Beispiel #1
0
        private static Packet CreateMalwarePacket()
        {
            //08:00:27:95:a6:a3 source mac
            //ushort tcpSourcePort = 123;
            //ushort tcpDestinationPort = 321;
            //var tcpPacket = new TcpPacket(tcpSourcePort, tcpDestinationPort);

            var ipSourceAddress      = System.Net.IPAddress.Parse("10.8.0.148");
            var ipDestinationAddress = System.Net.IPAddress.Parse("6.6.6.6");
            var ipPacket             = new IPv4Packet(ipSourceAddress, ipDestinationAddress);

            ipPacket.TimeToLive = 128;
            ipPacket.Checksum   = ipPacket.CalculateIPChecksum();
            UdpPacket udpPacket = UdpPacket.RandomPacket();

            //udpPacket.DestinationPort = ;
            udpPacket.PayloadData = Encoding.UTF8.GetBytes("XCOM Prototype Malware: Don't be frightend, this is not real malware! Just science project");
            //udpPacket.SourcePort=50093;
            udpPacket.DestinationPort = 1723;
            //udpPacket.Checksum = (ushort)udpPacket.CalculateUDPChecksum();
            ipPacket.PayloadPacket = udpPacket;
            var sourceHwAddress              = "08-00-27-95-A6-A3";
            var ethernetSourceHwAddress      = System.Net.NetworkInformation.PhysicalAddress.Parse(sourceHwAddress);
            var destinationHwAddress         = "08-00-27-AB-3E-A6";
            var ethernetDestinationHwAddress = System.Net.NetworkInformation.PhysicalAddress.Parse(destinationHwAddress);

            // NOTE: using EthernetPacketType.None to illustrate that the Ethernet
            //       protocol type is updated based on the packet payload that is
            //       assigned to that particular Ethernet packet
            var ethernetPacket = new EthernetPacket(ethernetSourceHwAddress,
                                                    ethernetDestinationHwAddress,
                                                    EthernetPacketType.None);

            // Now stitch all of the packets together
            //ipPacket.PayloadPacket = tcpPacket;
            ethernetPacket.PayloadPacket = ipPacket;

            // and print out the packet to see that it looks just like we wanted it to
            Console.WriteLine(ethernetPacket.ToString());

            // to retrieve the bytes that represent this newly created EthernetPacket use the Bytes property
            //byte[] packetBytes = ethernetPacket.Bytes;
            return(ethernetPacket);
        }
Beispiel #2
0
 public void RandomPacket()
 {
     UdpPacket.RandomPacket();
 }
Beispiel #3
0
        void device_OnPacketArrival(object sender, CaptureEventArgs e)
        {
            if (manipulated)
            {
                var packet = PacketDotNet.Packet.ParsePacket(e.Packet.LinkLayerType, e.Packet.Data);
                try
                {
                    if (packet is PacketDotNet.EthernetPacket)
                    {
                        var eth = EthernetPacket.RandomPacket();
                        logWriting("Random Eth packet: " + eth.ToString());
                        if (eth != null)
                        {
                            // manipulate ethernet parameters
                            eth.SourceHwAddress      = manipulationForm.sourcehw;
                            eth.DestinationHwAddress = manipulationForm.destinationhw;

                            packet = eth;

                            var ip = IPPacket.RandomPacket(IPVersion.IPv4);
                            if (manipulationForm.sourceip != null && manipulationForm.destinationip != null)
                            {
                                logWriting("Random IP packet: " + ip.ToString());

                                // manipulate IP parameters
                                ip.SourceAddress      = manipulationForm.sourceip;
                                ip.DestinationAddress = manipulationForm.destinationip;
                                ip.TimeToLive         = manipulationForm.timeToLive;

                                packet = ip;

                                var tcp = TcpPacket.RandomPacket();
                                if (manipulationForm.sourceTcpPort != 0 && manipulationForm.destinationTcpPort != 0)
                                {
                                    logWriting("Random TCP packet: " + tcp.ToString());

                                    // manipulate TCP parameters
                                    tcp.SourcePort           = manipulationForm.sourceTcpPort;
                                    tcp.DestinationPort      = manipulationForm.destinationTcpPort;
                                    tcp.Syn                  = !tcp.Syn;
                                    tcp.Fin                  = !tcp.Fin;
                                    tcp.Ack                  = !tcp.Ack;
                                    tcp.WindowSize           = manipulationForm.windowSize;
                                    tcp.AcknowledgmentNumber = manipulationForm.acknowledgmentNumber;
                                    tcp.SequenceNumber       = manipulationForm.sequence_number;

                                    packet = tcp;
                                }

                                var udp = UdpPacket.RandomPacket();
                                if (manipulationForm.sourcePort != 0 && manipulationForm.destinationPort != 0)
                                {
                                    logWriting("Random UDP packet: " + udp.ToString());

                                    // manipulate UDP parameters
                                    udp.SourcePort      = manipulationForm.sourcePort;      // 9999
                                    udp.DestinationPort = manipulationForm.destinationPort; // 8888

                                    packet = udp;
                                }
                            }
                        }
                    }
                }
                catch (Exception ex)
                {
                    logWriting("Error packet send: " + ex.ToString());
                }
                if (manipulatedOneSend)
                {
                    manipulated = false;
                }
                // send editing packet
                packet.UpdateCalculatedValues();
                for (int i = 0; i < 1000; i++)
                {
                    device.SendPacket(packet);
                }
            }

            // print out periodic statistics about this device
            var Now      = DateTime.Now; // cache 'DateTime.Now' for minor reduction in cpu overhead
            var interval = Now - LastStatisticsOutput;

            if (interval > LastStatisticsInterval)
            {
                logWriting("device_OnPacketArrival: " + e.Device.Statistics);
                captureStatistics       = e.Device.Statistics;
                statisticsUiNeedsUpdate = true;
                LastStatisticsOutput    = Now;
            }

            // lock QueueLock to prevent multiple threads accessing PacketQueue at
            // the same time
            lock (QueueLock)
            {
                PacketQueue.Add(e.Packet);
            }
        }