Beispiel #1
1
 private void _Receive(int count = 0)
 {
     //using (_communicator = _device.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000))
     //{
     //    _ppacketManager = new PPacketManager();
     //    if (_filter != null)
     //        _communicator.SetFilter(_filter);
     //    _communicator.ReceivePackets(0, ReceivePacketHandle);
     //}
     try
     {
         _communicator = _device.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000);
         if (_dumpFile != null)
             _packetDumpFile = _communicator.OpenDump(_dumpFile);
         _ppacketManager = new PPacketManager();
         if (_filter != null)
             _communicator.SetFilter(_filter);
         _communicator.ReceivePackets(count, ReceivePacketHandle);
     }
     finally
     {
         if (_communicator != null)
         {
             _communicator.Dispose();
             _communicator = null;
         }
         if (_packetDumpFile != null)
         {
             _packetDumpFile.Dispose();
             _packetDumpFile = null;
         }
     }
 }
Beispiel #2
0
        void FormMain_FormClosing(object sender, FormClosingEventArgs e)
        {
            if (comm != null)
            {
                comm.Break();
                comm.Dispose();
                comm = null;
            }

            Ignores.I.Save();
            Settings.I.Save();
            stop = true;
        }
Beispiel #3
0
        private static PacketCommunicator OpenOfflineDevice(int numPackets, Packet packet, TimeSpan intervalBetweenPackets, string dumpFilename, string readFilename = null)
        {
            IPacketDevice      device       = GetOfflineDevice(numPackets, packet, intervalBetweenPackets, dumpFilename, readFilename);
            PacketCommunicator communicator = device.Open();

            try
            {
                MoreAssert.AreSequenceEqual(new[] { DataLinkKind.Ethernet }.Select(kind => new PcapDataLink(kind)), communicator.SupportedDataLinks);
                Assert.AreEqual(DataLinkKind.Ethernet, communicator.DataLink.Kind);
                Assert.AreEqual("EN10MB (Ethernet)", communicator.DataLink.ToString());
                Assert.AreEqual(communicator.DataLink, new PcapDataLink(communicator.DataLink.Name));
                Assert.IsTrue(communicator.IsFileSystemByteOrder);
                Assert.AreEqual(PacketCommunicatorMode.Capture, communicator.Mode);
                Assert.IsFalse(communicator.NonBlocking);
                Assert.AreEqual(PacketDevice.DefaultSnapshotLength, communicator.SnapshotLength);
                Assert.AreEqual(2, communicator.FileMajorVersion);
                Assert.AreEqual(4, communicator.FileMinorVersion);
                return(communicator);
            }
            catch (Exception)
            {
                communicator.Dispose();
                throw;
            }
        }
Beispiel #4
0
        private void CbInterfaces_SelectedIndexChanged(object sender, EventArgs e)
        {
            tbGatewayIp.Clear();
            tbGatewayMac.Clear();
            tbNetmask.Clear();

            if (cbInterfaces.SelectedItem == null)
            {
                return;
            }

            if (_packetCommunicator != null)
            {
                _packetCommunicator.Dispose();
            }

            var iface = _interfaces.Keys.ElementAt(cbInterfaces.SelectedIndex);

            try
            {
                _packetCommunicator = iface.Open();
            }
            catch (Exception) { }

            if (_packetCommunicator == null)
            {
                MetroMessageBox.Show(this, "Network interface could not be opened.", "Interface Error", MessageBoxButtons.OK, MessageBoxIcon.Error, 120);
                cbInterfaces.SelectedItem = null;
                _currentInterface         = null;
                return;
            }

            _currentInterface = iface;
            UpdateAddresses(iface, _interfaces[iface]);
        }
Beispiel #5
0
        protected override void OnDisconnectStart()
        {
            /* キャプチャー停止 */
#if __SHARPPCAP__
            if (pcap_dev_ != null)
            {
                if (pcap_dev_.Started)
                {
                    pcap_dev_.StopCapture();
                }

