begin_time = datetime.datetime.now()
probepkts = []
for j in range(pathnum):
pathID = pathIDs[j]
s = portpaths[j]
i=0
pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff')
for p in s.split(","):
try:
pkt = pkt / SourceRoute(bos=0, port=int(p))
i = i+1
except ValueError:
pass
if pkt.haslayer(SourceRoute):
pkt.getlayer(SourceRoute, i).bos = 1
pkt = pkt / IP(dst=addr, options = IPOption_MRI(count=0, pathid=pathID, swtraces=[])) / UDP(dport=4321, sport=1234)
probepkts.append(pkt)
#write_cap(probepkts)
packet_size = len(probepkts[0])
while num<pathnum*200:
#pathID = pathIDs[num%pathnum]
#s=portpaths[num%pathnum]
'''
i = 0
pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff')
for p in s.split(","):
try:
pkt = pkt / SourceRoute(bos=0, port=int(p))
i = i+1
except ValueError:
pass
if pkt.haslayer(SourceRoute):
pkt.getlayer(SourceRoute, i).bos = 1
pkt = pkt / IP(dst=addr, options = IPOption_MRI(count=0, pathid=pathID, swtraces=[])) / UDP(dport=4321, sport=1234)
#print len(pkt)
#pkt.show2()
'''
#pkt.show2()
sendp(probepkts[num%pathnum], iface=iface, verbose=False)
print(str(num)+"/"+str(pathnum*200))
num = num + 1
'''
def analyze(self):
pcap = RawPcapReader(self.file_name).read_all()
if not pcap:
self.fail('Empty pcap {0}'.format(self.file_name))
l4_type = None
for index, (raw_pkt, _) in enumerate(pcap):
scapy_pkt = Ether(raw_pkt)
# l3
ipv4 = scapy_pkt.getlayer('IP')
ipv6 = scapy_pkt.getlayer('IPv6')
if ipv4 and ipv6:
scapy_pkt.show2()
self.fail('Packet #%s in pcap has both IPv4 and IPv6!' % index)
if ipv4:
l3 = ipv4
elif ipv6:
l3 = ipv6
else:
scapy_pkt.show2()
self.fail('Packet #%s in pcap is not IPv4/6.' % index)
# first packet
if self.c_ip is None:
self.c_ip = l3.src
self.s_ip = l3.dst
direction = "c"
else:
if self.c_ip == l3.src and self.s_ip == l3.dst:
direction = "c"
elif self.s_ip == l3.src and self.c_ip == l3.dst:
direction = "s"
else:
self.fail(
'Only one session is allowed in a file. Packet {0} is from different session'
.format(index))
# l4
tcp = scapy_pkt.getlayer('TCP')
udp = scapy_pkt.getlayer('UDP')
if tcp and udp:
scapy_pkt.show2()
self.fail('Packet #%s in pcap has both TCP and UDP' % index)
elif tcp:
l4 = tcp
# SYN
if l4.flags & 0x02:
# SYN + ACK
if l4.flags & 0x10:
self.s_tcp_win = tcp.window
if self.state == _CPcapReader_help.states["init"]:
self.fail(
'Packet #%s is SYN+ACK, but there was no SYN yet, or '
% index)
else:
if self.state != _CPcapReader_help.states["syn"]:
self.fail(
'Packet #%s is SYN+ACK, but there was already SYN+ACK in cap file'
% index)
self.state = _CPcapReader_help.states["syn+ack"]
# SYN - no ACK. Should be first packet client->server
else:
self.c_tcp_win = tcp.window
# allowing syn retransmission because cap2/https.pcap contains this
if self.state > _CPcapReader_help.states["syn"]:
self.fail(
'Packet #%s is TCP SYN, but there was already TCP SYN in cap file'
% index)
else:
self.state = _CPcapReader_help.states["syn"]
else:
if self.state != _CPcapReader_help.states["syn+ack"]:
self.fail(
'Cap file must start with syn, syn+ack sequence')
if l4_type not in (None, 'TCP'):
self.fail(
'PCAP contains both TCP and %s. This is not supported currently.'
% l4_type)
l4_type = 'TCP'
elif udp:
self.fail(
'CAP file contains UDP packets. This is not supported yet')
#l4 = udp
#if l4_type not in (None, 'UDP'):
# self.fail('PCAP contains both UDP and %s. This is not supported currently.' % l4_type)
#l4_type = 'UDP'
else:
scapy_pkt.show2()
self.fail('Packet #%s in pcap is not TCP or UDP.' % index)
if self.s_port == -1:
self.s_port = l4.sport
self.d_port = l4.dport
padding = scapy_pkt.getlayer('Padding')
if padding is not None:
pad_len = len(padding)
else:
pad_len = 0
l4_payload_len = len(l4.payload) - pad_len
self.total_payload_len += l4_payload_len
self._pkts.append(
CPacketData(direction,
bytes(l4.payload)[0:l4_payload_len]))
def bpf_handler():
global current_connection
#arguments
interface = "eth0"
if len(argv) == 2:
if str(argv[1]) == '-h':
help()
else:
usage()
if len(argv) == 3:
if str(argv[1]) == '-i':
interface = argv[2]
else:
usage()
if len(argv) > 3:
usage()
success_text = open("./success", "rb").read()
print("binding socket to '%s'" % interface)
# initialize BPF - load source code from parse.c
bpf = BPF(src_file="parse.c", debug=0)
#load eBPF program filter of type SOCKET_FILTER into the kernel eBPF vm
#more info about eBPF program types
#http://man7.org/linux/man-pages/man2/bpf.2.html
logging.info('JIT eBPF Code')
function_filter = bpf.load_func("filter", BPF.SOCKET_FILTER)
#create raw socket, bind it to interface
#attach bpf program to socket created
logging.info('Creating Raw Socket')
BPF.attach_raw_socket(function_filter, interface)
#get file descriptor of the socket previously created inside BPF.attach_raw_socket
socket_fd = function_filter.sock
#create python socket object, from the file descriptor
sock = socket.fromfd(socket_fd, socket.PF_PACKET, socket.SOCK_RAW,
socket.IPPROTO_IP)
#set it as blocking socket
sock.setblocking(True)
while True:
#retrieve raw packet from socket
packet_str = os.read(socket_fd, 2048)
packet_bytearray = bytearray(packet_str)
# Parse RAW data using scapy.. super general and easy
c = Ether(packet_bytearray)
if c.haslayer(IP):
layer_ip = c.getlayer(IP)
logging.info('IP: {} said the magic word ;-)'.format(layer_ip.src))
if len(current_connection) > 0:
for con, addr in current_connection:
if (layer_ip.src, layer_ip.sport) == addr:
con.send(success_text)
logging.info('Sending success text now to: {}'.format(
layer_ip.src))