                /* デバイスクローズ */
                if (pcap_dev_.Opened)
                {
                    pcap_dev_.Close();
                }
            }
#elif __PCAPDOTNET__
            if (pcap_comm_ != null)
            {
                pcap_comm_.Dispose();
                pcap_comm_ = null;
            }
#endif
        }
Beispiel #6
0
 /// <summary>
 /// Stops listening for incoming packets and waits for the receiver thread to end.
 /// </summary>
 public void Stop()
 {
     if (Running)
     {
         Running = false;
         Task.WaitAll(ReceiveTask);
         Communicator.Dispose();
         Communicator = null;
     }
 }
Beispiel #7
0
 public void Close()
 {
     startDone.WaitOne();
     if (communicator != null)
     {
         communicator.Break();
         communicator.Dispose();
         communicator = null;
     }
     pspsigCheck.Abort();
 }
Beispiel #8
0
        public void Stop()
        {
            _status = Status.Stopping;
            var livePacketDevice = NetworkUtilites.GetLivePacketDevice(_myIp);

            if (livePacketDevice == null)
            {
                return;
            }
            PacketCommunicator communicator = livePacketDevice.Open(1, PacketDeviceOpenAttributes.None, 10);

            AfterAttack(livePacketDevice.GetNetworkInterface(), communicator);
            communicator.Dispose();
        }
Beispiel #9
0
        /*
         *  broadcasts are annoying and let targets find the real router
         *  so this will instantly send arp spoofed replay insted of the timed attack
         *  and hopefully target is not lost for long time
         */

        private void FightBackAnnoyingBroadcasts(LivePacketDevice nic)
        {
            var ether = new EthernetLayer
            {
                Source      = new MacAddress(_myMac),
                Destination = new MacAddress("FF:FF:FF:FF:FF:FF"),
                EtherType   = EthernetType.None
            };

            Task.Run(() =>
            {
                PacketCommunicator communicator = nic.Open(500, PacketDeviceOpenAttributes.None, 50);
                communicator.SetFilter("arp && ether dst ff:ff:ff:ff:ff:ff");

                while (_status == Status.Started || _status == Status.Starting || _status == Status.Paused)
                {
                    communicator.ReceivePackets(0, arp =>
                    {
                        var sourceIp = arp.Ethernet.IpV4.Source.ToString();
                        if (sourceIp.Equals(_gatewayIp))
                        {
                            var arplayer = new ArpLayer
                            {
                                ProtocolType          = EthernetType.IpV4,
                                Operation             = ArpOperation.Request,
                                SenderHardwareAddress = ether.Source.ToBytes(),
                                SenderProtocolAddress = new IpV4Address(_gatewayIp).ToBytes(),
                                TargetHardwareAddress = MacAddress.Zero.ToBytes(),
                                TargetProtocolAddress = arp.Ethernet.IpV4.Destination.ToBytes()
                            };
                            var packet = new PacketBuilder(ether, arplayer).Build(DateTime.Now);
                            communicator.SendPacket(packet);
                        }
                        else if (KvStore.IpMac.ContainsKey(sourceIp))
                        {
                            SpoofGateway(communicator, sourceIp);
                        }
                    });
                }
                communicator.Dispose();
            });
        }
Beispiel #10
0
        /*
         *  the main method to start the arp attack
         */
        public void Spoof(string myIp, HashSet <string> targets)//hashset is used to eliminate duplicate IPs
        {
            if (_status != Status.Off)
            {
                return;
            }

            _status = Status.Starting;

            var livePacketDevice = NetworkUtilites.GetLivePacketDevice(myIp);

            KvStore.TargetIps.UnionWith(targets);
            _myIp       = myIp;
            _myMac      = livePacketDevice.GetMacAddress().ToString();
            _gatewayIp  = NetworkUtilites.GetGatewayIp(livePacketDevice);
            _gatewayMac = NetworkUtilites.GetMacAddress(_gatewayIp);

            KvStore.IpMac.Add(_myIp, _myMac);
            KvStore.IpMac.Add(_gatewayIp, _gatewayMac);

            /*targets rarely change their mac address, also this function considerd costly*/
            foreach (var ip in targets)
            {
                KvStore.IpMac.Add(ip, NetworkUtilites.GetMacAddress(ip));
            }

            var networkInterface = livePacketDevice.GetNetworkInterface();

            PacketCommunicator communicator = livePacketDevice.Open(50, PacketDeviceOpenAttributes.None, 50);

            BeforeAllAttack(livePacketDevice, communicator);

            SpoofContinuousAttack(communicator, networkInterface);/*block*/

            if (_status != Status.Stopped)
            {
                AfterAttack(networkInterface, communicator);
            }

            communicator.Dispose();
        }
Beispiel #11
0
 private void _Receive(int count = 0)
 {
     //using (_communicator = _device.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000))
     //{
     //    _ppacketManager = new PPacketManager();
     //    if (_filter != null)
     //        _communicator.SetFilter(_filter);
     //    _communicator.ReceivePackets(0, ReceivePacketHandle);
     //}
     try
     {
         _communicator = _device.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000);
         if (_dumpFile != null)
         {
             _packetDumpFile = _communicator.OpenDump(_dumpFile);
         }
         _ppacketManager = new PPacketManager();
         if (_filter != null)
         {
             _communicator.SetFilter(_filter);
         }
         _communicator.ReceivePackets(count, ReceivePacketHandle);
     }
     finally
     {
         if (_communicator != null)
         {
             _communicator.Dispose();
             _communicator = null;
         }
         if (_packetDumpFile != null)
         {
             _packetDumpFile.Dispose();
             _packetDumpFile = null;
         }
     }
 }
Beispiel #12
0
        public static PacketCommunicator OpenLiveDevice()
        {
            NetworkInterface networkInterface =
                NetworkInterface.GetAllNetworkInterfaces().FirstOrDefault(
                    ni => !ni.IsReceiveOnly && ni.NetworkInterfaceType == NetworkInterfaceType.Ethernet && ni.OperationalStatus == OperationalStatus.Up);
            LivePacketDevice device = networkInterface.GetLivePacketDevice();

            MoreAssert.IsMatch(@"Network adapter '.*' on local host", device.Description);
            Assert.AreEqual(DeviceAttributes.None, device.Attributes);
            Assert.AreNotEqual(MacAddress.Zero, device.GetMacAddress());
            Assert.AreNotEqual(string.Empty, device.GetPnpDeviceId());
            MoreAssert.IsBiggerOrEqual(1, device.Addresses.Count);
            foreach (DeviceAddress address in device.Addresses)
            {
                if (address.Address.Family == SocketAddressFamily.Internet)
                {
                    MoreAssert.IsMatch("Address: " + SocketAddressFamily.Internet + @" [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ " +
                                       "Netmask: " + SocketAddressFamily.Internet + @" 255\.[0-9]+\.[0-9]+\.[0-9]+ " +
                                       "Broadcast: " + SocketAddressFamily.Internet + @" 255.255.255.255",
                                       address.ToString());
                }
                else
                {
                    Assert.AreEqual(SocketAddressFamily.Internet6, address.Address.Family);
                    MoreAssert.IsMatch("Address: " + SocketAddressFamily.Internet6 + @" (?:[0-9A-F]{4}:){7}[0-9A-F]{4} " +
                                       "Netmask: " + SocketAddressFamily.Unspecified + @" " + IpV6Address.Zero + " " +
                                       "Broadcast: " + SocketAddressFamily.Unspecified + @" " + IpV6Address.Zero,
                                       address.ToString());
                }
            }

            PacketCommunicator communicator = device.Open();

            try
            {
                MoreAssert.AreSequenceEqual(new[] { DataLinkKind.Ethernet, DataLinkKind.Docsis }.Select(kind => new PcapDataLink(kind)), communicator.SupportedDataLinks);
                PacketTotalStatistics totalStatistics = communicator.TotalStatistics;
                Assert.AreEqual <object>(totalStatistics, totalStatistics);
                Assert.AreNotEqual(null, totalStatistics);
                Assert.AreEqual(totalStatistics.GetHashCode(), totalStatistics.GetHashCode());
                Assert.IsTrue(totalStatistics.Equals(totalStatistics));
                Assert.IsFalse(totalStatistics.Equals(null));
                Assert.AreNotEqual(null, totalStatistics);
                Assert.AreNotEqual(totalStatistics, 2);
                MoreAssert.IsSmallerOrEqual <uint>(1, totalStatistics.PacketsCaptured, "PacketsCaptured");
                Assert.AreEqual <uint>(0, totalStatistics.PacketsDroppedByDriver, "PacketsDroppedByDriver");
                Assert.AreEqual <uint>(0, totalStatistics.PacketsDroppedByInterface, "PacketsDroppedByInterface");
                MoreAssert.IsSmallerOrEqual <uint>(1, totalStatistics.PacketsReceived, "PacketsReceived");
                Assert.IsNotNull(totalStatistics.ToString());
                communicator.SetKernelBufferSize(2 * 1024 * 1024); // 2 MB instead of 1
                communicator.SetKernelMinimumBytesToCopy(10);      // 10 bytes minimum to copy
                communicator.SetSamplingMethod(new SamplingMethodNone());
                Assert.AreEqual(DataLinkKind.Ethernet, communicator.DataLink.Kind);
                communicator.DataLink = communicator.DataLink;
                Assert.AreEqual("EN10MB (Ethernet)", communicator.DataLink.ToString());
                Assert.AreEqual(communicator.DataLink, new PcapDataLink(communicator.DataLink.Name));
                Assert.IsTrue(communicator.IsFileSystemByteOrder);
                Assert.AreEqual(PacketCommunicatorMode.Capture, communicator.Mode);
                Assert.IsFalse(communicator.NonBlocking);
                Assert.AreEqual(PacketDevice.DefaultSnapshotLength, communicator.SnapshotLength);
                return(communicator);
            }
            catch (Exception)
            {
                communicator.Dispose();
                throw;
            }
        }
Beispiel #13
0
 public void Dispose()
 {
     _filter?.Dispose();
     _comminicator?.Dispose();
 }
        public void PacketHandler()
        {
            Packet packet;

            try
            {
                IsBusy = true;
                cts    = new CancellationTokenSource();
                CancellationToken token = cts.Token;

                // Open the device
                communicator = SelectedInterface.Open(65536,                                  // 65536 guarantees that the whole packet will be captured on all the link layers
                                                      PacketDeviceOpenAttributes.Promiscuous, // promiscuous mode
                                                      1000);                                  // read timeout

                if (!string.IsNullOrEmpty(trafficFilter))
                {
                    communicator.SetFilter(trafficFilter);
                }

                do
                {
                    PacketCommunicatorReceiveResult result = communicator.ReceivePacket(out packet);
                    switch (result)
                    {
                    case PacketCommunicatorReceiveResult.Timeout:
                        // Timeout elapsed
                        continue;

                    case PacketCommunicatorReceiveResult.Ok:
                        if (packet.Ethernet.EtherType == EthernetType.IpV4)
                        {
                            Application.Current.Dispatcher.Invoke(() =>
                            {
                                packets.Add(packet);
                                StatHandler.UpdateStats(packet);
                            });
                        }
                        break;

                    default:
                        throw new InvalidOperationException("PacketCommunicator InvalidOperationException");
                    }
                } while (!token.IsCancellationRequested);
            }
            catch (Exception ex)
            {
                MessageBox.Show("A handled exception occurred: " + ex.Message, "Tcp/Ip sniffer",
                                MessageBoxButton.OK, MessageBoxImage.Warning);
            }
            finally
            {
                communicator.Break();
                communicator.Dispose();
                communicator = null;

                cts.Dispose();
                cts    = null;
                IsBusy = false;
            }
        }